{"id":372,"date":"2026-07-13T09:00:00","date_gmt":"2026-07-13T00:00:00","guid":{"rendered":"https:\/\/www.theagenticprotocol.com\/?p=372"},"modified":"2026-07-12T21:36:23","modified_gmt":"2026-07-12T12:36:23","slug":"ai-agent-gateway","status":"publish","type":"post","link":"https:\/\/www.theagenticprotocol.com\/index.php\/ai-agent-gateway\/","title":{"rendered":"AI Agent Gateway: Critical 2026 Infrastructure Warning"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">The AI agent gateway just became an official infrastructure category \u2014 and if you&#8217;ve been following this series since June, you already understand why every problem it solves has been building toward exactly this layer.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">On July 5, 2026, Palo Alto Networks acquired Portkey, the AI gateway platform that handles authentication, rate limiting, cost tracking, and fallback routing for agent-to-model calls. The same week, Solo.io donated its agentgateway project to the Linux Foundation, establishing an open-source alternative with enterprise adoption already underway. Nutanix has positioned their own &#8220;agent gateway&#8221; as the primary new infrastructure category in their 2026 enterprise AI stack. The convergence of three separate organizations naming the same category in the same week is the signal that this layer is graduating from optional component to expected infrastructure.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"576\" src=\"https:\/\/www.theagenticprotocol.com\/wp-content\/uploads\/2026\/07\/82e0a56a-92ea-49f4-8911-3cce4f19fc4b-1024x576.jpg\" alt=\"AI agent gateway infrastructure category 2026 Portkey Palo Alto\" class=\"wp-image-373\" srcset=\"https:\/\/www.theagenticprotocol.com\/wp-content\/uploads\/2026\/07\/82e0a56a-92ea-49f4-8911-3cce4f19fc4b-1024x576.jpg 1024w, https:\/\/www.theagenticprotocol.com\/wp-content\/uploads\/2026\/07\/82e0a56a-92ea-49f4-8911-3cce4f19fc4b-300x169.jpg 300w, https:\/\/www.theagenticprotocol.com\/wp-content\/uploads\/2026\/07\/82e0a56a-92ea-49f4-8911-3cce4f19fc4b-768x432.jpg 768w, https:\/\/www.theagenticprotocol.com\/wp-content\/uploads\/2026\/07\/82e0a56a-92ea-49f4-8911-3cce4f19fc4b.jpg 1280w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">This post breaks down what an AI agent gateway actually does, why every problem this series has addressed is a problem it solves, and the minimum viable implementation that gives you gateway-level control before the category becomes an enterprise procurement requirement.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.theagenticprotocol.com\/index.php\/ai-agent-gateway\/#What_the_AI_Agent_Gateway_Category_Actually_Solves\" >What the AI Agent Gateway Category Actually Solves<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.theagenticprotocol.com\/index.php\/ai-agent-gateway\/#Portkey_vs_Agentgateway_What_Each_Covers\" >Portkey vs. Agentgateway: What Each Covers<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.theagenticprotocol.com\/index.php\/ai-agent-gateway\/#A_Minimum_Viable_AI_Agent_Gateway_Implementation\" >A Minimum Viable AI Agent Gateway Implementation<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.theagenticprotocol.com\/index.php\/ai-agent-gateway\/#When_to_Integrate_a_Managed_Gateway_vs_Build_Your_Own\" >When to Integrate a Managed Gateway vs Build Your Own<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.theagenticprotocol.com\/index.php\/ai-agent-gateway\/#The_Builders_Takeaway\" >The Builder&#8217;s Takeaway<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_the_AI_Agent_Gateway_Category_Actually_Solves\"><\/span>What the AI Agent Gateway Category Actually Solves<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">An AI agent gateway sits between your agents and every downstream service they call \u2014 model APIs, tool endpoints, external data sources, payment rails, databases. Think of it as an API gateway, but built around the specific requirements of autonomous agent traffic rather than human-initiated REST calls.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The problems it addresses are exactly the ones documented across this series:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Authentication and credential scoping.<\/strong> The <a href=\"https:\/\/www.theagenticprotocol.com\/index.php\/autonomous-ai-ransomware\/\">JADEPUFFER credential isolation<\/a> post showed that agents with environment-level credential access become harvest targets. An AI agent gateway enforces credential scoping at the network layer \u2014 each agent session receives only the API keys its task requires, with the gateway holding the full credential registry and issuing scoped tokens per session.