The Upshot

Keycard co-founder Ian Livingstone wants you to be able to direct hundreds, even thousands of AI agents on your behalf. But when one goes to, say, order you a pair of blue jeans on a shopping site, a bunch of security risks pop up.

Does this agent really belong to you, and have your permission to put the jeans in a digital shopping cart for checkout? Is it operating under the rules you gave it, or possibly going rogue? That wouldn’t be fun for anyone – it’d be a pain to have to refund them, and for you to ship them back.

In a business context, the same type of transaction could be happening involving millions of dollars and sensitive information. Livingstone’s new startup, Keycard, sees the solution for both as a new kind of security software.

“What we bring to the table is the ability to put a box around the agent,” Livingstone says. “Developers don’t have the tools today to enable these experiences.”

Keycard’s solution is what Livingstone and co-founders Matthew Creager and Jared Hanson claim is a new kind of software: agent security that can, through building blocks known as software development kits, or SDKs, use cryptography to verify an agent’s affiliated human or company and its credentials.

Most importantly, Keycard’s tokens do all this at the moment of a single task or action, or “at runtime” as a cyber pro would call it, with as many agents as you throw at a company using it.

In the future that Livingstone says is coming, this is the (pun intended) key. It’s one thing to treat AI agents as a one-for-one equivalent to us as they surf the web. The reality will likely look more like thousands of temporary agents spinning up to solve one project or request we might have, then spinning down without any formal retirement ceremony.

That’s a lot of agents that at some point had our authority, such as a credit card or data access, that otherwise could be lying around for misappropriation. “Machines have very different access profiles, and agents put that difference on steroids,” Livingstone says.

To tackle the problem, Keycard is formally launching today with $38 million in combined seed and Series A funding, Upstarts exclusively reports. Its previously unannounced $8 million seed round was led by a16z and boldstart ventures, while Acrew Capital led its $30 million Series A.

Keycard’s launch is the notable newest entry in a brewing race to secure AI agents we wrote about last month, with the fundraise of a cybersecurity player, Descope. Like Descope, Keycard’s founders come with serious repeat founder credentials.

Upstarts is skeptical when a startup like Keycard says it’s the first to market, or that it won’t directly compete with the others – it seems too early for anyone really to know, let alone start to claim victory.

But what does seem clear: agentic security looks like the next cybersecurity gold rush, and it’s worth paying attention as a host of new startups and big players move in fast.

“Many people are now playing with agents,” Livingstone says. “But there’s a pillar that’s missing today.”

More on his story and Keycard’s approach below.

Presented by Structify.

Getting answers from your data shouldn’t take three days and two Slack threads.

Structify’s AI agents source, clean, and analyze data from anywhere — Salesforce, Snowflake, spreadsheets, PDFs, internal databases, even the web. Just ask in plain English and get instant answers.

Instead of chasing down messy data, you just ask — and Structify delivers.

No tickets. No technical skills. No waiting.

Sign up now for $20 in free credits

Secret(less) agents

Livingstone always expected to launch another startup after his time at Snyk ran down following the 2021 acquisition of his previous startup, Manifold.

It’s “in his blood” to build companies, he says, ever since as a teenager he helped launch a gamer-focused streaming service to fill a gap not yet covered by YouTube nearly 20 years ago.

The ‘aha moment’ for Keycard came in early 2023, when DevOps toolmaker CircleCI disclosed that hackers had stolen encryption keys involving its products; that meant that API tokens used by customers were no longer secure, and CircleCI had to warn all of them to change over any of their own keys or passwords, referred to as secrets, that connected their own software together.

Get 10% off for 1 year

Snyk was one of those CircleCI customers, meaning employees like Livingstone and Creager were in for a bad time. Staff had to manually map out and retrace every key and password across the organization to see who owned it and make sure it got updated. The result was a giant spreadsheet of more than 10,000 credentials that was both a pain and its own sort of risk.

“We had to go through this crazy process,” Livingstone says now. “And I realized, ‘Hey, we haven’t actually figured out how to enable software to connect to each other across applications, across companies, in a way that really made it secure.”

Speaking with peers, he became convinced that the answer wasn’t better storage of such secrets: it would be removing the secrets altogether. A pathway that could manage such connections via a better kind of token would mean such keys wouldn’t be necessary – creating a keycard of sorts.

To build Keycard, Livingstone teamed up again with Creager; both based in Halifax in Canada, Livingstone had been Manifold’s CTO, while Creager led developer relations. Livingstone tapped Hanson, previously chief architect at Auth0 through its acquisition by Okta, as third co-founder for his identity security know-how.

Without getting in the technical weeds, Keycard effectively authenticates that any number of agents are operating as their builders, the downstream services they’re accessing, and the users who have directed them to do so, all intend for them to be working.

A basic use case would be securing an agent’s access to company data within Snowflake’s cloud storage, or its access to GitHub code repositories.

The biggest change from status quo, says boldstart investor Ed Sim, is to think of these agents as much less like a digital twin of a person, doing everything they can over long periods of time, and more like thousands of short-term problem-solvers that can come and go.

“The type of access we need for that is going to be different. We can’t have permissions that last forever,” he says.

FUD risk

To hear Livingstone tell it, this category is evolving fast enough that new use cases emerge every three months; no one has figured everything out, and no one is truly in the market with a definitive product.

Keycard’s worked with a handful of design partners so far, but cannot name them; one spoke with Upstarts on condition of anonymity, as they were not authorized to speak on behalf of their company, and attested that their team got Keycard up and running within a few hours. But all of this is early, Keycard and its backers admit.

“No one is really too far ahead in having a product in-market,” says Modern Technical Fund founder Amanda Robson, whose fund launch we covered in June – how we first met Livingstone, then operating in stealth.

Robson says she became a fan of Livingstone’s through his podcast influential in infrastructure circles, The Infra Pod. Keycard has a chance to help shape this new security pathway, she argues, because of Keycard’s credibility and focus on the developer experience.

A number of competitors will be chasing the same solutions, both from the bigger company side like Okta, as well as the startup side with Descope, Oasis Security, Astrix Security and others.

Join our WhatsApp group

“Our biggest risk is the amount of FUD creation that’s going on in the market,” says Livingstone, referring to ‘fear, uncertainty and doubt’ that companies can sling at each other with customers.

With the funding, Keycard will work to ship its software beyond test customers, while building out a hub in San Francisco. Livingstone’s spending half his time there, and Hanson lives in the Bay Area, but the startup will remain remote-first like Manifold and Snyk.

Agents affect companies all over, Keycard’s CEO notes, not just in AI’s self-appointed global hub. “There’s incredible talent all over North America, and intuitively all over the world, that wants to be working on core problems, and that is excited by the opportunity around agents,” he says.