The Structural Problem With How Agents Are Connected Today

Most teams building multi-agent systems are doing so with tools that were never designed for this purpose. Shared API keys, inherited credentials, and persistent access grants were built for human operators working within defined roles and sessions. When you transpose that model onto an autonomous agent – one that can call other agents, invoke tools, write to databases, and execute decisions without a human in the loop – the risk profile changes entirely.

This is not a configuration problem. It is architectural. An agent operating with broad, standing privileges and no task-scoped access boundary can, in theory, delete a production database or move sensitive data without triggering any of the controls that would catch a human doing the same thing. The audit trail, if one exists at all, frequently cannot trace accountability back through a chain of agent-to-agent delegation.

Ian Livingstone, co-founder and CEO of Keycard, framed the dilemma developers currently face: “Enterprises are rebuilding business functions around AI agents. Right now, the developers building these systems have to choose: give agents broad access and they’re ungovernable, or lock them down and lose what makes them valuable.”

Keycard’s argument is that this trade-off is a symptom of the wrong infrastructure, not an inherent property of agentic systems.

What Keycard for Multi-Agent Apps Actually Does

At its core, the platform gives every agent its own verifiable identity – not a shared key sitting in an environment variable, but a runtime-attested identity established automatically when the agent starts. From that foundation, Keycard builds a session and delegation model that scopes access to the specific task at hand and narrows permissions at each step as work moves through a chain of agents.

Identity Without Long-Lived Credentials

Developers building agents with Keycard’s SDKs for Python and TypeScript do not need to manage API keys, rotate secrets, or provision static credentials per deployment. Identity is issued through runtime attestation. When a task begins, Keycard creates a session that binds every subsequent action – across every agent involved – back to the originating user or request.

Three Delegation Patterns, One Policy Engine

The platform supports three distinct models for how agents can act and delegate:

Agents can operate on their own behalf across multi-hop workflows, each carrying a scoped identity rather than inherited privilege. They can act on behalf of a human or another agent through explicit delegation, preserving a traceable chain of authority from the originating instruction to every downstream action. And in specific operational contexts, agents can impersonate other agents or users under defined policy constraints – with full audit transparency maintained throughout.

All three patterns run through the same SDK, the same policy engine, and the same control plane. Agents discover and authenticate each other automatically using Client ID Metadata Documents. Token exchange follows OAuth 2.0 (RFC 8693), and every token in the chain is traceable, revocable, and expires when the session ends. No agent at any point holds more privilege than the task requires.

From Theory to Production: What Enterprise Teams Are Seeing

The promise of zero standing privileges and task-scoped access is straightforward in principle. Getting it into production without turning it into a security engineering project is a different matter.

Dennis Yang, Principal Product Manager for Generative AI at Chime, described the experience directly: “We wanted our engineers to deploy agents and tools into production without needing to be security or identity experts. Keycard’s platform made that possible. We had agents running against production systems in days.”

That kind of deployment speed – without compromising on access governance – is precisely what makes the platform relevant beyond security teams. For engineering leads trying to move quickly on agentic applications while keeping their risk posture intact, the gap between “we can build this” and “we can safely run this in production” has been a genuine blocker. Keycard’s pitch is that it closes that gap at the infrastructure level rather than asking developers to solve it case by case.

Interoperability Across the Agent Ecosystem

One consideration that often gets buried in identity platform discussions is whether the solution actually works across the fragmented landscape of tools, clouds, and frameworks that real teams use.

Keycard’s SDKs integrate with LangChain, Mastra, and other major agent frameworks. The platform is accessible natively to ChatGPT, Claude, Codex, and any agent or tool that communicates over MCP, A2A, or OAuth 2.1. Deployment runs across Vercel, Cloudflare, Fly.io, AWS, GCP, and Azure – identity travels with the agent regardless of where it runs.

The same session-bound, scoped credentials that govern agent-to-agent access also apply when agents connect to external APIs, databases, and SaaS platforms. Policy changes propagate in near-real time, with any modification triggering automatic revocation across affected agents and sessions. Token lifecycle management – issuance, storage, rotation, attenuation, and revocation -is handled entirely by the platform.

Behind all of it sits identity federation and tracking via OIDC and SCIM, alongside near-real-time audit logging across every agent interaction.

The Broader Context: Why Agent Identity Is Now a Security Priority

The shift toward multi-agent architectures is not slowing down. Specialized agents are increasingly being used by general-purpose agents to complete complex tasks – tasks that cross organizational boundaries, touch sensitive systems, and execute decisions that would previously have required human sign-off at each step.

In that environment, the question of who – or what – authorized a given action, and what it was permitted to do, is no longer academic. Regulators, enterprise security teams, and risk functions are beginning to ask these questions explicitly. The organizations that can answer them with a traceable, policy-enforced audit record will be in a materially different position from those relying on shared credentials and retrospective log analysis.

One Platform for the Full Agent Lifecycle

Keycard for Multi-Agent Apps is built on the same underlying platform as Keycard for Coding Agents, giving organizations a single system for adopting, building, deploying, and governing agents – whether those agents are internally built or procured from third parties – and for connecting them securely to the services they need to function.

For security and engineering teams navigating the practical realities of agentic AI in production, that consolidation matters. Fewer trust boundaries to maintain, fewer credential stores to secure, and a consistent policy model across every agent interaction – regardless of what that agent is, who built it, or where it runs.

The identity layer for AI agents has, until recently, been an afterthought. Keycard is making a clear case that it should be the starting point.

Research and Intelligence Sources:Keycard

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com