What is Unity AI Gateway? Databricks runtime agent governance

Emily Winks profile picture
Emily Winks
Data Governance Expert
Updated:06/19/2026
|
Published:06/19/2026
12 min read
Watch Context Layer LiveGet the Context Layer Ebook

Key takeaways

  • Unity AI Gateway is Databricks' runtime governance layer for agents, announced at Data + AI Summit 2026 on June 16, 2026.
  • It governs what agents do at runtime: hard spend caps, smart routing, service policies, and PII guardrails.
  • It governs models, agents, MCP services, and skills alongside data inside Unity Catalog, all in one place.
  • Atlan complements it with governed, cross-estate context and policy context agents retrieve across the ecosystem.

What is Unity AI Gateway?

Unity AI Gateway is Databricks' runtime governance layer for enterprise AI, announced at Data + AI Summit 2026 on June 16. It extends Unity Catalog from governing data to governing what agents, models, MCP services, and skills do at runtime. It enforces hard spend caps, smart routing, contextual service policies, and built-in guardrails for PII exposure and prompt injection, with unified tracing across all agent activity.

Unity AI Gateway at a glance

  • What it is: Runtime governance layer for agents, models, and MCP services in Databricks
  • Key benefit: Hard spend caps, smart routing, service policies, and PII guardrails
  • Status: Announced at Data + AI Summit 2026 (June 16, 2026); key controls in beta
  • Governs: Models, agents, MCP services, and skills alongside data in Unity Catalog

Is your data estate AI-agent ready?

Assess Your Readiness

Agents are now the most privileged actor in the enterprise, able to call models, invoke tools, and act on data across the stack. That power raises a runtime question that access controls alone cannot answer: not just what an agent can reach, but what it is allowed to do, how much it can spend, and whether its inputs and outputs are safe. Unity AI Gateway is Databricks’ answer to that question inside the lakehouse, and it pairs naturally with a governed context foundation that reaches across the rest of the data and AI ecosystem.

Quick facts

Attribute Detail
What it is Databricks’ runtime governance layer for agents, models, MCP services, and skills
Announced Data + AI Summit 2026, June 16, 2026, San Francisco
Status Generally available foundation; service policies, LLM guardrails, and MCP payload logging in beta
Category Runtime AI governance and cost control
Who it’s for Data leaders, platform teams, and AI engineering teams deploying agents in production
Key benefit Hard spend caps, smart routing, contextual service policies, PII and prompt-injection guardrails
Works with Unity Catalog, Agent Bricks, Genie, plus an open partner ecosystem (CrowdStrike, Okta, Palo Alto Networks, Zscaler, and more)
How Atlan complements it Supplies governed, cross-estate context and policy context that agents retrieve from across the whole ecosystem

How Unity AI Gateway governs agents at runtime

Unity AI Gateway extends governance beyond model access to the runtime interactions between models, AI agents, Model Context Protocol (MCP) services, skills, and enterprise tools. According to the Databricks Unity AI Gateway blog (June 2026), it gives teams unified spend visibility across multiple AI providers, fine-grained access policies based on model provider and country of origin, and runtime guardrails, all built on Unity Catalog.

Databricks product director Kasey Uhlenhuth framed the shift directly at Summit: “Agents are the most privileged actor. This is what AI governance should look like in the enterprise,” as reported by SiliconANGLE (June 2026). The design center is action-level control: governing what an agent does in a given interaction, not only what it can reach.

The four control surfaces


Unity AI Gateway organizes its capabilities around four runtime control surfaces. Each maps to a recurring failure mode in production agent deployments: runaway cost, over-broad permissions, unsafe content, and a lack of audit trail.

Control What it does Status
Cost controls and spend caps Token-level cost attribution by user, team, tool, and use case; hard spend caps that stop requests when budgets are exceeded Available
Smart routing Recommends or falls back to cheaper models to balance quality and cost Available
Contextual service policies Allow, deny, or require approval for specific actions; defined in SQL as Unity Catalog functions Beta
Guardrails Built-in protection against PII exposure, prompt injection, jailbreaks, and unsafe content Beta

According to the Databricks Unity AI Gateway service-policies blog (June 2026), the LLM guardrails use model-based evaluation rather than rigid pre-built filters, apply to inputs and outputs, and log to Unity Catalog for full visibility. MCP payload logging captures every request and response and stores it as Unity Catalog system tables for debugging, monitoring, and compliance auditing.

Is your data estate ready for governed agents?

Runtime controls only work when the context behind them is governed. Assess how ready your estate is to feed agents trusted, cross-system context.

