Many vendors in AI security are talking about gateways right now, but they don’t all mean the same thing. Between all of these, the word “gateway” is doing a lot of work, and not all of it is consistent.

Security teams are being asked to evaluate these technologies, and the terminology is genuinely confusing. In conversations with enterprises across financial services, insurance, pharma, and tech, we consistently find that teams conflate AI gateways with MCP gateways. They assume one covers what the other does. Some vendors actively blur the lines by combining both functions into a single product. Others treat them as entirely separate categories.

This post breaks down what each type does, where the real value is, and where the gaps are that neither fills. We will focus on functionality first, not vendor definitions. A note on terminology: the market uses “AI gateway,” “LLM gateway,” and “MCP gateway” loosely, and some vendors bundle multiple functions under a single label. Throughout this post, we use “AI gateway” to refer specifically to the LLM inference proxy layer (managing traffic between agents and model providers), distinct from “MCP gateway” (managing traffic between agents and their tools). Where vendors combine both, we will call that out. — Read More

An agentic application is an AI system that knows your business context, reasons autonomously, and takes action based on real-time data and specialized expertise. Agent Bricks, Genie, Apps, and Lakebase give enterprises the tools to build agentic applications at scale. But there’s a critical gap: agents built solely on internal data can’t truly think.

Consider a loan approval agent. It has access to your bank’s loan book, customer history, and credit scores. But it lacks the context that humans instinctively use.

… Without this real-time intelligence, agents become knowledge-limited—constrained by historical data, unable to reason about the world as it is now. They can execute workflows, but they can’t make informed decisions.

The old solution? Manual research. Analysts pull data from multiple sources, lose context switching between tools, and create bottlenecks. Decisions slow down. Risk increases

Agents need a way to access live, trusted intelligence while they reason through complex problems. That’s where the MCP Marketplace comes in. — Read More

You have written this loop before. Eighteen months ago, when you first put a Claude agent into production, you wrote a rubric. You wrote a grader. You wrote retry logic for when the grader said no. The pieces broke. You patched them. The rubric drifted. You rewrote it.

On May 6 at Code with Claude San Francisco, Anthropic shipped your loop as an API endpoint and called it Outcomes.

That is the news. The story underneath it is bigger. Outcomes is the first harness layer Anthropic decided to sell. Dreams, Multi-Agent, and Webhooks are the same move on memory, orchestration, and lifecycle. The harness used to be code you wrote. It is becoming a stack of products you compose. — Read More 

For six weeks you fought Claude Code. Prompts that used to work stopped working. Usage limits drained twice as fast. Sessions felt forgetful, repetitive, oddly lazy. You blamed yourself. You blamed your prompts. You read the Reddit threads where someone calmly explained that the model is fine and you’re holding it wrong.

On April 23, Anthropic published the receipts. The model was fine. Three things in the harness around it were not.

Three changes. Three schedules. Three bug fixes. Each shipped through code review, internal evals, and dogfooding. Each survived weeks before users forced the diagnosis. The post mortem is the cleanest field experiment in harness engineering anyone has published. The pattern in it is more important than the bugs. — Read More

#devops

Everyone wants to build an AI agent right now.

Not just a chatbot. Not just a prompt wrapper.

A real AI agent — something that can understand goals, use tools, remember context, interact with users, and improve over time.

…[B]uilding an agent is not one decision. It’s a system design problem. An AI agent only becomes useful when several layers work together — purpose, prompts, models, memory, orchestration, interfaces, and evaluation. — Read More

#devops

In practice, when building agentic systems, AI models are rarely the bottleneck anymore. The harness around them is. Anthropic spent two years building that harness for Claude, the orchestration code that picks the right tools and grades its work before declaring success. Claude itself is built around 62 carefully composed components spanning machine learning patterns like compute optimal allocation, deliberative alignment, bi temporal memory, alongside agentic patterns like the OODA loop, plan and execute, architect editor splits, and many others.

Those 62 components that define Claude’s thinking approach are distributed across 4 main principles: Cognition, Orchestration, Reliability, and Grounding and Trust. — Read More

#devops

What did I build this week?

An email app…

I use Gmail. I’ve used Superhuman for years. I like it a lot. It is fast, keyboard-first, clean, and is good software. But like many saas products, it keeps adding features that I don’t need and more importantly, I don’t need to be paying for email.

I wanted a split inbox and rules to organize my emails.

Kicking off with Codex: — Read More

#devops

Most AI agent failures do not trace back to bad reasoning. The model understands the task, then calls the wrong tool, passes malformed arguments, gets back an unhandled error, and produces a wrong answer anyway. The reasoning layer gets the attention; the tool layer is where production incidents actually happen.

Tool calling — also called function calling — is what bridges a language model’s reasoning to real-world action. Without it, agents are capped by training data: no live queries, no external systems, no side effects. With it, an agent can search the web, call APIs, run code, retrieve documents, and trigger transactions in any system that exposes an interface.

Getting this right means understanding the full stack, not just the happy path. — Read More

#devops

I have been building with AI agents and MCP tools for a while now, and one question kept coming up: how do you give an agent real, authenticated access to AWS without handing it the keys to the kingdom? Today, there is an answer.

I’m happy to announce the general availability of the AWS MCP Server, a managed remote Model Context Protocol (MCP) server that gives AI agents and coding assistants secure, authenticated access to all AWS services through a small, fixed set of tools. — Read More

The AI era demands a fundamental shift in security, and that includes identity and access management (IAM). Traditional controls simply aren’t built for autonomous AI agents that interact with sensitive data at machine speed, a reality we address with our new IAM advancements for the agentic enterprise era.

Engineered as built-in Google Cloud capabilities to secure the rapidly-expanding world of AI agents, at Google Cloud Next we introduced a new security and governance paradigm for managing agent identity and access. This comprehensive framework focuses on foundational Agent Identity and an Agent Gateway with Identity-Aware Proxy, while integrating robust agent access management, agent guardrails, and runtime defense to enable a secure cloud environment for your organization. — Read More