WinvestWinvest
← All posts

Agent Gateways Are Becoming the Control Plane for Enterprise AI

A new product category crystallized this week as Palo Alto Networks completed its acquisition of Portkey, Nutanix shipped a generally available agent control plane, and Arcade landed on Azure and AWS marketplaces. With 80% of enterprise applications now embedding AI agents, the routing, governance, and policy layer sitting between agents and the models they call is becoming load-bearing infrastructure — and the market is splitting between platform incumbents buying it and open-source foundations absorbing it.


The Category Crystallizes

A distinct product category — the agent gateway — moved from emerging pattern to distinct market segment this week. On July 3, Arcade made its agent authorization and tool-execution runtime available through the Microsoft Azure and AWS marketplaces, enabling enterprises to deploy it inside their own cloud with one click. Nutanix has shipped the Agent Gateway as a generally available component of Nutanix Enterprise AI 2.7, a centralized control point that manages traffic from agents to large language models and from agents to the business tools they call. Palo Alto Networks completed its acquisition of Portkey in May — Portkey was already processing trillions of tokens per month — folding the AI gateway into Prisma AIRS as a unified control plane for autonomous enterprise agents. Three separate companies, three separate strategies, and one converging thesis: the layer between AI agents and the systems they touch needs to be managed.

What an Agent Gateway Actually Does

The architecture sits between enterprise applications and AI model APIs, handling routing, rate limiting, policy enforcement, and visibility into model interactions. In a production multi-agent deployment, this means a single point where authentication is verified before an agent calls a tool, where cost attribution tracks which team consumed which tokens, where policy rules block agents from accessing data outside their defined scope, and where every action is logged to an immutable audit trail. Without this layer, the alternative is a sprawl of direct agent-to-API connections each governed by different configuration, monitored by different dashboards, and subject to different access controls — which is where most enterprise AI deployments sit today.

The Two-Path Consolidation

The market is consolidating along two opposite trajectories. Security and platform incumbents are acquiring the layer outright — Palo Alto Networks folding Portkey into its security portfolio is the clearest example. This path optimizes for governance within existing enterprise security frameworks and existing procurement relationships. On the other side, the infrastructure is moving toward neutral ground. In June, Solo.io donated the open-source agentgateway project to the Agentic AI Foundation. The Apache 2.0 project now has more than 300 contributors across 60 organizations including CoreWeave, Red Hat, Adobe, Salesforce, and Microsoft. That coalition is betting that agent routing infrastructure should be open and composable rather than owned by any single vendor. Both paths are real, and both are advancing simultaneously.

Why This Matters Now

80% of enterprise applications shipped or updated in Q1 2026 embed at least one AI agent, according to research from the Agentic AI Institute. Model Context Protocol is deployed on more than 10,000 enterprise servers. Agent traffic volume is high enough that Portkey alone was processing trillions of tokens per month before its acquisition. The infrastructure consequence is direct: when agents become the dominant source of API traffic, the policy and observability layer controlling that traffic becomes as critical as a firewall. Enterprises operating without this layer have significant blind spots — unknown cost exposure, untested access controls, and no audit trail if an agent makes a consequential mistake in a regulated workflow.

What Builders Should Do With This

For teams building agentic products, the agent gateway category is both a competitive pressure and a design prompt. Enterprise buyers increasingly expect cost controls, access policy enforcement, and per-agent audit trails as part of the initial procurement conversation — not post-launch additions. The Arcade marketplace listings mean enterprises can now deploy agent authorization infrastructure with one click inside their own cloud. Teams that build gateway-compatible interfaces — clean tool contracts, explicit scope declarations, observable action logs — qualify faster in enterprise procurement than those requiring buyers to wrap governance around them after the fact. The Solo.io agentgateway project is worth studying as a baseline specification for what well-governed agent infrastructure looks like. In the next phase of enterprise AI, the agent gateway is the control plane everything else runs through.