Olivia
Online
Creager
@Matt_Creager
Designing identity infra for agents @KeycardLabs Permissions should shape-shift too. Ex-@SnykSec, @heroku.
Halifax, Nova Scotia
Joined March 2009
154 Following
3K Followers
2.4K Posts
Everyone's building internal AI. A few teams are actually shipping it.
Cloudflare nearly doubled MR velocity
Browserbase cut support response to <24 hours
Sentry turned 30-min investigations into 1 Slack message
@zeeg @pk_iv @irvinebroque @ianlivingstone tell us how next week
If you are at @OneRSAC this week, stop by booth #2351 in Moscone South and say hi to the Keycard team!
Dependencies are not the core problem; our broken identity and access models combined with bad isolation makes this supply chain attack so potent.
Keys on disk in the same user space as the compromised package took this attack from bad to devastating. Even if every tool was home built and verified you’d still be at risk of model poisoning and other attack vectors.
Agent security starts with identity and access - and we’re fixing this @KeycardLabs
Your coding agents inherit your credentials and your permissions. No identity system in the stack can tell the difference between you and the agent acting in your name.
Today: Keycard for Coding Agents 🧵
Who to follow
NS Agriculture
@NSAgriculture
Official Twitter account for the Nova Scotia Department of Agriculture.
Steve Francia
@spf13
Always learning • Former MD @twosigma, @golang GPM @Google, VP @Docker, VP @MongoDB, @Drupal board • @gohugoio, Cobra & spf13-vim creator • Father of 4
8x8
@8x8
Let’s power your CX ambitions on the industry’s most integrated platform.
When a chatbot gains the permission to execute code, the relationship changes.
A deep dive into the concept of "Agentic Authority" and the trust architecture required when AI moves from suggestion to action.
{ author: @KimMaida }
https://t.co/omEO0KB2tq
Most platforms that attempt to recreate Heroku land in the uncanny valley of developer experience.
Close enough to trigger the expectation of delight. just far enough off to remind you what's missing.
Taste moves with the community- copy the surface and you're chasing where it was, not where it's going.
https://t.co/bsyckYF3oM
MCP DEBATE @aiDotEngineer is LIVE! @ianlivingstone and @dexhorthy go head to head
Highlights:
(00:00) Intro
(01:10) Is MCP living up to its vision promised in 2024
(02:43) MCP does not replace SDKs
(04:00) Why has MCP been so hyped
(05:10) Who is seeing the most value from MCP
(06:15) MCP marketplaces need better curation
(07:10) Enterprise MCP concerns
(08:10) MCP enabling decoupled agent systems
(08:55) How do we avoid MCP being a monolithic middle layer
(09:10) The fundamental issue with open source
(09:37) The MCP land grab
(10:44) MCP reminds us of OAuth 1.0 vs 2.0
(12:00) 3 revisions later, have we finally figured out auth for MCP?
(16:23) Is MCP a security nightmare or a potential control plane
(18:00) agents need granular permissions
(20:30) agents need context aware, ephemeral permissions
(23:03) Devs have to do a lot of work to get MCP to work well
(24:00) Good context engineering is key
(25:24) We're missing a middleware layer
(26:20) The tool bloat problem
(28:30) Don't say multi agent system ever again
(30:40) Don't use training data for knowledge
(33:20) How MCP compares to other protocols
(34:20) Are people using the stateful parts of MCP
(38:00) Statefulness will drive the unlock
(39:00) MCP vs A2A
(42:00) The trust equation
This is genuinely one of the most interesting panels, the level of depth is incredible - master class.
The question of why runtime security infrastructure/sensors tends to struggle fail came up - I wonder whether it just boils down to the fact that what we had (static guardrails) was ‘good enough,’ e.g a timing issue, that’s being resolved by the demands/dynamism of AI?
In recent weeks, we’ve already seen AI agents go rogue or leak sensitive data due to weak identity infrastructure – a preview of what happens when autonomy outpaces trust. There’s a structural mismatch between how our systems authenticate and how agents actually behave.
@KeycardLabs is building the missing trust fabric for this new world. Keycard issues dynamic, identity-bound, task-scoped tokens: cryptographic “keycards” that carry verifiable proof of who the agent is, what it is allowed to do, and for whom.
We’re investing in Keycard to build the identity layer for the agent economy. Founders @ianlivingstone, @Matt_Creager, and @jaredhanson combine deep expertise in infrastructure, developer-first design, and online identity. We’re thrilled to be backing them.
