Keycard: 2026 is the Year of Agents
Timestamps are as accurate as they can be but may be slightly off. We encourage you to listen to the full context.
Podcast Summary
This episode explores the transition from AI copilots to autonomous agents in 2026, featuring a16z partner Joel de la Garza and Keycard CEO Ian Livingstone discussing the critical security and identity challenges facing agent adoption. (00:34) The conversation begins with a compelling real-world security incident where an enterprise agent leaked sensitive customer data, illustrating the urgent need for proper authentication and authorization systems in the agentic world. (01:02) Livingstone explains the continuum from level-zero rule-based systems to fully autonomous agents, comparing it to autonomous vehicle levels, while emphasizing that most companies are still struggling to make even copilots successful. (07:00) The discussion reveals why enterprises will likely adopt agents before consumers due to immediate operational efficiency gains and board-level business drivers, despite the complex identity and access challenges that need solving.
- Main theme: The critical security and identity infrastructure needed to safely deploy AI agents at enterprise scale, moving from copilots to autonomous systems while maintaining proper access controls and user accountability.
Speakers
Joel de la Garza
Joel de la Garza is a Partner at Andreessen Horowitz (a16z), focusing on enterprise security investments. He brings extensive experience in cybersecurity and has been instrumental in identifying emerging security challenges in the AI and agent space, particularly around identity and access management for autonomous systems.
Ian Livingstone
Ian Livingstone is the Co-founder and CEO of Keycard, a company focused on solving identity and access management for AI agents. He has been thinking about machine learning and agent security challenges for over a decade, positioning Keycard as a critical infrastructure provider for the emerging agentic workforce revolution.
Key Takeaways
Enterprises Will Adopt Agents Before Consumers
Unlike previous technology adoption cycles, enterprises are positioned to adopt AI agents faster than consumers due to immediate operational efficiency gains and existing cloud infrastructure. (21:50) Livingstone notes that this wave is fundamentally different because employees already understand these tools from personal use, the data and access systems are already cloud-based, and most importantly, agent adoption has become a top-level business objective tied directly to earnings efficiency rather than just developer productivity. Security teams can no longer say "no" as they could with early cloud adoption because CEOs are mandating agent implementation for competitive survival.
Agents Require Dynamic, Task-Based Access Control
Traditional static identity models are insufficient for agents that need contextual, ephemeral permissions based on specific tasks and user intent. (15:52) The challenge moves beyond simple read/write/delete permissions to dynamic authorization that considers the user, agent, task context, and downstream resources simultaneously. For example, a customer support agent should only access specific customer data relevant to the current task, not all customer data, and this access should be revocable and auditable in real-time.
The Identity Problem is Multi-Dimensional
Agent identity management involves understanding relationships between users, agents, and tools across complex multi-tenant environments. (14:18) Unlike traditional software where a user directly accesses resources, agents create a three-way relationship where User A uses Agent B to access Tool C, requiring new frameworks to determine appropriate access rights. This becomes particularly complex when agents are shared across multiple users and organizations, similar to how ChatGPT serves millions of users but each interaction needs proper scoping and controls.
Current Standards Are Insufficient for Production Agent Security
Both MCP (Model Context Protocol) and A2A (Agent-to-Agent) standards fail to address core identity and authorization challenges needed for production agent deployment. (27:02) While MCP provides tool-calling capabilities and A2A offers agent federation, neither solves cryptographic agent identification, user access control, or downstream resource protection. This gap has created what Livingstone calls "secret sprawl on steroids," where production credentials are scattered across local machines with no centralized control or audit capabilities.
Conditional Consent Will Define Agent Interactions
The future of agent authorization lies in conditional consent models where users grant specific, revocable permissions for discrete tasks rather than blanket access. (19:08) This approach mirrors autonomous vehicle safety systems where humans maintain ultimate control and can intervene at any time. For agents, this means implementing real-time permission granting through the agent interface, with sophisticated systems determining when to prompt users for additional consent based on the risk and novelty of requested actions.
Statistics & Facts
- The first real-world agent security incident involved an enterprise SaaS service where an agent designed to return company-specific data would correctly deny requests for other firms' data by name, but when users simply asked for "my data," it would return data from random other companies. (01:02) This incident perfectly illustrates the authentication and authorization challenges facing agent deployments.
- 2025 marked the first glimpses of true AI agents, while 2026 is predicted to be the year when every company rushes to get agents into production at scale. (00:03) This timeline suggests we're at a critical inflection point for enterprise agent adoption.
- Enterprise agent adoption is being driven by top-level business objectives rather than technical innovation, with earnings efficiency becoming the primary driver rather than just developer productivity improvements. (23:16) This represents a fundamental shift from previous technology adoption patterns where security could delay implementation.
