{"version":"1.0","type":"agent_native_article","locale":"en","slug":"agent-gateways-concentrating-power-enterprise-ai-mraskzdx","title":"Agent Gateways Are Concentrating Power Over All Enterprise AI","primary_category":"ai","author":{"name":"Isabel Ríos","slug":"isabel-rios"},"published_at":"2026-07-07T14:03:49.590Z","total_votes":84,"comment_count":0,"has_map":true,"urls":{"human":"https://sustainabl.net/en/articulo/agent-gateways-concentrating-power-enterprise-ai-mraskzdx","agent":"https://sustainabl.net/agent-native/en/articulo/agent-gateways-concentrating-power-enterprise-ai-mraskzdx"},"summary":{"one_line":"Agent gateways are emerging as the unplanned but decisive control layer of enterprise AI, concentrating governance, permissions, and auditing in a single point whose design will determine who actually controls organizational AI.","core_question":"Who controls the agent gateway controls enterprise AI — so who should own that control layer, and according to what criteria?","main_thesis":"Every major infrastructure transition produces an unplanned control layer that ends up being where real power is exercised. Agent gateways are that layer for agentic AI. The market is already consolidating around two competing models — proprietary security platforms and open community governance — before most organizations have established explicit policies for who designs the rules that run on top of that infrastructure."},"content_markdown":"## Agent gateways concentrate power over all enterprise AI\n\nThere is a pattern that repeats itself every time a technology transitions from experiment to critical infrastructure: at some point, a control layer emerges that no one had formally planned, but which ultimately becomes the place where the decisions that matter most are made. It happened with load balancers on the web, with control planes in the cloud, and with service meshes in the era of microservices. It is now happening with artificial intelligence agents, and the name that layer is taking is that of the agent gateway.\n\nIn the first week of July 2026, two distinct corporate moves confirmed that this category is no longer a concept under construction. Arcade made its authorization and tool execution engine directly available on the Microsoft Azure and AWS marketplaces, allowing companies to deploy it within their own cloud with a single click. One day earlier, Manufact opened its MCP hosting cloud — based on the Model Context Protocol — to take a server from a code repository to a monitored production endpoint. Neither made an extraordinary announcement. But together they point to something precise: the market is installing governance structures for agentic AI before organizations have finished understanding what they have deployed.\n\nNutanix had already defined the geometry of this category in May, when it launched its agent gateway as a generally available product within version 2.7 of Nutanix Enterprise AI. The solution functions as a centralized control point that manages traffic from agents to language models and from agents to the business tools they invoke. It routes requests, applies authentication, manages permissions per tool, logs every call for auditing, and measures token consumption per agent and per team. The customer service agent can be granted read-only access to the database; the DevOps agent can have full write permissions in GitHub. If the primary provider fails or reaches a limit, traffic automatically falls over to the configured backup provider.\n\nWhat makes this moment strategically relevant is not the functionality itself. It is that for the first time the market is naming and packaging the place where power over enterprise AI is concentrated.\n\n## Who was in the room when governance was designed\n\nTo understand the importance of this layer, it is worth observing how an AI agent operates in production without it. An agent never acts alone for very long: it calls a model to reason, then calls tools — GitHub, Stripe, a database, an internal API — to execute. It frequently generates sub-agents that repeat the same cycle. Every call consumes tokens and touches a system with its own permissions. Without a centralized control point, an organization ends up with dozens of agents connected directly to production systems, with no single place to observe the traffic, stop it, or audit it.\n\nThis distributed, ungoverned architecture is not merely an operational risk. It is also a question about power and design. When there is no explicit control plane, governance of the agents does not disappear: it fragments and becomes implicit. The decisions about which tools each agent can invoke, under what identity, under what conditions, and with what scope of permissions are made by the teams that built each individual agent separately, with minimal coherence among them.\n\nThe structural result is predictable: **peripheral intelligence becomes invisible**. The teams operating at the margins of the system — those who know the atypical use cases, those who work with sensitive customer data, those who see the second-order effects of automations — have no representation in the design of what agents can and cannot do. Decisions about permissions, scope, and access are made once, at the time of initial deployment, by the technical team that built the agent, with no mechanisms for centralized review or for incorporating diverse perspectives.