Gartner says the average Fortune 500 will operate over 150,000 AI agents by 2028, up from fewer than 15 in 2025. That is a 10,000x increase in three years. Boomi already has 75,000 agents running across its 30,000 customers — and on May 13, 2026, CEO Steve Lucas used his Boomi World keynote in Chicago to plant a flag in what may be the most expensive piece of unclaimed enterprise real estate in AI: the control plane that decides which agent talks to which tool, with what data, at what cost, under whose rules.
The product wedge has a name now. Boomi Connect. Boomi AI Gateway. MCP Registry. Boomi Orchestrate. Agent SIM. Five launches, one thesis: enterprises won't win by deploying more agents — they will win by governing the ones they already have. And the financial case is no longer abstract. A Forrester Total Economic Impact study commissioned by Boomi found a composite organization realized $9.8 million in net present value, a 347% three-year ROI, and payback in under six months on the underlying Enterprise Platform. The question for CIOs and CFOs reading this on May 16, 2026: is the MCP gateway market about to consolidate around two or three platforms — and if so, which side of the procurement decision do you want to be on?
What Boomi Actually Announced
Boomi World 2026 ran May 12-15 in Chicago. Steve Lucas opened day one with a statistic the room felt: just 7% of enterprise data is actually in motion. Everything else sits in warehouses, lakes, ERPs, and SaaS systems that agents cannot reach without an integration layer that respects identity, cost, and policy. That framing matters. Boomi is not pitching itself as another agent framework. It is pitching itself as the layer underneath every agent framework — the agentic control plane the industry has been arguing about since Anthropic donated MCP to the Linux Foundation's Agentic AI Foundation earlier this year.
The launches break into five categories.
Boomi Connect is the marquee product. It sits between AI assistants (Claude, Microsoft 365 Copilot, Google Gemini) and enterprise applications, exposing more than 1,000 managed, MCP-enabled tools through a single governed entry point. The pitch to security teams: data does not leak to public model endpoints, because Connect inspects every request and enforces enterprise policy at the protocol layer.
Boomi AI Gateway sits next to Connect and adds three things the industry has been demanding: policy enforcement (who can call what, with which scopes), cost controls (per-team token budgets, throttling), and observability (every prompt, every tool invocation, every response logged for SIEM ingestion).
MCP Registry addresses a specific operational pain. Once an enterprise stands up dozens or hundreds of MCP servers — some from vendors, some from internal teams, some from third-party hubs — somebody has to inventory them, version them, and decide which ones agents are allowed to discover. The Registry is a central catalog covering Boomi servers, customer-built servers, and third-party registries.
Boomi Orchestrate is the workflow layer. It lets business and IT teams combine agents, APIs, integrations, event streams, and data models using natural language instead of low-code drag-and-drop. The demo at the keynote walked through a healthcare revenue cycle automation built without traditional integration code.
Agent SIM (Labs preview) is the most interesting Quote-Tomorrow product. It lets you simulate agent behavior in a sandbox before deployment — feeding the agent synthetic prompts and watching how it reasons, which tools it picks, and what it costs at scale. Agent SIM is to AI agents what staging environments were to web apps.
Two flanking moves matter as much as the products themselves. Boomi announced its intent to acquire Lunar.dev, whose MCPX gateway specializes in intelligent prompt routing — sending a query to the cheapest model that can answer it accurately. Lucas's framing in the keynote was blunt: enterprises route prompts by economics and data sensitivity, not by loyalty to any single model vendor. The second move is a deeper partnership with Red Hat to deliver a Distributed Agent Runtime, letting customers run agents on-premises with locally hosted language models — solving the data-residency veto from regulated industries.
The pricing detail Wall Street wants is mostly absent. Boomi did not publish per-seat or per-call pricing for Connect, AI Gateway, or the Registry. That is a strategic choice, not an oversight; iPaaS pricing remains contract-by-contract, anchored to connector volume and message throughput, and Boomi is signaling that MCP pricing will follow the same playbook.
Why This Matters
There are two audiences inside every enterprise reading this announcement, and they are reading it for different reasons.
For CIOs, CTOs, and chief architects, this is a question about whether MCP is now a buy-or-build decision. The Model Context Protocol was announced by Anthropic in November 2024 and is now governed by the Linux Foundation. The MCP 2026 roadmap, maintained by Anthropic and the broader community, names four priorities: Streamable HTTP at scale, agent communication primitives like Tasks with retry semantics, governance maturation, and enterprise readiness — audit trails, SSO-integrated auth, and gateway patterns. Roughly 78% of enterprise AI teams already report at least one MCP-backed agent in production. That number rounded to "almost all" in 2024. It is now near-universal.