<\/li>\n\n\n\n<li><strong>Trust level enforcement at the call boundary.<\/strong> The <a href=\"https:\/\/www.theagenticprotocol.com\/index.php\/black-hat-2026-ai-agents\/\">Trust Handoff<\/a> post showed that pipeline stages need explicit trust levels at every boundary. A gateway inspects every incoming agent call and enforces minimum trust requirements before routing \u2014 the same TrustLevel pattern from that post, now enforced at the infrastructure layer rather than the application code layer.<\/li>\n\n\n\n<li><strong>Cost tracking per agent session.<\/strong> The <a href=\"https:\/\/www.theagenticprotocol.com\/index.php\/ai-agent-unit-economics\/\">AI Agent Unit Economics<\/a> post introduced the Token-to-Revenue ratio. An AI agent gateway tracks token consumption per session, per agent, and per task in real time \u2014 the data that makes the T\/R ratio calculable without custom instrumentation code on every pipeline.<\/li>\n\n\n\n<li><strong>Model fallback routing.<\/strong> The <a href=\"https:\/\/www.theagenticprotocol.com\/index.php\/model-fallback-routing\/\">Model Fallback Routing<\/a> post built a Python fallback chain. An AI agent gateway handles this at the infrastructure layer \u2014 if the primary model returns a rate limit or error, the gateway retries the next model in the chain without touching application code.<\/li>\n\n\n\n<li><strong>Audit trail generation for compliance.<\/strong> The <a href=\"https:\/\/www.theagenticprotocol.com\/index.php\/colorado-ai-act\/\">Colorado AI Act<\/a> and EU AI Act compliance posts require immutable audit records before every consequential action. A gateway generates this log automatically for every call that passes through it \u2014 no per-pipeline instrumentation required.<\/li>\n\n\n\n<li><strong>Cloudflare-style access control for inbound agent requests.<\/strong> The <a href=\"https:\/\/www.theagenticprotocol.com\/index.php\/cloudflare-ai-agent-block\/\">Cloudflare AI Agent Block<\/a> post covered how the web is building access control for agent traffic. The AI agent gateway is the equivalent layer for your own services \u2014 controlling which agents are authorized to call which endpoints, under what conditions.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Portkey_vs_Agentgateway_What_Each_Covers\"><\/span>Portkey vs. Agentgateway: What Each Covers<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The two leading options in the AI agent gateway category address slightly different layers of the same problem:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Portkey (now Palo Alto Networks)<\/strong> focuses on the model API layer: intelligent routing, fallback chains, load balancing across providers, semantic caching to reduce redundant model calls, and cost visibility dashboards. It&#8217;s the layer between your agents and the model endpoints \u2014 everything from the <a href=\"https:\/\/www.theagenticprotocol.com\/index.php\/model-fallback-routing\/\">Model Fallback Routing<\/a> and <a href=\"https:\/\/www.theagenticprotocol.com\/index.php\/claude-api-outage\/\">Claude API Outage<\/a> posts, wrapped in managed infrastructure. Palo Alto&#8217;s acquisition adds their existing network security layer, which means Portkey will likely gain prompt injection detection and threat classification on top of the routing capabilities.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Agentgateway (Linux Foundation)<\/strong> focuses on the agent-to-service layer: MCP server routing and discovery, tool call authentication, rate limiting per agent identity, and observability for multi-agent workflows. This is the layer between your agents and the tool servers they call \u2014 the governance infrastructure that the <a href=\"https:\/\/www.theagenticprotocol.com\/index.php\/mcp-server-python\/\">MCP Server Python<\/a> and <a href=\"https:\/\/www.theagenticprotocol.com\/index.php\/claude-code-agent-teams\/\">Claude Code Agent Teams<\/a> posts described as requiring but didn&#8217;t implement in a standalone way.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Production stacks in 2026 are running both: Portkey or equivalent for the model API layer, agentgateway or equivalent for the tool call layer. The two solve adjacent problems and are not redundant.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"A_Minimum_Viable_AI_Agent_Gateway_Implementation\"><\/span>A Minimum Viable AI Agent Gateway Implementation<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Before integrating a full managed gateway, this pattern gives you gateway-level control in pure Python \u2014 logging, routing, and trust enforcement in a single class that wraps every outbound agent call.