\n\nThe agent gateway changes that, at least potentially. It centralizes governance at a single point where access policies, authentication, and auditing can be reviewed, updated, and applied consistently. But the question this design opens is not technical: **it is who controls that central point and according to what criteria**.\n\n## The consolidation that is already occurring\n\nThe market is giving two simultaneous and opposing answers to that question, and both reveal an underlying tension about who should be the custodian of the control layer.\n\nThe first answer is integration within proprietary security platforms. Palo Alto Networks completed in May 2026 the acquisition of Portkey, an autonomous AI gateway oriented toward agent governance, in order to incorporate it into its security platform. The argument is coherent: if agents with elevated privileges are the new enterprise risk vector, control over what they can do is a natural extension of the security perimeter. Agent governance thus becomes part of the zero-trust and privileged access portfolio that large cybersecurity vendors already manage.\n\nThe second answer is open governance. Solo.io donated its agentgateway project to the Agentic AI Foundation under the aegis of the Linux Foundation, making it the group's fourth hosted project. The project, written in Rust, handles MCP, agent-to-agent, HTTP, and gRPC traffic through a single data plane, and already counts more than 300 contributors from 60 organizations, including CoreWeave, Red Hat, Adobe, Salesforce, and Microsoft. The logic here is also coherent but points in the opposite direction: if the agent gateway is the central infrastructure of all enterprise AI, no single vendor should own it.\n\nThese two moves are not simply different commercial strategies. They are two different theories about where power over AI infrastructure should reside. The first places that power within the security perimeter of large technology corporations. The second distributes it toward a community of contributors under neutral governance.\n\nWhat structural analysis reveals is that **the choice between these two options is not primarily technical or financial: it is a decision about architectures of power**. A company that chooses to integrate its gateway within a security vendor's platform is delegating the design of its agent governance policies to that vendor's product roadmap. A company that adopts the project under the Linux Foundation takes on more technical responsibility but retains the capacity to collectively influence how the control layer evolves.\n\n## The three blind spots the market has not yet resolved\n\nThe original Forbes article formulates three due-diligence questions for enterprise buyers, and all three share a common characteristic: they are technical in their formulation but organizational in what they reveal.\n\nThe first question is about **ownership**: which parts of governance are proprietary to the vendor and which are thin wrappers around AWS or Azure primitives that the company is already paying for. This question seems financial, but at its core it is about design dependency. If agent governance is outsourced to layers that the internal team cannot audit or modify, the organization does not control its own AI, even if it nominally operates it.\n\nThe second question is about **cost behavior**: what happens to the bill when the volume of tool calls doubles or when the deployed agents do not meet the vendor's assumptions. Gartner projected that more than 40% of agentic AI projects will be cancelled before 2027 due to rising costs and insufficient risk controls. The structural irony is that the very gateways that position themselves as the solution to that risk can become an opaque cost layer if their pricing model scales alongside the volume of agents.\n\nThe third question is about **control consistency**: whether authentication is required for every tool and every method of the MCP protocol, or only for the most obvious ones. CyCognito has systematically documented that the most common failure in production environments is not the total absence of controls, but the inconsistent application of those that exist. An agent that has unauthenticated access to an exposed MCP server is, in CyCognito's terms, a public catalog of business operations.\n\nBut there is a fourth blind spot that none of these questions directly captures, and it is the one that is most interesting from an organizational design perspective. **Agent gateways centralize governance, but they do not guarantee that that governance is intelligent**. A central control point can replicate and scale the same biases and blind spots that the teams who designed the original policies had, now with greater speed and reach. Centralized governance without diversity of perspectives in the design of policies is not governance: it is homogeneity with better coverage.\n\n## The control plane is also a power plane\n\nThe historical comparison that analysts typically make is that of service meshes in the era of microservices. When Envoy and Istio emerged as control planes for traffic between services, they transformed enterprise network architecture and defined who could observe and govern communications between components. The parallel with agent gateways is technically precise, but it omits a dimension that in the case of agentic AI proves more significant.