Two acquisitions in 48 hours just mapped the enterprise AI stack. On May 28, Asana dropped $75 million on StackAI, a no-code agent builder. On May 29, Palo Alto Networks closed its Portkey acquisition, an AI gateway for runtime security. One bought the execution layer. The other bought the security layer. Together, they show what enterprises are actually buying when they move from "AI experiments" to "AI in production."

If you're a CIO or CTO trying to figure out where to allocate budget, or a CFO trying to understand what AI infrastructure actually costs, these two deals give you the clearest signal yet. Let me break down what each acquisition does, why it matters, and what it tells you about how to think about your own AI stack.

The Execution Layer: Asana Buys StackAI for $75M

What Asana bought: A Y Combinator-backed no-code platform that lets you build AI agents that work across Salesforce, Slack, Gsuite, and other enterprise systems without writing code.

Why it matters: Most enterprises aren't struggling with "can we build an AI chatbot?" They're struggling with "how do we get this AI agent to actually DO something across our 15 different systems?" StackAI solved that by giving you a visual builder that connects AI to your existing tools.

Asana CEO Dan Rogers said it plainly: "This acquisition accelerates our roadmap and takes us into the next phase of human-agent work. StackAI now lets them go further, agentifying the most complex business processes end-to-end."

Translation for business leaders: You can build an AI agent that reads a customer complaint in Salesforce, checks inventory in your ERP, updates the ticket in Slack, and schedules a follow-up in Gsuite — all without a single line of custom code.

Translation for technical leaders: You get a no-code orchestration layer that handles API calls, data transformation, and error handling across systems. Your engineers stop building glue code and start building actual differentiated logic.

StackAI had raised just under $20 million before the acquisition, with the bulk of it ($16M) coming in a recent Series A. Asana paid nearly 4x that for a company with MIT PhD founders (Tony Rosinol and Bernard Aceituno) and pre-built integrations across the enterprise stack. That premium tells you how much Asana values the "cross-system execution" problem.

The Security Layer: Palo Alto Networks Completes Portkey Acquisition

What Palo Alto bought: An AI gateway that sits between your AI agents and the rest of your infrastructure, monitoring, orchestrating, and governing every AI request in real-time.

Why it matters: When you give an AI agent the power to execute tasks independently — like approving purchases, updating customer records, or modifying production code — you introduce new risks. What if the agent gets prompt-injected? What if it starts making unauthorized API calls? What if token costs spiral out of control?

Portkey solves this by acting as what Palo Alto calls "the central nervous system for all AI traffic." Every AI request goes through the gateway, which:

• Routes requests to the best model for the job (cost optimization)
• Monitors token usage to prevent runaway costs (budget control)
• Provides runtime protection to stop malicious or unintended behavior (security)

Palo Alto is integrating Portkey into its Prisma AIRS platform, which now includes three layers:

1. AI Runtime Security — inspect all AI traffic at runtime, detect threats before they hit production
2. Agent Identity Security (via Idira™) — authenticate every agentic interaction, treat agents like privileged users
3. AI Observability (via Chronosphere) — deep telemetry to ensure AI workloads perform reliably at scale

Portkey CEO Rohit Agarwal framed the problem this way: "We joined Palo Alto Networks to bridge the trust gap that prevents AI from reaching its full potential. Organizations are moving from experimental pilots to core business operations. They need safety and reliability."

Translation for business leaders: You can deploy AI agents into production-critical workflows (finance, HR, legal, sales) without worrying that a rogue agent will leak customer data or approve a fraudulent invoice.

Translation for technical leaders: You get centralized policy enforcement, real-time threat detection, and cost controls — all without modifying your AI application code. The gateway handles governance, you handle business logic.

What This Tells You About the Enterprise AI Stack

Here's what these two acquisitions reveal:

1. Enterprises are past the "chatbot experiment" phase.
When a work management platform (Asana) spends $75M on cross-system agent orchestration, and a cybersecurity giant (Palo Alto) acquires an AI gateway for runtime governance, that's a signal that enterprises are deploying agents into real workflows. Not demos. Not pilots. Real workflows with real risk.