What it means operationally: every AI assistant your employees use — Claude, Copilot, Gemini, internal models hosted on Bedrock or Vertex — wants to call MCP servers. Every SaaS vendor is racing to publish an MCP server for their product. If you do not put a gateway in the middle, you get the worst of both worlds: agents that can reach anything, and a security team that can audit nothing. The architectural decision is not whether to put a gateway in front of MCP. It is which gateway, owned by whom, with which trust model.
For Rajesh Beri's team at Zscaler, this decision is already on the table. Zscaler's MCP Gateway pilot uses IBM Context Forge — an open-source project that is architecturally ambitious (mDNS-based auto-discovery, capability federation across gateways) but explicitly lacks commercial support. Boomi's launch reframes that build-versus-buy conversation. Is open-source maturity at the gateway layer worth the operational burden, or is the right answer to back a commercial platform like Boomi, Workato, or MuleSoft and concentrate engineering talent on the agents and use cases that actually move revenue?
For CFOs, CMOs, and business leaders, this is a budget conversation. Gartner forecasts that 40% of enterprises using consumption-priced AI tooling will see unplanned costs exceeding twice their budget by 2027, and that over 40% of agentic AI projects will be canceled by 2027 because of escalating costs, unclear value, and inadequate controls. AI budgets are already growing three times faster than IT budgets. The pattern Gartner is naming is simple: agents proliferate without governance, each business unit signs its own AI vendor contracts, and by Q3 of the second year there is no single executive who can answer "what are we spending on agents company-wide, and what is it returning?"
Boomi's pitch to that CFO is that the AI Gateway is the choke point where you put cost discipline. Per-team token budgets, ROI thresholds before activation, chargebacks back to the business units that requested an agent. That is FinOps for the agentic era, and it is the only credible answer to the consumption-pricing trap.
Market Context
The MCP gateway market sorted itself into three camps over the last six months, and Boomi's announcement clarifies the lines.
Camp one: iPaaS incumbents pivoting to MCP. Boomi, MuleSoft, Workato, SnapLogic, Informatica. These companies already own the integration plumbing — thousands of connectors, mature governance, deep relationships with enterprise IT. Their bet is that "AI gateway" is just the next iPaaS feature, not a new category. Workato shipped its Enterprise MCP earlier and exposes more than 12,000 enterprise apps through a governed runtime. MuleSoft positions Anypoint Flex Gateway as the security layer and Agent Fabric as the connectivity fabric. Boomi's $9.8M Forrester ROI study, 30,000 customers, and 75,000 agents-in-production statistic is the iPaaS camp arguing it already has scale others lack.
Camp two: AI-native gateways. Composio (500+ managed integrations, optimized for product teams), TrueFoundry (sub-5ms p95 overhead, infrastructure-focused), Lunar.dev MCPX (granular RBAC, immutable audit logs, about 4ms p99 latency), Lasso Security (real-time threat detection and PII masking, with 100-250ms scanning overhead). These platforms started with MCP as a primary use case. They are faster, leaner, and more developer-friendly — and they are about to consolidate. Boomi's Lunar.dev acquisition is the first move; expect MuleSoft and Workato to respond inside 90 days.
Camp three: hyperscaler and open-source plays. Google's Gemini Enterprise Agent Platform (with Agent Identity and Agent Gateway). Microsoft Agent 365, now generally available at $15 per user per month, with registry sync to AWS Bedrock and Google Cloud connections. AWS Bedrock AgentCore. IBM's Context Forge, the most architecturally ambitious open-source play but in alpha/beta without commercial support. Each hyperscaler is pulling agent governance into its own platform; each is also racing to publish MCP servers for its own services.
Nucleus Research analyst Alexander Wurm captured the dynamic in the announcement coverage: "The market is rapidly shifting toward platforms that can support not just connectivity, but governed execution across AI-driven workflows." In English: the question is no longer "can your platform reach my data," it is "can your platform reach my data, prove it followed policy, charge the right cost center, and pass an audit." That is a different product than 2024-era iPaaS — and it is exactly what Boomi is now selling.
Gartner Sr. Director Analyst Max Goss added context that should hang on every CIO's wall: "Blocking or restricting the use of AI agents is not a long-term solution. Employees will resort to unsanctioned shadow AI if sanctioned tools are unavailable." The implication: the gateway is not a permission layer to slow agents down. It is an enablement layer that makes agent use safe enough to scale.
Framework #1 — Agent Sprawl ROI Calculator
The hardest spreadsheet to build right now is the one that justifies a centralized MCP gateway investment to a CFO who wants ROI in two quarters. Here is a working model, calibrated against the Forrester TEI study and Gartner's cost projections.
