Salesforce just raised the stakes in the most consequential infrastructure battle of 2026: who owns the control plane above your AI agents. This week's major expansion of MuleSoft Agent Fabric adds guided determinism, centralized LLM governance, trusted agent identity with mobile approvals, and automated discovery across Amazon Bedrock, Microsoft Azure AI Foundry, and GoDaddy. The pitch to enterprise buyers is direct: stop building one-off governance for every agent platform, and start running everything—Agentforce, Bedrock, Foundry, homegrown agents, MCP servers—through a single coordination layer.

Why this matters now: Gartner predicts the average Fortune 500 enterprise will run more than 150,000 AI agents by 2028, up from fewer than 15 in 2025. IBM's Think 2026 survey found 7 in 10 executives admit current governance is not fit for purpose, only 18% maintain a current agent inventory, and just 12% have a centralized platform to manage agent sprawl. The control plane is no longer a future architectural question. It is the gate every CIO must walk through in the next 12 months, and the vendors fighting for that gate—Salesforce, Microsoft, Google, ServiceNow—are about to define how enterprise AI is governed for the next decade.

What Salesforce Actually Shipped

Agent Fabric launched in September 2025 as a registry-plus-observability layer for AI agents. This week's expansion turns it into something more ambitious: a coordination plane that spans the entire multi-vendor agent estate, with rules and identity attached to every action.

The headline additions:

• Agent Scanners now scan across platforms. Automated discovery covers MCP servers, Amazon Bedrock, Microsoft Foundry, and GoDaddy, with OAuth-based registration. If an agent exists somewhere in your enterprise, Agent Fabric finds it and adds it to a central registry.
• Agent Script for Agent Broker introduces guided determinism. Developers define fixed handoff rules and escalation paths; LLMs handle the reasoning in between. This is a deliberate move away from pure autonomous orchestration, which has consistently failed in production.
• LLM Governance on AI Gateway standardizes token management, routing rules, and cost controls across multi-LLM stacks—OpenAI, Gemini, Salesforce's own models, and others—from a single choke point.
• Trusted Agent Identity ties agent actions to specific user permissions and requires mobile approval for high-stakes operations like money movement or legal review.
• MCP Bridge wraps existing REST, SOAP, and GraphQL APIs as MCP-compatible tools without code changes—addressing the very real problem that most enterprise APIs predate MCP.
• Informatica-hosted MCPs ship inside the Agent Registry so every agent interaction starts with governed, quality-checked data.
• Visual Authoring Canvas sits alongside MuleSoft Vibes to map multi-agent workflows and human checkpoints visually.

The named customers do not look like marketing dressing. Capita, one of the UK's largest business process outsourcing firms, is running Agent Fabric across its customer service estate. Alcon, a medical device company operating in regulated markets, uses it to coordinate agents across business units. Diabsolut, a Salesforce implementation partner, runs a network of agents spanning Agentforce, SharePoint, Certinia, and custom-built tools—all triggered from Slack—and reports that "tasks that previously took days are completed in seconds."

The availability timeline matters as much as the features. AI Gateway, MCP Bridge, and Trusted Agent Identity with mobile authorization are generally available today. Support for additional platforms (Bedrock, Foundry, GoDaddy) is live. MCP server discovery arrives in May 2026, OAuth in June. Agent Broker's deterministic orchestration is in beta starting April 2026, with full GA—including the visual authoring canvas and Salesforce model support—arriving in June 2026. The full bundle does not ship until mid-summer, which gives competitors a short but real window to respond.

Why CIOs Cannot Ignore the Control Plane Question

The sprawl numbers stopped being theoretical sometime in early 2026. Salesforce's own 2026 Connectivity Benchmark, surveying 1,050 IT leaders, found enterprises now run an average of 12 AI agents in production, projected to hit 20 within two years. Half of those agents run in isolated silos. Twenty-seven percent of the APIs connecting them are ungoverned. Only 54% of organizations have centralized governance for agentic capabilities. And 86% of IT leaders worry agents add more complexity than value due to integration failures.

