Blog

Why AI Agents Need a Control Plane

Pablo Marin, CTO @ KSGai.com · February 23, 2026

The AI agent ecosystem exploded in 2025. Over 10,000 MCP servers were published. Anthropic's SDK alone surpassed 97 million monthly downloads. Every major platform adopted the Model Context Protocol: Claude, ChatGPT, Gemini, Copilot, Cursor, VS Code. In December 2025, Anthropic donated MCP to the Linux Foundation. The protocol won.

But there is a widening gap between “agents work in demos” and “agents work in production.” According to industry surveys, only 11% of organizations have AI agents running in actual production environments. The bottleneck is not model intelligence — GPT-4o, Claude Opus, and Gemini Ultra are all remarkably capable. The bottleneck is infrastructure.

Specifically, the lack of a control plane for the three things every production agent needs: managed tool connections, reusable skills, and secure execution environments. Without that control plane, organizations are flying blind — deploying agents with no governance, no audit trail, and no kill switch.

What Every AI Agent Needs

Anthropic's research has mapped the anatomy of effective agents with increasing precision. In “Building Effective Agents” (December 2024), they identified three foundational capabilities: retrieval, tools, and memory. Agents that can search knowledge bases, invoke external APIs, and maintain context across interactions outperform those that rely on raw model intelligence alone.

In “Code Execution with MCP” (2025), they went further: agents that write and execute code instead of calling tools directly achieve 98.7% token savings on complex tasks. And in “Agent Skills” (December 2025), they introduced modular skill packages with progressive disclosure — reusable SKILL.md files that teach agents new capabilities without retraining.

These findings converge on three pillars that every production agent system requires:

  • MCP Servers — standardized tool connections that expose tools, resources, and prompts through a single protocol. This is how agents interact with databases, APIs, file systems, and external services.
  • Skills — procedural knowledge packages (SKILL.md files) that encode multi-step workflows as reusable modules. Skills give agents domain expertise without prompt engineering gymnastics.
  • Sandboxes — secure, isolated code execution environments where agents can write, run, and iterate on code without risking the host system. This is the 98.7% token savings path.

Each pillar is powerful on its own. Together, they define what a production-ready agent platform looks like. The question is: who manages them?

The Shadow AI Problem

Without governance, agent infrastructure becomes Shadow AI — unmanaged, unmonitored, and unaccountable. The statistics are stark:

  • 98% of organizations have employees using unsanctioned AI tools (Programs.com)
  • 91% of AI tools in enterprises remain unmanaged (Reco.ai, 2025)
  • 53% of MCP servers use insecure static API keys (Astrix Security, 2025 — analysis of 20,000 MCP server implementations)
  • 79% of MCP servers pass credentials via environment variables with no rotation or vault integration (Astrix Security)
  • Shadow AI breaches cost $670K more on average than standard breaches (IBM, 2025)
  • 40% of organizations will face a shadow AI security incident by 2030 (Gartner)
  • 63% of organizations lack any AI governance policies whatsoever (Programs.com)

Mend.io coined the term “Shadow MCP” to describe unauthorized MCP server connections embedded in enterprise codebases — connections that bypass security policies, exfiltrate data through tool calls, and persist undetected across deployments. When every developer can spin up an MCP server in five minutes, the attack surface grows faster than any security team can audit manually.

Regulators are responding. NIST launched the AI Agent Standards Initiative in February 2026, establishing interoperability and security benchmarks for agentic systems. The EU AI Act enforcement begins August 2026, with specific provisions for autonomous AI systems. Organizations without governance infrastructure will not just face security risks — they will face regulatory consequences.

Why a Gateway — Not Just Policies

Policies don't enforce themselves. A PDF in your compliance folder does not prevent an engineer from connecting an unvetted MCP server to a production agent at 2 AM. You need infrastructure that makes the secure path the easy path.

This is the MCP Gateway pattern: a centralized control plane that sits between your agents and the servers, skills, and sandboxes they consume. Every request passes through the gateway. Every connection is authenticated, authorized, logged, and rate-limited by default.

What a gateway provides:

  • Authentication & Authorization — OAuth 2.1 with PKCE, SSO integration via SAML/OIDC, and role-based access control. No more static API keys in environment variables.
  • Server Catalog — a registry of approved MCP servers. Agents can only connect to servers in the catalog. Unauthorized connections are blocked at the network level, not the policy level.
  • Policy Enforcement — rate limits per agent, per tool, and per user. Budget constraints that prevent runaway costs. Content filtering rules that redact sensitive data before it reaches external services.
  • Audit Trails — complete, immutable logging of every tool invocation, every skill execution, every sandbox session. When compliance asks “what did this agent do on Tuesday?” you have the answer in seconds.
  • Observability — structured logging, latency metrics, error rates, token consumption, and cost tracking across every agent in your organization. One dashboard, not fifty.

This is not a novel pattern. It is the same architectural approach that won in API management (Kong, Apigee), service mesh (Istio, Linkerd), and cloud networking (AWS VPC, Azure VNet). Every time a new class of distributed service emerges, organizations eventually need a control plane to manage it. Agent infrastructure is following the same arc.

What MCP Gateway Provides

MCP Gateway manages all three pillars through a single platform. Register MCP servers in a curated catalog. Package and distribute skills as versioned modules. Provision sandboxes with fine-grained resource limits and network policies. Everything is managed through one control plane with a unified API.

The platform is API-first with a full REST API, so it integrates with any agent framework: LangChain, CrewAI, OpenAI Agents SDK, Google ADK, Anthropic's Claude SDK, or your own custom orchestration layer. If your framework can make HTTP requests, it can use MCP Gateway.

MCP Gateway is source-available under the Functional Source License (FSL). You deploy it on your own infrastructure. You audit every line of code. Your data never leaves your network. This is not a SaaS platform that holds your agent traffic hostage — it is infrastructure you own and operate.

MCP Gateway is coming soon to the AWS Marketplace, Azure Marketplace, GCP Marketplace, and Red Hat OpenShift catalog. Check out the source on GitHub.

The Time to Build Is Now

The agent ecosystem is moving fast — faster than most organizations' governance can keep up. Shadow AI is not a theoretical risk; it is a measurable, growing liability. The companies that will succeed with AI agents in production are the ones investing in infrastructure now, not after the first breach, the first compliance failure, or the first six-figure incident response bill.

MCP Gateway gives your organization the control plane to deploy agents with confidence — managing MCP servers, skills, and sandboxes through one platform, with the authentication, authorization, audit trails, and observability that production demands.