Keycard: 2026 is the Year of Agents

Full Title

Keycard: 2026 is the Year of Agents

Summary

The episode discusses the emergence of AI agents, predicting 2026 as the "year of agents" and highlighting the critical need for robust identity and access management solutions like Keycard to handle their widespread adoption.

Key challenges revolve around the dynamic and contextual nature of agent interactions, requiring a fundamental shift in how we approach security and authorization in enterprise environments.

Key Points

• 2026 is anticipated to be the year AI agents move from labs into production, necessitating companies like Keycard to manage fleets of these agents.
• The evolution from co-pilots to true agents signifies a shift where AI makes decisions and performs tasks autonomously, moving beyond simple assistance.
• A significant security concern with agents is the problem of identity and authorization, especially in scenarios involving "tool calling" where agents interact with various resources.
• Traditional security models based on static perimeters and user roles are insufficient for agents, which require dynamic, context-aware access policies.
• Enterprises are expected to adopt agents before consumers due to the clear benefits in operating efficiency and workflow optimization.
• Existing standards like SAML and OAuth are not fully equipped to handle the complexities of agent interactions and multi-tenancy.
• Keycard aims to provide solutions for identifying agents, managing user access, controlling agent permissions, and enabling secure tool usage, bridging the gap between agent capabilities and tool provider control.
• The adoption of agents is driven by business objectives for earnings efficiency and the need for companies to remain competitive by becoming agentic themselves or integrating with agents.
• The "secret sprawl" problem, where credentials are overexposed, is exacerbated with agents, creating unseen risks.
• Future agent management will likely involve a hybrid deterministic and non-deterministic system, with continuous adaptive policies and clear accountability.

Conclusion

The widespread adoption of AI agents in 2026 necessitates a new paradigm in security, particularly concerning identity and access management.

Solutions are needed to handle the dynamic, contextual, and multi-tenant nature of agent interactions, moving beyond traditional static security models.

Companies like Keycard are essential for enabling safe and controlled agent deployment, ensuring accountability and mitigating emerging risks.

Discussion Topics

• How can businesses effectively balance the benefits of AI agent automation with the imperative to maintain robust security and user privacy?
• What are the biggest challenges and opportunities in developing clear accountability and control mechanisms for AI agents as they become more autonomous?
• Considering the rapid evolution of AI agents, what new security standards and best practices will be crucial for widespread enterprise adoption in the coming years?

Key Terms

AI agents

Software programs that can perform tasks autonomously or semi-autonomously, often using AI to make decisions and interact with other systems.

Tool calling

The ability of an AI agent to utilize external tools or APIs to perform actions or retrieve information.

Prompt injection

A type of security vulnerability where malicious input is provided to an AI model to manipulate its output or behavior.

Identity and access management (IAM)

The security discipline that ensures only authorized users access the right resources and data at the right time for the right reasons.

Multi-tenancy

A software architecture where a single instance of a software application serves multiple customers (tenants), with each tenant's data isolated.

SaaS (Software as a Service)

A software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted.

SAML (Security Assertion Markup Language)

An open standard for exchanging authentication and authorization data between parties, typically between an identity provider and a service provider.

OAuth

An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on the internet without giving them the passwords.

MCP (Machine Consent Protocol)

Likely referring to protocols or standards for managing consent and access for machine-to-machine interactions, possibly related to agent actions.

8A (likely referring to Agent API or similar Google initiative)

A Google initiative related to agent interactions and APIs, aiming for scalability.

Timeline