The Agent Orchestrator Is Not the Moat

Enterprise IT history suggests governance and policy layers tend to outlast framework layers. The same shift may be reaching agent orchestration.

4 min read
#agent-governance#a2a#mcp#enterprise-ai#infrastructure

The Agent Orchestrator Is Not the Moat

Many teams are betting that the orchestration layer wins. Pick the right Agent OS or framework and you own the stack. That bet misreads how enterprise infrastructure has actually consolidated over the last two decades.

The framework that schedules and routes your agents is probably not the scarce resource. The layer that governs and enforces policy on the traffic between agents is more likely to be. Frameworks tend to get commoditized, and control points tend to get bought and built around, though some frameworks do manage to evolve and absorb the control point themselves.

Why the framework tends to lose

Enterprise IT shows a recurring pattern. The thing that gets standardized is the protocol or the framework. The thing that captures durable value is the governance plane that sits above it. API frameworks proliferated; API gateways consolidated. Data processing engines multiplied; the catalog and access-control layer became the chokepoint.

Agent orchestration appears to be heading the same direction. A2A and MCP are emerging as the protocols for agent-to-agent and agent-to-tool communication. Once protocols stabilize, the framework choice above them matters less, because enterprises care about who can authenticate, audit, rate-limit, and revoke that traffic.

A pure-play orchestration framework that does not plug into an enterprise governance plane is not always worse on technical merit. It just gets routed around. In mature enterprise environments with existing governance, traffic flows through the layer IT can control, and orchestration that bypasses that layer reads as a liability. The deciding question stops being which framework is most capable and becomes which path the security and compliance teams will actually approve.

The concrete signals

Several established infrastructure vendors are moving their gateways toward governing agent traffic directly. Read these as where vendors are placing bets, not as settled architecture.

  • Kong has extended its AI Gateway to support agent-to-agent traffic, positioning the gateway itself as the governance point for agentic communication.
  • Databricks has expanded its AI Gateway as a governance layer for agentic AI, tying agent traffic into existing data governance.
  • Cloudflare has added enterprise MCP support, bringing agent tool traffic under its edge and access controls.

The Databricks move is the sharpest illustration of the mechanism. By folding agent traffic into the same Unity governance that already controls who can touch which tables, it does not ask the enterprise to trust a new control surface. It extends one the enterprise already relies on. That is how a governance plane absorbs a control point: not by out-featuring the framework, but by inheriting trust that is expensive to rebuild elsewhere.

On the framework side, AutoGen reaching a stable release with native observability accelerates the trend rather than countering it. The more observable and standardized the framework layer becomes, the easier it is for a governance plane above it to absorb the control surface. Standardization at the framework layer pushes differentiation upward, toward policy and enforcement.

These are signals, not settled history. Based on where infrastructure vendors are investing, value appears to be shifting from orchestration toward governance, but the timeline and degree remain open.

What this means if you build agents

If the governance layer is where control concentrates, integration with that layer matters more than framework sophistication.

For agent fleets that run inside a customer's environment, the practical implication is clean integration hooks. Downstream tool calls need to authenticate cleanly against an enterprise governance plane. An agent fleet that can present its traffic to the gateway in a governable, auditable form fits into enterprise IT. One that assumes it owns the whole stack will, in mature enterprise environments with established governance, end up fighting the gateway and losing.

Framework features are easy to swap. A trusted enforcement point is not. Ask whether your agents can be governed by the layer the enterprise already trusts.