Databricks announced on April 15, 2026 that its AI Gateway is now part of Unity Catalog, rebranded as Unity AI Gateway. The integration extends Unity Catalog’s existing enterprise governance model to cover agentic AI workloads, according to the company’s official blog post. Enterprises running Databricks can now apply the same permissions, auditing, and policy controls they use for data access to how AI agents interact with LLMs, MCP servers, and external APIs.

The release addresses a specific operational gap. When an AI agent handles a customer question, it might call an LLM to interpret the query, pull order history from Salesforce via an MCP server, check shipping data through an internal API, and call the LLM again to draft a response. That happens in under a second. Visibility into who accessed what data, which systems were called, and whether policies were followed has, until now, been close to zero.

MCP Governance and On-Behalf-Of Execution

The technically significant detail is MCP governance. Unity AI Gateway now lets enterprises define which agents can access which MCP-connected external systems. When agents call MCP servers to access internal systems, the gateway supports on-behalf-of user execution: the MCP call runs with the requesting user’s exact permissions, not a shared service account. If a user cannot access a Salesforce record, neither can the agent acting on their behalf, even if the agent has elevated privileges.

Guardrails in the release use a prompt-plus-model architecture rather than rigid pre-built logic. Configurable filters cover PII detection and redaction, content safety, prompt injection detection, data exfiltration prevention, and hallucination checks against grounding sources. Custom guardrails can be defined with a custom prompt and model. These capabilities are currently in beta, with rollout to all supported regions expected within the next week.

Per-Request Dollar Cost Logging

Every agent request gets logged to Unity Catalog system tables with actual dollar costs, not just token counts. Provisioned throughput, pay-per-token usage, and external model pricing are calculated automatically. Costs can be sliced by endpoint tags (team, environment, cost center), request tags (for SaaS platforms proxying to end customers), identity (user or service principal), and model/provider combination.

CIO Dive reported that the launch came the same week as Salesforce’s Agent Fabric governance features and AWS’s Agent Registry platform. Thomas Randall, research director at Info-Tech Research Group, told CIO Dive that CIOs should think of FinOps and agentic governance as the same discipline: “A vendor positioning itself as your agentic control plane must be able to produce a unified cost ledger across all the agents, models, and tools in scope, including third-party components.”

The Governance Race in Q2 2026

Three major enterprise platforms shipped AI agent governance tooling in the same week. AWS launched Agent Registry. Salesforce released Agent Fabric governance controls with standardized token management and compliance across multi-LLM stacks. Databricks integrated governance directly into the data catalog that enterprises already use to manage access to their data.

The Databricks approach is distinct in one respect: Unity Catalog is already deployed across their enterprise customer base for data governance. Unity AI Gateway extends the governance tool enterprises already use for data access, requiring no new system to adopt. For organizations already running Databricks, the governance controls for AI agents now live in the same system as the governance controls for data, with the same permission model, the same audit logs, and the same policy enforcement layer.

The unified API layer also supports provider switching without code changes. Applications can move between Claude, GPT-4, Gemini, and open-source models by updating endpoint configuration. Automatic failover routes requests to backup models when the primary hits rate limits or returns errors.