Technical implications (CTO/CIO):

• Identity propagation breaks first. A single chatbot is easy to govern. Hundreds of agents, each calling APIs with different scopes, spawning sub-agents, and writing back to production systems, are not. Without trusted agent identity, the audit trail is unfixable. The Cursor agent that deleted a production database in nine seconds earlier this year is now the canonical example of what happens when agents run with privileged credentials and no governance layer.
• MCP becomes the integration substrate, not just a feature. Anthropic's Model Context Protocol won the war for how agents talk to tools. Every serious control plane—Salesforce, Microsoft, Google, ServiceNow—now treats MCP as table stakes. The differentiator is no longer "do you support MCP?" It is "how do you govern the 9,400+ public MCP servers your developers can pull in tomorrow?"
• Determinism comes back. Pure autonomous orchestration looked great in demos and failed in production. Robert Kramer, managing partner at KramerERP, told InfoWorld that "pure autonomous agents don't necessarily work in production—enterprises need to ensure predictable outcomes." Guided determinism—fixed rules at the handoff boundaries, LLMs for the reasoning in between—is now the consensus architecture across every major control plane vendor.

Business implications (CFO/COO):

• Token spend is the new cloud spend. Without a central gateway, different teams negotiate their own API contracts and manage token budgets locally. Scott Bickley, advisory fellow at Info-Tech Research Group, told InfoWorld this produces "sprawling costs, inconsistent security postures, and no enterprise-wide policy enforcement." Centralized AI gateways are the FinOps story of 2026.
• Compliance exposure scales with agent count. Each ungoverned agent is a potential GDPR, HIPAA, SOX, or sector-specific violation waiting to happen. The shift from "an agent generated a bad summary" to "an agent autonomously moved money" changes the regulatory math entirely.
• Switching costs become strategic. Once an agent control plane runs your discovery, routing rules, identity, and governance policies, switching vendors is a multi-quarter project. The control plane is where vendor lock-in for enterprise AI gets cemented.

The Real ROI: What "Orchestration-Led" Enterprises Are Reporting

IBM's Think 2026 data drew a sharp line between enterprises that built orchestration into their AI foundations and those that bolted it on later. Organizations committed to orchestration-led governance were 13x more likely to be scaling their AI practice. They also reported:

• 30% fewer irregularities across agent decisions, which for a $20 billion company translates to roughly $140 million in annual savings.
• 20% greater ROI from AI investments compared to enterprises without centralized orchestration.
• 169% greater transparency into agent decisions and actions.
• 132% stronger data-privacy protection measured against pre-deployment baselines.

These numbers explain why every major enterprise software vendor is now racing for the same architectural position: the layer that sits above all the agents and decides who can do what, with whose permissions, against which data, at which cost.

Framework #1: The 2026 Multi-Vendor Control Plane Decision Matrix

Four vendors now have credible enterprise-grade control planes. They are not interchangeable. Choose by where your existing data, identity, and workflow gravity already lives—not by which has the longest feature list.

Salesforce Agent Fabric (MuleSoft)

• Best for: Enterprises already on Salesforce + MuleSoft, organizations with heavy customer-facing agent workloads, regulated industries needing mobile-approval workflows for high-stakes actions.
• Strengths: True multi-vendor discovery (Bedrock, Foundry, GoDaddy, MCP); guided determinism via Agent Script; mature MCP Bridge for legacy API wrapping; Informatica-hosted data quality MCPs out of the box; Trusted Agent Identity tied to user permissions.
• Weaknesses: Agent Broker GA not until June 2026; pricing model still being defined; high switching cost once you've registered hundreds of agents and codified routing rules.
• Pricing signal: Bundled into MuleSoft AnyPoint Platform pricing; expect six-figure enterprise contracts minimum.

Microsoft Agent 365 (with Copilot Studio)

• Best for: Microsoft 365 / Entra / Defender shops, enterprises standardized on Azure AI Foundry, organizations that already trust Microsoft for identity and endpoint security.
• Strengths: Native Entra Agent IDs, Defender threat detection, Shadow AI Detection via Intune; registry synchronization for agents on AWS and Google Cloud; lifecycle controls (install, publish, block, delete); ServiceNow AI Control Tower integration via partnership.
• Weaknesses: Strongest inside the Microsoft estate, thinner outside; multi-vendor support relies on registry sync rather than deep orchestration; Copilot Studio licensing still confusing for many buyers.
• Pricing signal: Per-message / per-agent consumption pricing plus Microsoft 365 E7 SKU dependency.

