One platform to connect, secure, control, and observe every AI agent across your org. This is the AI control plane.

The official MCP server from @datadoghq exposes 142 tools across 22 toolsets. Connect it to an agent and the context window fills up with tool definitions before the agent does a single useful thing. Beyond the context, every irrelevant tool is one more thing the model has to consider and spend tokens ruling out. An incident-response agent doesn't need dashboard-creation tools in scope; a metrics agent doesn't need log management. This is where every serious MCP server is heading. Tool lists grow as servers add capabilities, and the cost of just listing them grows with it. Datadog's own docs let you request a subset of toolsets instead of all 142. They know the full list is too much to load at once. The MCP spec has open proposals for this around tool groups, namespaces, filtering hints. But they haven't shipped yet so we implemented them ourselves. We shipped tag-based tool filtering for Speakeasy-hosted MCP servers. Tag your tools, and any client can append a tags parameter to the same server URL to get a focused subset. One server, many scoped views. Context stays lean, tool selection improves, and operators decide which client sees what, without running a separate server per use case. It stacks with dynamic toolsets: filtering caps which tools a client can ever see, and progressive discovery trims from that set at runtime. Props to the Datadog team for building the server that made this impossible to ignore. How we did it: speakeasy.com/blog/mcp-tool-…

How many agents are running in your org right now that you don't know about? A Cloud Security Alliance survey puts the odds at 82% that the answer is at least one. If you don't even know they exist, you also don't know what they're doing. What tools they're calling. What data they're reading. Where they're sending it. We spent a decade learning to take shadow IT seriously. Shadow AI is the same story moving a lot faster. Governance starts with visibility. Visibility starts with the control plane.

Ask most engineering leaders how many AI agents are running across their org and you'll get a shrug. Not because they don't care. Because there's genuinely no way to know. Teams spin up MCP servers, connect agents to internal tools, experiment with models. None of it goes through a central control point. This was a "we'll figure it out later" problem. Except regulators just gave everyone a deadline. The EU AI Act requires companies to prove governance, traceability, and oversight across AI systems classified as high-risk. And the bar for what counts as "high-risk" is wider than most people think. The companies scrambling to comply when the deadline hits are the same ones who said "we'll add observability later" about their APIs in 2018. We know how that worked out. Read more on the EU AI Act's requirements and deadlines here: speakeasy.com/blog/eu-ai-act

One platform to connect, secure, control, and observe every AI agent across your org. This is the AI control plane.

Enterprises spend about $1 on AI security for every $750 they spend on AI capability. That ratio is the last three years of AI investment in one stat: ship fast, govern later. The bill is arriving. 65% of enterprises running AI agents have already had a confirmed security incident. 60% say they can't shut down a misbehaving agent once it's running. 13% have had a confirmed breach of an AI model or application, and almost all of them lacked basic AI access controls at the time. This is why Stanford's 2026 AI Index now ranks security and risk as the number one barrier to scaling agentic AI. The thing slowing enterprise AI down is no longer the models. It's the absence of any way to govern them. The shift is already happening. JPMorgan and Goldman built governance in before they scaled. Google framed all of Cloud Next around the agentic control plane. Microsoft shipped agent identities. 60% of the Fortune 100 are appointing a head of AI governance this year, and Morgan Stanley and BlackRock are now pricing governance maturity into company valuations. We wrote up why 2026 is the year governance finally catches up to AI: speakeasy.com/blog/2026-year…

Control plane! Control plane! Control plane! 👇 speakeasy.com/resources/ai-c…

"AI security" means something different depending on who's selling it. Legacy infrastructure vendors are extending existing products to cover AI sessions at the network and endpoint layers. Purpose-built tools are emerging at the application layer to govern model calls and tool calls directly. Both are shipping under the same label but they don't cover the same thing. AI security spans five layers: identity and access, endpoint and device, network and infrastructure, application and AI, and data. Traditional security tools cover the first three, but not the application and AI layer. This means they can't see prompts, tool calls, or what an agent does after a model responds. This is where the new risk concentrates. A developer running Claude Code against a production database without hooks or an MCP gateway generates activity that never reaches the SIEM, never appears in EDR, and is invisible to every security tool in a standard enterprise stack. The agent acts, and nothing in the existing infrastructure records that it did. The products most enterprises already own have expanded their "AI security" coverage — but at the endpoint and network layers, not the application and AI layer where the risk actually lives. We wrote a breakdown of all five layers and where legacy vendor coverage ends: speakeasy.com/resources/ai-s…

Uber had 84% of its developers using agentic coding tools daily by early 2026. A single background agent was generating 1,800 code changes per week, used by 95% of the engineering org. None of that was possible without AI governance infrastructure. Before they built it, engineers were connecting AI tools directly to internal services with no visibility, no authorization, and no way to trace an agent's actions back to a human. The governance layer wasn't optional. It was the prerequisite for scaling. What they built: an LLM gateway with PII redaction on every call, an MCP gateway and registry across 10,000 internal services, and an agent identity system that cryptographically attests every participant in a multi-agent workflow. Three layers, handling 60,000 agent task executions per week. What it cost: years of platform engineering, a dedicated Agentic AI Platform team, and deep integration with infrastructure most companies don't have. They extended an existing SPIRE deployment, an existing authorization service, and their own inference stack. These foundations took years to build before AI was even relevant. Uber proved the architecture works. They also proved it takes a significant fraction of a platform engineering org to build it from scratch. The Speakeasy AI control plane is that same architecture, available as a product. The four problems Uber's multi-year investment was designed to solve (governed MCP access, user-scoped agent identity, real-time data protection, and auditable logs on every interaction) are the four problems we solve out of the box. We wrote more on this here: speakeasy.com/blog/uber-ente…