\n\nMicroservices moved data and business logic. AI agents make decisions, execute actions, and generate consequences in production systems with or without direct human supervision. The control plane now being built does not merely manage traffic: it defines what an organization's AI can do, with what authority, over what systems, and under what conditions of review. That is not merely an infrastructure decision.\n\nWhen Nutanix, Arcade, or Manufact speak of per-tool filtering, centralized authentication, and audit logging, they are describing the technical mechanism. But the policy that runs on top of that mechanism — who can invoke what, with what scope, under what conditions of override — is an organizational decision that in most companies is still being made without an explicit governance framework, by the teams that have technical access to the system at the moment it is deployed.\n\nThe agent gateway is the infrastructure that makes centralized governance of agentic AI possible. If organizations adopt it as a technical solution without reviewing who designs the policies it runs, they will have built a highly efficient control plane for automating the same blind spots they had before they installed it.\n\nThe architecture of power that this market is building is sophisticated and is maturing rapidly. What remains unresolved is whether the organizations that adopt it will design their governance policies with sufficient diversity of perspectives for that control to be something more than added velocity applied to existing biases.","article_map":{"title":"Agent Gateways Are Concentrating Power Over All Enterprise AI","entities":[{"name":"Arcade","type":"company","role_in_article":"Listed its authorization and tool execution engine on Azure and AWS marketplaces, signaling market maturation of the agent gateway category."},{"name":"Manufact","type":"company","role_in_article":"Opened MCP hosting cloud to production, enabling monitored deployment of MCP servers from code repositories."},{"name":"Nutanix","type":"company","role_in_article":"Shipped the first generally available enterprise agent gateway product in May 2026, defining the category's functional geometry."},{"name":"Palo Alto Networks","type":"company","role_in_article":"Acquired Portkey to embed agent governance within its security platform, representing the proprietary consolidation model."},{"name":"Portkey","type":"company","role_in_article":"Autonomous AI gateway acquired by Palo Alto Networks for integration into enterprise security infrastructure."},{"name":"Solo.io","type":"company","role_in_article":"Donated the agentgateway open-source project to the Linux Foundation, representing the open governance consolidation model."},{"name":"Agentic AI Foundation","type":"institution","role_in_article":"Linux Foundation project hosting the open-source agentgateway, with 300+ contributors from 60 organizations."},{"name":"Linux Foundation","type":"institution","role_in_article":"Neutral governance body hosting the Agentic AI Foundation and the agentgateway project."},{"name":"CyCognito","type":"company","role_in_article":"Documented that inconsistent application of existing controls — not total absence — is the primary production security failure in agentic environments."},{"name":"Gartner","type":"institution","role_in_article":"Projected that 40%+ of agentic AI projects will be cancelled before 2027 due to cost and risk control failures."},{"name":"Model Context Protocol","type":"technology","role_in_article":"Standard protocol for agent-to-tool communication that agent gateways must authenticate and govern consistently."},{"name":"Agent gateway","type":"technology","role_in_article":"The emergent control layer that centralizes routing, authentication, permissions, auditing, and token metering for enterprise AI agents."}],"tradeoffs":["Proprietary gateway integration: faster deployment and unified security perimeter vs. dependency on vendor roadmap for governance policy evolution.","Open-source gateway adoption: retained collective influence over control layer design vs. higher internal technical responsibility and coordination overhead.","Centralized gateway governance: consistent policy enforcement and auditability vs. risk of scaling existing organizational biases at higher speed and reach.","Early gateway adoption: governance infrastructure in place before agent sprawl vs. lock-in to immature category standards.","Per-tool granular permissions: precise access control vs. operational complexity as agent and tool counts scale."],"key_claims":[{"claim":"Agent gateways are the emergent control layer of enterprise agentic AI, analogous to load balancers, cloud control planes, and service meshes in prior technology transitions.","confidence":"high","support_type":"editorial_judgment"},{"claim":"Arcade listed its authorization and tool execution engine on Azure and AWS marketplaces in July 2026, enabling single-click deployment within customer clouds.","confidence":"high","support_type":"reported_fact"},{"claim":"Manufact opened its MCP hosting cloud to take servers from code repositories to monitored production endpoints in July 2026.","confidence":"high","support_type":"reported_fact"},{"claim":"Nutanix launched its agent gateway as generally available within Nutanix Enterprise AI v2.7 in May 2026, with per-tool permissions, audit logging, token metering, and automatic provider failover.","confidence":"high","support_type":"reported_fact"},{"claim":"Palo Alto Networks acquired Portkey in May 2026 to integrate agent governance into its security