Google Gemini Enterprise Agent Platform

• Best for: Google Cloud customers, organizations betting on Gemini as the primary model, engineering-led shops wanting code-first agent development.
• Strengths: Agent Studio (low-code) plus Agent Development Kit (code-first, Python/Go/TypeScript); Agent Gateway with Model Armor (prompt injection, tool poisoning, data leakage defense); GKE Hypercluster for massive multi-agent workloads; Agent Sandbox for untrusted code execution.
• Weaknesses: Strong inside Google Cloud, weaker integration story with Microsoft / Salesforce data estates; Model Armor maturity still being proven in production.
• Pricing signal: Consumption-based across Vertex AI and Agent Builder; bundled discounts for Gemini Enterprise customers.

ServiceNow AI Control Tower

• Best for: Enterprises already running ServiceNow for ITSM/CSM/HRSD, organizations where workflow orchestration matters more than model orchestration.
• Strengths: Deep integration with ITSM/ITOM/HRSD/CSM workflows; pre-built agents for IT, HR, customer service; identity management, policy enforcement, audit trails built into the same control tower; expanded Microsoft Agent 365 integration via the recent partnership.
• Weaknesses: Best when ServiceNow is already your system of record for workflow; less compelling if you do not already pay seven-figure ServiceNow contracts.
• Pricing signal: Add-on to Now Platform; pricing tied to existing ServiceNow tier and seat counts.

Decision logic in one sentence: Where does your audit trail need to live? If it is Salesforce Data 360, choose Agent Fabric. If it is Entra + Defender, choose Agent 365. If it is BigQuery + Vertex, choose Gemini Enterprise. If it is the Now Platform, choose AI Control Tower. None of these vendors will admit it, but the control plane decision is mostly a forcing function of where your governance evidence already lives.

Framework #2: The 90-Day Multi-Vendor Control Plane Rollout Plan

Pick the vendor, then run this sequence. The schedule below maps to the May 2026 Salesforce announcement timing but works for any of the four control planes above with minor relabeling.

Days 0–30: Discover and Inventory (the boring half)

• Week 1: Stand up the agent registry. Run automated scanners against AWS Bedrock, Azure AI Foundry, MCP servers, and any homegrown agent runtimes. Expect to find 2–3x more agents than your CMDB suggests exist.
• Week 2: Tag every discovered agent with owner, business unit, data scopes, model used, and risk tier (low / medium / high / critical). Most enterprises discover 20–40% of agents have no clear owner—fix that first.
• Week 3: Define your risk tiers explicitly. A low-risk internal summarization agent is not the same as an agent that can authorize purchases or write to production databases. Document the criteria for each tier.
• Week 4: Cut a baseline report: agent count, model spend per agent, top 10 agents by token usage, top 10 by data access scope. This is your "before" snapshot for ROI measurement.

Days 31–60: Govern and Secure (the high-leverage half)

• Week 5: Stand up the LLM gateway. Route all production agent traffic through a single AI gateway. Enforce per-agent token budgets and per-model routing rules. Expect to surface 15–25% in immediate cost optimization just from routing simple queries to cheaper models.
• Week 6: Roll out trusted agent identity. Bind every privileged action (money movement, customer communication, production database writes, legal review) to a user identity with mobile or webhook approval. Block direct execution for any critical-tier agent.
• Week 7: Apply governance policies. Define which connectors are allowed for which agent tiers, which models are approved, which data classifications can flow to which models. Encode the rules in the gateway, not in tribal knowledge.
• Week 8: Audit the registry. Decommission orphan agents. Re-credential agents that survived. Publish a one-page governance policy that names the kill switch owner.

Days 61–90: Orchestrate and Optimize (the differentiation half)

• Week 9: Introduce guided determinism. Take your top 3 multi-agent workflows and codify the handoff rules. Let the LLM reason inside each step; force determinism at the boundaries.
• Week 10: Wire MCP servers and approved tools into the registry. Make MCP discovery a governed action—an agent cannot use a tool that is not in the registry, full stop.
• Week 11: Measure. Compare current state against the Week 4 baseline: token spend per workflow, error rate, time-to-resolution, audit completeness. The "orchestration dividend" should show up as 15–30% lower spend on completed workflows and a sharp drop in unattributable agent actions.
• Week 12: Publish the operating model. Who owns the registry? Who approves new agents? Who reviews quarterly spend? Without a named accountable owner, the gains decay within two quarters.

Common pitfalls (every enterprise rediscovers these):

• Treating discovery as one-time. Run scanners continuously. New agents appear weekly.
• Skipping risk tiering. Without tiers, every agent gets either too much governance or too little.
• Ignoring legacy APIs. MCP Bridge or its equivalent is essential—most enterprise value lives in non-MCP REST/SOAP/GraphQL endpoints.
• No exit plan. Document portability. Which orchestration rules, registry entries, and policies are portable to another control plane?

