Three Vendors, Ten Days: The Agent Control Plane Is Now a Real SKU

In ten days, Microsoft, Google and ServiceNow all shipped the same product. The "agent control plane" is no longer a slide. It now costs USD 15 per user.

I have been watching the "agent governance" category for about a year. Until April 2026 it was almost entirely vendor marketing: webinars, slideware reference architectures, a few open-source registries on GitHub. Nothing that a decision maker could use and say "this is how we control the 1'200 agents our business units are about to deploy."

That changed between 22 April and 5 May 2026. In those ten working days three different vendors put the same product in the market, with the same shape, the same vocabulary, and in two of three cases a real price tag. If you run technology for a Swiss organisation of any size, this is the most important infrastructure announcement of Q2 2026, and I want to explain why.

AWS had quietly set the table a few weeks earlier. On 9 April 2026 it pushed an Agent Registry into AgentCore preview, the first hyperscaler to put the four primitives (Identity, Registry, Gateway, Observability) on its public roadmap. What changed in the next ten days is that the rest of the field decided to ship the same product in GA, not preview, and to do it almost simultaneously.

What actually shipped

Google, 22 April: Gemini Enterprise Agent Platform

Google went first, at Cloud Next '26. They consolidated Vertex AI into a single product called the Gemini Enterprise Agent Platform, anchored on four named capabilities: Agent Identity, Agent Registry and Agent Gateway under the platform's Govern pillar, plus Agent Observability under Optimize.

The names matter, because all three vendors converged on roughly the same four words. Agent Identity gives every agent a unique cryptographic ID and an auditable trail. Agent Registry is a single inventory of every agent, tool and skill in the organisation. Agent Gateway is the policy enforcement point between agents and tools, with built-in Model Armor protection against prompt injection. Agent Observability traces reasoning end-to-end. The platform exposes 200+ models in one place through Model Garden. Vertex AI as a separate brand is effectively gone.

Microsoft, 1 May: Agent 365 GA

Nine days later Microsoft pushed Agent 365 to general availability. Standalone price: USD 15 per user per month. Bundled into the new Microsoft 365 E7 SKU at USD 99 per user per month, which combines Microsoft 365 E5 (so Defender, Purview and Intune are inherited), Microsoft 365 Copilot, Entra Suite and Agent 365.

Microsoft's positioning is direct: every agent gets an Entra identity, Purview labels apply, Defender governs runtime behaviour, Intune now manages local agents on Windows endpoints. With one extra move: registry sync with AWS Bedrock AgentCore and Google Gemini Enterprise in public preview. If your organisation runs agents on all three clouds, Microsoft wants to be the inventory of record. It is a smart move that Microsoft openly invite competitors into its control plane.

ServiceNow, 5 May: Autonomous Security & Risk

Four days after Microsoft, ServiceNow announced Autonomous Security & Risk at Knowledge 2026, integrating Armis (asset intelligence across IT, OT, IoT) and Veza (identity governance for humans and non-humans). The same control plane idea, with a different centre of gravity: the CMDB.

ServiceNow's evidence list is the most concrete of the three. A global energy company across 70+ countries cut threat containment time by 97%. A major US financial institution eliminated 96% of dormant non-human identities. A Fortune 100 aerospace manufacturer reduced control attestation time by 75%. Pilot customer numbers, not lab benchmarks, and large enough to take seriously.

The convergence is not coincidence

Three vendors do not ship the same product in ten days by accident. Two forces are colliding.

Force one: agent sprawl is no longer theoretical

The numbers behind non-human identities have crossed a threshold. Veza's 2026 State of Identity & Access report puts the machine-to-human identity ratio at 17:1 in the enterprises it studied. In the same data set, 0.01% of non-human identities control 80% of cloud permissions, the average identity carries roughly 96'000 entitlements, 38% of accounts sit dormant, 8% are orphaned, and only 55% of permissions are classed as safe or compliant. The blast radius is not hypothetical.

Layer agents on top of that base. SpyCloud's 2026 Identity Exposure Report identified 6.2 million credentials or authentication cookies tied to AI tools alone. Gartner named "Identity and Access Management Adapts to AI Agents" one of its top six cybersecurity trends for 2026, ranked as Trend 4. Every business unit that ships an agent is creating identities, secrets and audit obligations the security team has not seen.

