Palo Alto Networks has completed its acquisition of Portkey, a company focused on AI gateways for enterprise AI applications and agents. The move is notable because it places agent governance directly inside a major cybersecurity platform strategy, not at the edge of experimental AI tooling.
In its 29 May announcement, Palo Alto Networks said Portkey will become the core AI Gateway for Prisma AIRS, its AI security platform. The company describes the gateway as a control plane for monitoring, orchestrating and governing autonomous agents at scale, including runtime security, agent identity controls and observability.
For enterprise buyers, the signal is clear. As AI agents move from assistants into systems that can use tools, call APIs, reach sensitive data and trigger operational workflows, the security question is no longer limited to model safety. It becomes a question of traffic, identity, permissions, cost, traceability and runtime behaviour.
Why the gateway layer matters
Early enterprise AI infrastructure was built around model access: routing prompts, handling API keys, choosing between models and tracking token consumption. That is still useful, but it does not fully cover agentic systems.
Agents introduce a different operating model. They may break a goal into steps, invoke tools, pass work to other agents, query internal systems, retry failed actions and run for longer than a single user interaction. They can also create costs and risks that are hard to see if each team deploys its own agent stack independently.
A gateway layer attempts to sit between agents, models, tools and enterprise systems. In practical terms, that can mean enforcing which agents are allowed to call which tools, routing requests to approved models, recording activity for audit, applying policy at runtime and giving security teams one place to observe agent traffic.
That is why this acquisition matters beyond the transaction itself. It suggests that AI gateways are becoming part of the enterprise security architecture for agentic AI, alongside identity, privileged access, data security, observability and compliance tooling.
What Palo Alto Networks is positioning
Palo Alto Networks says Portkey's AI Gateway can process agent and model traffic at scale, while providing orchestration, monitoring and governance. In the planned Prisma AIRS integration, the company points to three areas that are especially relevant for enterprise adoption.
Runtime security: the gateway is positioned as a place to inspect AI traffic and help detect agent-based threats before they affect the enterprise.
Agent identity: Palo Alto Networks says agentic interactions should be authenticated and treated with privileged-user discipline. That reflects a wider market shift towards viewing agents as accountable actors inside the enterprise estate, not anonymous automation scripts.
Observability: as agents move into production, buyers need technical telemetry on performance, reliability, usage and failure modes. Without that visibility, it becomes difficult to separate a useful automation from a costly or unsafe one.
The broader message is that agent security is moving from policy documentation into enforced infrastructure. Enterprises do not only need to define what agents are allowed to do. They need systems that can apply those decisions while the agent is working.
The market context
The timing is important. Forrester's new State of Agentic AI 2026 report argues that agentic AI has reached technical viability, but many enterprises remain caught between promise and payoff because they lack orchestration maturity, executable governance and disciplined non-human identity.
Separate research released by TrueFoundry in May found that 76% of surveyed enterprises running production agents lacked unified logging across AI models and agent workflows, while 56% reported no centralised control or governance layer. The report also highlighted tool and MCP endpoint sprawl as a growing audit and security issue.
Those findings line up with what enterprise security and platform teams are seeing on the ground. Agents are attractive because they connect tools and take action. The same qualities create new operational risk when there is no consistent way to approve, observe, limit or stop those actions.
What buyers should ask now
For buyers evaluating agentic AI platforms, the gateway question should become part of procurement. Useful questions include:
- Where does agent traffic flow, and can it be inspected centrally?
- Can every agent be identified, owned and tied to an approval path?
- Are tool calls authorised at runtime, or only governed through static policy?
- Can the organisation trace prompts, tool use, model routing, retries, errors and outcomes after the event?
- How are costs attributed when agents trigger multiple model calls, tool invocations and retries?
- Can unsafe or non-compliant agent behaviour be stopped quickly?
These questions are not only for CISOs. They affect CIOs, procurement teams, compliance leaders and business owners who want agents to operate in real workflows without creating unmanageable exposure.
What suppliers should take from this
For suppliers, the acquisition is another sign that agent products will be judged on more than task performance. Enterprise buyers will increasingly ask how agents fit into existing security architecture, identity systems, logging pipelines, policy frameworks and audit processes.
That creates an opening for suppliers that can make their agents easy to register, route, observe and govern through established control layers. It also raises the bar for vague "enterprise-ready" claims. Buyers need to see how autonomy is bounded in practice.
The best sales conversations will be specific: what the agent can do, what it cannot do, who owns it, what systems it can reach, how approval works, what evidence is retained and how behaviour changes when risk increases.
The Agentic Expo angle
Agentic Expo is built around market-ready AI agents. The Portkey acquisition underlines what market-ready now means: not just capable, but governable, observable and secure enough to operate inside real enterprise environments.
The next phase of adoption will not be won by autonomy alone. It will be won by suppliers that can give buyers confidence that agents can act without becoming invisible, unbounded or unauditable.
AI gateways are becoming one of the places where that confidence will be tested.