2. The stack has two critical layers: execution and security.
You need agents that can DO things (execution layer), and you need a control plane to make sure they do them safely (security layer). Neither is optional. If you deploy agents without orchestration, they can't reach your systems. If you deploy agents without governance, you're creating uncontrolled risk.

3. No-code and pre-built integrations are table stakes.
StackAI's value wasn't "we built a better LLM." It was "we built pre-configured connectors to Salesforce, Slack, and Gsuite so you don't have to." Enterprises will pay a premium for tools that work out-of-the-box with their existing stack.

4. Identity, observability, and runtime protection are non-negotiable.
Palo Alto didn't just buy a traffic router. They bought a platform that treats AI agents like privileged users (identity), monitors every request (observability), and stops malicious behavior in real-time (runtime protection). That's the bare minimum for production AI.

5. The trust gap is the real bottleneck.
As Portkey's CEO said, organizations are stuck between experimental pilots and core business operations. The technical problem (can we build an agent?) is solved. The trust problem (can we deploy it safely?) is not. That's why security acquisitions are happening alongside execution acquisitions.

What This Means for Your AI Strategy

If you're a CIO, CTO, CFO, or VP trying to figure out where to invest in AI infrastructure, here's what to prioritize:

For technical leaders:

• Stop building custom integrations. If you're writing glue code to connect your AI agents to Salesforce, Slack, or your ERP, you're solving a solved problem. Buy a no-code orchestration tool (like StackAI, Zapier, or equivalent) and reallocate those engineering hours to differentiated work.
• Deploy an AI gateway before you deploy agents. If you're running AI agents in production without a gateway that monitors token usage, enforces policies, and provides runtime protection, you're flying blind. The Portkey acquisition is a signal that this layer is non-negotiable.
• Treat agents like privileged users. Every agent interaction should be authenticated, logged, and subject to policy enforcement. If an agent can write to Salesforce or approve a purchase order, it needs the same identity controls as a human admin.

For business leaders:

• Budget for the full stack, not just the model. The cost of AI isn't just the LLM API calls. It's orchestration (StackAI-type tools), security (Portkey-type gateways), observability (monitoring and logging), and identity management. If you're only budgeting for OpenAI or Anthropic credits, you're underfunding by 2-3x.
• Ask vendors about runtime security. When you evaluate AI platforms, ask: "How do you prevent prompt injection?" "How do you monitor token costs?" "How do you enforce policy at runtime?" If the answer is "we don't," walk away.
• Pilot in low-risk workflows first. Asana's Dan Rogers talked about "agentifying the most complex business processes end-to-end." That's the end goal, not the starting point. Start with workflows where an AI mistake is annoying, not catastrophic. Then graduate to higher-stakes processes once you've validated governance.

The Bottom Line

Asana spent $75M on execution. Palo Alto spent an undisclosed amount (likely similar) on security. Both deals happened within 48 hours. Both were framed as mission-critical for enterprise AI. That's not a coincidence.

The enterprise AI stack is no longer theoretical. It's two layers: orchestration (how agents DO things) and governance (how you make sure they do them safely). If you're deploying agents without both layers, you're either limited in what you can build (no orchestration) or taking on uncontrolled risk (no governance).

The good news: You don't have to build this yourself. The acquisitions show that vendors are consolidating these capabilities into platforms. Asana is building the execution layer. Palo Alto is building the security layer. Other vendors (Salesforce, Microsoft, Google) are doing the same.

The decision you need to make: Are you going to wait for your current platform vendor to build these capabilities organically, or are you going to adopt best-of-breed tools now and integrate them yourself?

Based on what happened in the last 48 hours, the enterprises that move fastest are betting on best-of-breed. They're not waiting for their work management platform to build security, or their security platform to build orchestration. They're buying the execution layer from Asana, the security layer from Palo Alto, and integrating them into a unified stack.

If you're still waiting for a single vendor to deliver the full AI stack, you're going to be waiting a long time. The market just told you: the stack is modular, the layers are well-defined, and the acquisitions are happening now.

Your move.