Tetrate and Ory have partnered on AI agent security, combining Ory's authorisation engine with Tetrate Agent Router Enterprise.
The joint offering targets businesses that want tighter control over AI agents as they move from pilot projects into operational use. It focuses on policy enforcement at the point where an agent makes a live tool call, including checks on the parameters within each MCP request.
Many MCP runtimes decide only which tools an agent can see or call. Under this arrangement, policy is applied to each live request, with Tetrate enforcing controls on network traffic and Ory determining what agents and users are allowed to do at the resource level.
If a request crosses a defined risk threshold, Tetrate can halt it and trigger an authentication and approval process through Ory. The system can then grant short-lived elevated access and record the approval path for audit purposes.
Customer link
The tie-up grew out of an existing customer relationship. Ory had used Tetrate Enterprise Gateway for Envoy to support the infrastructure behind its identity and customer identity platform, a move it said cut resource use by 40% while improving operations and observability.
That deployment became the basis for a broader commercial relationship as Ory expanded its work on securing AI agents. The companies now present the combined system as a way to connect identity, authorisation and runtime traffic enforcement.
Ory treats AI agents as identities within its platform, while Tetrate's software enforces policy when those agents call models, tools and enterprise services. The setup extends control to both tool access and the request parameters attached to MCP tool calls, with rules defined in Ory Keto.
For businesses deploying AI agents, the issue is not just whether an agent can access a system. It also includes what the agent is trying to do inside that system, how much data it can reach, and whether a request should trigger stronger checks before proceeding.
The companies cited examples including a retail refund above an approved amount, a financial transfer to a higher-risk destination, access to sensitive healthcare records, or changes to production systems in IT operations. In each case, a routine action could proceed under existing policy, while a higher-risk request would require step-up approval.
David Wang, Head of Product Management at Tetrate, said the focus is on live requests.
"The challenge with AI agents isn't just controlling which tools they can access-it's controlling how they use those tools," said David Wang, Head of Product Management at Tetrate. "Tetrate Agent Router Enterprise enforces fine-grained authorization on MCP tool invocations down to the parameter level, based on policies defined in Ory, and does so through a globally distributed Envoy-based gateway layer. That gives enterprises the precision, scale and control that production deployments demand."
Envoy base
The system is built on Envoy AI Gateway, the open-source project that underpins Tetrate's gateway software. The Envoy foundation is intended to give customers a distributed traffic layer that applies policy consistently across providers, geographies and environments.
Ory's earlier use of Tetrate Enterprise Gateway for Envoy also supports the companies' argument for operational proof. They say the same infrastructure used to run identity services globally can also support AI agent traffic controls in demanding production environments.
The arrangement brings together several elements of identity management and traffic enforcement. Ory Hydra manages OAuth2 and OIDC token flows for agent and user identity, while Ory Keto applies least-privilege access policies. Tetrate then evaluates live requests to models, tools and enterprise systems at runtime.
That model addresses a growing concern for companies introducing AI agents into business processes. As agents gain access to customer records, internal systems and transaction workflows, questions around identity, permissions, data exposure and runtime oversight become more pressing.
Jeff Kukowski, Chief Executive Officer at Ory, said the companies view AI agents as subjects that require the same formal controls as human users or applications.
"AI agents must be treated as first-class identities with explicit authentication, authorization and governance," said Jeff Kukowski, Chief Executive Officer at Ory. "Together with Tetrate, Ory is helping enterprises secure AI agent deployments end to end, from identity and access decisions to runtime enforcement and policy control."
The joint solution is available now.