惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Full Disclosure
博客园 - 三生石上(FineUI控件)
MyScale Blog
MyScale Blog
Apple Machine Learning Research
Apple Machine Learning Research
L
LINUX DO - 最新话题
T
The Blog of Author Tim Ferriss
P
Proofpoint News Feed
宝玉的分享
宝玉的分享
小众软件
小众软件
Hugging Face - Blog
Hugging Face - Blog
GbyAI
GbyAI
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
Visual Studio Blog
爱范儿
爱范儿
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园_首页
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
月光博客
月光博客
博客园 - 叶小钗
D
Docker
H
Hackread – Cybersecurity News, Data Breaches, AI and More
T
Tailwind CSS Blog
D
DataBreaches.Net
酷 壳 – CoolShell
酷 壳 – CoolShell
B
Blog RSS Feed
量子位
美团技术团队
Vercel News
Vercel News
Y
Y Combinator Blog
IT之家
IT之家
Martin Fowler
Martin Fowler
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
S
SegmentFault 最新的问题
腾讯CDC
Recent Announcements
Recent Announcements
Google DeepMind News
Google DeepMind News
罗磊的独立博客
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
The Register - Security
The Register - Security
博客园 - 司徒正美
N
Netflix TechBlog - Medium
S
Schneier on Security
博客园 - 聂微东
U
Unit 42
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
雷峰网
雷峰网
Latest news
Latest news

Hacker News - Newest: "AI"

