Keycard

Your coding agents inherit your credentials and your permissions. No identity system in the stack can tell the difference between you and the agent acting in your name. Today: Keycard for Coding Agents 🧵

Early access is live. Install the CLI, authenticate, and see it working in your terminal. Full announcement ↓ keycard.ai/blog/announcin…

Routine actions run autonomously. Sensitive operations trigger real-time step-up approval. One command, keycard run, works across Claude Code, Codex, Cursor, ChatGPT, and OpenClaw. Same policy on laptops, sandboxes, and CI.

Your coding agents inherit your credentials and your permissions. No identity system in the stack can tell the difference between you and the agent acting in your name. Today: Keycard for Coding Agents 🧵

MCP, agent skills, CLIs, and building production AI agents. Live demos and Q&A with @OpenAI, @Google, @vercel, @StainlessAPI, and Keycard. April 2 in SF. Register: luma.com/lu4qcfd4

RSAC is a week out. Booth #2351 at Moscone South Expo. Everyone on the floor will be talking about agent security this year. The difference is where you enforce it. We enforce it before the credential exists. Come see it. We're also raffling off prizes you'll actually want at the booth.

Our Head of DevRel built exactly this. A planning agent hitting 8 tools with 7 OAuth providers. One Keycard login. Ephemeral tokens per tool call. Full audit trail. Here's the full build: keycard.ai/blog/i-built-a…

Your agent hits 7 APIs on behalf of a user. Are you building 7 separate OAuth implementations, or handing it one over-privileged token and hoping for the best? Keycard: one login, one JWT. Each tool call gets an ephemeral token scoped to the task. Used once, discarded. If policy says no, the credential never exists.

@ankrgyl Us. Except the opposite. Keycard evaluates policy at credential issuance. If policy says no, the credential never exists. There's nothing to skip because nothing was issued.

who is building --safely-skip-permissions

@a16z Hard mode is where we live. Keycard evaluates policy when the credential is issued. The agent gets exactly what it needs for the task, scoped to the user who authorized it, and nothing more. Task done, access gone.

Aaron Levie on why AI agents can't just be treated like normal user accounts: "I, as Aaron, don't really have any responsibility over anybody else's Box account in our organization. I can't see the Box account of any other employee that I work with. I'm not liable for anything that they do." "Agents don't have those properties. The person who creates the agent probably is going to, for the foreseeable future, take on a lot of the liability for what that agent does." "When you're in Claude Code or Cursor, the agent is you... It can do everything you can do." "That's the easy mode." "The hard mode is agents are running on their own and people check in with them occasionally." "How do you give them access to resources in the enterprise without dramatically increasing the security risk?" @levie on @latentspacepod

Register here: luma.com/yfebp8oj?tk=bb…

Kicking off RSA week early. We're co-hosting a reception with @Boldstartvc, Surf AI, and GainSecurity for security leaders and entrepreneurs. March 22. 1 Hotel, SF. 6 PM to 9 PM. Great conversations, food, and drinks before RSA officially begins. Registration required (approval-based) 👇

@ianlivingstone @okta @mtf_vc @AnthropicAI Register here: luma.com/hy83h0zp

Agents are making decisions, accessing APIs, and acting autonomously. The identity models we have weren't built for this. Our CEO @ianlivingstone is joined by fellow panelists Karl McGuinness (ex-@okta), Amanda Robson (@mtf_vc), and a guest from @AnthropicAI to talk about what needs to change. March 25 in SF. Panel + happy hour 👇

Register here: luma.com/s9qdxmxm

We're co-hosting a rooftop after party for BSidesSF 2026 with @RunReveal, @csideai, @tracebit_com, and @SocketSecurity. March 22. SF. 250+ people, no pitches, good vibes. RSVP required 👇

Our Head of DevRel @KimMaida built a planning agent that reads many work tools and plans her day. It calls 7 OAuth providers with one login, scoped grants, zero standing access. Ephemeral tokens per tool call. Full audit trail. The full build 👇