惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
GRAHAM CLULEY
V
V2EX
WordPress大学
WordPress大学
博客园 - Franky
Last Week in AI
Last Week in AI
博客园 - 司徒正美
有赞技术团队
有赞技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园 - 【当耐特】
V
Visual Studio Blog
C
CERT Recently Published Vulnerability Notes
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Jina AI
Jina AI
Attack and Defense Labs
Attack and Defense Labs
腾讯CDC
The Hacker News
The Hacker News
Hugging Face - Blog
Hugging Face - Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
J
Java Code Geeks
人人都是产品经理
人人都是产品经理
阮一峰的网络日志
阮一峰的网络日志
T
Tailwind CSS Blog
S
SegmentFault 最新的问题
大猫的无限游戏
大猫的无限游戏
小众软件
小众软件
A
Arctic Wolf
量子位
博客园 - 聂微东
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
N
News and Events Feed by Topic
雷峰网
雷峰网
博客园_首页
Google Online Security Blog
Google Online Security Blog
Spread Privacy
Spread Privacy
罗磊的独立博客
H
Hacker News: Front Page
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
月光博客
月光博客
TaoSecurity Blog
TaoSecurity Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 三生石上(FineUI控件)
宝玉的分享
宝玉的分享
IT之家
IT之家
The Cloudflare Blog
爱范儿
爱范儿
博客园 - 叶小钗
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Apple Machine Learning Research
Apple Machine Learning Research
酷 壳 – CoolShell
酷 壳 – CoolShell

MongoDB | Blog

10 Years of MongoDB Atlas: Built for what’s Next Build Trust in Agentic AI: From POC to Production Production-Ready Agents Need A Production-Ready Data Platform Agentic Supplier Management with MongoDB Atlas, Voyage AI, and Multi-Modal Search AI Is Changing What Customers Need From a Database. MongoDB 8.3 Is Built for It New Research Reveals Overcoming Legacy Tech Issues Key to AI Success MongoDB Predictive Auto-Scaling: An Experiment Introducing MongoDB Agent Skills and Plugins for Coding Agents Enhance Your In-IDE Data Browsing Experience With MongoDB Observability and OpenTelemetry: Introducing MongoDB Atlas Log Integration Towards Model-based Verification of a Key-Value Storage Engine Inside MongoDB Dublin: The Heart of Our International Growth Innovating with MongoDB | Customer Successes, February 2026 Building a Movie Recommendation Engine with Hugging Face and Voyage AI Edge AI Made Easy: MongoDB and ObjectBox Data Synchronization MongoDB.local San Francisco 2026: Ship Production AI, Faster Vision RAG: Enabling Search on Any Documents That’s a Wrap! MongoDB’s 2025 in Review & 2026 Predictions Token-count-based Batching: Faster, Cheaper Embedding Inference for Queries MongoDB Announces Leadership Transition Cars24 Improves Search For 300 Million Users With MongoDB Atlas The Cost of Not Knowing MongoDB, Part 3: appV6R0 to appV6R4 The 10 Skills I Was Missing as a MongoDB User Innovating with MongoDB | Customer Successes, October 2025 Smarter AI Search, Powered by MongoDB Atlas and Pureinsights Charting a New Course for SaaS Security: Why MongoDB Helped Build the SSCF Top Considerations When Choosing a Hybrid Search Solution Endian Communication Systems and Information Exchange in Bytes MongoDB SQL Interface: Now Available for Enterprise Advanced From Niche NoSQL to Enterprise Powerhouse: The Story of MongoDB's Evolution Carrying Complexity, Delivering Agility MongoDB is a Glassdoor Best-Led Company of 2025 Build AI Agents Worth Keeping: The Canvas Framework Simplify AI-Driven Data Connectivity With MongoDB and MCP Toolbox MongoDB Community Edition to Atlas: A Migration Masterclass With BharatPE Modernizing Core Insurance Systems: Breaking the Batch Bottleneck MongoDB.local NYC 2025:定义 AI 时代的理想数据库 MongoDB.local NYC 2025: Defining the Ideal Database for the AI Era MongoDB.local NYC 2025: Definiendo la base de datos ideal para la era de la IA MongoDB.local NYC 2025 : définir la base de données idéale à l'ère de l'IA MongoDB.local NYC 2025: Definindo o Banco de Dados Ideal para a Era da IA MongoDB.local NYC 2025: AI 시대를 위한 이상적인 데이터베이스 정의 MongoDB.local NYC 2025: Definition der idealen Datenbank für das KI-Zeitalter MongoDB.local NYC 2025: Definire il database ideale per l'era dell'AI Hommage à l’excellence : MongoDB Global Partner Awards 2025 Wir feiern Spitzenleistungen: MongoDB Global Partner Awards 2025 Celebrating Excellence: MongoDB Global Partner Awards 2025 庆祝卓越:MongoDB 全球合作伙伴奖 2025 Celebrando la Excelencia: Premios Globales de Emparejar de MongoDB 2025 Começando a destacar a excelência: MongoDB GlobalPartner Services 2025 Celebrare l'eccellenza: MongoDB Global Partner Awards 2025 우수성을 기념하기: 2025년 MongoDB 글로벌 파트너 어워드 The Future of AI Software Development is Agentic MongoDB Queryable Encryption Expands Search Power Supercharge Self-Managed Apps With Search and Vector Search Capabilities Potencie las aplicaciones autogestionadas con capacidades de búsqueda y búsqueda vectorial
Fighting Tool Sprawl: The Case for AI Tool Registries
Peter Richards · 2026-05-11 · via MongoDB | Blog

