Agent-native article available: Agent Gateways Are Concentrating Power Over All Enterprise AIAgent-native article JSON available: Agent Gateways Are Concentrating Power Over All Enterprise AI
Agent Gateways Are Concentrating Power Over All Enterprise AI

Agent Gateways Are Concentrating Power Over All Enterprise AI

There is a pattern that repeats every time a technology moves from experiment to critical infrastructure: at some point, a control layer emerges that no one had formally planned, but which ends up being the place where the most important decisions are made. It happened with load balancers on the web, with control planes in the cloud, and with service meshes in the microservices era. Now it is happening with artificial intelligence agents, and the name that layer is taking is agent gateway.

Isabel RíosIsabel RíosJuly 7, 20269 min
Share

Agent gateways concentrate power over all enterprise AI

There is a pattern that repeats itself every time a technology transitions from experiment to critical infrastructure: at some point, a control layer emerges that no one had formally planned, but which ultimately becomes the place where the decisions that matter most are made. It happened with load balancers on the web, with control planes in the cloud, and with service meshes in the era of microservices. It is now happening with artificial intelligence agents, and the name that layer is taking is that of the agent gateway.

In the first week of July 2026, two distinct corporate moves confirmed that this category is no longer a concept under construction. Arcade made its authorization and tool execution engine directly available on the Microsoft Azure and AWS marketplaces, allowing companies to deploy it within their own cloud with a single click. One day earlier, Manufact opened its MCP hosting cloud — based on the Model Context Protocol — to take a server from a code repository to a monitored production endpoint. Neither made an extraordinary announcement. But together they point to something precise: the market is installing governance structures for agentic AI before organizations have finished understanding what they have deployed.

Nutanix had already defined the geometry of this category in May, when it launched its agent gateway as a generally available product within version 2.7 of Nutanix Enterprise AI. The solution functions as a centralized control point that manages traffic from agents to language models and from agents to the business tools they invoke. It routes requests, applies authentication, manages permissions per tool, logs every call for auditing, and measures token consumption per agent and per team. The customer service agent can be granted read-only access to the database; the DevOps agent can have full write permissions in GitHub. If the primary provider fails or reaches a limit, traffic automatically falls over to the configured backup provider.

What makes this moment strategically relevant is not the functionality itself. It is that for the first time the market is naming and packaging the place where power over enterprise AI is concentrated.

Who was in the room when governance was designed

To understand the importance of this layer, it is worth observing how an AI agent operates in production without it. An agent never acts alone for very long: it calls a model to reason, then calls tools — GitHub, Stripe, a database, an internal API — to execute. It frequently generates sub-agents that repeat the same cycle. Every call consumes tokens and touches a system with its own permissions. Without a centralized control point, an organization ends up with dozens of agents connected directly to production systems, with no single place to observe the traffic, stop it, or audit it.

This distributed, ungoverned architecture is not merely an operational risk. It is also a question about power and design. When there is no explicit control plane, governance of the agents does not disappear: it fragments and becomes implicit. The decisions about which tools each agent can invoke, under what identity, under what conditions, and with what scope of permissions are made by the teams that built each individual agent separately, with minimal coherence among them.

The structural result is predictable: peripheral intelligence becomes invisible. The teams operating at the margins of the system — those who know the atypical use cases, those who work with sensitive customer data, those who see the second-order effects of automations — have no representation in the design of what agents can and cannot do. Decisions about permissions, scope, and access are made once, at the time of initial deployment, by the technical team that built the agent, with no mechanisms for centralized review or for incorporating diverse perspectives.

The agent gateway changes that, at least potentially. It centralizes governance at a single point where access policies, authentication, and auditing can be reviewed, updated, and applied consistently. But the question this design opens is not technical: it is who controls that central point and according to what criteria.

The consolidation that is already occurring

The market is giving two simultaneous and opposing answers to that question, and both reveal an underlying tension about who should be the custodian of the control layer.

The first answer is integration within proprietary security platforms. Palo Alto Networks completed in May 2026 the acquisition of Portkey, an autonomous AI gateway oriented toward agent governance, in order to incorporate it into its security platform. The argument is coherent: if agents with elevated privileges are the new enterprise risk vector, control over what they can do is a natural extension of the security perimeter. Agent governance thus becomes part of the zero-trust and privileged access portfolio that large cybersecurity vendors already manage.

