Tetrate and Ory partner on AI agent security

Tetrate and Ory partner on AI agent security — the two firms announced a joint solution that blends Ory’s identity and access management platform with Tetrate’s Envoy‑based Agent Router Enterprise to enforce granular, runtime policies on every AI‑driven tool call.

What the partnership delivers

The announcement marks the first time a dedicated AI‑agent security stack has been offered as a single, integrated product. By treating AI agents as first‑class identities, the solution can authenticate an agent, evaluate its request against Ory’s policy engine (Keto) and, if needed, pause the call for step‑up authentication before the request reaches the target service. The result is a “policy‑as‑code” enforcement point that sits at the network edge, where Tetrate’s Envoy gateway inspects live traffic and applies the rules defined in Ory’s IAM suite.

How the technology works

At a high level the stack consists of three layers.

1. Identity layer – Ory Hydra issues OAuth2/OIDC tokens that uniquely represent agents, users, or services.
2. Authorization layer – Ory Keto stores fine‑grained, least‑privilege policies that map identities to allowed actions and parameter ranges.
3. Runtime enforcement layer – Tetrate Agent Router Enterprise, built on the open‑source Envoy AI Gateway, intercepts every model or tool invocation, checks the request parameters against Keto policies, and either forwards, modifies, or blocks the call.

Because the enforcement happens at the edge, enterprises can apply the same policy across multi‑cloud, on‑prem, and hybrid environments without duplicating logic in each application.

Why it matters for enterprises

AI agents are moving from proof‑of‑concept notebooks into production workflows that handle refunds, financial transfers, patient data, and other high‑value operations. Gartner estimates that **75 % of enterprises will have deployed AI agents in production by 2027**, yet Forrester warns that **30 % of AI projects fail due to security gaps**. The Tetrate‑Ory stack directly addresses those gaps by:

• Preventing over‑privileged agents from surfacing sensitive data.
• Enforcing transaction‑level limits (e.g., refund caps) and triggering step‑up approvals when thresholds are crossed.
• Providing audit trails that satisfy compliance regimes such as GDPR, HIPAA, and SOC 2.

For marketing teams, the technology translates into a new risk‑management narrative that can be woven into product roadmaps, customer contracts, and go‑to‑market messaging. Instead of selling “AI‑powered features” alone, vendors can now promise “AI‑agent security with real‑time policy enforcement,” a differentiator that resonates with CIOs and security officers.

Competitive context

• Microsoft’s Azure OpenAI Service recently introduced “private endpoints” for model calls, but it lacks native identity‑aware policy enforcement at the request‑parameter level.
• Google Cloud’s Vertex AI offers IAM controls, yet its enforcement is limited to service‑level permissions.
• Amazon Bedrock provides fine‑grained resource policies but does not integrate a dedicated edge gateway for runtime checks.

Tetrate and Ory’s approach stands out by combining an open‑source Envoy data plane—already trusted by Bloomberg, Salesforce, and Adobe—with a mature IAM engine that supports OAuth2, OIDC, and attribute‑based access control. The partnership also benefits from Tetrate’s global traffic‑management expertise, enabling enterprises to scale policy enforcement across geographies without latency spikes.

Implications for marketing teams

1. Message shift – Position AI features as “secure by design” rather than “AI‑enabled.”
2. Account‑based selling – Target finance, healthcare, and government accounts that must meet strict audit requirements.
3. Thought leadership – Publish case studies that quantify risk reduction (e.g., “Reduced unauthorized refunds by 42 % in pilot retail deployment”).

Marketing teams can leverage these points to differentiate their offerings in a crowded market.

Market Landscape

The AI‑agent security segment is intersecting three broader trends: the explosion of generative AI workloads, the rise of zero‑trust networking, and increasing regulatory scrutiny of automated decision‑making. IDC predicts that spending on AI security solutions will grow at a **CAGR of 28 % through 2028**, outpacing overall AI software investments. Companies that embed security earlier in the AI pipeline—rather than bolting it on after deployment—are expected to achieve faster time‑to‑value and lower total cost of ownership.

Top Insights

• Unified edge enforcement – Tetrate’s Envoy gateway lets enterprises apply Ory policies at the network edge, eliminating duplicated logic in downstream services.
• Parameter‑level control – Unlike most IAM solutions, the joint stack can deny a request based on the actual payload (e.g., a refund amount exceeding $5,000).
• Step‑up workflow integration – When a request breaches a risk threshold, the system can trigger Ory‑driven multi‑factor approval before the call proceeds.
• Cross‑cloud consistency – The solution works equally on AWS, Azure, Google Cloud, and on‑prem data centers, supporting hybrid AI strategies.
• Audit‑ready logging – Full traceability of agent identity, policy evaluation, and enforcement decisions satisfies SOC 2 and ISO 27001 audits.

Power Tomorrow’s Intelligence — Build It with TechEdgeAI

PR Newswire