As enterprise AI agent adoption scales, the absence of centralized, organization-level tool infrastructure is producing compounding costs. When adoption is built around optimizing for deployment speed, enterprises expose themselves to a combination of risks: duplicated engineering effort, security exposure, and operational opacity.

Every enterprise needs its own shared tool registry, one that reflects its specific regulatory environment, security posture, and operational conventions. To be clear, this is not an argument for a public package manager, something like npm, PyPI, or Maven. The infrastructure each enterprise needs is internal; scoped to its own teams, its own data, its own policies, its own domain. Trying to expand the scope beyond the confines of individual organizations would be premature standardization in a fast-moving, nascent space.

A shared enterprise tool registry is not an optimization or a nice-to-have. It is foundational infrastructure as agent deployments scale beyond early experiments. The case for it rests on two pillars: reducing coordination cost and enabling risk management, both for the humans building with agents and for the agents themselves.

AI agents depend on tools that retrieve data, write records, trigger workflows, and call external APIs. According to McKinsey, in most large organizations, these tools are built by individual teams in an ad hoc fashion: undocumented, ungoverned, and invisible to the rest of the organization. This pattern is familiar to most engineering leaders, and the fragmentation it creates compounds with every new agent deployment. Teams rebuild what already exists elsewhere, security reviews miss tools that were never registered, and when something breaks, no one has a complete picture of what is running or why.

A coordination failure at infrastructure scale

The software industry solved an analogous problem decades ago with package managers. Centralized registries gave teams a way to discover, depend on, and govern shared code. The learning was clear: preventing duplication and inconsistency is an infrastructure problem, not a discipline problem.

The agent era presents the same problem in a new domain. When Kong launched its enterprise MCP Registry in February 2026, they explicitly called out the problems of manual MCP configuration, hardcoded and managed tool isolation across teams, fragmented integrations, and limited organization visibility.

Fragmented tool development is not a consequence of poor engineering practice. Rather, it is the predictable outcome of asking teams to solve an infrastructure problem at the application layer.

The visibility problem

Gravitee's The State of AI Agent Security 2026 survey quantifies what happens when agent tooling is invisible to the people responsible for securing it. The survey found that only 14.4% of teams with agents beyond the planning phase have full security approval, and 88% of organizations had an agent-related security incident this year. Bad practices like shared API keys are endemic, with only 22% of organizations treating agents as independent identities. This governance gap transforms agents from productivity boosters into high-velocity liabilities capable of executing unauthorized actions or leaking sensitive data before a human can even intervene.

The story is clear: adoption is outpacing governance, and in a race for speed, old lessons are having to be retaught. The majority of deployed agents (and the MCP servers powering them!) are operating without any security sign-off. This is not primarily a resourcing failure, and it is not something a registry alone solves. Security teams cannot review what they cannot discover, and without a registry, discovery is manual, incomplete, and stale. A registry does not make tools inherently secure; rather, it makes security work possible by ensuring tools exist not as transitory, ad hoc shims, but rather as inventoried artifacts that audits and policy can attach to.