Assess Your Readiness

How Unity AI Gateway fits into Unity Catalog

Unity AI Gateway is built on Unity Catalog, Databricks’ governance layer for data and AI assets. At Data + AI Summit 2026, Databricks extended Unity Catalog so teams can “register and govern Databricks-hosted and external models, MCP services, agents, and skills alongside your data, with the same access controls, discovery, lineage, and auditing you already use,” per the Databricks Unity Catalog blog (June 2026).

That is the key architectural idea: data and the agents acting on it sit under one governance model. Unity AI Gateway is the runtime arm of that model. It moves governance, in Databricks’ own words, “from who can access a model or tool to what it can do in a given interaction.” Alongside Genie Ontology and Unity Catalog Metrics, the result is a coherent in-platform stack: business semantics that ground agent answers, and runtime controls that bound agent behavior.

Cost as the headline theme


AI cost was a recurring executive theme across the Summit. Databricks CEO Ali Ghodsi told attendees, “This is going to get extremely expensive. We are just scratching the surface,” as covered by SiliconANGLE (June 2026). Analyst Mike Leone of Moor Insights & Strategy highlighted the cost dimension as the most significant part of the Gateway, noting that teams can “set budgets per employee or per agent and have the system fall back to cheaper models on its own,” per Moor Insights & Strategy (June 2026).

An open partner ecosystem


Databricks also announced an open partner ecosystem for Unity AI Gateway spanning runtime AI security, agent identity, and risk monitoring. Named partners include CrowdStrike, Palo Alto Networks, Zscaler, Okta, SailPoint, and Cyera, according to the Databricks open ecosystem blog (June 2026). The signal is clear: governing agents at runtime is a layered problem, and Databricks is inviting specialists in security and identity into the loop.

See the Context Layer live

Watch how teams build a governed, cross-system context foundation that agents retrieve from at runtime, then activate it through MCP, SQL, and open APIs.

Watch Context Layer Live

Runtime control plus a cross-estate context foundation

Unity AI Gateway governs what agents do at runtime inside Databricks. That is one half of safe, accurate agents. The other half is the context the agent reasons over: what a metric means, who owns the data, which access policy applies, and how a number was derived. Those two roles are complementary, and most enterprises need both because their data and AI estate runs well beyond a single platform.

Atlan is the context layer for AI: the governed infrastructure that delivers enterprise knowledge to every model, every agent, and every team from a single source of truth. Enterprises run Atlan alongside Databricks Unity Catalog, Snowflake Horizon, or Microsoft Purview, pulling context from all of them into a unified context layer rather than rebuilding from scratch. Unity AI Gateway bounds agent behavior; Atlan supplies the governed, portable context and policy context that behavior depends on.

Runtime control and context foundation: complementary roles


Dimension Unity AI Gateway Atlan Context Layer
Primary job Govern what agents, models, and MCP services do at runtime Supply governed, cross-estate context agents retrieve to reason
Scope Databricks platform: models, agents, MCP services, skills 80+ connectors across warehouses, BI, pipelines, SaaS, and more
Controls Hard spend caps, smart routing, service policies, guardrails Column-level lineage, ownership, access policy context, decision traces, certified definitions
Where it acts The moment of an agent action or model call The context an agent reads before and during reasoning
Activation Unity Catalog policies and the Gateway runtime MCP server, SQL interface, and open APIs
Together Runtime behavior is bounded and audited The knowledge the agent acts on is governed and portable

Why context completes the picture


According to Atlan AI Labs research, 83% of AI pilots never reach production, and the gap is context, not the model. A Databricks agent answering “what drove the churn spike last quarter” needs definitions and lineage that often live in Salesforce, dbt, Tableau, or SAP. Runtime guardrails keep that agent from spending too much or leaking PII; they do not, on their own, tell the agent what “churn” means across systems. That is the job of a cross-estate context layer.

The Enterprise Data Graph is Atlan’s living graph of assets, relationships, and column-level lineage across the whole estate, fed by 80+ connectors. Context Agents auto-generate descriptions, link terms, and infer metrics on top of that graph: 690K+ descriptions generated, 87% rated on par or better than human writing, across 50+ enterprise customers, per Atlan AI Labs (April 2026). Context Engineering Studio lets teams bootstrap, test, and ship context as code, with CI-integrated evals before production, so the context an agent retrieves is certified the same way Unity AI Gateway certifies what the agent is allowed to do.

Because context stored in Atlan is built on open APIs and Iceberg-native formats, it stays portable rather than locked to any one vendor’s schema. That portability matters as agents span Databricks Genie, Snowflake, and third-party runtimes: the same governed context, and the same policy context, serves all of them. For teams worried about trusting what agents do with that context, the discipline of bounding and certifying agent context is covered in Fear, Trust, and Control for Context Agents.

Inside Atlan AI Labs and the 5x accuracy factor

See how context engineering drove a 5x accuracy improvement in agents grounded in Atlan, with real experiments and a repeatable playbook for getting agents to production.