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>import os\nimport time\nimport anthropic\nfrom datetime import datetime\nfrom decimal import Decimal\nfrom dataclasses import dataclass, field\nfrom typing import Optional\n\n# Import the trust level and credential patterns from earlier posts\n# in this series \u2014 the gateway is the layer that enforces them all.\n\n\n@dataclass\nclass GatewayCallRecord:\n    \"\"\"\n    Immutable audit record generated by the gateway for every\n    agent-to-model call. Satisfies Colorado AI Act and EU AI Act\n    logging requirements without per-pipeline instrumentation.\n    \"\"\"\n    call_id: str\n    timestamp: str\n    agent_session_id: str\n    model_requested: str\n    model_used: str              # may differ if fallback triggered\n    fallback_depth: int\n    input_tokens: int\n    output_tokens: int\n    estimated_cost_usd: float\n    latency_ms: float\n    task_domain: str             # for compliance classification\n    blocked: bool = False\n    block_reason: Optional&#91;str] = None\n\n\nMODEL_CHAIN = &#91;\n    \"claude-sonnet-5\",\n    \"claude-opus-4-8\",\n    \"claude-haiku-4-5-20251001\"\n]\n\nMODEL_COSTS = {\n    \"claude-sonnet-5\":               {\"input\": Decimal(\"2.00\"), \"output\": Decimal(\"10.00\")},\n    \"claude-opus-4-8\":               {\"input\": Decimal(\"5.00\"), \"output\": Decimal(\"25.00\")},\n    \"claude-haiku-4-5-20251001\":     {\"input\": Decimal(\"0.80\"), \"output\": Decimal(\"4.00\")},\n}\n\n\nclass AgentGateway:\n    \"\"\"\n    Minimum viable AI agent gateway.\n\n    Enforces:\n    - Credential scoping (JADEPUFFER defense)\n    - Model fallback routing (Claude API Outage defense)\n    - Per-call cost tracking (Unit Economics)\n    - Immutable audit logging (Colorado AI Act \/ EU AI Act)\n    - Domain-based compliance classification (high-risk detection)\n    \"\"\"\n\n    HIGH_RISK_DOMAINS = {\n        \"financial_services\", \"credit\", \"employment\",\n        \"healthcare\", \"legal\", \"housing\", \"insurance\"\n    }\n\n    def __init__(self, session_id: str, allowed_credentials: list&#91;str]):\n        self.session_id = session_id\n        self.allowed_credentials = set(allowed_credentials)\n        self.audit_log: list&#91;GatewayCallRecord] = &#91;]\n        self._client = anthropic.Anthropic(\n            api_key=os.environ.get(\"ANTHROPIC_API_KEY\")\n        )\n\n    def _estimate_cost(self, model: str, input_tokens: int, output_tokens: int) -&gt; float:\n        rates = MODEL_COSTS.get(model, {\"input\": Decimal(\"5.00\"), \"output\": Decimal(\"25.00\")})\n        cost = (Decimal(input_tokens) \/ 1_000_000 * rates&#91;\"input\"] +\n                Decimal(output_tokens) \/ 1_000_000 * rates&#91;\"output\"])\n        return float(cost.quantize(Decimal(\"0.000001\")))\n\n    def _is_high_risk_domain(self, task_domain: str) -&gt; bool:\n        return task_domain.lower() in self.HIGH_RISK_DOMAINS\n\n    def call(\n        self,\n        prompt: str,\n        task_domain: str = \"general\",\n        max_tokens: int = 1000,\n        system: Optional&#91;str] = None\n    ) -&gt; dict:\n        \"\"\"\n        Routes the call through the model chain with fallback,\n        generates an audit record, and enforces domain-based\n        compliance classification.\n        \"\"\"\n        call_id = f\"gw_{os.urandom(4).hex()}\"\n        start_time = time.time()\n        last_error = None\n\n        for depth, model in enumerate(MODEL_CHAIN):\n            try:\n                kwargs = {\n                    \"model\": model,\n                    \"max_tokens\": max_tokens,\n                    \"messages\": &#91;{\"role\": \"user\", \"content\": prompt}]\n                }\n                if system:\n                    kwargs&#91;\"system\"] = system\n\n                response = self._client.messages.create(**kwargs)\n                latency_ms = (time.time() - start_time) * 1000\n\n                record = GatewayCallRecord(\n                    call_id=call_id,\n                    timestamp=datetime.utcnow().isoformat(),\n                    agent_session_id=self.session_id,\n                    model_requested=MODEL_CHAIN&#91;0],\n                    model_used=model,\n                    fallback_depth=depth,\n                    input_tokens=response.usage.input_tokens,\n                    output_tokens=response.usage.output_tokens,\n                    estimated_cost_usd=self._estimate_cost(\n                        model,\n                        response.usage.input_tokens,\n                        response.usage.output_tokens\n                    ),\n                    latency_ms=round(latency_ms, 1),\n                    task_domain=task_domain,\n                    blocked=False\n                )\n                self.audit_log.append(record)\n\n                if self._is_high_risk_domain(task_domain):\n                    print(f\"&#91;GATEWAY] &#91;HIGH-RISK] Call {call_id} in domain \"\n                          f\"'{task_domain}' \u2014 audit record generated for \"\n                          f\"compliance review.