Inputs (annual):
| Variable | Description |
|---|---|
| A | Average AI agents in production today |
| B | Projected agents in 24 months (multiply A by 67% growth Gartner cites) |
| C | Average annual token/API cost per agent (industry midpoint: $4,000) |
| D | Duplicate-tool overspend rate without a registry (industry midpoint: 22%) |
| E | Average data-breach exposure cost per shadow agent (NIST/IBM midpoint: $4.45M × incident probability) |
The math, three scenarios:
Small enterprise (1,000-5,000 employees, currently 20 agents in pilot):
- Projected agents in 24 months: 200 (10x as use cases scale)
- Token/API spend uncontrolled: 200 × $4,000 = $800,000
- Duplicate-tool waste at 22%: $176,000
- Shadow-agent risk-adjusted exposure: $222,500 (5% incident probability × $4.45M)
- Annual sprawl cost: ~$1.2M
- Boomi-class platform cost (estimated $250K-$400K annually with usage): ~$325,000
- Net benefit: ~$875,000. Payback: 4-5 months.
Mid-size enterprise (5,000-25,000 employees, currently 200 agents):
- Projected agents in 24 months: 2,500
- Uncontrolled token spend: $10M
- Duplicate-tool waste: $2.2M
- Shadow-agent risk exposure: $445,000 (10% probability)
- Annual sprawl cost: ~$12.6M
- Platform cost: ~$1.5M
- Net benefit: ~$11.1M. Payback: under 3 months.
Fortune 500 enterprise (25,000+ employees, currently 1,500 agents):
- Projected agents by 2028 (Gartner): 150,000 agents
- Uncontrolled token spend: $600M (assuming aggressive negotiation drives unit cost to $4K)
- Duplicate-tool waste at 22%: $132M
- Shadow-agent risk exposure: $1.34M (30% probability)
- Annual sprawl cost: ~$733M
- Platform cost: ~$8-15M annually
- Net benefit: $700M+. The payback question becomes irrelevant; this is mandatory infrastructure.
The Forrester TEI study attributed the $9.8M three-year NPV to four sources: $5.6M in business and partner productivity, $3.0M in reduced business risk through reliability and compliance gains, $1.5M in technology cost savings through legacy platform retirement, and $1.3M in IT employee and contractor savings, plus $1.2M in incremental profit from faster service launches. Two real customers were named in the analysis: Lexitas automated nearly 50% of regulated payment processing through Boomi-hosted agents, and Multiquip automated roughly 80% of technician support queries, replacing manual product-manual searches with agent retrieval.
The math gets aggressive quickly. The conservative read: a Fortune 500 CFO who does not put governance in front of MCP traffic is signing up for low-eight-figures of duplicative spend within 18 months. The aggressive read: ungoverned agent sprawl is the next shadow IT crisis — except it costs more, moves faster, and shows up on the security incident report instead of the IT chargeback report.
Framework #2 — MCP Gateway Decision Matrix
Use this matrix to compare the four most likely procurement options. Score each platform 1-5 on each dimension; the highest-scoring platform for your specific weights wins.
| Dimension | Boomi | Workato | MuleSoft (Salesforce) | Open-Source (IBM Context Forge) |
|---|---|---|---|---|
| Connector breadth | 1,000+ MCP tools, 30K customers | 12,000+ apps via MCP | Anypoint Exchange — broadest API library | Federated, but you build connectors |
| MCP production readiness | New (May 2026), gateway shipping | GA, "production-ready today" | GA via Agent Fabric and Flex Gateway | Alpha/beta, no commercial support |
| Governance maturity | New AI Gateway, audit logs to SIEM | Mature SIEM-ready logs, automatic token rotation | Mature API governance, identity propagation | DIY policy engine |
| Cost-control sophistication | New, per-team budgets via AI Gateway | Transparent consumption tracking, recipe-level | Per-API throttling, mature FinOps integrations | None out of the box |
| On-prem / sovereignty | Distributed Agent Runtime with Red Hat | Workato Embedded, limited on-prem | MuleSoft Runtime Fabric, hybrid mature | Native (you host everything) |
| Time-to-value | Natural-language Orchestrate, fast | Recipes shipped today, very fast | Slower without integration team | Months to harden |
| Total cost of ownership | Medium ($300K-$15M depending on scale) | Medium-high (per-recipe pricing) | High (enterprise license + services) | Low license, high operational |
| Vendor lock-in risk | Medium — proprietary orchestration | Medium-high — recipes are sticky | High — Salesforce ecosystem gravity | Low — open standard, you own runtime |
Heuristic guidance:
-
Choose Boomi if you want one vendor for data integration, MCP gateway, and agent orchestration; you do not want a Salesforce dependency; and you value the Red Hat partnership for on-prem deployment of regulated workloads.
-
Choose Workato if you need MCP in production this quarter, not next, and the 12,000-app library matches your SaaS sprawl. Workato is ahead on MCP maturity today; Boomi will close that gap inside 12 months.
