Keycard has announced Keycard for Multi-Agent Apps, extending its platform to support delegated, session-based access across systems of autonomous agents. Keycard lets developers build apps where every agent has its own identity, access is scoped to each task and every action is fully attributable across agents, users and systems.
“Enterprises are rebuilding business functions around AI agents. Right now the developers building these systems have to choose: give agents broad access and they’re ungovernable or lock them down and lose what makes them valuable,” said Ian Livingstone, CEO of Keycard. “Agents built using Keycard don’t experience this trade-off, as they have their own identity, delegate access per-task and operate with no standing privileges or static credentials.”
“We wanted our engineers deploying agents and tools into production without needing to be security or identity experts. Keycard’s platform made that possible. We had agents running against production systems in days,” said Dennis Yang, Principal Product Manager for Generative AI at Chime.
Multi-agent architectures are becoming the standard approach to building AI apps, with specialized agents increasingly being used by general-purpose agents to complete complex tasks across software development, operations, sales, marketing, finance and more. The problem is structural: most teams rely on shared API keys, inherited credentials or persistent access to connect these agents, none of which limit access to what the task actually requires.
This is compounded as agents gain more autonomy: an agent can delete a database or exfiltrate confidential information without any human overseeing it. Traditional approaches to service identity and access control were designed for a world of human operators, not agent-to-agent delegation, and without it, the risk shifts from isolated misuse to systemic failure.
Keycard for Multi-Agent Apps solves this by giving every agent verifiable identity without long-lived API keys or credentials on disk. Developers can build agents and tools using Keycard’s SDKs for Python and TypeScript. When an agent starts, it automatically receives its identity through runtime attestation. When a user or agent initiates a task, Keycard creates a session that binds every action to the originating user and request, supporting three delegation patterns:
- Agents acting on their own behalf across multi-hop workflows, each with scoped identity and delegated access.
- Agents acting on behalf of humans or other agents through explicit delegation, preserving the full chain of authority from the originating user to every downstream agent.
- Agents impersonating other agents or humans under policy constraints for specific operational workflows, with complete audit transparency.
All three patterns use the same SDK, the same policy engine and the same control plane. Agents discover and authenticate one another automatically using Client ID Metadata Documents. As agents delegate work to other agents or call tools, Keycard evaluates policy as part of every token exchange using OAuth 2.0 Token Exchange (RFC 8693), scoping access to the task and narrowing permissions at each hop so no agent ever holds more privilege than the task requires or policy allows. Every token in the chain is traceable, revocable and expires with the session.
Keycard for Multi-Agent Apps gives developers the tools to build and ship multi-agent apps that work across clouds and gives security teams the controls to govern them:
- Import identity, instead of building it. Keycard’s SDKs for Python, TypeScript and Go integrate with LangChain, Mastra and more, giving developers identity, delegation and access control as primitives they can drop into any agent or tool.
- Work with any agent. Natively accessible to ChatGPT, Claude, Codex and any agent or tool that speaks MCP, A2A or OAuth 2.1 including OpenClaw and Pi.
- Deploy across any platform. Runs on Vercel, Cloudflare, Fly.io, AWS, GCP, Azure and more. Identity travels with the agent with no static secrets to provision, rotate or protect.
- Connect agents to any tool or service. The same scoped, session-bound credentials that govern agent-to-agent access work for connecting to APIs, databases and SaaS platforms.
- Control what every agent can do. Developers and security teams set policies that control which agents can access which resources, what they can delegate and how far permissions can travel. Any change in policy triggers revocation across affected agents and sessions.
- No token management required. Keycard manages the full token lifecycle, from issuance, storage and rotation to attenuation and revocation, across every agent and session.
Behind it all, the Keycard platform provides identity federation and tracking via OIDC, SCIM and near-real-time audit logging across every agent interaction. It is the same system powering Keycard for Coding Agents. They give organizations a single platform for adopting, building, deploying and governing agents and connecting them to services, whether built or bought.
