Palo Alto Networks announced its intent to acquire Portkey, an AI Gateway pioneer. Press reports place the potential valuation around $140M — roughly double its February 2026 valuation. The official announcement does not disclose financial terms. Portkey will be integrated into Prisma AIRS 3.0, which Palo Alto positions as the first platform to secure the entire agentic AI lifecycle. The combined offering creates a unified control plane that monitors, routes, and secures every AI transaction across the enterprise — from model calls to agent-to-tool interactions.

Why it matters: The AI Gateway — the component that sits between your agents and the models/tools they call — is becoming the security enforcement point. This is the same architectural pattern that API gateways established for microservices: the choke point where policy is enforced. Palo Alto is betting that whoever controls the AI Gateway controls enterprise AI security. If your organisation runs AI agents through any gateway (LiteLLM, Portkey, custom), that component just became a governed dependency, not infrastructure plumbing.

Source: Palo Alto Networks — Portkey acquisition

Announced at Code with Claude London on May 19, Anthropic shipped two enterprise-focused features for Claude Managed Agents. Self-hosted sandboxes (public beta) allow tool execution to run on customer-controlled infrastructure — or through managed providers like Cloudflare, Daytona, Modal, and Vercel — while Anthropic manages orchestration, context handling, and recovery. MCP tunnels (research preview) let Managed Agents connect to private MCP servers without exposing them to the public internet: organisations deploy a lightweight gateway that establishes an outbound-only encrypted connection to Anthropic's infrastructure.

Why it matters: This is the architectural pattern enterprise security teams have been asking for: managed agent intelligence with customer-controlled execution. The agent reasons in the cloud; the tools execute inside the perimeter. No inbound firewall rules. Tool execution and private MCP access can remain within customer-controlled infrastructure, depending on configuration. For European enterprises with data residency requirements, this is the first credible answer to "how do I use a US-hosted agent platform without violating my sovereignty posture?" Watch whether Google, Microsoft, and OpenAI follow with equivalent architectures.

Source: Anthropic — Claude Managed Agents updates · InfoQ — Anthropic MCP tunnels

Multiple security reports this spring converge on the same finding: enterprise AI agent deployments are scaling dramatically while governance infrastructure has not kept pace. Industry coverage citing a Kiteworks data security forecast reports that a majority of organisations cannot enforce purpose limitations on AI agents or quickly terminate a misbehaving one. Deloitte's State of AI 2026 confirmed the pattern: 85% of enterprises plan to deploy custom agents, but only 21% have mature governance. Traditional pre-deployment configurations are failing against autonomous systems that make decisions at machine speed, requiring a pivot to runtime security.

Why it matters: For high-risk use cases, this creates a serious Article 14 human-oversight concern: if an organisation cannot technically constrain or stop an agent, oversight exists more on paper than in production. The gap is not in the compliance documentation. It is in the production infrastructure.

Source: TechRadar — Self-running agents creating biggest security crisis of 2026 · Dark Reading — The lifecycle crisis: managing AI agent lifecycles

The European Commission's draft guidelines on Article 50 transparency obligations close for consultation on June 3. A Code of Practice on marking and labelling AI-generated content is expected in final form in June. The transparency obligations become enforceable August 2, 2026 — the one major AI Act deadline the Omnibus did not move. Article 50 transparency obligations remain one of the near-term AI Act compliance dates, with rules applying from August 2, 2026.

Why it matters: Nine weeks. If your organisation deploys AI chatbots, content generation tools, emotion recognition systems, or deepfake detection — you are in scope. The transparency requirements are not complex (inform users they are interacting with AI; mark AI-generated content in machine-readable format; disclose deepfakes). But they require implementation — labelling infrastructure, disclosure copy, technical marking — that does not exist in most production systems today. This is a sprint, not a programme.

Source: European Commission — Article 50 transparency guidelines · Bird & Bird — Reading the Commission's draft Article 50 guidelines

At Cloud Next '26, Google announced Agent Identity — enabling access management and governance at scale for autonomous agents — and Agent Gateway, which enforces policy on agent-to-agent and agent-to-tool connections. The partnership with Wiz adds cloud-native security context. Together, these components create the "governed agent traffic" layer: every agent interaction passes through a policy enforcement point that can audit, limit, and terminate agent behaviour in real time.

