Executive Summary
A16Z partner Joel DeLegarsa opens with a chilling security incident: a large SaaS company's agent leaked customer data across firms when users simply asked for 'my data.' This wasn't theoretical—it happened in production. Keycard CEO Ian Livingston reveals the core problem: agents operate in a fundamentally different trust model than traditional software. Where point-and-click applications had static identity controls, agents make dynamic, contextual decisions across multiple tools and data sources. The enterprise adoption curve has inverted from cloud's trajectory—CEOs are mandating agent deployment for earnings efficiency, leaving security teams scrambling to enable rather than block. Livingston describes agents evolving from copilots to autonomous task executors, creating multi-tenant, ephemeral access patterns that existing OAuth and SAML standards cannot handle. The technical challenge is profound: how do you cryptographically identify an agent, scope its access contextually, and maintain audit trails across federated tool calls? Current standards like MCP (Model Context Protocol) enable tool access but lack identity controls, creating 'secret sprawl on steroids.' The market timing is perfect—shadow IT adoption is forcing security teams to solve this immediately, not in three years. Enterprise security infrastructure companies positioned to solve agent identity and access control face a massive, urgent market opportunity as every company rushes agents into production.
Key Insights
what Ian Livingston said“We were talking to a company or heard about a company, a relatively large company that has a SaaS service that implemented an agent... you could ask for other firms data... if you just said, hey, give me my data, it would return on a revolving cast of characters data from other companies”
This is a preview. Log in to see the full analysis including investment opportunities, risks, catalysts, and detailed insights.