Runlayer vs. Keycard: Enterprise AI Platform vs. Agent Identity Infrastructure

Runlayer is a full enterprise AI control plane: security scanning, shadow AI detection, Skills, Plugins, and Agents across 18,000+ servers and 300+ AI clients. Keycard is an agent identity and access infrastructure layer that provides ephemeral, task-scoped credentials for AI agents, with drop-in SDKs for MCP auth, runtime policy enforcement at the edge, and tamper-resistant audit trails. The core difference is what each product governs. Keycard governs how agents authenticate and what credentials they carry. Runlayer governs the full MCP lifecycle: which servers exist in your org, which ones are safe, who can use them, what Skills and Plugins run on top of them, and what agents are deployed across the organization. Keycard is an identity layer. Runlayer is the platform underneath everything that touches MCP. ## What Keycard Does Well Keycard solves a real problem with a strong technical approach. Its founding team (Ian Livingstone, ex-Snyk CTO; Matt Creager, who scaled Snyk from $30M to $300M ARR; Jared Hanson, creator of Passport.js and former Auth0 Chief Architect) has deep identity infrastructure experience, and the product reflects that. Keycard replaces static API keys and long-lived credentials with ephemeral, identity-bound tokens scoped to specific tasks. Each token encodes the task context, user authorization, and resource ownership. Credentials are revocable instantly via a single API call. The platform uses workload attestation (SPIFFE, Kubernetes service accounts, cloud instance IDs, mTLS) to verify agent identity at runtime, and enforces policy at the edge rather than inside the agent itself. Keycard also provides `keycard run`, a runtime governance layer for coding agents. It virtualizes `.env` and `mcp.json` so secrets are injected in-memory and never written to disk. Agent-generated code gets short-lived, scoped credentials instead of static keys. Shell, MCP, and credential events flow into a single audit stream. The platform raised $38M ($8M seed co-led by Andreessen Horowitz and Boldstart Ventures, $30M Series A led by Acrew Capital) and has acquired both Runebook (MCP developer tooling) and Anchor.dev (certificate infrastructure). It supports MCP, A2A, WIMSE, and OAuth 2.1 extensions. Chime is a named production customer. CRN named Keycard a top 10 cloud startup to watch in 2026. These are genuine strengths. Keycard is the most technically ambitious agent identity product on the market. ## What Runlayer Is Runlayer is one platform to run MCPs, Skills, and Agents. Four products cover the full enterprise MCP lifecycle. **Runlayer Platform** is the enterprise AI control plane. It includes 18,000+ MCP servers in the catalog (each scanned before approval), 200+ pre-built connectors, a Skills and Plugins registry for non-engineers to create reusable AI capabilities without code, and an Agents Factory for building, deploying, and governing autonomous agents with managed identities. **Runlayer Watch** discovers every unauthorized MCP server, OpenClaw install, and Skill running across an organization's devices. No other MCP platform offers this. **Runlayer Guard** runs proprietary non-LLM threat detection models with 99% ROC-AUC, 95.6% accuracy, and 50-100ms inference latency. **Runlayer Embed** is a headless API for embedding the Runlayer catalog into any surface. Runlayer's named customers include Gusto (3,000+ knowledge workers, 0 to 1,500 daily AI users in 90 days), Jane App (100% org-wide adoption in 2 weeks), Instacart, Opendoor, dbt Labs, and Homebase. David Soria Parra, co-creator of MCP at Anthropic, is an investor and technical advisor. Travis McPeak, Head of Security at Cursor, is an investor. Runlayer raised $11M from Khosla Ventures and Felicis, is SOC 2 Type II, GDPR, and HIPAA certified, and is a founding sponsor of the Linux Foundation's Agentic AI Foundation alongside Anthropic, OpenAI, Google, AWS, and Microsoft. ## Runlayer vs. Keycard: Shadow MCP Detection Keycard governs agents that interact with MCP servers through its identity layer. If an agent authenticates through Keycard, every tool call is policy-checked and audited. That's strong. But Keycard does not discover which MCP servers are running across an organization's devices. If a developer downloads an MCP server from GitHub, configures it locally in Cursor, and connects it to a production