Why it matters: Google is building the agent governance layer into the cloud platform itself — not as a bolt-on product but as infrastructure. This mirrors how IAM (Identity and Access Management) became a cloud platform primitive over the past decade. If agent identity and agent gateway become platform-native on GCP, AWS and Azure will follow. The implication: agent governance will be a cloud platform feature, not a third-party purchase. Evaluate whether your cloud provider's agent governance roadmap aligns with your deployment timeline.

Source: Google Cloud Blog — Redefining security for the AI era

Ping Identity announced new capabilities extending its identity platform for the agentic enterprise. The platform now includes AI-first headless interfaces for builders and agents to work with identity programmatically — including through CLI and MCP — and introduces agent-ready skills that help AI agents understand and perform common identity tasks such as authentication, authorisation, and session management.

Why it matters: Identity is the missing layer in most agent governance frameworks. When an autonomous agent accesses a database, calls an API, or submits a form, it needs an identity — and that identity needs scoped permissions, session management, and revocation capabilities. Ping Identity is the first major identity vendor to ship MCP-native agent identity. For enterprises using MCP-based agent architectures (Anthropic Claude, many open-source frameworks), this is the identity layer that was missing.

Source: Help Net Security — Ping Identity advances agentic security

Camunda announced ProcessOS at CamundaCon (closed beta from May 20): an AI-powered intelligence layer that discovers, re-engineers, and continuously optimises business processes as agentic workflows. The platform converts described outcomes into repeatable, governed agentic processes with built-in human review, pattern reuse, and integrations. Operations and IT teams can map existing processes and transform them into agent-executed workflows.

Why it matters: Most agent governance discussion focuses on the agent itself. Camunda is addressing the process layer: what is the agent supposed to do, and how do you verify it did it correctly? This is the Article 9 risk management angle — governing the workflow the agent executes, not just the agent's permissions. If your organisation is moving from human-executed processes to agent-executed processes, the process itself needs governance, not just the agent.

Source: Camunda — ProcessOS announcement at CamundaCon 2026

NVIDIA published developer resources describing "NVIDIA-verified agent skills" — a pipeline that catalogs, scans, signs, and documents portable skill packages for AI agents. The framework standardises how agent capabilities are packaged, verified, and distributed across enterprise environments.

Why it matters: This is the software supply chain governance model applied to agent skills. After the TeamPCP supply chain attack we covered last edition — where LiteLLM and Trivy were compromised through CI/CD pipelines — NVIDIA's approach of signing and verifying agent skill packages addresses exactly the gap that attack exploited. If agents can only execute verified, signed skills from a governed catalog, the attack surface for supply chain compromises shrinks significantly.

Source: NVIDIA Developer Blog — Verified agent skills

With the May 20 layoffs complete, Since late 2022, Meta has announced or executed more than 32,000 job cuts across multiple waves: 11,000 in November 2022, 10,000 in 2023, around 3,600 low-performer cuts in early 2025, and roughly 8,000 in the latest 2026 restructuring — with more planned for H2. This comes against record financial performance: 2025 revenue reached $201 billion (+22% YoY), Q4 net income was $22.8 billion, and free cash flow was $43.6 billion. The company is simultaneously cutting headcount and raising AI infrastructure spending to $125–145 billion in 2026.

Why it matters: Meta is the clearest case study of the AI Layoff Trap thesis running at corporate scale. Record revenue, record margins, record layoffs — simultaneously. The restructuring is not driven by financial pressure. It is driven by a strategic conviction that small AI-augmented teams can replace larger traditional departments. For every enterprise leader watching: if Meta — with $43.6 billion in free cash flow — is cutting 33,000 jobs over four years while spending $145 billion on AI, the pattern is likely to spread well beyond tech.

Source: NPR — Meta slashes 8,000 jobs as it pivots toward AI · Yahoo Finance — Meta layoffs 2026

Deep Dive

Spring 2026 will be remembered as the season the agent governance stack went from concept to product. Before April, "agent governance" was a conference-talk theme and a whitepaper topic. By late May, it is a procurement decision.

The vendor announcements — from Cloud Next in April through Think, Knowledge, CamundaCon, and late-May security and identity releases — are not independent events. They are convergent responses to the same market signal: enterprise agent deployments scaled dramatically through 2025 and early 2026, and the resulting incidents, security findings, and regulatory pressure created demand for governance infrastructure that did not exist six months ago.

