Keeper Security launches Agent Kit for AI coding agents

Keeper Security has launched Agent Kit for AI-driven developer workflows.

The product is designed to help AI coding agents retrieve secrets and handle administrative tasks without exposing credentials in chat history or source control.

The launch targets a growing problem as companies bring AI tools into software development. When developers ask coding agents to interact with protected systems, they can end up placing API keys, database credentials and other sensitive information into chat interfaces, risking storage in logs or other external systems.

Agent Kit integrates Keeper Secrets Manager and Keeper Commander with coding agents including Claude Code, Cursor, Codex and GitHub Copilot. This allows those agents to use encrypted command-line tools within a developer's authenticated session rather than relying on raw credentials pasted into prompts.

Under the setup, AI agents can retrieve secrets for local runtime use, administer vault resources such as users and teams, and automate configuration tasks for new projects. Teams working in hosted or orchestrated AI environments can instead use a Model Context Protocol server integration, available in Docker and Node configurations, rather than local command-line tools.

Actions taken through the tools remain subject to the same role-based access controls and audit logging that apply to human users. That is likely to appeal to organisations trying to extend internal security rules to automated software agents as use of agentic AI widens.

Craig Lurey, Chief Technology Officer and Co-founder of Keeper Security, outlined the company's position on how AI tools should be used around sensitive information.

“The Keeper Agent Kit provides a definitive framework for how AI agents interact with sensitive enterprise data,” said Craig Lurey, Chief Technology Officer and Co-founder of Keeper Security.

“By equipping these agents with instructions to use our encrypted CLI tools locally, we ensure the agent runs commands within the developer's own authenticated session. This architecture maintains our zero-knowledge standard while allowing developers to leverage the full speed of AI without leaving the vault door open.”

Developer focus

The release comes as security teams and software engineers wrestle with the practical risks of embedding AI assistants into day-to-day coding work. Tools that generate code, automate infrastructure tasks or help configure environments can speed up development, but they also create new paths for credential leakage if controls are weak.

Keeper frames Agent Kit as a way to keep secrets out of conversational interfaces while still allowing AI tools to complete operational tasks. In practice, the approach centres on secret retrieval at runtime rather than exposing the raw credential directly to the agent in a prompt.

The kit is available as an open-source repository under the Apache 2.0 licence, which may make it easier for development teams to inspect how the integration works and adapt it to existing internal workflows.

Jeremy London, Director of Engineering, AI and Threat Analytics at Keeper Security, said the balance between automation and control is becoming a pressing issue for security teams.

“Security teams should not have to trade velocity for operational safety,” said Jeremy London, Director of Engineering, AI and Threat Analytics at Keeper Security.

“With the Agent Kit, we are transforming AI from a conversational assistant into a secure partner that respects the organisational security perimeter. By allowing agents to resolve secrets at runtime without ever seeing the raw credential, we help close one of the most dangerous exposure points in the modern developer stack.”

Keeper operates in identity security and privileged access management, with a focus on password protection, secrets management and access controls. It says it serves organisations and users across more than 150 countries.

The launch adds to a growing market effort to build guardrails around AI-assisted development, particularly where coding tools are being asked to interact with production systems, databases and internal infrastructure. As businesses test how far they can push AI agents into operational roles, control over credentials is becoming one of the clearest fault lines in that shift.

The Agent Kit is available as open-source software under the Apache 2.0 licence.