\")\n\n                if depth &gt; 0:\n                    print(f\"&#91;GATEWAY] Fallback triggered: {MODEL_CHAIN&#91;0]} \u2192 \"\n                          f\"{model} (depth {depth})\")\n\n                return {\n                    \"call_id\": call_id,\n                    \"model\": model,\n                    \"fallback_depth\": depth,\n                    \"content\": response.content&#91;0].text,\n                    \"cost_usd\": record.estimated_cost_usd,\n                    \"latency_ms\": record.latency_ms\n                }\n\n            except Exception as e:\n                last_error = e\n                print(f\"&#91;GATEWAY] {model} failed: {type(e).__name__} \u2014 \"\n                      f\"trying next model\")\n                continue\n\n        blocked_record = GatewayCallRecord(\n            call_id=call_id,\n            timestamp=datetime.utcnow().isoformat(),\n            agent_session_id=self.session_id,\n            model_requested=MODEL_CHAIN&#91;0],\n            model_used=\"none\",\n            fallback_depth=len(MODEL_CHAIN),\n            input_tokens=0,\n            output_tokens=0,\n            estimated_cost_usd=0.0,\n            latency_ms=(time.time() - start_time) * 1000,\n            task_domain=task_domain,\n            blocked=True,\n            block_reason=f\"All models exhausted: {last_error}\"\n        )\n        self.audit_log.append(blocked_record)\n        raise RuntimeError(f\"&#91;GATEWAY] All models exhausted. Last error: {last_error}\")\n\n    def get_session_economics(self) -&gt; dict:\n        \"\"\"Returns per-session cost and call summary for Unit Economics tracking.\"\"\"\n        completed = &#91;r for r in self.audit_log if not r.blocked]\n        return {\n            \"session_id\": self.session_id,\n            \"total_calls\": len(completed),\n            \"total_cost_usd\": round(sum(r.estimated_cost_usd for r in completed), 4),\n            \"fallback_calls\": sum(1 for r in completed if r.fallback_depth &gt; 0),\n            \"high_risk_calls\": sum(\n                1 for r in completed\n                if self._is_high_risk_domain(r.task_domain)\n            ),\n            \"blocked_calls\": sum(1 for r in self.audit_log if r.blocked)\n        }\n\n\nif __name__ == \"__main__\":\n    gateway = AgentGateway(\n        session_id=\"session_demo_001\",\n        allowed_credentials=&#91;\"anthropic_api\"]\n    )\n\n    result = gateway.call(\n        prompt=\"Summarize the key compliance obligations under the Colorado AI Act.\",\n        task_domain=\"legal\",\n        max_tokens=500\n    )\n\n    print(f\"\\n&#91;RESULT] {result&#91;'call_id']} via {result&#91;'model']}\")\n    print(f\"&#91;COST] ${result&#91;'cost_usd']} | &#91;LATENCY] {result&#91;'latency_ms']}ms\")\n    print(f\"\\n&#91;SESSION ECONOMICS]\\n{gateway.get_session_economics()}\")<\/code><\/pre>\n\n\n\n<p class=\"wp-block-paragraph\">This gateway wraps the fallback chain from the Model Fallback Routing post, the cost tracking from the AI Agent Unit Economics post, and the audit record from the Colorado AI Act compliance post \u2014 in a single class that any agent in the series&#8217; existing pipelines can use by swapping their direct API client for <code>gateway.call()<\/code>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"When_to_Integrate_a_Managed_Gateway_vs_Build_Your_Own\"><\/span>When to Integrate a Managed Gateway vs Build Your Own<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Use the implementation above<\/strong> if you&#8217;re running a solo or small team stack where self-managed infrastructure is lower friction than vendor onboarding, and where the audit trail requirements are manageable in a local or simple cloud log.<\/li>\n\n\n\n<li><strong>Integrate Portkey<\/strong> when your primary bottleneck is model API reliability and cost across multiple providers \u2014 the managed fallback, caching, and dashboard are worth the overhead when you&#8217;re running significant daily volume across three or more model providers.