AI can't read an investor deck AI as an attorney? Student uses ChatGPT, Gemini to sue UW over alleged racial discrimination Hacking MCP Servers in AI Systems – The Rug Pull: Tool Changes After Approval GitHub - MeepCastana/KubeezCut: Free Web based video editor GitHub - GenAI-Gurus/awesome-eu-ai-act: Curated tools, official sources, OSS, templates, and guides for EU AI Act compliance. Can AI judge journalism? A Thiel-backed startup says yes, even if it risks chilling whistleblowers Coming soon: 10 Things That Matter in AI Right Now DARPA built an AI to fact-check enemy weapons claims What explains heterogeneity in AI adoption? When AI Meets Muscle: Context-Aware Electrical Stimulation Promises a New Way to Guide Human Movements - Department of Computer Science AI Changed How We Build. It Did Not Change What Matters. Linux rules on using AI-generated code - Copilot is OK, but humans must take 'full responsibility for the… Meta spins up AI version of Mark Zuckerberg to engage with employees Code Mode: Let Your AI Write Programs, Not Just Call Tools | TanStack Blog GitHub - Delavalom/graft: Go framework for building AI agents. Type-safe tools, multi-provider (OpenAI, Anthropic, Gemini, Bedrock), zero vendor SDKs. India's TCS tops estimates, says new AI models did not dent services demand Gen Z's fading AI hype Strong feeling: we are in a folded AI reality GitHub - machinarii/total-recall-catalog: A reference catalog of latest knowledge retrieval, memory & RAG systems GitHub - mensfeld/code-on-incus: Give each AI agent its own isolated machine with root, Docker, and systemd. Active defense detects and stops threats automatically.. Quantization, LoRA, and the 8% Problem: Benchmarking Local LLMs for Production AI Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda Powell, Bessent discussed Anthropic's Mythos AI cyber threat with major U.S. banks GitHub - immartian/bellamem: Persistent belief-graph memory for AI agents. Retrieves decisive context by importance — not recency, not RAG, not /compact. recursive-mode: The Repo-Native Operating System for AI Engineering After the attack on Sam Altman's home, will AI CEO's go on the offensive? The biggest advance in AI since the LLM Opus 4.6 vs GPT 5.4 One Prompt Unity World Generation Test “AI polls” are fake polls Client Challenge Can AI be a 'child of God'? Inside Anthropic's meeting with Christian leaders How to Switch AI Chatbots and Why You Might Want To GitHub - MattMessinger1/agentic_refund_guardrail: Safe refund policy layer for AI agents — Python + TypeScript. Same behavior, shared tests. Adam/papers/emergent_values_whitepaper.md at master · strangeadvancedmarketing/Adam Ask HN: How do you stop playing 20 questions with your AI coding tools How far can automation and AI support psychotherapy? - @theU GitHub - stagas/rtdiff: realtime git diff gui and AI-assisted commits A Mac Studio for Local AI — 6 Months Later A History of the Early Years of AI at the University of Edinburgh Why AI Coding Tools Still Feel Stuck on Localhost MSN AI Datacenters Are Becoming Strategic Targets twitter.com Penn Researchers Use AI to Surface Unreported GLP-1 Side Effects in Reddit Posts Show HN: MoodSense AI (ML and FastAPI and Gradio, Deployed on Hugging Face) Moodsense Ai - a Hugging Face Space by aman179102 AI models are terrible at betting on soccer—especially xAI Grok GitHub - xialeistudio/echoic GitHub - HimashaHerath/github-dev-wrapped: AI-powered weekly GitHub activity reports deployed to GitHub Pages GitHub - alejandrobalderas/claude-code-from-source: Architecture, patterns & internals of Anthropic's AI coding agent — reverse-engineered from source maps AI and Tech brief: Ireland ascendant GitHub - Titovilal/context0: Context0 - Never Surrender Training for a Marathon with an AI Coach: What Worked and What Didn't Cyber Pulse: Agentic Intel - Apps on Google Play I Built an AI PR Reviewer That Catches Bugs by Not Looking for Bugs Gen Z workers are so fearful AI will take their job they’re intentionally sabotaging their company’s AI rollout | Fortune How AI Is Reimagining the Game of Golf–For Both Players and Courses GitHub - nattergabriel/reseed: A CLI tool for managing and distributing agent skills across projects Is SVG the final frontier? My AI workflow evolved from prompts to a near-autonomous workflow MLSharp Help - 3DGS Viewer & Generator I put my cognitive field based AI's runtime on GitHub Is Numble the first AI-proof game? A3: Kubernetes for autonomous AI agent fleets | Emergent Principles Deepali Vyas ("The Elite Recruiter") GitHub - msmarkgu/RelayFreeLLM: A restful API designed to route user prompts to various AI model providers. Unionized ProPublica staff are on strike over AI, layoffs, and wages Unleashing the Advantage of Quantum AI We're heading for an AI-fueled 'dementia crisis,' brain scientist warns The AI-Assisted Breach of Mexico's Government Infrastructure [pdf] GitHub - stef41/lmscan: 🔍 Detect AI-generated text and fingerprint which LLM wrote it. Open-source GPTZero alternative. Zero dependencies, works offline. MSN GitHub - visionscaper/collabmem: Enabling long-term collaboration with Agentic AI - building up episodic and world model memory over time with in-context awareness We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs AI Code is Hollowing Out Open Source, and Maintainers are Looking the Other Way What leaked "SteamGPT" files could mean for the PC gaming platform's use of AI AI is the boss at this retail store. What could go wrong? GitHub - Wuzu11517/agentic-proxy: Local proxy meant to help reduce With Drones, Geophysics and ArtificiaI Intelligence, Researchers Prepare to Do Battle Against Land Mines A Single Operator, Two AI Platforms, Nine Government Agencies: The Full Technical Report 在 Steam 上购买 FriedrichAI: Offline AI 立省 10% GitHub - inevolin/resume-cli: Hit Claude usage limits? Resume any AI coding session elsewhere. Switch tools at zero friction. GitHub - atripati/ark: AI Runtime Kernel — a context operating system for AI agents. Eliminates tool bloat, loads only what’s needed, and gives LLMs their reasoning space back. How to Build a Secure AI PR Reviewer with Claude, GitHub Actions, and JavaScript This Startup Wants You to Pay Up to Talk With AI Versions of Human Experts Intel Arc Pro B70 Brings 32GB VRAM to Local AI for $949 WordPress 7.0: The Good, the AI, and the Still Missing AI on the couch: Anthropic gives Claude 20 hours of psychiatry IatroBench: Pre-Registered Evidence of Iatrogenic Harm from AI Safety Measures AI Agents Know About Supabase. They Don't Always Use It Right. The history and future of AI at Google, with Sundar Pichai Inside an AI‑enabled device code phishing campaign How Meta Used AI to Map Tribal Knowledge in Large-Scale Data Pipelines AI for Systems: Using LLMs to Optimize Database Query Execution Forecasting the Economic Effects of AI Introducing Tinker: Play with AI, bring your ideas to life AI sheds light on an ancient gaming mystery People really hate AI but not as much as Iran—or Democrats | Fortune What is an AI Product Engineer? Phoebe Gates wants her $185 million AI startup to succeed with 'no ties to my privilege or my last name': 'I have a chip on my shoulder' | Fortune
AI control plane: architecture and vendors
ritzaco · 2026-05-08 · via Hacker News - Newest: "AI"

By Sagar Batchu, Co-founder & CEO, SpeakeasyPublished Updated

Definition

The governing layer between every AI agent in an organization and every system they’re allowed to reach. It unifies connection, identity, policy enforcement, and observability so that every prompt, response, and tool call flows through a single controlled path.


