AI + a16z Podcast Summary

Episode: Keycard: 2026 is the Year of Agents
Host: Joel de La Garza (A16Z)
Guest: Ian Livingston (Co-founder and CEO, Keycard)
Date: October 22, 2025

Episode Overview

This insightful episode explores why 2026 is set to be the “Year of Agents,” as AI agents mature from experimental copilots into production-ready, enterprise-critical systems. A16Z’s Joel de La Garza and Keycard’s Ian Livingston break down the rapid evolution of autonomous agents, their security and identity challenges, the continuum from copilots to true agents, the emerging problems of agent-based access, and why enterprises—not consumers—will lead mass adoption. The conversation is shaped by real-world incidents and the latest thinking on agent identity, policy, and control.

Key Discussion Points & Insights

1. State of AI Agents and the Move to Production

• Agents in 2026: The majority of companies are planning to put AI agents into actual customer-facing, production environments—no longer just internal experiments.
  [00:34]

• Real Incident Example: Joel shares a story about an early security issue where an agent mistakenly exposed confidential data from other customers, highlighting new risks unique to AI agents.

  “If you just said ‘hey, give me my data’, it would return... data from other companies. Immediately when I heard about this incident, you came into my mind because I thought, my God, there is an authn Auth z problem.”
  — Joel (00:57)

2. The Continuum: Copilots to Fully Autonomous Agents

• Levels of Agency: Ian explains a spectrum (like autonomous driving) from level 0 (traditional, rule-based software) to level 5 (fully autonomous agents).

  “There's a team of agentic behavior... in the same way we think about autonomous levels of driving.”
  — Ian (05:58)

• Human-in-the-Loop vs. Autonomy: Early “copilot” AIs assist humans; new agents increasingly act without supervision, handling end-to-end tasks.

  “We’re now getting to the point where... how do I as a human get to walk away?”
  — Ian (06:54)

• Use Example: “Hey agent, can you find me the best pair of jeans under $50 and place a bid?” is no longer far-fetched.
  [06:54]

3. Security, Identity, and Access Challenges in the Agent World

• New Identity Complexity: Traditional identity models (users, groups, static roles) can’t handle dynamic agent-mediated access.

  “We're now moving to a world where a user can pick up an agent... those tools represent downstream resources... may be contextual.”
  — Ian (02:22)

• Multi-Tenancy Headaches: Agents may serve multiple users and have varying levels of access, multiplying the traditional SaaS “multi-tenant” challenge.

  “Agents are inherently multi-tenant.”
  — Ian (14:56)

• Tool-Calling and Prompt Injection: Attacks such as tool poisoning become feasible as agents increasingly chain actions across systems.

  “Tool poisoning types of attacks... the minute that the model at the core of the agent is actually starting to do more than one tool call before the, with a human not in the loop...”
  — Ian (09:14)

4. Why Enterprises Will Lead Adoption

• Enterprise First, Not Consumers: The business case (operational efficiency, workflow automation) is so overwhelmingly compelling for enterprises that they’re rapidly adopting agents—much faster than in prior tech waves.

  “If you would have asked me this a year ago, I would have said 100% consumers... I actually think this wave is different for many different reasons.”
  — Ian (21:39)

• No More “Empire of No”: Unlike early cloud adoption, security leaders (CISOs) can’t stall agent deployment out of caution as business leaders drive the transition.

  “The cloud made all the no CISOs roadkill on the Internet... now, I mean every CISO you talk to is just like, how can I enable this safely without blowing up the firm?”
  — Joel (23:38)

5. Current (and Flawed) Standards & the Road Ahead

• Fragmented Standards: Discussion about two main frameworks—MCP (most adopted, but still immature) and A2A (Academia-driven, less adopted)—both still lack strong agent identity and control primitives.

  “MCP definitely has the most adoption... beginning to hit some of that trough additional losement as people... found, hey, it's not perfect.”
  — Ian (26:28)

• The “Secret Sprawl” Problem: With agents, secret mismanagement can escalate rapidly as credentials are misused or overprovisioned.

  “It took what they used to be like, you know, the secret sprawl problem... and it's just secret sprawl on steroids.”
  — Ian (27:38)

• Need for New Policy Paradigms: Access must now be task- and intent-based, dynamic, and ephemeral (not static), requiring “reasoning models” blending deterministic policies and contextual understanding.

  “Our view... we're going to need task based, intent based policy that's enforced downstream.”
  — Ian (15:28) “How do we scale that?... It's not linear and it's not static. It's incredibly dynamic and... hyper ephemeral.”
  — Ian (16:15, 16:37)

6. Keycard’s Solution

• Keycard’s Mission: Provide enterprises with agent identity, access, and control infrastructure that is open-standard, interoperable, and audit-friendly.

  “We're going to help you identify what agents you have, what users are using those agents, what those agents are actually enabled to access, and allow you to put a bounding box around those things.”
  — Ian (29:48)

• Open & Federated Approach: Keycard avoids vendor lock-in and builds atop existing and emerging standards to remain foundational as agents become everyday business infrastructure.

  “We're completely standards and operable... a central pillar in your agent strategy moving forward.”
  — Ian (31:28)

Memorable Quotes & Timestamps

• On Early Agent Security Incidents:

  “My God, there is an authn Auth z problem. And that is the problem with identity and agents.”
  — Joel de La Garza, 00:57

• On the Copilot–Agent Spectrum:

  “Copilots are... some people say that's an advanced autocomplete. Well that's true. But... it has to make underlying assumptions, decisions.”
  — Ian Livingston, 06:37

• On Identity Reinvention:

  “The fundamental challenge is... we have a piece of compute that we need to be able to federate across cloud and across... companies. How do we identify that agent?”
  — Ian Livingston, 13:15

• On Why Enterprises Must Adopt Agents Quickly:

  “We used to be in a position with the cloud adoption where security could say, hold up a minute... this is a different situation... we're at a point where the CEO... they're saying, we have to adopt these things.”
  — Ian Livingston, 21:39

• On Future Policy Models:

  “We're moving from a world where... a software developer had to write it, yeah, we're moving to a world where if I want a task to be done, if I give the model the right context and right access to tools, it can create a plan.”
  — Ian Livingston, 16:37

• On Secret Sprawl in MCP:

  “Everybody's got a bunch of production credentials on their local machines... and they have no control over it.”
  — Ian Livingston, 27:35

Major Takeaways

• 2026 will see AI Agents everywhere in business.
• Enterprise adoption is leading, driven by efficiency and competition, not security gatekeeping.
• Traditional models of identity, access, and control are insufficient. Agents need contextual, ephemeral rights.
• Current standards are useful but incomplete—major unsolved problems remain.
• Identity, task-bounded consent, and audit are the next frontiers.
• Companies like Keycard aim to solve the “agent identity crisis” with open, federated solutions for control and policy enforcement.

Notable Segment Timestamps

• 00:34 – Agents move out of the lab and into production; first security incident example
• 05:58 – Defining the agent continuum, from basic software to fully autonomous agents
• 09:14 – Agent security problems: Tool poisoning, prompt injection, and accidental data exposure
• 11:35 – New identity/access problems: Traditional models break down
• 14:54 – Agents as multi-tenant compute; policy and control challenges
• 16:37 – Hyper ephemeral, task-based access: The end of static policies
• 21:39 – Enterprise, not consumer, will drive adoption this time
• 26:28 – Critique of current standards (MCP, A2A); secret sprawl
• 29:48 – Keycard’s solution: agent awareness, bounding, and audit
• 31:28 – Commitment to open standards and interoperability