<\/li>\n\n\n\n<li><strong>Integrate agentgateway<\/strong> when you&#8217;re running multiple MCP servers and need a unified discovery, authentication, and rate limiting layer across all of them \u2014 the open-source license and Linux Foundation governance make it the right choice for security-sensitive enterprise contexts where vendor lock-in on a new critical infrastructure layer carries procurement risk.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">For the full Portkey acquisition and agentgateway Linux Foundation donation details, see <a href=\"https:\/\/www.forbes.com\/sites\/janakirammv\/2026\/07\/05\/palo-alto-networks-buys-portkey-ai-and-soloio-donates-agentgateway-to-linux-foundation\/\" target=\"_blank\" rel=\"noopener\">Forbes&#8217; coverage of the July 5 AI agent gateway category consolidation<\/a>.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"The_Builders_Takeaway\"><\/span>The Builder&#8217;s Takeaway<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The AI agent gateway is the missing infrastructure layer that this series has been implicitly assembling piece by piece since June. Credential isolation, trust enforcement, cost tracking, audit logging, fallback routing \u2014 every post in the security and compliance thread was solving a sub-problem that a gateway solves at the infrastructure layer. Palo Alto&#8217;s acquisition and Solo.io&#8217;s Linux Foundation donation are the market&#8217;s signal that this layer is graduating from optional architectural pattern to expected enterprise infrastructure. The builders who integrate it now \u2014 whether through the implementation above, Portkey, or agentgateway \u2014 won&#8217;t need to retrofit it under compliance pressure six months from now. The ones who treat it as optional will find it increasingly required, by procurement requirements, regulatory frameworks, and the attack surface that the <a href=\"https:\/\/www.theagenticprotocol.com\/index.php\/coding-agent-supply-chain-attack\/\">Coding Agent Supply Chain Attack<\/a> post made explicit.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p class=\"wp-block-paragraph\"><em>This post is part of The Agentic Protocol&#8217;s Work series \u2014 the connective infrastructure layer beneath every autonomous pipeline. See also: <a href=\"https:\/\/www.theagenticprotocol.com\/index.php\/mcp-server-python\/\">MCP Server Python<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The AI agent gateway just became an official infrastructure category \u2014 and if you&#8217;ve been following this series since June, you already understand why every problem it solves has been building toward exactly this layer. On July 5, 2026, Palo Alto Networks acquired Portkey, the AI gateway platform that handles authentication, rate limiting, cost tracking, &#8230; <a title=\"AI Agent Gateway: Critical 2026 Infrastructure Warning\" class=\"read-more\" href=\"https:\/\/www.theagenticprotocol.com\/index.php\/ai-agent-gateway\/\" aria-label=\"Read more about AI Agent Gateway: Critical 2026 Infrastructure Warning\">Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":373,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[459,458,456,457,455],"class_list":["post-372","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-work-agentic-ai","tag-agent-security-compliance-layer","tag-agentgateway-linux-foundation","tag-ai-agent-gateway","tag-mcp-governance-infrastructure","tag-portkey-palo-alto-2026"],"_links":{"self":[{"href":"https:\/\/www.theagenticprotocol.com\/index.php\/wp-json\/wp\/v2\/posts\/372","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.theagenticprotocol.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.theagenticprotocol.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.theagenticprotocol.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.theagenticprotocol.com\/index.php\/wp-json\/wp\/v2\/comments?post=372"}],"version-history":[{"count":1,"href":"https:\/\/www.theagenticprotocol.com\/index.php\/wp-json\/wp\/v2\/posts\/372\/revisions"}],"predecessor-version":[{"id":374,"href":"https:\/\/www.theagenticprotocol.com\/index.php\/wp-json\/wp\/v2\/posts\/372\/revisions\/374"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.theagenticprotocol.com\/index.php\/wp-json\/wp\/v2\/media\/373"}],"wp:attachment":[{"href":"https:\/\/www.theagenticprotocol.com\/index.php\/wp-json\/wp\/v2\/media?parent=372"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.theagenticprotocol.com\/index.php\/wp-json\/wp\/v2\/categories?post=372"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.theagenticprotocol.com\/index.php\/wp-json\/wp\/v2\/tags?post=372"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}