Thursday, June 4, 2026
CloudNews

Tetrate and Ory Enhance Enterprise AI Agent Control

By: AIT365 News Desk

Related stories

Mixed Reality

VR Vision Unveils AI-Powered XR Training Platform to Transform Workforce Learning

VR Vision Inc. has launched "The Intelligent Training Era,"...
Mixed Reality

Aisles Launches DREAM: AI-Driven Virtual Reality Evolution

Aisles has unveiled DREAM (Dynamic Reality Experience and Memory),...
Mixed Reality

TechSee Unveils Visual Remote Assistance with AI (VRAi) on Salesforce

TechSee, a global leader in visual customer assistance, announced...
Mixed Reality

Rendever and Lenovo Collaborate to Bring Virtual Reality Experiences to Carolina Caring Seniors

Rendever, the Boston-based company pioneering the future of aging...
Mixed Reality

Ansys 2024 R1 Reimagines the User Experience while Expanding Multiphysics Superiority Boosted by AI

The latest release from Ansys, 2024 R1, introduces an elevated user...

Tetrate and Ory announced a strategic partnership to help enterprises secure AI agents in production. The joint solution combines Ory’s identity and authorization platform with Tetrate Agent Router Enterprise, applying dynamic, granular policy at the point where agents actually call tools, including governance over the parameters of each MCP tool call.

Many MCP runtimes only decide which tools an agent can see or call. The Tetrate-Ory joint solution goes further, enforcing policy on every live request. AI agent security has two distinct layers: the network/gateway layer (where Tetrate enforces policy on live traffic, tool calls and request parameters) and the authorization/policy layer (where Ory determines what agents and users are actually permitted to do at the resource level). When a call exceeds a defined risk threshold, Tetrate can pause the request, trigger an authentication and approval flow through Ory, issue short-lived elevated access, and record the full approval path for audit.

The timing reflects a clear market need. As companies move AI agents from pilots into real business use, they face growing risks around agent identity, overbroad permissions, unsafe tool access, data exposure, and weak runtime controls.

From customer to partner

Ory first worked with Tetrate as a customer. To improve the infrastructure behind its global IAM and CIAM platform, Ory migrated to Tetrate Enterprise Gateway for Envoy, a move that cut Ory’s resource use by 40 percent and improved product operations and observability. Tetrate exhibited its ability to help customers run Envoy in production at enterprise scale. As Ory expanded its focus to securing AI agents, the relationship grew into a strategic partnership.

Identity, authorization and runtime enforcement

The joint solution combines Ory’s identity layer with Tetrate’s runtime enforcement layer. Ory treats AI agents as first-class identities. Tetrate Agent Router Enterprise enforces those policies when agents call models, tools and enterprise services, including parameter-level control over MCP tool calls. Tetrate can enforce not only which tools an agent may use, but also which request parameters are allowed, based on policies defined in Ory Keto.

“The challenge with AI agents isn’t just controlling which tools they can access—it’s controlling how they use those tools,” said David Wang, head of product management at Tetrate. “Tetrate Agent Router Enterprise enforces fine-grained authorization on MCP tool invocations down to the parameter level, based on policies defined in Ory, and does so through a globally distributed Envoy-based gateway layer. That gives enterprises the precision, scale and control that production deployments demand.”

“AI agents must be treated as first-class identities with explicit authentication, authorization and governance,” said Jeff Kukowski, CEO, Ory. “Together with Tetrate, Ory is helping enterprises secure AI agent deployments end to end, from identity and access decisions to runtime enforcement and policy control.”

Also Read: IREN and BE Networks Speed Large-Scale AI Factory Rollout

Envoy foundation

The solution is built on Envoy AI Gateway, the open source project used in production by organizations such as Bloomberg and other large enterprises. Tetrate is a major contributor to Envoy and Envoy Gateway, and brings that traffic layer to enterprises that need to enforce policy consistently across providers, geographies and environments.

Ory’s use of Tetrate Enterprise Gateway for Envoy helps validate that foundation. It shows that Tetrate can deploy and operate a robust, distributed Envoy-based traffic layer globally for demanding enterprise environments before extending those same strengths into AI agent security.

Key capabilities

  • Agent identity: Ory gives agents and users verifiable identities.
  • OAuth2 and OIDC token flows: Ory Hydra issues and manages the tokens used to represent agent and user identity, support consent and step-up flows, and carry scoped access into runtime enforcement.
  • Fine-grained authorization: Ory Keto applies least-privilege access policies.
  • Dynamic runtime enforcement: Tetrate evaluates live requests to models, tools and enterprise systems at runtime, not just static tool visibility or allow lists.
  • Parameter-level MCP control: Tetrate enforces Ory Keto policies on both tool access and request parameters, enabling step-up authorization based on the actual content and risk of each request.
  • Visibility and auditability: Security teams can monitor agent behavior, privilege changes and policy enforcement.
  • Proven Envoy foundation for large enterprises: The solution runs on Tetrate’s Envoy-based AI gateway, giving enterprises a robust traffic layer for distributed enforcement of central policy across providers, geographies and environments at global scale.

Use cases

Examples of ideal uses cases for the TetrateOry joint solution include:

  • Retail: An agent can issue a refund up to an approved dollar amount, but a larger refund triggers step-up approval based on the refund amount parameter.
  • Financial services: An agent can process routine transfers or account actions within policy, but larger transactions, higher-risk destinations or more sensitive account changes trigger step-up approval.
  • Healthcare: An agent can access standard records or routine actions within policy, but requests involving sensitive records, higher-risk medication changes or larger data exports require step-up authorization.
  • Government: An agent can complete routine case or records actions within policy, but access to restricted data, larger benefit disbursements or exception handling can require step-up approval.
  • Customer support: An agent can apply normal credits or account updates, but larger refunds, sensitive account disclosures or high-risk account changes trigger step-up authorization.
  • IT operations: An agent can handle low-risk automation tasks, but production changes, privileged access requests or actions with larger blast radius require step-up approval.
  • HR: An agent can complete routine employee service actions, but compensation changes, access to sensitive personnel records or broader data exports require step-up authorization.

Source: PRNewswire

AIT365 News Desk
AIT365 News Deskhttps://aitech365.com

Subscribe

- Never miss a story with notifications


    Latest stories

    Previous article
    The Dawn of ‘Autopilots’: How Microsoft Scout is Re-Engineering the Machine Learning Landscape
    Next article
    Ambition Launches MCP Integration for Revenue Efficiency

    About Us

    Discover the future of artificial intelligence at AITech365. Explore the latest AI news, delve into insightful interviews with industry experts, and stay informed about the most exciting and trending topics shaping the world of AI.

    Latest

    Popular

    Quick Link

    © 2026 AITech365. All Rights Reserved. Website Undertaking: Data Demand