Databricks Unity AI Gateway Explained: Cost Controls, Smart Routing and Runtime Guardrails for Enterprise AI

1. Cost Controls and Smart Routing

AI spend is increasingly fragmented. Token costs accumulate across coding agents, frontier model APIs, internal applications, and custom pipelines — often with no unified view of where money is going or why.

Unity AI Gateway now provides unified AI spend visibility, aggregating costs across Databricks-hosted models, external model providers, and third-party coding agents into a single dashboard. Administrators can attribute spend by user, team, tool, or use case, making it possible to understand not just total cost but where AI is actually delivering value.

Two new enforcement mechanisms add teeth to this visibility. Hard spend caps automatically halt requests once a budget threshold is crossed, preventing runaway costs from unchecked agent loops or high-volume pipelines. Smart routing goes further by recommending and automatically directing requests to the most appropriate model based on task complexity, quality requirements, and cost — a practical tool for organizations running both large and small models in parallel.

Udemy offers a concrete illustration of this in practice: routing all foundation model traffic through Databricks AI Gateway gives them a single governance layer, with PII detection pipelines intelligently balancing smaller and larger GPT models for cost efficiency.

2. Unified Governance of AI Assets and Interactions

As AI deployments grow, the number of models, agents, MCP servers, and skills multiplies quickly. Most enterprises still govern these assets separately — if at all — which produces fragmented access policies and limited visibility into what AI systems are actually doing.

Unity Catalog now extends beyond data to govern the full AI asset inventory: foundation models from any provider, external MCP services, registered agents, and reusable skills. The same fine-grained access policies used for data can now be applied to model access, with dynamic enforcement based on attributes such as model provider, country of origin, or approval status.

Managed MCP services for Google Drive, Jira, Confluence, Slack, GitHub, and SharePoint are now available out of the box, removing the infrastructure burden from teams that need governed integrations quickly. Custom MCP services can also be registered, creating a centralized inventory of approved tools that developers can discover and use from Databricks, coding agents, Genie, or external frameworks.

The most significant new addition here is Contextual Service Policies, currently in Beta. These policies move governance beyond access control into behavioral control. Administrators can allow, deny, or require approval for specific agent actions — such as pushing code to GitHub, modifying files, or accessing sensitive data — based on the user, agent, model, tool, or the actual contents of a request or response. Runtime guardrails can also enforce protections against PII exposure, prompt injection, jailbreaks, and unsafe content.

This is a meaningful shift. It means governance is no longer just a gate at the entry point; it travels with the agent throughout the interaction.

3. Agent Monitoring and Incident Investigation

When an AI workflow spans multiple models, agents, and MCP services, reconstructing what happened during a specific interaction is genuinely difficult. Logs are scattered, traces are incomplete, and troubleshooting requires piecing together information from systems that were never designed to talk to each other.

Unity AI Gateway now provides end-to-end agent tracing — a unified telemetry layer that captures model interactions and MCP tool activity together, giving teams a coherent view of how AI workflows execute across services.

Two additional capabilities extend this monitoring into analysis and investigation. Genie integration allows teams to explore coding agent logs in natural language, identifying costly workflows and understanding how agents spend their time. Lakewatch integration enables security teams to analyze Gateway traces, detect suspicious activity, investigate policy violations, and accelerate AI security investigations.

For organizations in regulated industries — where auditability is not optional — this kind of unified observability is a prerequisite for responsible AI deployment at scale.

4. An Open Ecosystem of Security and Identity Integrations

Unity AI Gateway is designed as an open governance platform, not a closed one. Databricks is expanding its ecosystem with integrations across AI security, identity governance, data protection, and threat detection.

Upcoming integrations include AI security providers such as CrowdStrike, Palo Alto Networks, Netskope, HiddenLayer, Zscaler, and others, alongside identity providers including Okta, Ping Identity, and Saviynt. The intent is to allow organizations to bring their existing security and identity infrastructure into the AI runtime path rather than building parallel controls from scratch.

CrowdStrike’s framing is instructive: the goal is to make the Falcon platform the security layer for AI, delivering visibility and protection at the same level enterprises expect for their broader infrastructure. Okta’s integration extends consistent identity governance to agents and the data pipelines they touch — a recognition that agents, like users, need verifiable identities and explicit permissions.