Per-action Identity for AI Agents
Keycard
Keycard is really selling a new security primitive for software that behaves more like a swarm of contractors than a workforce of employees. Human IAM assumes a known user logs in, keeps a session, and holds a role for weeks or months. Agent systems break that model because thousands of short lived processes may call GitHub, Stripe, Slack, or internal tools for one task, on behalf of one user, then disappear. That pushes identity from account management toward per action credential minting, tight scope control, and instant revocation.
-
The practical shift is from authenticating a person once to authorizing each tool call. Keycard describes every agent action as using ephemeral, identity attested credentials. AWS AgentCore Identity is moving in the same direction, with scoped delegation for agents acting on behalf of users or on their own.
-
The closest adjacent vendors are not classic Okta style workforce IAM products, but agent security and orchestration layers. Descope is adding policy controls for MCP servers and agent ecosystems. Promptfoo is approaching the same problem from an MCP proxy layer that whitelists tools, logs calls, and flags violations.
-
This layer matters because agent infrastructure companies like Ampersand make it easier for agents to read and write across many SaaS systems. Once agents can take CRUD actions across multiple apps in real time, the bottleneck becomes who granted each action, for how long, and with what exact permissions.
The category is likely to converge around agent identity, tool authorization, and delegated consent as a built in control plane for agentic software. The winners will be the platforms that become the default checkpoint before any agent touches a production system, whether that checkpoint is sold standalone or bundled into cloud and developer infrastructure.