When you map these announcements, a consistent architecture emerges. Every vendor is building some combination of three layers:

Layer 1: Agent Identity — Who is the agent?

Every autonomous agent needs an identity: authenticated credentials, scoped permissions, session management, and revocable access. Without identity, an agent is an anonymous process with whatever privileges its deployment environment grants — which, in most enterprises, means far too many.

Ping Identity shipped the first MCP-native agent identity layer. Google shipped Agent Identity as a platform primitive. Anthropic's self-hosted sandboxes enforce identity through customer-controlled infrastructure. Microsoft's Agent Governance Toolkit includes identity components.

The gap: Most enterprises have not extended their IAM framework to cover non-human agents. Agents operate with service accounts, API keys, or inherited developer credentials — none of which provide the scoped, session-managed, revocable access that a production autonomous agent requires.

Layer 2: Runtime Policy Enforcement — What can the agent do?

Once an agent has an identity, the next question is what it is permitted to do — and what happens when it tries to exceed those permissions. Runtime policy enforcement means real-time, sub-millisecond decision-making on every agent action: is this tool call allowed? Is this data access within scope? Is this decision within the agent's authority?

Palo Alto's Prisma AIRS 3.0 + Portkey is the most complete implementation: every AI transaction passes through the AI Gateway where policy is evaluated before execution. ServiceNow's AI Control Tower (enhancements in Innovation Lab, GA expected August 2026) does the same within the ServiceNow platform. Google's Agent Gateway enforces policy on agent-to-agent and agent-to-tool connections. Microsoft's toolkit covers all 10 OWASP agentic AI risks with deterministic enforcement.

The gap: Most enterprises enforce policy at deployment time (what the agent is configured to do) rather than at runtime (what the agent actually does). Organisations that cannot enforce purpose limitations at runtime are operating with deployment-time governance in a runtime world.

Layer 3: Audit and Observability — What did the agent do?

After identity and enforcement, the third layer is the audit trail: a complete, queryable, tamper-evident record of every action an agent took, every decision it made, and every tool it called. This is the layer that satisfies Article 12 (automatic event logging) and Article 14 (human oversight) of the AI Act — because you cannot oversee what you cannot observe.

IBM's Sovereign Core embeds audit at infrastructure runtime. Anthropic's MCP tunnels create an auditable connection path between managed agents and internal systems. Camunda's ProcessOS governs the workflow-level audit trail. NVIDIA's verified skills create a verifiable provenance chain for agent capabilities.

The gap: Most agent deployments log agent outputs but not agent reasoning. When an agent makes a decision, the log records what it did — but not why, what alternatives it considered, or what context it used. The AI Act's transparency and explainability requirements will demand reasoning-level observability, not just action-level logging.

The vendors are building across three layers. No single vendor covers all three completely. That means enterprise governance teams face a platform integration challenge:

The answers, today, are mostly no. The agent governance stack is crystallising, but it is not yet integrated. The interoperability layer — the thing that connects identity, enforcement, and audit across multiple vendors — does not exist. Whoever builds it wins the platform war.

Do not wait for the stack to integrate itself. The practical move is to adopt a governance reference architecture now — even if incomplete — and iterate as the market matures. The three-layer model (identity, enforcement, audit) is the right frame. For each layer, pick the vendor that aligns with your existing infrastructure and your regulatory horizon.

If you are a Google Cloud shop, Agent Identity + Agent Gateway is the natural starting point. If you are a security-first organisation, Palo Alto's Prisma AIRS is the enforcement layer. If you run ServiceNow for IT operations, the AI Control Tower is already in your stack. If you use Claude, Anthropic's MCP tunnels solve the perimeter problem.

The organisations that build this architecture in 2026 — even imperfectly — will have operational evidence when the high-risk compliance deadline hits in December 2027. The ones that wait will be buying and integrating under regulatory pressure.

Security / Risk

Enterprise AI

Regulation

Infrastructure

May 2026 was the month agent governance became a product category. The stack is forming. The vendors are moving. The regulatory deadline is nine weeks away. The organisations that start evaluating now will have operational governance when the AI Act's first enforcement window opens. The ones that wait will be buying under pressure — and the prices will reflect it.

Until next Thursday, João

OnAbout.AI delivers strategic AI analysis to enterprise technology leaders. European governance lens. Vendor-agnostic. Actionable.

If this landed in your inbox from a forward — subscribe here to get the full picture every week.