Download E-Book

Why governed context and runtime control belong together

Unity AI Gateway is a substantial step for enterprise AI. It treats the agent as a first-class, privileged actor and gives teams the spend caps, routing, service policies, and guardrails that production agents have been missing. Inside Databricks, it is exactly the runtime control layer agentic deployments need.

The complete picture pairs that runtime control with a governed context foundation that reaches across the entire estate. Unity AI Gateway decides what an agent is allowed to do; the context layer decides whether the agent has the right meaning, lineage, ownership, and policy context to do it well, wherever the data lives. Run them together and you get agents that are both bounded and grounded: controlled at runtime by Databricks, and informed by governed, portable context from Atlan. That combination is how teams move agents from impressive demos to trusted production systems.

FAQs about Unity AI Gateway

  1. What is Unity AI Gateway?
    Unity AI Gateway is Databricks’ runtime governance layer for enterprise AI, announced at Data + AI Summit 2026 on June 16. It extends Unity Catalog from governing data to governing what agents, models, MCP services, and skills do at runtime, with hard spend caps, smart routing, contextual service policies, and built-in guardrails for PII and prompt injection. (Source: Databricks Unity AI Gateway blog, June 2026)

  2. When was Unity AI Gateway announced?
    Databricks announced Unity AI Gateway at Data + AI Summit 2026 on June 16, 2026 in San Francisco. Several of its controls, including service policies, LLM guardrails, and MCP payload logging, were announced as beta features, some requiring enrollment through Databricks account teams. (Source: Databricks Unity AI Gateway service-policies blog, June 2026)

  3. What does Unity AI Gateway govern?
    Unity AI Gateway governs runtime interactions between models, agents, MCP services, skills, and enterprise tools. Databricks registers and governs these alongside data in Unity Catalog with the same access controls, discovery, lineage, and auditing used for data assets. (Source: Databricks Unity Catalog blog, June 2026)

  4. How do Unity AI Gateway spend caps work?
    Unity AI Gateway provides token-level cost attribution across users, teams, tools, and use cases, with hard spend caps that automatically stop requests when budgets are exceeded. It also offers smart routing recommendations that can fall back to cheaper models to balance quality and cost. (Source: Databricks Unity AI Gateway blog; Moor Insights & Strategy, June 2026)

  5. What are contextual service policies in Unity AI Gateway?
    Contextual service policies, in beta, control what an agent can do in a given interaction, not just what it can access. Defined in SQL as Unity Catalog functions, they can allow, deny, or require approval for specific actions such as accessing confidential documents or performing write operations. (Source: Databricks Unity AI Gateway service-policies blog, June 2026)

  6. How does Atlan complement Unity AI Gateway?
    Unity AI Gateway governs agent runtime inside Databricks. Atlan supplies the governed, cross-estate context and policy context, including lineage, ownership, access policy, and decision traces, that agents need to retrieve from across the whole ecosystem. The two are additive: runtime control plus a cross-system context foundation.

  7. Is Unity AI Gateway the same as Unity Catalog?
    No. Unity Catalog is Databricks’ governance layer for data and AI assets. Unity AI Gateway is the runtime governance layer built on top of Unity Catalog that controls what agents, models, and MCP services do during live interactions, extending governance from access to action. (Source: Databricks Unity Catalog blog, June 2026)

  8. Does Unity AI Gateway protect against prompt injection?
    Yes. Unity AI Gateway includes built-in guardrails that protect against PII exposure, prompt injection, jailbreaks, and unsafe content. Its LLM guardrails apply customizable safety and compliance policies to model inputs, outputs, or both, and log violations to Unity Catalog. (Source: Databricks Unity AI Gateway service-policies blog, June 2026)

Sources

  1. AI governance at Data + AI Summit 2026: What’s new with Unity AI Gateway, Databricks Blog
  2. What’s new in Unity AI Gateway: service policies, guardrails, observability, and cost controls, Databricks Blog
  3. What’s new with Unity Catalog at Data + AI Summit 2026, Databricks Blog
  4. Building an open ecosystem for AI governance with Unity AI Gateway, Databricks Blog
  5. Key takeaways from day two of Databricks Data + AI Summit, SiliconANGLE
  6. Databricks bets on owning the agentic data stack at Data + AI Summit 2026, Moor Insights & Strategy
  7. Everything Databricks announced at the DAIS Data + AI Summit 2026, Qubika
  8. Databricks announces 2026 Data + AI Summit keynote lineup, Databricks Newsroom

Share this article

signoff-panel-logo

Atlan is the context layer for AI: the governed infrastructure that delivers enterprise knowledge to every model, every agent, and every team from a single source of truth.

Book a DemoContext Studio Live

Bridge the context gap.
Ship AI that works.

Book a Demo
Watch Context Studio Demo
[Website env: production]