Case Study: How Diabsolut Compressed Days to Seconds

Diabsolut, a Salesforce implementation specialist, ran one of the most concrete pilots for the expanded Agent Fabric. The team coordinated a network of agents spanning Agentforce, SharePoint MCPs, Certinia MCPs, and custom-built homegrown agents—all triggered from a single Slack interface.

The use cases were unsexy and high-frequency: workshop planning, user story generation, and solution design support during implementation projects. Each task previously required someone to ping a consultant, wait for availability, gather context from multiple systems, and write a draft document. The cycle measured in days.

Under Agent Fabric, a request in Slack now triggers Agent Broker, which discovers the best-fit agent (Agentforce for CRM context, SharePoint MCP for past project artifacts, Certinia MCP for billing precedents), routes accordingly, applies guardrails on data classification, and returns a draft within seconds. Tasks that took days are completed in seconds, per John Pettifor, SVP of Innovation.

The lessons for other enterprises:

• Slack is the right entry point for many internal multi-agent workflows. It is where employees already work, and it sidesteps the "yet another portal" failure mode.
• MCP-first integration pays off. Diabsolut chose to expose Certinia and SharePoint as MCPs instead of writing custom integrations. That made the cross-system coordination near-trivial.
• Governance was non-negotiable. Even for an implementation partner with high tolerance for AI experimentation, the team would not deploy without trusted identity, audit trail, and centralized policy.

The blueprint is reproducible for any enterprise running a mix of Salesforce, Microsoft 365 / SharePoint, and a vertical SaaS like Certinia or Workday. The lift is real, but it requires a control plane decision before you start—not after the agent count crosses 50.

What to Do This Quarter

For CIOs:

• Treat the control plane decision as a 2026 capital decision, not a 2027 plan. Sprawl outruns roadmaps.
• Run a discovery scan—agnostic of vendor—against your real environment. Use the results to drive the vendor choice, not the other way around.
• Demand portability commitments from whichever vendor wins. The exit path matters more than the entry path.

For CFOs:

• Centralize LLM gateway billing in Q3 2026. The 15–30% cost optimization from routing alone justifies the investment before any other ROI.
• Ask for token spend visibility per agent, per business unit, per model. If your current stack cannot answer that question, you do not have a governance problem—you have an accounting problem.

For Business and Security Leaders:

• Map the high-stakes workflows (money movement, customer communication, regulated data access) and require mobile or webhook approval for every agent action that touches them.
• Name an accountable owner for the agent registry. Without one, the cleanup work decays back into sprawl within two quarters.

The window to choose is shorter than it looks. The control plane that wins in your enterprise is the one that registers your agents first. By the time you have 1,000 agents under one platform's governance, the switching cost is real. Salesforce's bet—and Microsoft's, Google's, and ServiceNow's parallel bets—is that 2026 is the year that decision gets made for most of the Fortune 500.

---

Continue Reading

• Salesforce Headless 360: The UI Becomes Optional
• Microsoft Agent 365 GA: The Two-Invoice Trap
• Google Gemini Agent Platform: Identity, Registry, Gateway
• Forrester AEGIS Framework: 6 Guardrails for AI Agent Breaches
• Snowflake + Natoma MCP Gateway: 9,400 Servers, 18% Trust

---

Sources

• Salesforce News — Agent Fabric Control Plane Announcement
• InfoWorld — MuleSoft Agent Fabric Adds New Ways to Keep AI Agents in Line
• Salesforce Ben — Meet the New MuleSoft Agent Fabric
• UC Today — Salesforce Expands Agent Fabric as AI Agents Multiply
• The AI Software Report — Salesforce Expands Agent Fabric to Unify Multi-Vendor AI Governance
• Gartner — Six Steps to Manage AI Agent Sprawl (April 2026)
• IBM Think 2026 — 1,600 AI Agents Per Enterprise: The Governance Gap
• iEnable — AI Agent Sprawl: 50% of Enterprise Agents Run Ungoverned
• Simply Wall St — Salesforce Expands Agent Fabric to Anchor AI Agents
• Microsoft Tech Community — What's New in Agent 365 (May 2026)
• Bain — Google Cloud Next 2026: The Agentic Enterprise Control Plane Comes Into View
• ServiceNow — Expands AI Agent Governance Through Deeper Integration With Microsoft