Keycard has launched from stealth with $38 million in funding led by Andreessen Horowitz, Boldstart Ventures, and Acrew Capital.
Keycard is a cybersecurity startup building identity and access controls for artificial intelligence (AI) agents. The company said its platform integrates with existing enterprise identity systems to verify AI agents, assign task-specific permissions and enforce security policies in real time. The goal: to give businesses a way to safely deploy autonomous agents that perform sensitive digital tasks — from ecommerce merchandising to customer support — without losing control over who can access what.
“AI agents represent a once-in-a-generation shift, greater than the SaaS and cloud wave combined,” said Ian Livingstone, Keycard’s co-founder and CEO. “Without trusted access controls, they can’t leave the lab.”
Keycard’s founders — Livingstone, Matthew Creager and Jared Hanson — previously held senior engineering and security roles at Snyk, Auth0 and Okta. They say the rise of AI agents has triggered an identity surge unlike any seen in previous technology cycles.
Enterprises now rely on thousands of agents that act autonomously across systems. Each requires unique permissions tied to users, departments and data. In ecommerce, these agents are increasingly managing catalog updates, dynamic pricing, personalized recommendations, fulfillment tracking and fraud prevention. These functions each involve sensitive data and privileged system access.
Keycard’s new funding to develop AI agents
Traditional identity tools were built for humans to log in through static credentials, not for machines that spawn, interact and expire autonomously. According to CyberArk’s 2025 Identity Security Landscape, AI is expected to drive the creation of the largest wave of new digital identities with privileged access.
Keycard’s technology replaces static secrets and API keys with dynamic, task-scoped tokens that adjust permissions on the fly. Each agent is cryptographically verified to confirm its identity, role and authorization. That helps to ensure traceability across distributed environments.
The system integrates with AI models and platforms from Anthropic, Microsoft and OpenAI, allowing organizations to maintain consistent policy enforcement regardless of the underlying AI provider. Access can be revoked instantly through a single application programming interface (API) call.
Developers can also use Keycard’s software development kits (SDKs) to embed identity-aware governance into their own applications. That removes the need for deep security expertise.
As AI agents take on greater roles in ecommerce — from personalized shopping experiences to automated procurement and pricing — the security and compliance risks grow exponentially. Keycard said its federated, standards-based approach could help retailers, distributors and marketplaces ensure that AI-driven workflows remain transparent, auditable and compliant with data governance policies.
Keycard contributes to emerging industry standards, including:
- Model Context Protocol (MCP)
- WIMSE
- OAuth 2.1 Client ID Metadata Documents
It claims to be the first production implementation supporting OAuth extensions for AI agents.
Livingstone said the company’s goal is to build “the trust layer for the agent economy,” providing a framework that allows autonomous systems to safely interact across organizational and platform boundaries.
With major ecommerce companies exploring agentic automation — from dynamic product content generation to predictive customer engagement — Keycard’s emergence underscores a broader shift toward securing the infrastructure of the next digital commerce wave.
Sign up
Sign up for a complimentary subscription to Digital Commerce 360 B2B News. It covers technology and business trends in the growing B2B ecommerce industry. Contact Mark Brohan, senior vice president of B2B and Market Research, at mark@digitalcommerce360.com. Follow him on Twitter @markbrohan. Follow us on LinkedIn, X (formerly Twitter), Facebook and YouTube.
Favorite
