Keycard has acquired Anchor.dev, a stealth startup focused on automated certificate issuance, to extend its identity and access platform for governing AI coding agents. The combined platform addresses a critical tradeoff organizations face: unlocking the full autonomy and capability of agents like Cursor and Claude Code while maintaining security. By evaluating policy at the application layer on each tool call, Keycard enables per-task credentials, protocol-agnostic governance, and autonomous workflows with built-in guardrails.
Keycard acquires Anchor.dev to govern autonomous coding agents.
The platform evaluates policy per tool call at the application layer, not at login or network boundary.
It provides short-lived, identity-bound credentials for each agent task.
Governance is protocol-agnostic, covering MCP, CLI, APIs, and agent-generated tools.
Organizations can define explicit tool permissions with full visibility and logging.
The acquisition aims to remove the tradeoff between agent autonomy, capability, and security.
AI coding agents are increasingly shipping production code, but their autonomy is severely constrained by legacy security models. Organizations currently face an impossible choice: either limit agents to narrow, pre-approved workflows (sacrificing capability) or grant broad access using static credentials (sacrificing security). Existing controls at the network boundary or initial authentication cannot govern what an agent does after it starts running. Keycard's approach resolves this by enforcing policy per action, at runtime.
The core innovation is moving policy enforcement to the application layer, where agents actually execute tool calls. This allows for granular, per-task permissions rather than all-or-nothing access. Static secrets are replaced with short-lived credentials cryptographically bound to a specific agent and task. Every tool invocation—successful or failed—is logged and attributed. This enables true autonomy for routine tasks while maintaining the ability to require explicit human approval for sensitive operations.
The acquisition brings the Anchor.dev team, with deep experience building trusted developer infrastructure at Cloudflare, GitHub, and Heroku, into Keycard. Their expertise in automating certificate issuance and validation at scale will be applied to the problem of coding agent identity and access. The goal is to make security "just work"—eliminating operational complexity while providing the cryptographic attestation and policy enforcement necessary for production-ready autonomous agents.
"Security shouldn't be something developers have to think about, it should just work," said Keycard CEO Ian Livingstone. This acquisition positions Keycard to provide the foundational identity and access layer that enables organizations to deploy AI coding agents into production with confidence, unlocking their full potential without compromising control.
About Keycard
Keycard’s mission is to unlock the power of AI agents by giving developers and enterprises the foundations they need to build and adopt trusted agentic applications at scale. Its identity and access platform provides real-time, contextual guardrails, enabling the transition from static, human-driven workflows to machine-driven, autonomous, agentic applications. Keycard is a remote-first company and backed by Andreessen Horowitz, boldstart ventures and Acrew Capital.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.