Databricks Unity AI Gateway: The MCP Governance Layer Enterprises Have Been Waiting For
Databricks expanded Unity Catalog into an AI Gateway that governs MCP access, tracks agent costs, and enforces fine-grained permissions. Here is what it does, how to deploy it, and where it fits in the 2026 enterprise stack.
Databricks Unity AI Gateway: The MCP Governance Layer Enterprises Have Been Waiting For
Databricks announced in April 2026 that Unity Catalog — their existing data governance product — now extends to AI agents and MCP traffic. The new capability is called Unity AI Gateway, and it is the most complete answer to a question enterprises have been asking for the last six months: how do you govern what agents can read, what tools they can call, and what it costs you?
This post explains the three capabilities that matter, walks through a production deployment, and identifies where Databricks' approach differs from the Okta identity-layer and the Anthropic runtime-layer approaches we have covered in other guides.
The Three New Capabilities
1. MCP access control with on-behalf-of (OBO) semantics.
Unity AI Gateway sits between your agents and your MCP servers. When an agent calls an MCP tool, the gateway checks whether the agent (and the human user it is acting for) has permission to call that specific tool with those specific parameters against that specific data.
This is substantially finer-grained than most MCP deployments today. Current MCP servers generally allow or deny based on server-level auth, not per-request. Unity AI Gateway lets you write policies like:
- "Agent
support-triagecan callsalesforce.read_casebut only on cases whereaccount.region = 'NA'" - "Agent
marketing-writercan callbigquery.querybut only on datasets taggedmarketing-public" - "Any agent can call
internal-docs.searchbut only when the acting user's group includesfull-time-employees"
The policies are expressed in Unity Catalog's existing ABAC (attribute-based access control) language, which is what makes this more than a bolt-on.
2. End-to-end agent observability.
Every LLM call and every MCP tool call routes through the gateway, which captures:
- Request/response content (with configurable redaction)
- Token counts and model
- Tool call with arguments and result
- Latency at each hop
- Cost attribution (model cost + MCP cost + compute cost)
- Error state
The observability view is a trace tree similar to what you get in Datadog or LangSmith, but natively tied to your Unity Catalog asset hierarchy. You can drill from "this Q2 marketing campaign agent" down to "the specific BigQuery tables it read" down to "the specific rows that flowed into which model prompts."
3. Cost attribution across models, teams, and workflows.
Unity AI Gateway adds AI costs to Unity Catalog's existing FinOps view. You can see:
- Which team is spending the most on LLM tokens this month
- Which agent workflow has the highest per-run cost
- How costs shifted when you moved a workload from Claude Opus to Haiku
- The breakdown of cost by model, provider, MCP server, and user
For enterprises trying to get a handle on AI spend before it surprises the CFO, this is the missing observability plane.
How the Gateway Fits in the Stack
The three dominant governance attempts in the market right now target different layers:
| Layer | Product | What it governs |
|---|---|---|
| Identity | Okta for AI Agents | Who is the agent, on whose behalf, with what scope |
| Runtime | Claude Managed Agents | Where the agent runs, with what isolation, how it is billed |
| Access & observability | Databricks Unity AI Gateway | What the agent reads, what tools it calls, what it costs |
These are complementary, not competing. A production-grade enterprise deployment in late 2026 will likely use all three — or the equivalents from Microsoft, Google, and Amazon.
Unity AI Gateway's differentiation is that it layers onto Unity Catalog, which many enterprises already use for data governance. If your data lineage, data classifications, and ABAC policies already live in Unity, extending them to AI traffic costs you incremental effort rather than a greenfield implementation.
Deployment Walkthrough
Deploying Unity AI Gateway into a Databricks workspace takes about two hours for a team that already uses Unity Catalog. Four steps:
Step 1: Enable the AI Gateway feature in your workspace.
In the admin console: Settings → Unity Catalog → AI Gateway → Enable. This provisions the gateway endpoint for your workspace.
Step 2: Point your agents at the gateway instead of direct provider endpoints.
Instead of calling api.anthropic.com directly, your agent calls https://your-workspace.databricks.com/ai-gateway/v1/claude/messages. The gateway forwards to Anthropic (with your API key managed in Databricks secrets), observes, and returns.
import anthropic
client = anthropic.Anthropic(
base_url="https://your-workspace.databricks.com/ai-gateway/v1/claude",
api_key=databricks_token, # Unity authenticates the call
)
Lifetime Access
Stop renting AI tools
One-time $69. No subscription. No expiry. Break even in 4 months vs Pro monthly.
