Keycard raised $38 million across two funding rounds, with the most recent being a $30 million Series A in October 2025 led by Acrew Capital. The company previously completed an $8 million seed round.

The Series A included participation from Andreessen Horowitz, Boldstart Ventures, Mantis VC, Tapestry Ventures, Essence Ventures, Exceptional Capital, Modern Technical Fund, and Vermillion Cliffs Ventures.

Keycard is a cloud-native identity and access management platform for AI agents rather than human users. Traditional IAM systems assume long-lived, stable identities; AI agents spin up by the thousands, terminate quickly, and often act on behalf of different users and systems.

A typical workflow starts when an AI agent needs to access a SaaS API like GitHub or Stripe. The agent requests access through Keycard's SDK, which then mints an ephemeral, cryptographically-signed token. This token is bound to the specific agent runtime, scoped to the exact task with time limits, and immediately revocable.

Keycard functions as a federated identity broker, converting credentials from existing identity providers into agent-aware tokens. The platform uses zones to map agents, users, resources and tools into logical groupings, so policies can reference business concepts rather than technical identifiers.

SDKs for Python, Node, Go, and Java handle OAuth handshakes and token management. For systems that cannot run an SDK, Keycard provides a gateway that proxies requests and injects appropriate tokens.

A centralized policy engine manages delegation chains and maintains cryptographically-linked audit trails showing the full path from user to agent to resource. Security teams can revoke entire delegation chains with a single API call.

Keycard is a B2B SaaS platform for developers and security teams building AI agent systems. It provides infrastructure that sits between AI agents and the APIs and systems they access.

The business model provides dynamic access control as a service, replacing static API keys and role-based tokens with short-lived, task-scoped credentials. This reduces security risk and enables more granular control over agent permissions.

Keycard focuses on machine-to-machine authentication patterns rather than human login workflows, differing from traditional IAM vendors. The platform integrates with existing identity providers rather than replacing them, serving as complementary infrastructure.

Primary customer segments include developers building AI agent applications who need secure API access patterns, and enterprise security teams that need to govern and audit agent behavior across their organization.

Pricing and the revenue model have not been disclosed during the early access period.

Traditional identity management companies are adapting their platforms for AI agents. Okta acquired Axiom Security to add privileged access management capabilities and can bundle human and agent identity management in unified contracts.

SailPoint offers Agent Identity Security that governs agents alongside human and service accounts through existing governance and compliance connectors. Microsoft Entra and AWS IAM are also adding agent-aware controls to their existing enterprise identity platforms.

These incumbents have entrenched enterprise relationships and can offer integrated packages, but these platforms were built for human authentication patterns.

AWS launched AgentCore Identity that embeds IAM-style policies directly into Bedrock agent runtimes with VPC isolation and vault storage. This approach could make third-party IAM optional for AWS-centric technology stacks.

Other cloud providers may develop similar integrated offerings that bundle agent identity management with their AI and compute services, creating platform lock-in incentives.

Companies like Descope are building low-code policy engines and monitoring for AI agents, targeting product teams that need customer-facing agent authentication without enterprise IAM complexity.

WorkOS and Auth0 could extend their developer-focused identity platforms into agent authentication, leveraging existing developer relationships and integration ecosystems.

HashiCorp Vault, Akeyless, and CyberArk Conjur are positioning their secrets management platforms as machine identity solutions for AI agents. These vendors focus on preventing hard-coded credentials in AI pipelines and have existing enterprise security relationships.

The emergence of guardian agents that supervise other AI agents enables Keycard to package its policy engine as an embeddable runtime. AI frameworks can integrate Keycard's authorization system for just-in-time privilege checks, extending beyond core IAM.

This expands into the AI governance market as organizations deploy multiple agent types that need coordination and oversight.

Regulatory requirements like the EU AI Act mandate audit trails for high-risk AI systems starting in 2025. Keycard could develop specialized compliance reporting and immutable audit logging as premium features for regulated industries.

Healthcare, financial services, and government sectors are verticals where AI governance requirements are becoming mandatory rather than optional.

As enterprises standardize on verifiable agent tokens, Keycard could operate a marketplace where SaaS vendors publish pre-approved agent connectors. This could create network effects similar to identity provider integration catalogs.

The marketplace model could generate additional revenue while increasing utility for both agent developers and API providers who want to support agent access patterns.

Market timing: The AI agent market is early with uncertain adoption timelines for autonomous agents in enterprise environments. If agent deployment grows more slowly than expected, demand for specialized agent IAM may remain limited, constraining Keycard's addressable market.

Platform integration: Cloud providers and existing IAM vendors have incentives to bundle agent identity management into their platforms. AWS, Microsoft, and Google could make third-party agent IAM unnecessary by integrating identity controls into their AI services, commoditizing Keycard's offering.

Technical complexity: Agent identity management involves technical challenges around ephemeral credentials, policy evaluation latency, and audit trail integrity. If Keycard cannot maintain technical differentiation as the market develops, the company could face commoditization pressure from incumbents and new entrants with simpler approaches.