It is worth revisiting public package managers here. These registries have not been able to eliminate a number of security problems, issues such as typosquatting, malicious packages, and dependency confusion, showing clearly that centralization alone is not a security solution. But they also show the converse: a registry is a precondition for security. Numerous community responses to breaches in these ecosystems demonstrate the power centralization provides. Centralization does not guarantee security, but decentralization forfeits the means to coordinate it.

Governance requires shared context

The default posture in most agent deployments is permissive: tools are available unless explicitly blocked. AgilityFeat's analysis of enterprise AI guardrails identifies the structural risk this creates, since an architecture not built on deny-by-default increases risk and creates upkeep costs.

Allow-by-default, replicated across dozens of independent agent deployments, produces an attack surface that scales with adoption. Inverting this requires a coordination point, a shared, organization-wide context. The registry itself isn’t a governance layer, but it is what makes governance possible. When every tool an agent can use is registered with ownership, version, and review status, the governance layer has something concrete to enforce against. Without that context, policy has to be reimplemented by every consuming team, and consistency becomes impossible. 

Frontegg's framework for AI agent governance describes what that policy layer looks like operationally: agent actions mapped to explicit, granular guardrails that define the operational boundaries for what any agent can attempt or execute. These guardrails live outside the registry, but they depend on it. A guardrail that references a tool the security team has never heard of cannot be written in the first place.

What a production-grade tool catalog requires

A mature enterprise tool registry has two core functions, discovery and versioning, and serves as the foundation for two others: certification metadata and access control. Think of it as an Internal Developer Portal (IDP) built for the agent era, solving the same coordination problem that IDPs solved for service teams, but one layer up.

Discovery allows any team building an agent to search for existing tools before writing new ones. With ownership metadata, version history, and usage metrics centralized, duplication is reduced not through mandate but through reduced friction. A well-designed catalog goes further than a flat list: tools should be grouped hierarchically by functional domain so that both humans and agents can find relevant capabilities quickly. 

Versioning closes a gap that neither discovery nor access controls address: when agent behavior changes, why did it change? A tool registry that tracks versions gives enterprises the visibility to answer that question. Was it the model? A tool prompt update? An underlying API change? Without proper versioning, finding the answer goes from a simple diff comparison to a time-consuming, manual investigation.

Certification status (things like security approval, API contract validation, PII handling checks) is metadata that the registry surfaces, not a boundary that the registry itself enforces. The actual review work happens through the security organization’s existing tooling. The registry’s contribution is making the result of that review visible at the moment a team is deciding whether to adopt a tool, ensuring the review actually informs the decision it was meant to inform.

Access control works the same way. A policy layer enforces authorization scoped to agent identity, team, environment, and action type, reading from the registry to know what tools exist and who owns them. The registry’s centralization lets access control be applied consistently, rather than forcing each team to come up with something bespoke.

None of this is achievable when each team maintains its own isolated tooling stack. Platform teams already understand why IDPs exist. The value of the paradigm in the agent context is no different.

The compounding cost of inaction

The cost of inaction is direct, not merely operational and security-related. Without a searchable, well-organized catalog of tools, teams continually reinvent the wheel, since it is easier to generate a tool than to find one that already exists. Duplication means redundancy and technical debt. A registry, by making tools discoverable and reusable, converts that redundant spend into capacity for actual work.

For platform engineering teams, the trajectory is clear. Agent adoption is increasing, tool duplication is increasing with it, and the shims that worked at small scale will not hold as the number of agents and tools grows. The security exposure documented in the Gravitee survey will widen, not narrow, without structural intervention.

The organizations that build centralized tool infrastructure now will be able to onboard new agents quickly, govern them consistently, and audit them when something goes wrong. Those that defer will rediscover, the hard way, what platform teams learned a decade ago: coordination problems do not resolve themselves at the application layer. They compound there.

Next Steps

The tool registry is one layer of a broader infrastructure problem. Follow the Designing an Agentic Platform series for deeper architectural treatment of memory, orchestration, state, and observability — the components a tool registry sits alongside.