Step 3: Register MCP servers with the gateway.
Each MCP server your agents can call gets registered as a Unity Catalog asset. This is how you express policies about it.
CREATE AI_TOOL salesforce_case_reader
USING MCP_SERVER 'https://internal.salesforce-mcp:8080'
WITH PROPERTIES (
'classification' = 'customer-pii',
'cost_per_call_usd' = '0.001'
);
GRANT CALL ON AI_TOOL salesforce_case_reader
TO GROUP support_agents
WHERE account.region = 'NA';
Step 4: Enable observability and cost export.
Turn on trace capture and route traces to Databricks' observability views or export to your SIEM/data lake. Enable the FinOps dashboard for AI spend.
Real Cost Observability
Before Unity AI Gateway, the typical enterprise AI cost conversation went like this: "We spent $45K on Anthropic last month." "On what?" "We don't know."
After Unity AI Gateway:
| Cost attribution | Jan | Feb | Mar | Apr (partial) |
|---|---|---|---|---|
| Marketing: brief generation workflow | $2,100 | $2,400 | $3,800 | $1,900 |
| Support: ticket triage | $800 | $1,100 | $1,400 | $700 |
| Engineering: code review agent | $1,200 | $1,800 | $2,900 | $1,500 |
| Product: research synthesis | $400 | $600 | $1,100 | $800 |
| Shadow IT / unclassified | $18,000 | $22,000 | $29,000 | ... |
The "shadow IT" line is the one that matters. Enterprises consistently discover that 50-70% of their AI spend is from unregistered workflows they had no visibility into. Unity AI Gateway forces that to surface because any call through the gateway is classified, and any call not through the gateway shows up as a policy violation in your SIEM.
Policy Examples That Matter
Three policies we recommend every enterprise starts with:
Policy 1: No PII to external models without explicit tag.
CREATE AI_POLICY no_pii_external
ON AI_MODELS WHERE provider != 'in_vpc'
DENY REQUEST WHERE contains_pii(request_content) = TRUE
AND NOT EXISTS (
SELECT 1 FROM allowed_pii_workflows
WHERE workflow_id = current_workflow()
);
Policy 2: Hard budget per team per month.
CREATE AI_POLICY marketing_budget_cap
ON AI_USAGE WHERE team = 'marketing'
DENY WHEN monthly_cost_usd > 5000;
Policy 3: Human approval for destructive MCP calls.
CREATE AI_POLICY require_approval_for_writes
ON AI_TOOLS WHERE action_type = 'write'
AND target_system IN ('salesforce_prod', 'hubspot_prod')
REQUIRE APPROVAL FROM GROUP 'ops_managers';
These policies are the operational backbone of responsible agent deployment. Writing them in Unity ABAC means your data governance and AI governance share one policy engine and one audit trail.
Where It Falls Short
Three gaps worth being honest about:
1. Latency overhead. The gateway adds 40-90ms to each LLM call. For interactive chat workflows this is barely perceptible. For high-frequency agent loops making thousands of calls per minute, it compounds. Databricks is working on a local-sidecar mode to reduce this.
2. Non-Databricks teams pay in integration. If your data stack is Snowflake, BigQuery, or PostgreSQL-plus-Fivetran, Unity AI Gateway is not a natural fit. The governance capabilities are valuable enough that some non-Databricks teams adopt it just for the AI layer, but you lose the data-integration story that is the core appeal.
3. Multi-cloud MCP servers. If your MCP servers run in different clouds (one in AWS, one in GCP, one on-prem), the gateway can proxy all of them but you need to think carefully about network topology and egress costs.
What to Do This Quarter
If you are a Databricks customer with more than a handful of AI workflows, the right action this quarter is to pilot Unity AI Gateway on one high-value workflow (the one with the highest spend or the highest risk profile), measure the observability gain, then expand coverage over Q3.
If you are not a Databricks customer, take the policy and observability patterns from this product and ask your existing data platform vendor when they will ship an equivalent. Snowflake, Fivetran, Collibra, and Alation all have announced roadmaps with similar capabilities shipping in Q3-Q4 2026. The category is real and expanding.
The enterprise agentic stack is settling. Identity at Okta/Entra. Runtime at Anthropic/Bedrock/Vertex. Access and observability at Databricks/Snowflake/your-data-vendor. The teams that build around this layered architecture in 2026 will deploy agents ten times faster than the ones trying to hand-roll each layer.
AI Magicx integrates with Unity AI Gateway for enterprise deployments. See our enterprise options for the architecture.
Enjoyed this article? Claim Lifetime