AI Control PlaneReferenceSpeakeasy

Every enterprise is rolling out AI faster than IT can keep up with. Claude, ChatGPT, Codex, Cursor, Copilot and many more: these aren’t experiments anymore, they’re how employees work. And most of the organizations deploying them have no idea which tools are in use, by whom, or with what data.

This is the problem the AI control plane exists to solve. It’s the governing layer between every AI agent in the company and every system they’re allowed to reach: the part that decides what’s connected, who’s authenticated, what’s inspected, and what’s measured. The name borrows from networking, where Kubernetes, service meshes, and Cloudflare already have control planes for the same reason: they name the part of the system that governs the rest of the system.

The insight driving the category is that enablement and governance are the same problem seen from two sides. Any architecture that treats them separately ends up failing at both.

What follows is drawn from thirty days of conversations with more than 50 technology executives actively navigating this rollout.

Every company is becoming AI-native

Every enterprise is under pressure to become AI-native. Boards have told CEOs to deliver. CEOs have pushed the mandate down to CTOs, CIOs, CISOs, and the newly appointed Chief AI Officers. Budgets have been unlocked. Announcements have been made.

The problem these executives are discovering is that “become AI-native” isn’t a simple checkbox exercise. Much like the move to the cloud, the move to AI-native entails a long list of platform components that need to be put in place. AI agents like Cursor, Claude Code, Copilot, and ChatGPT are merely the tip of the iceberg. After purchasing licenses, every company runs into a set of problems that need to be solved:

  • There’s no central place to provision MCP, Skills, and other tools. Every team picks its own.

  • There’s no consistent identity layer. People connect their personal accounts to enterprise data.

  • There’s no visibility into what’s being used, by whom, with what data.

  • There’s no way to enforce policy on tools IT can’t see.

  • There’s no measurement of adoption, and therefore no way to report progress against the board mandate.

Companies that respond by locking everything down kill adoption. Companies that don’t lock anything down get incidents. Neither path is survivable for long.

This is the problem the AI control plane exists to solve.

We're rolling out AI faster than we can govern it. I don't think anybody in this industry isn't.

CIO,

Fortune 500 retailer

Two jobs, held in tension

The AI control plane has two jobs. The first is enablement: rolling out AI capabilities across the organization so every team can use them. The second is governance: making sure that rollout doesn’t cause a security incident, a data leak, a compliance violation, or a regulatory problem.

These two jobs are in tension. Enablement wants to remove friction. Add more tools, connect more data, give more people access. Governance wants to proceed cautiously. Inspect every interaction, scope every permission, audit every action. Organizations that treat them as two separate initiatives run by two separate teams end up with either a governance program that blocks adoption or an adoption program that bypasses governance.

The insight behind the control plane is that these are not two separate problems. They are the same problem seen from two sides. Enablement without governance produces incidents that eventually force a crackdown that kills adoption. Governance without enablement produces a posture that looks safe on paper while employees route around it with personal accounts and shadow tools.

A control plane resolves the tension by making governance a property of the enablement layer itself. You don’t choose between rolling AI out and keeping it safe. The thing that rolls it out is the thing that keeps it safe.

The shape of an AI control plane

Before diving into the components, it’s valuable to look at the jobs to be done. We believe the control plane has four functions:

Reference architecture · High level view

AI control plane

People, AI tools, the control plane, and the enterprise systems they reach.

