Google makes agent governance native in Gemini

At Google Cloud Next ’26 in Las Vegas in April, Google unveiled the Gemini Enterprise Agent Platform as the successor to Vertex AI. The platform assigns a unique cryptographic identity to each agent and routes agent interactions through an Agent Gateway that mediates access to corporate data and tools. Google presented these elements as features for traceability, access control and auditing.

Gemini’s cryptographic identities produce permanent identifiers for agent transactions intended to support audit logs and nonrepudiation. The Agent Gateway acts as a central enforcement point, routing requests from agents to internal systems and applying access policies at the interaction layer rather than inside each pipeline.

A survey of 1,879 IT leaders by OutSystems found 97% of organizations are exploring agentic AI and 49% rate their capabilities as advanced or expert. The same survey reported that only 36% have a centralized approach to AI governance and 12% use a central platform to control agent proliferation.

Independent analyses place the share of agentic AI pilots that have reached broad production at roughly 11% to 14%. Gartner’s 2026 Hype Cycle for Agentic AI reports that 17% of organizations have deployed agents to date while more than 60% expect to deploy within two years. The Hype Cycle identifies governance, security and cost-management tools as lagging behind deployment intent.

Research from other industry observers notes a common pattern in which legacy workflow tools and rule-based automations are marketed as autonomous agents. Governance frameworks designed for autonomous agents-agent-level identities, bounded autonomy, escalation paths and audit trails-do not map cleanly onto scripted automation, and conflating the two can create gaps in control.

Cloud providers announced agent registries in April 2026, reflecting early-stage development of governance tooling across the market. Enterprise architects face a choice between consolidating agent control inside a single cloud ecosystem or maintaining a heterogeneous environment with separate governance layers. Traditional identity and access management systems were developed for human users, not fleets of software agents that create identities and permissions at scale.

Technical controls from cloud vendors address parts of the governance challenge, but organizations still must define what agents are allowed to do, who is accountable when agents make errors, and how governance differs for true autonomy versus scripted automation. Enterprises will need to decide whether to adopt vendor-specific controls or to develop governance frameworks that operate across multiple platforms.