AgentGateway

Open-source Rust-based data plane for agentic AI connectivity. Serves as the network-layer control plane for both A2A (Agent-to-Agent) and MCP (Model Context Protocol) traffic.

Architecture

• Language: Rust (performance-oriented; suits inline traffic interception)
• Protocols: A2A Protocol and MCP Protocol — the two primary inter-agent and agent-to-tool communication protocols as of 2026
• Policy model: RBAC (Role-Based Access Control) with multi-tenant support
• Configuration: dynamic via xDS (the Envoy/Istio configuration API — familiar to service-mesh operators)

Role in the Security Stack

AgentGateway sits in the network/protocol layer of the Security Controls for AI Stacks taxonomy. It provides:

• Centralized control over which agents can communicate with which tools/servers
• Protocol-aware policy enforcement (not generic TCP/HTTP filtering)
• Multi-tenant isolation — different teams / agent deployments can share infrastructure with policy-enforced separation

Relationship to Other Controls

• Complements LlamaFirewall (model-layer detection) — AgentGateway enforces access policy; LlamaFirewall detects adversarial inputs.
• Integrates with MCP Security controls — AgentGateway as MCP broker provides a natural policy enforcement point for MCP tool access.
• The Okta Agent Gateway (enterprise) provides similar centralized control with Okta identity integration; AgentGateway is the open-source analog.

See Also

• MCP Security — the protocol layer context
• A2A Protocol — Agent-to-Agent — one of the two protocols AgentGateway supports
• Security Controls for AI Stacks — network/protocol layer