Before you roll agents out across a company, you have to be able to answer three questions: what is the agent reading, what is it connected to, and what data can it move. This month we shipped the features that answer them, expanding the security layer of the Speakeasy AI control plane. → 𝗣𝗿𝗼𝗺𝗽𝘁 𝗜𝗻𝗷𝗲𝗰𝘁𝗶𝗼𝗻 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻: catch malicious instructions hidden in anything your agent reads, before they execute → 𝗦𝗵𝗮𝗱𝗼𝘄 𝗠𝗖𝗣 𝗗𝗲𝘁𝗲𝗰𝘁𝗶𝗼𝗻: every MCP server mapped to its real endpoint and checked against your approved list at session start → 𝗠𝗖𝗣 𝗦𝗲𝗿𝘃𝗲𝗿 𝗔𝗽𝗽𝗿𝗼𝘃𝗮𝗹 𝗪𝗼𝗿𝗸𝗳𝗹𝗼𝘄𝘀: one-click access requests, approve org-wide or project-wide, policies inherited automatically → 𝗗𝗮𝘁𝗮 𝗟𝗼𝘀𝘀 𝗣𝗿𝗲𝘃𝗲𝗻𝘁𝗶𝗼𝗻: detect secrets, PII, financial, and healthcare data, and flag or block it before it leaves the session Every check runs in real time, on every message in and out of your agents. More to come.

Roughly every decade, a new layer of enterprise infrastructure transitions from "early adopters only" to "you're behind if you don't have this." The transition usually happens faster than most organizations predict, and the catch-up cost for late movers is higher than the investment would have been earlier. Cloud is the clearest recent example. In 2016, running compute on your own servers was still normal. By 2020, the absence of a cloud strategy being well underway was a major red flag. The teams that waited for the transition to be obvious paid more to catch up than the ones that moved when the signal was clear but not yet loud. The AI control plane is in a similar early window. The case for it is clear to organizations running AI agents in production. Most have no consistent way to connect every AI tool to the systems that matter, control who can use what, secure what flows through, or observe whether the investment is even working. Those are the four functions of the control plane, and without them, enablement and governance stay in permanent tension. The difference from the cloud transition is that the forcing function isn't gradual operational pressure. It's usually a specific security or compliance event. Which means organizations don't see it coming until it arrives. We wrote about what this transition looks like and why the timing matters here: speakeasy.com/resources/ai-c…

The organizations that deployed an LLM gateway two years ago made the right call. Having a centralized proxy for model calls, unified credential management, and cost logging across providers was the right infrastructure for what they were running. The surface has since expanded. Agentic workflows, MCP, coding assistants generating shell commands and file edits, background agents running scheduled jobs against production APIs: the LLM gateway only sees pieces of it. The gateway still does what it always did. It just covers a shrinking fraction of what's actually happening. The common progression we see is gateway first, MCP governance when the tool-call blind spot becomes painful, identity because policy without attribution isn't enforcement, then a shared policy foundation to make the components function as a system. That sequence works. It just takes 18 months and a few incidents to get there. We want to help organizations skip the progressive discovery of each gap and get to full coverage directly.

We are deeply honored to accept the award for Most Confusing AI Billboard in San Francisco! 🙇 Honestly, with the level of competition this year, we never thought we’d win. The other nominees had experience, large budgets, and, in some cases, actual marketing teams.

Claude Code, Cursor, Codex, and VS Code Copilot all expose dozens of hook events. But if you're standing up AI governance this quarter, you only need to know about four hooks that will be the basis of your AI governance posture 1. UserPromptSubmit. Fires when a developer submits a prompt. Scan for secrets pasted out of .env files. Redact PII before it hits the model. This is your inbound chokepoint. 2. PreToolUse. Fires before any tool call executes. Block dangerous shell commands. Gate MCP calls. Scope file writes. This is your outbound action control. 3. PostToolUse. Fires after a tool returns its result. The command might be fine. The output might not be. cat .env is harmless. What comes back is the exfiltration risk. This is response auditing. 4. SessionEnd. Fires when the agent finishes. Ship the full transcript to a central store. "Find every session that touched the customer database last quarter" becomes a query, not a forensic investigation. Start with these four. Wire them into a central event feed. Everything else is an optimisation on top of a foundation that already works.

In our latest video, @dagsen scours the great city of San Francisco looking for its most confusing AI billboard. Then he gives the winner a trophy. 00:26 The rules 00:48 Telnux 01:12 The tier breakdown 01:34 Lambda, Slash, Omneky 02:15 Asking the public 02:46 Framer 03:09 Campfire 03:43 Atlassian Rovo, ChatGPT, and Codex 04:30 Asking the public about Vercel’s billboard 05:07 SF’s gold rush history and Google Gemini 05:42 Replit 06:03 Airwallex 06:22 Vanta 06:37 Apollo 07:08 Corgi 07:31 Stripe 07:58 Speakeasy 08:24 Mercury 08:40 Deel 08:57 Asking the public about Graphite 10:18 Outset.ai 10:37 Awarding our Most Confusing trophy

We built @dubdotco to be agent-friendly from the get-go: ✦ Markdown-friendly API docs (h/t @mintlify) ✦ AI-powered support center Today, we're taking this to the next level with the launch of our official MCP server – powered by @speakeasydev 🥳

Also really happy with speakeasy for Outpost sdks

So proud of this one! The team crushed it, and @speakeasydev was an incredible partner on the MCP server.