The second answer is open governance. Solo.io donated its agentgateway project to the Agentic AI Foundation under the aegis of the Linux Foundation, making it the group's fourth hosted project. The project, written in Rust, handles MCP, agent-to-agent, HTTP, and gRPC traffic through a single data plane, and already counts more than 300 contributors from 60 organizations, including CoreWeave, Red Hat, Adobe, Salesforce, and Microsoft. The logic here is also coherent but points in the opposite direction: if the agent gateway is the central infrastructure of all enterprise AI, no single vendor should own it.

These two moves are not simply different commercial strategies. They are two different theories about where power over AI infrastructure should reside. The first places that power within the security perimeter of large technology corporations. The second distributes it toward a community of contributors under neutral governance.

What structural analysis reveals is that the choice between these two options is not primarily technical or financial: it is a decision about architectures of power. A company that chooses to integrate its gateway within a security vendor's platform is delegating the design of its agent governance policies to that vendor's product roadmap. A company that adopts the project under the Linux Foundation takes on more technical responsibility but retains the capacity to collectively influence how the control layer evolves.

The three blind spots the market has not yet resolved

The original Forbes article formulates three due-diligence questions for enterprise buyers, and all three share a common characteristic: they are technical in their formulation but organizational in what they reveal.

The first question is about ownership: which parts of governance are proprietary to the vendor and which are thin wrappers around AWS or Azure primitives that the company is already paying for. This question seems financial, but at its core it is about design dependency. If agent governance is outsourced to layers that the internal team cannot audit or modify, the organization does not control its own AI, even if it nominally operates it.

The second question is about cost behavior: what happens to the bill when the volume of tool calls doubles or when the deployed agents do not meet the vendor's assumptions. Gartner projected that more than 40% of agentic AI projects will be cancelled before 2027 due to rising costs and insufficient risk controls. The structural irony is that the very gateways that position themselves as the solution to that risk can become an opaque cost layer if their pricing model scales alongside the volume of agents.

The third question is about control consistency: whether authentication is required for every tool and every method of the MCP protocol, or only for the most obvious ones. CyCognito has systematically documented that the most common failure in production environments is not the total absence of controls, but the inconsistent application of those that exist. An agent that has unauthenticated access to an exposed MCP server is, in CyCognito's terms, a public catalog of business operations.

But there is a fourth blind spot that none of these questions directly captures, and it is the one that is most interesting from an organizational design perspective. Agent gateways centralize governance, but they do not guarantee that that governance is intelligent. A central control point can replicate and scale the same biases and blind spots that the teams who designed the original policies had, now with greater speed and reach. Centralized governance without diversity of perspectives in the design of policies is not governance: it is homogeneity with better coverage.

The control plane is also a power plane

The historical comparison that analysts typically make is that of service meshes in the era of microservices. When Envoy and Istio emerged as control planes for traffic between services, they transformed enterprise network architecture and defined who could observe and govern communications between components. The parallel with agent gateways is technically precise, but it omits a dimension that in the case of agentic AI proves more significant.

Microservices moved data and business logic. AI agents make decisions, execute actions, and generate consequences in production systems with or without direct human supervision. The control plane now being built does not merely manage traffic: it defines what an organization's AI can do, with what authority, over what systems, and under what conditions of review. That is not merely an infrastructure decision.

When Nutanix, Arcade, or Manufact speak of per-tool filtering, centralized authentication, and audit logging, they are describing the technical mechanism. But the policy that runs on top of that mechanism — who can invoke what, with what scope, under what conditions of override — is an organizational decision that in most companies is still being made without an explicit governance framework, by the teams that have technical access to the system at the moment it is deployed.

The agent gateway is the infrastructure that makes centralized governance of agentic AI possible. If organizations adopt it as a technical solution without reviewing who designs the policies it runs, they will have built a highly efficient control plane for automating the same blind spots they had before they installed it.

The architecture of power that this market is building is sophisticated and is maturing rapidly. What remains unresolved is whether the organizations that adopt it will design their governance policies with sufficient diversity of perspectives for that control to be something more than added velocity applied to existing biases.

Share

You might also like