platform.","confidence":"high","support_type":"reported_fact"},{"claim":"Solo.io donated the agentgateway project to the Agentic AI Foundation under the Linux Foundation; the project has 300+ contributors from 60 organizations including CoreWeave, Red Hat, Adobe, Salesforce, and Microsoft.","confidence":"high","support_type":"reported_fact"},{"claim":"Gartner projected that more than 40% of agentic AI projects will be cancelled before 2027 due to rising costs and insufficient risk controls.","confidence":"high","support_type":"reported_fact"},{"claim":"CyCognito documented that the most common production failure is inconsistent application of existing controls, not total absence of controls.","confidence":"high","support_type":"reported_fact"}],"main_thesis":"Every major infrastructure transition produces an unplanned control layer that ends up being where real power is exercised. Agent gateways are that layer for agentic AI. The market is already consolidating around two competing models — proprietary security platforms and open community governance — before most organizations have established explicit policies for who designs the rules that run on top of that infrastructure.","core_question":"Who controls the agent gateway controls enterprise AI — so who should own that control layer, and according to what criteria?","core_tensions":["Centralization vs. distribution of power: a single control point enables consistent governance but concentrates architectural authority in whoever controls that point.","Speed of vendor packaging vs. organizational readiness: the market is installing governance structures before organizations understand what they have deployed.","Technical efficiency vs. governance intelligence: a highly efficient control plane can automate and scale existing biases rather than correct them.","Proprietary security integration vs. open neutral governance: two incompatible theories about who should be custodian of the infrastructure that controls all enterprise AI.","Formal governance vs. implicit governance: removing the gateway does not eliminate governance — it fragments it into invisible, unaccountable per-team decisions."],"open_questions":["Which organizations or coalitions will set the policy standards that run on top of agent gateway infrastructure, and through what legitimacy?","Will the Linux Foundation model achieve sufficient adoption to prevent proprietary consolidation of the agent gateway layer?","How will organizations ensure diversity of perspectives in governance policy design when the technical teams deploying gateways are typically homogeneous?","At what agent and tool-call volume do current gateway pricing models become prohibitive, and which vendors are transparent about this threshold?","Will MCP emerge as the dominant protocol standard, and how will gateways handle multi-protocol environments during the transition?","Can audit logging at the gateway level satisfy regulatory requirements for AI accountability, or will additional governance layers be required?","How will agent gateway governance interact with existing data privacy frameworks (GDPR, CCPA) when agents touch sensitive customer data?"],"training_value":{"recommended_for":["CTOs and enterprise architects evaluating agentic AI infrastructure","CISOs assessing AI agent security perimeter and privileged access risk","AI governance leads designing organizational policy frameworks for autonomous agents","Procurement and vendor management teams negotiating agent gateway contracts","Strategy teams analyzing AI infrastructure market consolidation","Investors tracking critical infrastructure layer formation in the AI stack"],"when_this_article_is_useful":["When evaluating or procuring agent gateway, AI orchestration, or agentic AI governance infrastructure.","When designing organizational governance frameworks for AI agents operating in production systems.","When assessing vendor lock-in risk in enterprise AI infrastructure decisions.","When advising on the build vs. buy vs. open-source decision for AI control plane components.","When analyzing consolidation dynamics in emerging AI infrastructure markets.","When building policies for AI agent permissions, tool access, and audit requirements."],"what_a_business_agent_can_learn":["How to identify emergent control layers in technology transitions before they consolidate, using the historical pattern of load balancers, control planes, and service meshes.","How to evaluate the governance implications of infrastructure procurement decisions, distinguishing technical choices from power architecture choices.","How to frame the proprietary vs. open-source decision for critical infrastructure as a question of who controls policy evolution, not just licensing cost.","How to identify the four due-diligence questions for agent gateway procurement: ownership boundaries, cost scaling behavior, authentication consistency, and governance diversity.","How to recognize that centralized governance without diverse policy design replicates rather than corrects organizational blind spots.","How to map the risk that a solution positioned to reduce AI project cancellation risk can itself become an opaque cost layer."]},"argument_outline":[{"label":"Historical pattern","point":"Every technology transition from experiment to critical infrastructure produces an emergent control layer: load balancers, cloud control planes, service meshes. Agent gateways are the current instance of this pattern.","why_it_matters":"Organizations that missed the governance moment in previous transitions lost architectural control. The window to shape this layer is open now and closing."