Share with your CISO
Databricks is making a direct push to own the runtime governance layer for enterprise AI, not just the data platform underneath it. At Data + AI Summit 2026, the company announced Unity AI Gateway expansions covering cost controls, contextual policy enforcement, end-to-end agent tracing, and a partner ecosystem that includes CrowdStrike, Palo Alto Networks, Okta, and Zscaler. Named customers Udemy, First American, and Flo Health are already routing production AI traffic through the platform. The bet is that as agent fleets replace single-model applications, the governance gap moves from “who can access a model” to “what can an agent do mid-interaction.”
What this means for your business
The organizations most exposed here are those running more than two or three distinct AI systems in production without a unified control plane. If your security team is currently piecing together audit logs from separate model providers, coding agents, and MCP services (the connectors that let AI agents call external tools like Jira or Google Drive), you don’t have a governance posture, you have a discovery backlog. Whether Databricks is the right answer depends on how much of your AI stack already runs on their platform, but the shape of the problem they’re describing is real regardless of vendor.
The genuinely new surface area in this announcement is Contextual Service Policies, now in beta. Traditional access controls answer a static question: does this user have permission to call this model? Contextual policies answer a dynamic one: should this agent be allowed to push code to GitHub right now, given what it’s been asked to do and what it already accessed? That’s a materially harder enforcement problem, and it’s the one that makes agentic AI actually auditable in regulated industries. First American’s quote is the tell, a financial services firm citing governance as the prerequisite for enterprise-wide adoption, not a nice-to-have after the fact.
The ecosystem play matters more than it looks at first pass. Databricks is positioning Unity AI Gateway as the integration point where security vendors plug in rather than building competing point solutions. CrowdStrike and Palo Alto Networks don’t partner with platforms they expect to lose. If that integration layer hardens, CISOs who’ve already standardized on those security vendors will face a gravitational pull toward Unity AI Gateway whether or not they chose Databricks for data. The falsification condition is straightforward: if Microsoft or AWS ships a credible equivalent that meets those same security partners where they already operate, this positioning collapses fast.
Concept deep-dive: MCP (Model Context Protocol)
MCP is a standard that lets AI agents call external tools and services, think of it as a USB port specification for connecting an agent to Slack, GitHub, or a company database. Without a standard, every integration is custom-built and ungoverned. With MCP, the connection method is predictable, which means it’s also auditable and controllable. The governance stakes are high because an agent with ungoverned MCP access can read, write, or trigger actions across enterprise systems with no human in the loop.
Based on reporting from AI governance at Data + AI Summit 2026: What’s new with Unity AI Gateway, originally published 2026-06-16 03:00:00.

