Keycard, the identity and access platform for AI agents, announced it has acquired Anchor.dev to extend its platform to govern coding agents and eliminate tradeoffs between autonomy, capability and security. The deal brings in the Anchor.dev team, a stealth startup focused on automatic certificate issuance and validation, with experience building trusted infrastructure at companies such as Cloudflare, GitHub, and Heroku.
AI coding agents, including Cursor, Claude Code, Codex, and Windsurf, are increasingly shipping production software. However, their autonomy has been limited by governance constraints. Many organizations still rely on static credentials and human approvals for each tool call, making full autonomy impractical. Other vendor approaches restrict agents to narrow MCP-only workflows or apply controls at the wrong layer, such as at the network boundary or during initial authentication. These methods cannot effectively govern agent behavior once it is running without limiting capabilities or scope.
With the acquisition, Keycard said it will evaluate policy at the application layer on every tool call. The expanded platform introduces runtime application-layer policy enforcement, evaluating policies per task and per tool call rather than at login or at the network boundary. It also adds protocol-agnostic support across MCP workflows, CLI commands, APIs, and agent-generated tools, enabling governance across the full modern software development toolchain.
Additional capabilities include explicit tool governance with full visibility, allowing teams to define which tools agents can use and logging every invocation with attribution to a specific agent and task. The platform replaces static secrets with short-lived, identity-bound credentials scoped per task and cryptographically tied to the agent and application. Agents can be configured once and deployed across laptops, sandboxes and production systems using cryptographically attested runtime context. The system also enables autonomous workflows with guardrails, where routine actions proceed without human involvement, while sensitive operations can require explicit approval.
Keycard’s platform identifies AI agents, enables task-based permissions, and dynamically enforces policy while tracking all activity. The company said this allows organizations to deploy AI agents into production with governed access while maintaining flexibility in task execution. Teams can onboard through one-click installation, and developers can build and publish their own agents and tools using Keycard’s SDKs.
KEY QUOTES
“Security shouldn’t be something developers have to think about, it should just work. Keycard’s focus on agent identity combined with Anchor’s experience in developer infrastructure puts us in a unique position to help unlock the potential of autonomous coding agents.”
Ian Livingstone, Co-Founder And CEO Of Keycard
“At Anchor, we focused on removing operational complexity from certificates: automatic issuance, validation and renewal. At Keycard, we’re applying that same discipline to coding agents: real identity, scoped access, policy enforcement per action and full visibility. That’s what makes autonomous coding practical in production.”
Wesley Beary, Former CEO Of Anchor.dev, Now At Keycard
