Databricks Unity AI Gateway brings MCP governance to enterprise agents
Databricks shipped Unity AI Gateway in April 2026 to solve enterprise "agent sprawl" by extending Unity Catalog's permission model to govern LLM endpoints, MCP servers, and coding agents through a unified proxy layer.
Score breakdown
Teams deploying agentic coding workflows can use Unity AI Gateway to enforce per-user access controls on MCP servers and produce SQL-queryable audit trails, replacing ad-hoc service account credentials and manual log analysis.
- 01Databricks renamed Mosaic AI Gateway to Unity AI Gateway in April 2026, signaling deeper Unity Catalog integration.
- 02The gateway acts as a proxy layer between agents and external systems, evaluating access policies and logging every request.
- 03On-behalf-of (OBO) execution passes the requesting user's identity to MCP servers instead of a generic service account.
Jangwook Kim's guide describes how Databricks' Unity AI Gateway, launched in April 2026, addresses what the company calls "agent sprawl" — the governance chaos that emerges when organizations run dozens of LLM-powered agents calling multiple providers, invoking MCP servers with shared service account credentials, and generating costs attributed to undifferentiated budget lines. Previously branded as Mosaic AI Gateway, the April 2026 rename to Unity AI Gateway signals its deeper integration with Unity Catalog, Databricks' existing data governance layer. Architecturally, the gateway functions as a proxy that intercepts every outbound request from an agent — whether an LLM completion call to Anthropic or a tool invocation against a GitHub MCP server — and evaluates it against access policies before logging it centrally.
The most significant new capability is first-class MCP server governance, motivated by MCP's rapid adoption (97 million monthly SDK downloads as of March 2026).
The most significant new capability is first-class MCP server governance, motivated by MCP's rapid adoption (97 million monthly SDK downloads as of March 2026). Traditional MCP deployments authenticate with service account credentials, giving every connecting agent identical access regardless of who initiated the request. Unity AI Gateway counters this with on-behalf-of (OBO) execution: the MCP server receives the requesting user's identity and Unity Catalog permissions, not the agent's service account, enabling fine-grained, per-user enforcement. Every MCP server in the workspace is registered as a Unity Catalog object, making it discoverable alongside datasets and tables, manageable with the same `GRANT`/`REVOKE` syntax, and auditable via SQL queries against a centralized log that captures requesting identity, connection name, HTTP method, and OBO status.
Databricks distinguishes between managed MCP servers — hosted by Databricks and pre-integrated with Unity Catalog, including Genie, Vector Search, UC Functions, and DBSQL — and external MCP servers. Managed servers automatically inherit existing Unity Catalog permissions such as row-level security and column masking policies, requiring no additional configuration. The guide also highlights that traditional cloud IAM controls were not designed for agentic patterns, such as routing an agent to different LLM providers based on task type or gating MCP server access on the end user's repository permissions — use cases Unity AI Gateway is specifically built to handle.
Key facts
- 01Databricks renamed Mosaic AI Gateway to Unity AI Gateway in April 2026, signaling deeper Unity Catalog integration.
- 02The gateway acts as a proxy layer between agents and external systems, evaluating access policies and logging every request.