Force two: the EU AI Act deadline

On 2 August 2026 the high-risk obligations of the EU AI Act become fully enforceable: Article 50 transparency duties, conformity assessments, the full Article 6 high-risk regime. Article 101 fines for general-purpose AI providers also apply from that date.

Switzerland is not in the EU, and the FADP does not yet include an AI-specific chapter. The Federal Council has confirmed a technology-neutral, sector-specific approach, with a consultation draft from the FDJP due by end of 2026. But any Swiss organisation that processes EU personal data, serves EU customers, or operates in regulated EU markets (finance, health, energy, mobility) will be subject to AI Act obligations from August. The Council of Europe AI Convention, which Switzerland signed in March 2025, will further pull Swiss practice toward the EU standard.

A Swiss CISO who wants to be defensible in August needs evidence of three things: a complete inventory of deployed agents, identity-level access control for each one, and an auditable log of agent actions. That looks like the four-primitive stack all three vendors just shipped.

What I think the three platforms get right, and where they fall short

I want to be honest about where this is not yet finished work, because the marketing makes it sound more complete than it is.

What is genuinely useful today

The vocabulary alignment is real. When Microsoft, Google and AWS independently land on Identity + Registry + Gateway + Observability, that is a category solidifying. Procurement teams can write requirements without locking into one vendor's terminology, and architects can build cross-vendor reference designs.

Registry sync between Agent 365, Bedrock AgentCore and Gemini Enterprise is the most interesting move of the ten days. AWS launched its own Agent Registry in preview on 9 April 2026, and AgentCore exposes the same primitives. The first vendor to credibly offer a unified inventory across three clouds wins a structural position, regardless of which platform the agents themselves run on.

ServiceNow's CMDB anchor is undervalued in the coverage I have read. Most large organisations already keep their asset, identity and risk data in ServiceNow. Adding agents to that record, with Armis enriching network behaviour and Veza enriching permissions, is the path of least resistance for a CIO who already pays a multi-million-franc ServiceNow bill.

What is not proven

Cross-vendor portability is a one-way mirror. Agent 365 imports Bedrock and Gemini agents into its registry; the reverse path is not in any roadmap I have seen. If your strategy is "Microsoft as inventory of record," you need to accept Microsoft as the source of truth for agents running on AWS and Google. That is a sovereignty question with operational consequences.

Pricing transparency is mixed. Microsoft has a public USD 15 anchor. Google's Gemini Enterprise pricing at the agent-platform SKU level is not disclosed for European customers. ServiceNow's Autonomous Security & Risk pricing is bundle-dependent. Expect 6-12 months where Microsoft's USD 15 sets the procurement reference and the others negotiate around it.

Swiss and EU data residency on these platforms is improving but not uniform. Microsoft offers EU Data Boundary commitments and Swiss-region Azure. Google Cloud has Zurich and Frankfurt regions, with VPC Service Controls. ServiceNow operates Swiss-region instances. None of the three has yet published an "AI Act high-risk profile" SKU with documentation, conformity assessment evidence and an incident reporting workflow you would hand to an auditor. That gap is the next thing I expect to close before August.

The 96% and 97% customer numbers are real but self-selected pilots. Treat them as proof the technology can work, not as evidence the median deployment will reach those numbers.

One last observation

Six months ago, "agent governance" was not a big topic. By Q4 2026 I expect it to be a standing audit committee item in regulated industries. The ten working days between 22 April and 5 May 2026 could be the inflection point retrospectives mark: three GA products, a price anchor, a regulatory deadline 90 days out. I looks like, it stopped being optional.

 

---

Sources:

• Microsoft Agent 365, now generally available (Microsoft Security Blog, 01.05.2026)
• Introducing Gemini Enterprise Agent Platform (Google Cloud Blog, 22.04.2026)
• ServiceNow launches Autonomous Security & Risk (ServiceNow Newsroom, 05.05.2026)
• AWS Agent Registry in AgentCore Preview (AWS, 09.04.2026)
• EU AI Act Implementation Timeline
• Veza 2026 State of Identity & Access — press release
• SpyCloud 2026 Annual Identity Exposure Report
• Gartner — Top Cybersecurity Trends for 2026
• Switzerland signs Council of Europe AI Convention (admin.ch, 27.03.2025)
• Switzerland AI laws and regulations (CMS Expert Guide)
• Microsoft 365 E7 licensing guide (SAMexpert)