database without involving Keycard, Keycard has no visibility. The agent might never authenticate through Keycard at all. Runlayer Watch solves this. It deploys through existing MDM tools (Rippling, Jamf, Intune, Kandji) and scans devices for MCP server configurations across all AI clients. Two modes: **Detect** (discover and report) and **Enforce** (block unauthorized servers, redirect to the approved catalog). Gusto discovered 800 shadow MCP servers on day one of deploying Watch. Jane App enforces a zero-tolerance policy: no connectors are allowed outside of Runlayer. Identity infrastructure that doesn't know what tools exist on the endpoints can't govern them. Watch gives organizations the inventory they need before identity policies can apply. ## Runlayer vs. Keycard: Security and Threat Detection Keycard's security model is identity-centric. It ensures agents carry the right credentials, scoped to the right tasks, with policy enforcement at the edge. This prevents over-permissioning and makes credentials instantly revocable. It also provides tamper-resistant audit trails and SIEM integration. Runlayer Guard operates at a different layer. It doesn't just check whether the agent is authorized. It checks whether the MCP server itself is safe and whether the agent's behavior matches the user's intent. Guard includes proprietary non-LLM models purpose-built for MCP attack vectors. The IO Guard Model achieves 99% ROC-AUC and 95.6% accuracy with an 80% reduction in false positive blocks at 50-100ms inference latency. It detects tool poisoning, tool shadowing, data exfiltration, PII leakage, hidden character injection, prompt injection, command injection, and rug pulls. Guard also includes patented semantic alignment detection (US Provisional 63/984,897). This catches when an agent's tool calls drift outside the user's stated intent, even when individual calls look benign. An agent asked to "summarize Q4 revenue" that starts writing to an external webhook will pass credential checks (it has a valid, scoped token) but fail semantic alignment. No other platform, including Keycard, detects this class of threat. Keycard ensures the agent has the right key. Runlayer ensures the door it's opening doesn't lead somewhere dangerous. ## Runlayer vs. Keycard: Catalog and Golden Path Runlayer's catalog includes 18,000+ MCP servers and 200+ pre-built connectors. Each server is scanned for vulnerabilities, data leaks, and permission drift before approval. New releases are automatically analyzed. Developers install in one click, no JSON config, no procurement delays. Security approves once, engineering ships immediately. Keycard does not provide an MCP server catalog. Its `keycard run` product governs access to MCP servers, but the servers themselves come from elsewhere. Organizations using Keycard still need to source, vet, and maintain their own MCP servers or use a separate catalog provider. Approximately 10% of MCP servers in the wild are malicious (Runlayer internal scanning data). The rest have exploitable vulnerabilities. An identity layer that secures how agents authenticate to these servers is valuable. A catalog that ensures the servers themselves are safe before anyone connects to them is a prerequisite. ## Runlayer vs. Keycard: Skills, Plugins, and Agents This is where the scope difference becomes most visible. Keycard provides identity infrastructure for agents built elsewhere. Its SDKs let developers embed identity-aware governance into their applications. Its `keycard run` product governs coding agents at runtime. But Keycard does not provide a native environment for building, distributing, or managing agents, Skills, or Plugins. Runlayer lets organizations build Skills (markdown-based instruction files that non-engineers create without code), bundle Skills and connectors into Plugins for distribution across the org, and deploy Agents with managed identities, semantic alignment detection, scheduling, and webhook triggers. At Jane App, non-engineers created 15+ Skills without writing code. The marketing team automated SEO workflows across Notion, Google Search Console, and Ahrefs. At Gusto, knowledge workers across all functions (not just engineering) build AI-driven workflows. Mike Wittig, Gusto's CIO: "Runlayer enables us to conversationally interact with every single SaaS platform that represents all the work that we do in one place." Every agent