Databricks extends AI Gateway governance

Databricks rolled out new controls for AI Gateway on April 15 that let companies govern not just language models, but the tools and application programming interfaces their agents call. (databricks.com) The update extends Unity Catalog, Databricks’ governance system for data and artificial intelligence assets, into agent workflows that hop across large language models, Model Context Protocol servers, and internal or external application programming interfaces. Databricks said the release adds consistent permissions, guardrails, and policies across providers. (databricks.com) (learn.microsoft.com) It also adds end-to-end tracing and centralized logging, so platform teams can see which model answered a request, which tool or server it called next, and what the workflow cost by team, model, or use case. Databricks documents say usage and request data can be monitored through system tables and inference tables stored in Unity Catalog Delta tables. (databricks.com) (mlflow.org) (docs.databricks.com) An artificial intelligence agent is software that does work in steps, not a single prompt: it may ask a model to interpret a question, pull records from a business system, call another service, and then draft an answer. Databricks’ April 15 blog used a customer-support example that touches Salesforce, shipping data, and a second model call in under a second. (databricks.com) That architecture creates a governance gap for companies that already know how to lock down tables and dashboards but not chains of model calls and tool actions. Databricks said older controls were built in silos and did not provide one view across the full lifecycle of an agent’s actions. (databricks.com) The company has been moving toward this for more than a year. In March 2025, Databricks introduced Agent Bricks AI Gateway in public preview for model access management, usage tracking, guardrails, and failover across providers, alongside Unity Catalog connections and functions for agent tools. (databricks.com) The new release pushes that model further into external tool access through Model Context Protocol, a standard for connecting agents to tools and data sources. Databricks said external Model Context Protocol servers can now be registered in Unity Catalog, governed like catalog objects, and audited in a centralized table. (databricks.com) (learn.microsoft.com) Databricks also said agents can act on behalf of the end user instead of a broad service account, so one employee’s agent only sees the email, repositories, or documents that employee is already allowed to access. The company said supported managed authentication providers now include Glean, GitHub, Atlassian Jira, Atlassian Confluence, Google Drive, and SharePoint. (databricks.com) The product is still labeled Beta in Databricks and Microsoft documentation, and Databricks says account administrators can turn the preview on from the account console. The company also says the new AI Gateway experience covers large language model endpoints, coding agents such as Cursor, Gemini Command Line Interface, Codex Command Line Interface, and Claude Code, plus model serving endpoints. (docs.databricks.com) (learn.microsoft.com 1) (learn.microsoft.com 2) The pitch is straightforward: if companies are going to let agents read data, call tools, and write code, they want one place to decide who can do what and one audit trail when something goes wrong. Databricks is now trying to make that control plane the same one customers already use for data and artificial intelligence governance. (databricks.com 1) (databricks.com 2)