AI control plane battle

The fight in artificial intelligence is moving away from who has the flashiest chatbot and toward who owns the plumbing that tells thousands of software agents who they are, what they can touch, and how they are found inside a company. Forbes reported on April 10 that Amazon Web Services, Microsoft, and Google are all building that layer now, from different starting points, because big customers need a system for discovery, permissions, and governance before they let agents loose in production. (forbes.com) A registry is basically a company phone book for agents. Instead of one human searching for “the finance bot” or “the contract reviewer,” other agents and internal tools query a catalog that lists each agent’s name, skills, owner, version, and connection details. (forbes.com) (truefoundry.com) Identity is the badge clipped to that agent’s shirt. Google says Vertex AI Agent Engine can automatically give each deployed agent a unique identity and then use that identity to grant or deny access to Google Cloud application programming interfaces, storage, and even other agents through the Agent2Agent protocol. (cloud.google.com) Microsoft is doing the same thing with a different badge system. In Azure AI Foundry, Microsoft says agent identities are managed in Microsoft Entra ID, with each agent represented as its own service principal so administrators can set lifecycle rules and permissions the same way they do for apps and employees. (techcommunity.microsoft.com) (learn.microsoft.com) Amazon Web Services has built an identity directory for agents inside Amazon Bedrock AgentCore. Amazon’s documentation calls it a centralized collection of workload identities and the authoritative registry for managing them across an account, which is exactly the kind of boring control point that becomes very hard to replace once hundreds of agents depend on it. (docs.aws.amazon.com) The reason this layer matters is that agents do not stay single for long. Microsoft says Foundry Agent Service supports hosted agents, multi-agent workflows, more than 1,400 Azure Logic Apps connectors, and built-in governance and observability, which turns the cloud platform into the traffic controller for everything those agents do. (azure.microsoft.com) (learn.microsoft.com) Google is pushing the same direction from the search side. Google Agentspace gives companies one place for internal search plus a single space for custom expert agents, while Vertex AI Agent Builder has added observability dashboards that track token use, latency, and error rates inside the runtime. (blog.google) (infoworld.com) Once the registry, identity, and tracing all live in the same cloud, the platform starts deciding which agents are visible, which tools they can call, and what logs managers see when something breaks. OpenAI’s own Agents software development kit already treats tracing as a first-class feature, recording tool calls, handoffs, guardrails, and custom events, which shows how quickly observability is becoming part of the product rather than an add-on. (openai.com) (openai.github.io) That would be a smaller story if the same companies did not also control much of the raw computing power underneath. Network World, citing Epoch AI analysis, reported on April 10 that more than 60 percent of global artificial intelligence compute capacity sits with hyperscalers, and Epoch AI says Google held the most as of the fourth quarter of 2025, driven by its custom tensor processing units. (networkworld.com) (epoch.ai) So the stack is starting to look vertically integrated. One vendor can supply the chips, the cloud, the model hosting, the agent runtime, the identity directory, and the dashboard that tells you whether the whole system is healthy. (networkworld.com) (docs.aws.amazon.com) (learn.microsoft.com) (cloud.google.com) That is why this week’s registry story is less about a new feature than about who gets to be the operating system for corporate agents. If a Fortune 500 company publishes its internal agents into Amazon Bedrock AgentCore, Azure AI Foundry, or Google’s Vertex and Agentspace stack, switching clouds later stops looking like moving a model and starts looking like rewiring the company’s whole nervous system. (forbes.com) (azure.microsoft.com) (blog.google) (docs.aws.amazon.com)