AI control plane executive system viewSystem view with four horizontal layers. Top: people across every team. Below them: AI tools, agents, and assistants the people use. Middle: the AI control plane with its four functions. Bottom: enterprise systems including SaaS apps, internal APIs, databases, data warehouse, and LLMs.01 · PeopleEvery team in the companyEngineeringSales & marketingFinance & legalOps & support02 · AI tools, agents, assistantsThe intermediaries people reach forChat clientsClaude, ChatGPTCoding agentsCursor, CopilotAI assistantsOpenClaw, DevinInternal agentsCustom workflows03 · AI control planeConnect · Control · Secure · ObserveConnectTools & identityControlPolicy & accessSecureInspect & threatObserveVisibility & audit04 · Enterprise systemsTools, APIs, data, modelsSaaS appsInternal APIsDatabasesData warehouseLLMs

People

AI tools

Control plane

Enterprise systems

v1 · Executive view

Connect. Bring every AI agent (Claude, ChatGPT, Cursor, Copilot, Codex, internal agents, product agents) and every system that matters (SaaS tools, internal APIs, databases, skills) onto a single plane. No custom integration work per tool. Per-team registries. SSO-integrated so identity flows through. So what: new AI capabilities reach the right teams in days instead of months, and IT stops chasing a moving target of ad-hoc integrations.

Control. Enforce who can use what, under what conditions. Scoped access by team or role. Credential management that doesn’t rely on employees pasting API keys into config files. OAuth 2.1 where the protocols support it. Full audit trail. The shift that matters here is that policies become executable rules rather than documents in a wiki: versioned, testable, and applied automatically at the point of use rather than relied on to be remembered. A policy that lives in a Confluence page and gets enforced through training is not a control. A policy that the control plane evaluates on every request is. So what: the policy on paper is the policy at runtime. Audits stop surfacing questions the CISO can’t answer.

Secure. Inspect every prompt, response, and tool call in real time. Active blocking of PII and data exfiltration. Passive detection of prompt injection and shadow MCPs. Alert the incident response team when something warrants it. Integrate with existing SIEM and security tooling rather than replacing it. So what: incidents are detectable in real time instead of discovered in postmortems, and the response team works from the tooling they already know.

Observe. Measure what’s actually happening. Visibility of token use by team, client, tool, and user. Track adoption against organizational targets. Produce the data that proves, or disproves, that the AI investment is working. So what: the board mandate has metrics behind it instead of anecdotes, and leadership can tell real adoption from theatre.

The components of the AI control plane

Reference architecture · Detailed system view

AI control plane

Callers on the left reach LLMs and enterprise systems on the right, only via a governed path through the control plane.

01 · Callers

People

Humans in the org

Engineering, sales, finance, legal, ops, support

Chat clients

Claude, ChatGPT

AI tools, agents, assistants

Machine callers

Anything that issues prompts or tool calls on a person's behalf

Coding agents

Cursor, Copilot

AI assistants

Devin

Internal agents

Custom workflows

Autonomous workers

Virtual employees

Agents that own a role and work a queue without a person in the loop

Role-based agents

OpenClaw

02 · Control plane

Controls

Connect · Secure · Control · Observe

Spans all traffic

Identity and access

SSO, role and team scope, credential management

OIDCSAMLSCIM

LLM lane · Gateway

LLM gateway

Multi-provider routing, rate limiting, caching

MCP lane · Gateway

MCP gateway

Tool registry and routing, per-team scoping

Applied to every call

Policy & threat

Policy enforcement

Executable rules; versioned and testable

allowdenytransformsquotas

Threat detection

PII, data exfiltration, prompt injection, shadow tools

inlineinspectblock

Spans all traffic

Observability and audit

Every prompt, response, and tool call captured. Adoption analytics, audit trail, SIEM integration.

OpenTelemetrySIEMWarehouse

03 · Destinations

Models

LLMs

Hosted and internal models

ClaudeGPTGeminiinternal

Tools, APIs, data

Enterprise systems

Everything an agent is allowed to reach through the MCP gateway

SaaS apps

Salesforce, Jira

Internal APIs

Services, mesh

Databases

OLTP stores

Data warehouse

Snowflake, BQ

Caller

Control plane

Gateway

Policy / threat

Observability

Destination

v4 · Reference architecture

Several categories of technology have emerged over the last eighteen months, each addressing a slice of the problem. Understanding what each does, and what it doesn’t do, is the fastest way to see why the control plane framing is necessary.

LLM gateways. An LLM gateway sits between applications and the language models they call. It handles routing across providers (OpenAI, Anthropic, Google, open-source), manages API keys, enforces rate limits, and often provides caching and cost tracking. Portkey and LiteLLM are examples. LLM gateways solve a real problem (managing model access at scale), but they sit at the model layer. They see prompts and completions. They don’t see which employee asked the question, which tool the AI called, which data was returned, or whether any of it should have been allowed.

