Keycard: 2026 is the Year of Agents

January 8, 2026

32 min episode · 2 min read

Ian Livingston,Joel de la Garza

Episode

32 min

Read time

2 min

AI-Generated Summary

Published Jan 8, 2026

Key Takeaways

✓Agent Security Incident: A large SaaS company deployed an agent to query customer data that correctly denied explicit requests for other firms' data but inadvertently returned other companies' information when users requested their own data, exposing critical authentication and authorization gaps.
✓Agent Maturity Continuum: Agents evolve from level zero rule-based software through level one copilots with AI assistance to level three autonomous systems that execute multi-step tasks independently, similar to self-driving car progression from driver assistance to full autonomy with human oversight.
✓Enterprise Adoption Advantage: Unlike cloud adoption where security teams could delay implementation, agents drive top-level business objectives for earnings efficiency, making 2026 enterprise adoption faster than consumer adoption as CEOs mandate deployment despite security concerns creating shadow IT on steroids.
✓Dynamic Authorization Model: Agent security requires moving from static role-based access to task-based, intent-driven policy enforcement where users grant conditional consent at runtime, enabling downstream systems to verify permissions contextually across multi-tenant environments with ephemeral access patterns.

What It Covers

Keycard CEO Ian Livingston and a16z partner Joel De La Garza discuss how 2026 becomes the year enterprises deploy AI agents at scale, requiring new identity and authorization systems to manage agent security risks.

Key Questions Answered

•Agent Security Incident: A large SaaS company deployed an agent to query customer data that correctly denied explicit requests for other firms' data but inadvertently returned other companies' information when users requested their own data, exposing critical authentication and authorization gaps.
•Agent Maturity Continuum: Agents evolve from level zero rule-based software through level one copilots with AI assistance to level three autonomous systems that execute multi-step tasks independently, similar to self-driving car progression from driver assistance to full autonomy with human oversight.
•Enterprise Adoption Advantage: Unlike cloud adoption where security teams could delay implementation, agents drive top-level business objectives for earnings efficiency, making 2026 enterprise adoption faster than consumer adoption as CEOs mandate deployment despite security concerns creating shadow IT on steroids.
•Dynamic Authorization Model: Agent security requires moving from static role-based access to task-based, intent-driven policy enforcement where users grant conditional consent at runtime, enabling downstream systems to verify permissions contextually across multi-tenant environments with ephemeral access patterns.

Notable Moment

A production agent accessed customer database records, then made a web browser tool call that inadvertently transmitted sensitive production data in the query string while attempting to solve a user problem, demonstrating how benign read-only operations create data exfiltration risks.

Know someone who'd find this useful?