From Human-Centric Stacks to Agent-Native Security
Most enterprise software stacks quietly assume a human in the loop: a person holds the credentials, clicks the buttons and moves through workflows at human speed. Autonomous agents shatter those assumptions. They operate continuously, at machine speed, and often with wide-reaching privileges that were never designed for non-human actors. This creates a new class of AI agent security risks, from silent data exfiltration to destructive actions on production systems. Traditional identity access management tools, built for employees and service accounts, struggle to model agent-to-agent delegation or ephemeral decisions taken by a swarm of cooperating agents. As enterprises rebuild business functions around autonomous agents in development, operations, sales or finance, security can no longer be bolted on. Identity, scoped access control and runtime isolation must become part of the core architecture, enabling agents to be powerful without being ungovernable.
Keycard: Scoped Access and Identity for Multi-Agent Systems
Keycard is positioning itself as an identity and access layer purpose-built for autonomous agents enterprise deployments. Its new Multi-Agent Apps capability gives every agent its own verifiable identity, eliminating shared API keys and static credentials on disk. Access is delegated on a per-task basis, so privileges are tightly scoped to what a specific workflow actually requires, rather than broad standing permissions that persist long after a job completes. This session-based model supports agent-to-agent delegation while maintaining multi-agent security: actions remain constrained and fully attributable across agents, users and systems. For engineering teams, Keycard’s SDKs for Python and TypeScript aim to hide the complexity of identity access management, so developers can ship agents into production without needing deep security expertise. The result is a middle path between over-locked agents that deliver little value and over-privileged agents that are effectively ungovernable.
OpenShell: A Secure Runtime Sandbox for Autonomous Agents
Where Keycard focuses on identity and permissions, OpenShell tackles the runtime layer for AI agent security. Developed as part of Nvidia’s Agent Toolkit, OpenShell provides an open source, sandboxed environment where each autonomous agent — including its harness and model — runs in isolation. Instead of letting agents touch the operating system, network or host directly, a gateway outside the sandbox holds credentials and session state. When an agent needs to call systems like ServiceNow, Salesforce or Workday, the gateway mediates authentication and injects a temporary session into the sandbox. This design keeps keys out of the agent’s reach and limits the blast radius if prompt injection or arbitrary command execution occurs. Crucially, OpenShell enforces policy below the application layer using Linux kernel primitives such as seccomp, eBPF and Landlock, baking security into the stack rather than bolting it on service by service.
Attribution, Accountability and Compliance for Agent Swarms
As multi-agent architectures become the default pattern for complex AI applications, attribution and accountability move from nice-to-have to non-negotiable. A general-purpose orchestrator might call specialized agents for code changes, financial updates or customer operations. Without clear identity for each agent and auditable, scoped access control, enterprises cannot answer basic questions: which agent did what, on whose behalf, using which privileges? Keycard addresses this gap by ensuring every action is tied to a specific agent identity, user and system context, with no hidden shared credentials blurring the trail. OpenShell complements this by confining each agent in an isolated sandbox, so operational and security events can be mapped to a precise runtime environment. Together, these approaches support compliance and auditability, transforming autonomous agents from opaque black boxes into accountable actors that can be governed under the same rigorous controls applied to human users and traditional services.
The Convergence of Identity and Orchestration in Agent-Native Stacks
Taken together, platforms like Keycard and OpenShell signal a broader shift in how enterprises think about autonomous agents. Rather than treating security as an afterthought wrapped around an orchestration layer, identity access management and secure runtime controls are becoming the foundation on which agent-native stacks are built. In this emerging model, every agent is born with an identity, runs in a sandbox, and receives only scoped, session-based privileges mediated through gateways and policy engines. Agent orchestration then happens on top of these guarantees, not in spite of them. Backing from major ecosystem players and adoption by platforms such as ServiceNow and LangChain highlight how central these concerns have become. As organizations push agents deeper into mission-critical workflows, the convergence of identity platforms with runtime security will determine which AI systems are not just powerful, but trustworthy in production.