AI agent identity and ephemeral credentials: what changes now?

TL;DR: Keycard says traditional IAM patterns break down when autonomous AI agents need ephemeral, task-scoped access, and argues for cryptographically bound tokens, edge enforcement, and instant revocation, according to WorkOS. The broader point is that agent identity is no longer a secrets problem alone; it is a governance problem where static privilege assumptions fail under runtime delegation.

NHIMG editorial — based on content published by WorkOS: Keycard for AI Agent Security: Features, Pricing, and Alternatives

By the numbers:

• Keycard emerged from stealth in October 2025 with $38 million in funding.
• AI agents are already acting beyond their intended scope in 80% of current deployments, according to SailPoint research.
• When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes.

Questions worth separating out

Q: How should security teams govern AI agent credentials in production?

A: Security teams should govern AI agent credentials as short-lived, task-scoped access artifacts, not as reusable secrets.

Q: Why do AI agents complicate zero-trust access models?

A: AI agents complicate zero-trust because the actor can initiate actions, choose tools, and consume access dynamically at runtime.

Q: What do teams get wrong about agent identity and secret rotation?

A: Teams often focus on rotating secrets faster, when the deeper issue is whether the secret should exist as a durable credential at all.

Practitioner guidance

• Define agent credentials as task-scoped artifacts Issue access only for a specific task, user, and resource set, and require automatic expiry at task completion so credentials cannot survive as reusable secrets.
• Audit every delegation path Track which human or system authorised each agent action, which identity provider issued the token, and which downstream service accepted it so you can reconstruct the delegation chain without guesswork.
• Move authorization checks to shared enforcement points Validate agent tokens at network or service boundaries rather than inside agent code, and verify that revocation is enforced consistently across cloud, on-premises, and SaaS targets.

What's in the full article

WorkOS's full article covers the operational detail this post intentionally leaves for the source:

• Pricing and packaging details for Keycard's early-access model, including how the vendor expects teams to engage directly.
• Implementation specifics for its credential broker, federation flow, and edge enforcement design across hybrid environments.
• Product-side discussion of support boundaries, deployment assumptions, and the enterprise features the vendor positions as missing from point solutions.
• The vendor's own comparison framing for production enterprise authentication and agent identity workflows.

👉 Read WorkOS's analysis of Keycard for AI agent security →

AI agent identity and ephemeral credentials: what changes now?

Explore further

View Full Forum →  |  NHI Foundation Course →