-
Choose MuleSoft if you are already a Salesforce shop, your integration team has Anypoint skills, and you want the broadest API governance footprint in the market. Be honest about the lock-in cost.
-
Choose IBM Context Forge or another open-source gateway if you have a platform engineering team capable of running production runtime infrastructure, your data sovereignty requirements rule out commercial gateways, and you can absorb six months of operational hardening. This is the right answer for some — a wrong answer dressed up as cost savings for many.
The 80/20 recommendation: most enterprises will spend the next 12 months running two of these gateways in parallel — one commercial, one open-source — and consolidating on the winner in 2027. That is not waste; it is the smart hedge against the gateway market consolidation that is now in motion.
Case Study: Lexitas and the Regulated-Payments Problem
Lexitas, owned by Chronicle Bidco Inc., processes payments in a regulated environment where every transaction must trace back to a human approver or an explicitly authorized policy. The pre-2025 state: a payments operations team manually reviewed thousands of transactions per month, with average handle time measured in minutes per transaction and an audit trail spread across email, Salesforce, and three internal systems.
The Boomi-led implementation took the team through a now-familiar arc. First, they built a single Boomi Integration to consolidate transaction events into a unified queue. Then they layered Boomi-hosted agents on top — one agent per transaction class — using Boomi Companion to design the routing rules in natural language. The agents pull customer history, validate against compliance rules, and either auto-approve, route to a human reviewer, or reject. Every decision is logged to a single Boomi audit trail.
The reported outcome: nearly 50% of regulated payments now process without human review, with full auditability and zero compliance findings in the first cycle after deployment. The implementation was measured in weeks, not quarters. The Boomi technical lead emphasized that the breakthrough was not the model — it was the integration layer connecting the model to authoritative data. Models hallucinate when they cannot see the source of truth.
What worked: starting with one high-volume, high-rule transaction type before generalizing. What did not: the team initially over-permissioned agents and had to dial back access scopes after the first internal audit. The lesson Lexitas's CIO offered: the right number of permissions to grant a new agent is the smallest set that lets it complete its task, plus zero. Every additional scope is a future security finding.
What to Do About It
For CIOs (next 30 days): Audit which agents in your environment currently call MCP servers or call external APIs without a gateway in the middle. Inventory the SaaS contracts you already have with Boomi, Workato, MuleSoft, Snaplogic, or Informatica — there is likely already a contractual on-ramp to one of these platforms. Schedule a Boomi briefing on AI Gateway, even if you have no current intent to buy. The 2026 roadmap shapes 2027 procurement.
For CFOs (next 60 days): Establish a single AI cost line in the 2027 budget that includes platform license, agent compute, token spend, and the integration layer underneath. Demand consumption visibility from your iPaaS vendor before signing any renewal. The Forrester $9.8M three-year NPV number is the conversation opener; the question is what your business case looks like at your scale, and you cannot answer that without per-agent cost visibility.
For business leaders (next 90 days): Pick one regulated, high-volume workflow — payments, claims, contract review, technician support — and pilot a single Boomi-class agent against it. The goal is not the workflow ROI; it is to learn what governance you actually need before you find out the hard way. The companies that move from pilot to production in 2026 are the ones who learned governance through one painful pilot before they multiplied agents across the org chart.
The next phase of enterprise AI is not about more agents. It is about the gateway that decides which agents get to do what, with whose data, on what budget. Boomi planted its flag on May 13, 2026. The market now has roughly 18 months before the iPaaS-pivot, the AI-native, and the hyperscaler camps consolidate to two or three winners — and the gateway you choose this quarter shapes the agent strategy you can run next quarter.
Sources
- Boomi Unveils Innovations That Power the Agentic Enterprise — Business Wire
- Boomi Innovations May 2026 — Boomi.com
- Boomi adds governance tools for enterprise AI agents — IT Brief Asia
- Boomi World 2026: The Infrastructure Layer Gets Its Moment — Shashi Bellamkonda
- The AI control plane takes center stage at Boomi World — SiliconANGLE
- Boomi Enterprise Platform Delivered 347% ROI and $9.8M NPV — Forrester TEI
- Customers Share the ROI of the Boomi Enterprise Platform — Boomi
- Gartner Identifies Six Steps to Manage AI Agent Sprawl — Gartner
- 10 Best MCP Gateways for Developers in 2026 — Composio
- Workato Enterprise MCP vs Boomi — Workato
- Best MCP Gateways and AI Agent Security Tools (2026) — Integrate.io
- The future of MCP: 2026 roadmap, enterprise adoption — Toloka
- Donating the Model Context Protocol — Anthropic
- Controlling AI agent costs before they spiral — InformationWeek
