Lunar.dev

Agent = Model + Harness. The harness is the tools an agent can call, the credentials behind them, and what happens when one fails. It usually decides reliability more than the model does. The problem is ownership. Agent Harness Engineering was built by developers who can read the logs and ship the fix. But enterprises are rolling agents out to finance, marketing, and ops, who can't audit a tool or patch a credential path. So the harness has to move off the user and onto the platform team, managed centrally at the gateway. In his latest post, Eyal S. covers what a harness actually is, why it matters, and how to build one that holds up in production. Read it here: https://lnkd.in/dx_maJkt #AIAgents #MCP

Everyone is talking about AI agents. Very few are talking about the infrastructure required to govern them safely at scale. As enterprises move from single copilots to multi-agent environments, one thing becomes clear: AI without gateways = no control layer. Gateways are quickly becoming the backbone of enterprise AI: • Authentication & access control • Visibility into agent actions • MCP governance • Tool permissions & RBAC • Auditability & compliance • Secure connectivity between agents, models, and enterprise systems The future won’t be “one AI tool.” It will be thousands of agents, tools, MCPs, and workflows operating across organizations. And all of them will need governance. “All you need is gateways.” 🎸 Worth watching: https://lnkd.in/duUeGB58

Lunar.dev is proud to announce a strategic partnership with Boomi . Lunar.dev will bring its enterprise AI Gateway to Boomi Connect to help organizations move from AI experimentation to real-world deployment. For enterprises, that will mean fine-grained policy enforcement, full observability, and runtime governance across every interaction between AI, data, and applications. Together, Lunar.dev and Boomi will deliver governed agent connectivity across the enterprise. This is the next phase of agentic AI, with governance centralized by design.

Gartner just released their analysis of AI gateways following Palo Alto Networks's recent acquisition, calling them "Essential AI middleware components." Two years ago, this was an emerging category. Now the first Magic Quadrant for AI Gateways is coming in 2026, and platform vendors (Google, Microsoft, IBM, Cloudflare) are all racing to build capabilities. But here's the problem Gartner highlights: 8 different teams think they own AI gateways. Each sees it through a completely different lens. Gartner's recommendation? Platform teams should own AI gateways as cross-cutting infrastructure with centralized governance. Proud to see Lunar.dev is recognized as a specialist vendor in this report. At Lunar.dev, we're building exactly this - an enterprise AI control plane where governance is centralized by design. Control every AI interaction across your enterprise (agents, LLMs, MCP servers, APIs) with full observability and enforceable policies, self-hosted in your VPC.

The LiteLLM supply-chain attack made one thing clear: Concentrating customer API keys inside a single gateway is a liability. Credentials need to live in your vault, not in your AI infrastructure. Our April newsletter is out, and both major updates this month are a direct response to that reality. 🏢 Groups: Sync your existing groups from Okta, Entra, or Google Workspace and connect them to a Profile once. Every current and future group member automatically inherits the right MCP servers and permissions. No more configuring access for 200 people individually. 🔐 Secret Management: Admins and users now work with named references to secrets, never the raw values. Credentials stay in your secret manager, encrypted at rest, never logged, and picked up automatically on rotation. No manual re-provisioning after restarts. What's Next: 💪 In-Client Authentication. When an MCP token expires, MCPX exposes re-authentication as a tool that the agent can invoke inline, without the user ever leaving their workflow. The first step toward making MCPX invisible to non-technical users while keeping full governance in place for admins. Want to see it in action? Schedule a demo with our team. #MCP #AIAgents #MCPX #Security

Most MCP deployments store API keys in plaintext in a database. Which means any engineer with query access can read every credential in your stack and act on any user's behalf. In his latest blog post, Eyal S. wrote the 5 rules that define enterprise-grade MCP secret management, and how MCPX applies each one. Link in comments.

The CLI vs MCP debate isn't about developers. It's about everyone else. Wrote about what security and IT teams need to build before the second wave of AI adoption hits.

The CLI vs MCP debate isn't about developers. It's about everyone else. Wrote about what security and IT teams need to build before the second wave of AI adoption hits.

There's a pattern we keep seeing across enterprise teams building with MCP. The code is done fast. The deployment is not. 🦥 MCP config files get passed around. Tickets, onboarding docs, Slack messages. API keys go with them. 🔐 These aren't edge cases. They're the default experience for most enterprise teams adopting MCP today. That's exactly what Hosted MCP Servers in MCPX solves. Rotem Yohanan breaks down why this happens structurally and what fixing it actually requires. Link in the comments.