A product category that had no name a year ago is now attracting acquisitions, open-source foundations, and GA shipments from infrastructure vendors.
In a six-week stretch ending July 3, four separate vendors staked claims in the “agent gateway” layer, the infrastructure that sits between autonomous AI agents and the models, tools, and APIs those agents call. Forbes contributor Janakiram MSV mapped the convergence on July 5, describing the agent gateway as “the layer that sits between an agent and everything it touches.”
The Moves
Palo Alto Networks closed its acquisition of Portkey on May 29, folding the AI gateway startup into its Prisma AIRS security platform. Portkey’s architecture processes trillions of tokens and gives Palo Alto a runtime control plane that monitors, orchestrates, and governs agent interactions. Lee Klarich, Palo Alto’s Chief Product and Technology Officer, framed the deal as a response to enterprises “forced to choose between two failing strategies: scrambling to integrate a patchwork of ‘point products’ to stay current, or falling behind while waiting for legacy platforms to catch up.”
Five days later, Solo.io donated agentgateway to the Agentic AI Foundation under Linux Foundation governance. The Apache 2.0 project handles MCP, agent-to-agent, LLM inference, HTTP, and gRPC traffic through one data plane. It counts more than 300 contributors across 60 organizations including CoreWeave, Red Hat, Adobe, Salesforce, and Microsoft.
Nutanix shipped its Agent Gateway as generally available in late May as part of Enterprise AI 2.7, per Forbes. The gateway routes agent traffic to models across OpenAI, Anthropic, and self-hosted Llama instances with unified authentication, rate limiting, and failover. MCP server governance and a bundled test agent remain in tech preview.
On July 3, Arcade made its authorization and tool-execution runtime available through the Azure and AWS marketplaces, enabling one-click deployment inside enterprise cloud environments. The same week, Manufact opened its MCP hosting cloud to move Model Context Protocol servers from a GitHub push to a monitored production endpoint, according to Forbes.
What an Agent Gateway Does
The core problem is straightforward. An agent calls a model to reason, then calls tools (GitHub, Stripe, a database, an internal API) to act. It spawns sub-agents that repeat the pattern. Every call consumes tokens and touches a permissioned system. Without a governed intermediary, organizations end up with dozens of agents hitting production systems directly, with no single place to see the traffic or stop it.
An agent gateway inserts one governed hop. It routes requests to the appropriate model, applies tool-level permissions (read-only database access for a customer service agent, full GitHub write permissions for a DevOps agent), meters token usage per agent and per team, and logs every request for audit.
Two Consolidation Paths
The category is splitting along a clear fault line, according to Forbes. Security incumbents are acquiring the layer outright: Palo Alto bought Portkey to embed it in a security suite. On the opposite side, the plumbing is moving to neutral ground: agentgateway went to open governance under the Linux Foundation so no single vendor owns the control point.
The independents face pressure from both directions. Nutanix enters from private inference and hybrid infrastructure. Arcade enters from authorization. Manufact enters from the developer lifecycle. Each owns one entry point and will need to cover the others, or choose a side, before the market settles.
The Gartner Warning
Not every tool call needs a gateway, and the category’s cost story cuts both ways. A gateway promises to control token spend, but it is another service to run. Gartner has predicted that more than 40 percent of agentic AI projects will be canceled by 2027 over escalating costs, unclear value, or weak risk controls, as cited by Forbes. That is the exact failure mode the gateway vendors position against, and also the risk that could shrink their own market.
The Buyer’s Checklist
For enterprise buyers, the practical framework is three questions. First, ownership: which parts of the governance are proprietary, and which are thin wrappers around an AWS or Azure primitive already in the cloud bill? Second, cost behavior: what happens to the bill when tool calls double, and when agent volume falls short of the vendor’s assumptions? Third, enforcement: does authentication cover every tool and every MCP method, or only the obvious ones? Inconsistent enforcement is the failure mode that keeps surfacing in the wild.