The @KeycardLabs team is tackling one of the biggest infra challenges with agents: identity 🤖
Thrilled to partner with @ianlivingstone @Matt_Creager & @jaredhanson 💪
&& check out @alexrkonrad exclusive on their announcement out of stealth from @UpstartsMediaCo 👇
Exclusive: Keycard, a new startup looking to secure AI agents for developers, has launched out of stealth with $38M from a16z, boldstart and others.
Repeat entrepreneur and CEO Ian Livingstone (@ianlivingstone) says he's addressing the "missing pillar" in building with agents.
This is such a wild & reactionary take on what's going on here from @garrytan - for someone who is usually so well-spoken, rational, and technology-forward, I'm shocked.
Determining the identity of an agent, service, machine, computer, or other entity is a fundamental problem that needs to be addressed. The standard that @Cloudflare and friends are working on is critical to enabling a truly agentic economy - in the same way that standards like SSL/TLS paved the way for the proliferation of internet commerce in the late 90s/00s.
No one here is trying to create some kind of locked-in web experience (e.g. bullshit DRM) - they're trying to help resource owners (websites, stores, platforms) identify and discern between "good actors" and "bad actors" in a way that helps them _enable agentic workflows_ to proliferate, to enable agents to interoperate, and enable humans to be able to delegate to trusted agents in the same manner.
This is about levelling up our bot/agent abuse detection from Layer 3/4 (transport/tcp&ip) behaviour to Layer 5 (app), so when an agent on Vercel gets blocked by an ISP in Spain, they don't have to block all Vercel traffic; instead, they can be discerning about exactly which agent or app to prevent the abuse.
The work @Cloudflare is doing here is really good and coming from a good place - it's built upon existing practices (e.g., using .well-known for advertising key data) and leverages work that has been ideated for years to address issues surrounding webhooks and machine-to-machine authentication challenges.
I'm excited by the work being done here and happy to see @browserbase & @pk_iv realize how this helps them solve real challenges for their customers. This isn't some scary thing; it's just the next piece of protocol being proposed to unlock real end-user value in the same way that Cookies & TLS unlocked the trillion-dollar economy we have today on the internet.
Agents break the fundamentals of traditional IAM systems - overtime, if you build them, as you did a traditional service, they will end up with god-mode privileges -- access to everything, for every user that interacts -- like katamari damacy.
Ultimately, we need IAM systems that are highly dynamic, ephemeral, and only give agents access to systems on a per-task, user-specified basis that are deeply integrated into the agentic loop and provide active, run-time guarantees.
If a user can't access something, an agent shouldn't be able too either, and, the user should have the ultimate control over what those agents can do on _their behalf_.
The foundations of agentic security come back to the basics: how do you control what they can access, on behalf of whom, and what actions they perform with whose authority.
This is why we're rebuilding IAM from the ground-up for the agentic era at @KeycardLabs.
Agents broke our auth systems. We’re all pretending they didn’t.
I wrote about the shared guilt, duct-taped credentials, and what we’re building @KeycardLabs to fix it:
https://t.co/acINJnjm1F
1/What a way to kick off #RSAC2025!
💪🏻 Congrats @ProtectAICorp on your exit to @PaloAltoNtwks! 🚀
It all started 3.5 yrs ago in Hawaii; @ianrswanson saw what almost no one else did: the future of AI security.
We @Boldstartvc 🙏🏻 to partner from Inception
Here's the story 🧵:
This is an incredible tool build by @jevon and the buildcanada team.
It's an AI assisted workflow that goes through all speeches and communications by the candidates and extracts their policies and promises made.
You can now see exactly what the candidates say on major topics and issues and how they differ (with citations).
@vtahowe @aiDotEngineer @bankof_amERICA @lgesuelli_p @costantinmotion @ambricken @simbiehealth Had a blast, here’s hoping we bump into each other at future events :)
@jxnlco Flying in From Halifax, NS (that's in Canada) tonight - will be loitering with a laptop and mountain of curiosity until Saturday :)
Introducing Build Canada 🏗️🇨🇦
Ideas for a bolder, richer, freer country – backed by Canadian entrepreneurs
Model Context Protocol (MCP) was recently introduced by @AnthropicAI and is an important emerging standard for connecting AI agents to APIs and data. To realize its full potential, that access needs to be secure. And we need your help...
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.2M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers