Somewhere in your stack, an agent is running that nobody formally authorized.
If you're running a modern infrastructure stack, you've probably started connecting AI to parts of it. A chatbot that queries logs, an assistant that drafts runbooks, maybe a prototype that watches metrics. The AI itself is impressive. The way it's connected to your tools? Less so.
Most teams are wiring agents to infrastructure one integration at a time. Every new tool means a new connection, a new set of credentials, a new surface to secure. Add a few more and the agent's context fills up with tools it doesn't need for the current task — slowing it down, increasing cost, and reducing accuracy. Meanwhile, nobody has a clear answer to the question your security team is already asking: who authorized this agent to do what, and where's the audit trail?
This is the pattern we keep seeing. The AI is ready. The infrastructure is ready. What's missing is the layer in between, the thing that connects agents to tools intelligently, governs what they can do, and makes the results repeatable. Not another tool in the stack. A control plane for AI agents.
So we're building one
We call it AI Orchestration: an open source control plane that connects AI agents to your entire tool landscape through a single, governed layer, built on the Model Context Protocol (MCP). The foundations are live on GitHub with over 200 releases. This isn't a roadmap slide. It's running.
Here's what changes:
- The context overload problem disappears. Right now, most agent setups dump every available tool into the context window and hope for the best. The agent gets slower, more expensive, and less accurate with every integration you add. With orchestration, agents ask "what can I do right now?" and get a filtered, relevant answer. New integrations extend capabilities automatically — no code changes, no context bloat.
- Shadow AI gets a name and an audit trail. Today, when an agent runs a query or triggers an action, there's often no link back to who authorized it, what it accessed, or why. That's a security gap you can paper over at prototype scale but not in production. Orchestration ties every agent action to a user identity through SSO, blocks destructive operations by default, and logs everything. Your security team gets the answer they've been asking for.
- Tribal knowledge stops being single-threaded. Your best on-call engineer has a debugging sequence: check the dashboard, correlate with logs, inspect the deployment, roll back if needed. That path lives in their head. When an agent discovers the same kind of path across your tools, orchestration lets you capture it as a deterministic, GitOps-managed workflow. Same result every time. Runs at 3 AM without waking anyone up. Costs a fraction of the AI-driven version.
What this means if you run a platform
If you know Giant Swarm, you know we've spent 10+ years curating the platform engineering stack — Kubernetes, observability, security, connectivity — so platform teams don't have to assemble it themselves. AI Orchestration is the natural next layer.
The same tools we already curate become the foundation that agents operate on. The same principles apply: open source, sovereign, running in your environment. But now your platform doesn't just run workloads, instead it connects to an intelligence layer that can observe, reason, and act across your entire stack. Not by replacing your team's judgment, but by making it available at a scale and speed that wasn't possible before.
This is an early look
There's more coming: deeper technical content on how the orchestration layer works, use cases beyond infrastructure operations, and details on how this integrates with the platform capabilities you already run. Most teams will figure the governance problem out eventually. The ones who figure it out first won't be woken up at 3 AM to do it. If you can see the wall coming, let's talk.