},{"label":"Market confirmation","point":"In July 2026, Arcade listed on Azure and AWS marketplaces and Manufact opened MCP hosting to production. Nutanix had already shipped its agent gateway as GA in May. The category is no longer conceptual.","why_it_matters":"Vendors are packaging governance before buyers have finished understanding what they deployed. Procurement decisions made now will lock in architectural dependencies."},{"label":"What the gateway actually does","point":"An agent gateway routes agent-to-model and agent-to-tool traffic, applies per-tool authentication and permissions, logs every call for auditing, measures token consumption per agent and team, and provides automatic failover between providers.","why_it_matters":"This is not middleware. It is the mechanism that defines what an organization's AI can do, with what authority, over what systems, and under what review conditions."},{"label":"Governance without a gateway","point":"Without a centralized control point, dozens of agents connect directly to production systems. Governance does not disappear — it fragments into implicit, per-team decisions made at deployment time with no coherence or review mechanism.","why_it_matters":"Fragmented governance systematically excludes peripheral teams who see atypical use cases, sensitive data effects, and second-order automation consequences."},{"label":"Two consolidation models","point":"Palo Alto Networks acquired Portkey to embed agent governance in its security platform. Solo.io donated agentgateway to the Linux Foundation's Agentic AI Foundation, now with 300+ contributors from 60 organizations.","why_it_matters":"These are not competing products — they are competing theories of where power over AI infrastructure should reside: inside a vendor's security perimeter or under neutral community governance."},{"label":"Three due-diligence blind spots","point":"Buyers must interrogate: (1) which governance is proprietary vs. thin cloud wrappers; (2) how costs scale when tool-call volume doubles; (3) whether authentication is applied consistently across all MCP methods or only obvious ones.","why_it_matters":"Gartner projects 40%+ of agentic AI projects cancelled before 2027 due to cost and risk. The gateway itself can become the opaque cost layer it claims to solve."}],"one_line_summary":"Agent gateways are emerging as the unplanned but decisive control layer of enterprise AI, concentrating governance, permissions, and auditing in a single point whose design will determine who actually controls organizational AI.","related_articles":[{"reason":"Directly complementary: documents that most executives do not know what AI they have deployed — the exact organizational condition that makes ungoverned agent sprawl and the agent gateway governance gap most dangerous.","article_id":14361},{"reason":"Provides the macro context of AI investment failing to generate returns, including the Gartner 40% cancellation projection cited in this article, grounding the cost and risk arguments for gateway governance.","article_id":14401},{"reason":"Examines who absorbs transition costs when AI changes infrastructure rules — directly relevant to the question of who pays for agent gateway adoption and whether SMEs can afford the governance layer.","article_id":14371},{"reason":"Analyzes how enterprise AI contracts fail to capture actual value delivery — relevant to the procurement and pricing blind spots identified for agent gateway buyers.","article_id":14381}],"business_patterns":["Emergent control layer pattern: every infrastructure transition produces an unplanned governance layer that becomes the locus of real power (load balancers, control planes, service meshes, now agent gateways).","Governance-before-understanding: vendors package governance structures before buyers finish comprehending what they have deployed, creating procurement pressure under uncertainty.","Dual consolidation model: new critical infrastructure categories bifurcate between proprietary platform absorption and open community governance, with each representing a distinct theory of power distribution.","Peripheral exclusion in implicit governance: when governance is fragmented, teams closest to edge cases and sensitive data are systematically excluded from policy design.","Cost layer irony: solutions positioned to reduce AI project risk can themselves become opaque cost vectors when their pricing scales with agent volume."],"business_decisions":["Choose between proprietary security-platform integration (Palo Alto/Portkey model) and open community governance (Linux Foundation model) for agent gateway infrastructure.","Audit existing agent deployments to determine whether governance is currently fragmented across individual teams or centralized.","Evaluate gateway pricing models against projected tool-call volume growth before procurement to avoid the gateway becoming an opaque cost layer.","Require vendors to demonstrate consistent MCP authentication across all methods and tools, not only the most obvious endpoints.","Establish an explicit organizational governance framework — including diverse stakeholder representation — before deploying a centralized gateway, not after.","Determine which gateway components are proprietary versus thin wrappers around cloud primitives already under contract."]}}