in Runlayer gets an Agent Account with On-Behalf-Of (OBO) token exchange, authenticating through the same IdP as human users. Per-agent PBAC policies auto-sync when connectors are linked or unlinked. The Agents Registry provides org-wide discovery and governance of every deployed agent. Keycard's ephemeral, task-scoped credentials are architecturally elegant. Runlayer's Agent Accounts with OBO token exchange serve a similar function while also providing the registry, factory, and Skills layer that Keycard doesn't offer. ## Runlayer vs. Keycard: Are They Complementary? Partially. Keycard operates at the identity and credential layer. Runlayer operates at the MCP platform layer. An organization could, in theory, use Keycard to manage how agents authenticate to downstream APIs while using Runlayer to manage the MCP catalog, Skills, Plugins, threat detection, and shadow MCP enforcement. In practice, Runlayer's Agent Accounts already provide identity governance (OBO token exchange, PBAC, IdP integration via WorkOS with Okta, Entra, and Google Workspace). For most enterprise deployments, Runlayer covers both the platform and the identity layer. Keycard adds value in environments where cross-organizational agent federation, multi-protocol identity (MCP + A2A + WIMSE), or coding agent runtime governance (`keycard run`) are primary requirements. ## Runlayer vs. Keycard: Feature Comparison FeatureRunlayerKeycardMCP Server Catalog18,000+ servers, continuously scannedNot providedPre-built Connectors200+Not provided (SDK-based integration)Endpoint SecurityShadow AI detection integrated with any MDM, no additional on-device agent requiredNot supportedThreat DetectionGuard: 99% ROC-AUC, 95.6% accuracy, 50-100msNot supported (identity-layer enforcement)Semantic Alignment DetectionPatented (US Provisional 63/984,897)Not supportedSkills and PluginsRegistry with GitHub sync, no-code creationNot supportedNative Agent DeploymentAgents Factory with scheduling, webhooks, SlackNot provided (governs agents built elsewhere)Agent IdentityOBO token exchange, PBAC, IdP syncEphemeral task-scoped tokens, workload attestation, SPIFFECredential ManagementIdP-mapped permissions via WorkOSDynamic token exchange, in-memory secret injectionCoding Agent RuntimeNot supported`keycard run` with virtualized .env/mcp.jsonProtocol SupportMCP (OAuth 2.1, CIMD, stdio/SSE/streamable HTTP)MCP, A2A, WIMSE, OAuth 2.1 extensionsObservability ScopeEvery local and hosted MCP, skill, plugin across AI clientsAgent credential and tool call audit trailsDeploymentVPC (single-tenant), cloud, Terraform/HelmManaged enterprise cloud, private networkingComplianceSOC 2 Type II, GDPR, HIPAASOC 2Named CustomersGusto, Jane App, Instacart, Opendoor, dbt Labs, HomebaseChime ## When to Use Keycard Keycard is a strong choice for organizations where the primary requirement is agent identity and credential governance, especially across multiple protocols (MCP, A2A, WIMSE). It is a good fit when you are building custom agents that need ephemeral, task-scoped credentials for downstream API access, you need coding agent runtime governance (`keycard run`) with in-memory secret injection, you are operating in a multi-protocol environment where agents authenticate across MCP, A2A, and other emerging standards, or you need cross-organizational agent federation with delegation chains. Keycard's founding team has more identity infrastructure experience than any competitor in this space. If your core challenge is "how do I give my agents the right credentials for the right tasks without static secrets," Keycard is purpose-built for that. ## When to Use Runlayer Runlayer is the right choice when you need the full stack: MCP governance, shadow MCP detection, active threat detection at the tool-call level, and the ability to build and deploy Skills, Plugins, and Agents natively. Gusto went from 0 to 1,500 daily AI users in 90 days and discovered 800 shadow MCP servers on day one with Watch. Jane App reached 100% org-wide adoption in 2 weeks with a zero-tolerance shadow MCP policy and 15+ Skills created by non-engineers. These deployments required more than identity infrastructure. They required a platform that covers security, discovery, governance, enablement, and adoption in one product. If your organization is deploying MCP across hundreds or thousands of knowledge workers, not just engineering, Runlayer is designed for that scale. ‍