MCP gateways and MCP security tools. The Model Context Protocol has become the emerging standard for how AI agents connect to tools and data. MCP gateways sit in front of MCP servers and handle authentication, authorization, and inspection of tool calls. Products like Speakeasy, Runlayer, and MintMCP have a focus here. These tools solve the discovery, security and observability slice of the problem, specifically protecting the tool-calling path, but they don’t handle model routing, organization-wide adoption, or the broader enablement story.

Identity and access controls. Enterprises already have identity providers (Okta, Azure AD, Google Workspace) and SSO infrastructure. Extending these systems to AI tools is non-trivial. Most AI agents were built for individual users, not enterprise identity, and scoping permissions to teams, roles, or individual tools requires a layer the identity provider itself doesn’t provide.

Observability. Observability in the AI context means visibility into what employees and agents are actually doing with AI: which tools are being used, by which teams, with what frequency, producing what outcomes. This is the layer executives most often realize is missing first, because it’s the one they need to report against the board mandate. Traditional APM and logging tools don’t cover this; they weren’t designed to capture the semantics of AI interactions.

Policy and threat detection. Real-time inspection of prompts, responses, and tool calls, looking for PII leakage, prompt injection, data exfiltration, and policy violations. The primitive that makes this possible at the AI agent itself is the agent hook, a lifecycle handler that fires on every prompt and tool call. Some of this overlaps with MCP security. Some of it is new territory because the threats are new.

Reference · Vendor landscape

Tools in the wild

A non-exhaustive map of vendors across each slice of the control plane.

01 · AI agents

How employees and agents meet AI

02 · Identity & access

SSO and user provisioning

03 · LLM gateways

Routing across model providers

🚅 LiteLLM

04 · MCP gateways & security

Tool routing and authorization

05 · Policy & threat

Guardrails, PII, and prompt-injection defense

06 · LLM providers

The models that get called

07 · Observability

Usage, performance, and audit trails

An information technology company based in California, United States

Illustrative, not exhaustive · v1

Each of these categories is real and each solves a real problem. The reason none of them is sufficient on its own is structural: they see different parts of the same interaction.

CategoryWhat it seesWhat it doesn’t seeExample vendors
LLM gatewayPrompts, completions, model routingUser identity, tool calls, downstream dataPortkey, LiteLLM
MCP gatewayTool calls, MCP server trafficModel routing, org-wide adoptionSpeakeasy, Runlayer, MintMCP
Identity providerUser identity, SSO stateWhat the user is doing with AIOkta, Azure AD, Google Workspace
ObservabilityActivity, logsCannot enforce policyTraditional APM

The AI control plane is what you get when you put these pieces on a single architectural foundation so they see each other. The value is not in any individual component. It’s in the integration.

Why the AI control plane is emerging now

Three forces are converging to make this a visible category rather than an academic concept.

The mandate is real and top-down. Boards have told CEOs to deliver AI transformation. CEOs have tasked their C-suite with executing. The executives who now own this (CTOs, CIOs, CISOs, Chief AI Officers) need to produce something concrete. They are actively looking for a category to buy from.

Sprawl is visible. Most enterprises, when they run an audit, discover they have dozens of AI tools in use across the organization, most of which were never approved and none of which are centrally managed. The gap between official AI policy and actual AI usage has become wide enough that leadership can see it.

Risk is priced in. Data leaks through consumer AI tools, prompt injection attacks on agent systems, regulatory pressure from the EU AI Act, and the general anxiety around data handling have made the cost of doing nothing concrete. The conversation has moved from “what if something happens” to “what are we doing about the things that are already happening.”

The category is being named now because the conditions that make it necessary have all arrived inside the same eighteen-month window.

Why existing tools don’t absorb the category

Three types of incumbent vendor could plausibly claim to own this space. Each has a structural reason they will struggle to.

Incumbent typeStructural advantageStructural problem
Hyperscaler AI suites (AWS, Azure, Google Cloud)Bundled into platform offerings already running in the enterpriseEnterprises operate in multi-cloud, multi-model environments, and don’t want their control plane locked to a single provider. A control plane that only sees one cloud’s traffic isn’t a control plane. It’s a silo.
Enterprise platform incumbents (ServiceNow, Crowdstrike, the major ITSM and GRC vendors)C-suite relationships and procurement inertiaThey ship a tile labeled “AI governance” inside a larger suite, and it ends up a feature rather than a focus. Features built inside suites rarely catch up to products built end-to-end for a single purpose, especially in a category moving this fast.
Point tools (LLM gateway, MCP security)Already in market against a real slice of the problemEach was built for a slice, and expanding to cover the full lifecycle means rebuilding significant portions of what they already have. Some will succeed at this. Most will be absorbed or consolidated.

None of this means incumbents are irrelevant. It means the window for category definition is open, and the organizations that establish the architecture and the vocabulary now will set the terms of how buyers evaluate everything that follows.

What a mature AI control plane enables

When the pieces are in place, the operational shape of the organization changes in a handful of specific ways.

AI is available to every employee on day one, not after a months-long provisioning process. New tools get added to the central registry once and are available to the teams entitled to use them. Teams don’t stand up their own integrations in parallel.

Identity, permissions, and policy are enforced consistently across every AI agent and every tool. An engineer using Cursor, a salesperson using ChatGPT Enterprise, and an analyst using an internal agent are all subject to the same permission model, because the permissions live in the control plane rather than in each agent.

Security has visibility into the AI layer in the same way it has visibility into the network, the endpoints, and the cloud. Incidents are detectable in real time. Audits have data to draw from. The CISO is not operating blind.

Leadership has numbers. Adoption by team. Which tools are producing outcomes and which are shelfware. Where AI is moving the business and where it isn’t. The board mandate has metrics behind it instead of anecdotes.

New AI initiatives (a new agent, a new internal tool, a new workflow) ship on shared infrastructure instead of reinventing the connection, identity, and governance layers every time. The second, third, and tenth AI project cost a fraction of the first.

None of this is speculative. The components to do each of these things exist today. What’s been missing is the framing that puts them together under a single architecture and a single name.

A note on Speakeasy

Speakeasy is building the AI control plane. We started with the connection and identity layer, because that’s where the pain is most acute for companies trying to move beyond bottom-up AI adoption, and we’ve been extending across the four functions since. We are not the only company working on this, and we won’t be. But we believe the category is real, we believe the window for defining it is open, and we believe the organizations that take the architecture seriously now will be meaningfully better positioned than the ones that wait for the market to tell them what to buy.

Reference architecture · Speakeasy coverage

Where Speakeasy plays

The same reference architecture, with the Speakeasy mark on the components Speakeasy covers today.

01 · Callers

People

Humans in the org

Engineering, sales, finance, legal, ops, support

Chat clients

Claude, ChatGPT

AI tools, agents, assistants

Machine callers

Anything that issues prompts or tool calls on a person's behalf

Coding agents

Cursor, Copilot

AI assistants

Devin

Internal agents

Custom workflows

Autonomous workers

Virtual employees

Agents that own a role and work a queue without a person in the loop

Role-based agents

OpenClaw

Supported

02 · Control plane

Controls

Connect · Secure · Control · Observe

Supported

Spans all traffic

Identity and access

SSO, role and team scope, credential management

OIDCSAMLSCIM

LLM lane · Gateway

LLM gateway

Multi-provider routing, rate limiting, caching

Supported

MCP lane · Gateway

MCP gateway

Tool registry and routing, per-team scoping

Supported

Applied to every call

Policy & threat

Policy enforcement

Executable rules; versioned and testable

allowdenytransformsquotas

Threat detection

PII, data exfiltration, prompt injection, shadow tools

inlineinspectblock

Supported

Spans all traffic

Observability and audit

Every prompt, response, and tool call captured. Adoption analytics, audit trail, SIEM integration.

OpenTelemetrySIEMWarehouse

03 · Destinations

Models

LLMs

Hosted and internal models

ClaudeGPTGeminiinternal

Tools, APIs, data

Enterprise systems

Everything an agent is allowed to reach through the MCP gateway

SaaS apps

Salesforce, Jira

Internal APIs

Services, mesh

Databases

OLTP stores

Data warehouse

Snowflake, BQ

Supported

v1 · Speakeasy coverage

If you’re one of the executives tasked with turning an AI mandate into an operating reality, the most useful thing you can do this quarter is probably not to buy a product. It’s to draw the architecture of how AI should flow through your organization, figure out which pieces you already have and which you don’t, and decide whether you want to assemble it yourself or build on a foundation designed for it. Either way, the term to have in your head while you do that work is AI control plane. It names the thing you’re actually building.