Joint solution combines Ory’s authorization engine with Tetrate Agent Router Enterprise, built on Envoy-based AI gateway, to enforce dynamic policy on live MCP tool calls and request parameters at enterprise scale.
SAN FRANCISCO, June 3, 2026 /PRNewswire/ — Tetrate and Ory today announced a strategic partnership to help enterprises secure AI agents in production. The joint solution combines Ory’s identity and authorization platform with Tetrate Agent Router Enterprise, applying dynamic, granular policy at the point where agents actually call tools, including governance over the parameters of each MCP tool call.
Many MCP runtimes only decide which tools an agent can see or call. The Tetrate-Ory joint solution goes further, enforcing policy on every live request. AI agent security has two distinct layers: the network/gateway layer (where Tetrate enforces policy on live traffic, tool calls and request parameters) and the authorization/policy layer (where Ory determines what agents and users are actually permitted to do at the resource level). When a call exceeds a defined risk threshold, Tetrate can pause the request, trigger an authentication and approval flow through Ory, issue short-lived elevated access, and record the full approval path for audit.
The timing reflects a clear market need. As companies move AI agents from pilots into real business use, they face growing risks around agent identity, overbroad permissions, unsafe tool access, data exposure, and weak runtime controls.
From customer to partner
Ory first worked with Tetrate as a customer. To improve the infrastructure behind its global IAM and CIAM platform, Ory migrated to Tetrate Enterprise Gateway for Envoy, a move that cut Ory’s resource use by 40 percent and improved product operations and observability. Tetrate exhibited its ability to help customers run Envoy in production at enterprise scale. As Ory expanded its focus to securing AI agents, the relationship grew into a strategic partnership.
Identity, authorization and runtime enforcement
The joint solution combines Ory’s identity layer with Tetrate’s runtime enforcement layer. Ory treats AI agents as first-class identities. Tetrate Agent Router Enterprise enforces those policies when agents call models, tools and enterprise services, including parameter-level control over MCP tool calls. Tetrate can enforce not only which tools an agent may use, but also which request parameters are allowed, based on policies defined in Ory Keto.
“The challenge with AI agents isn’t just controlling which tools they can access—it’s controlling how they use those tools,” said David Wang, head of product management at Tetrate. “Tetrate Agent Router Enterprise enforces fine-grained authorization on MCP tool invocations down to the parameter level, based on policies defined in Ory, and does so through a globally distributed Envoy-based gateway layer. That gives enterprises the precision, scale and control that production deployments demand.”
“AI agents must be treated as first-class identities with explicit authentication, authorization and governance,” said Jeff Kukowski, CEO, Ory. “Together with Tetrate, Ory is helping enterprises secure AI agent deployments end to end, from identity and access decisions to runtime enforcement and policy control.”
Envoy foundation
The solution is built on Envoy AI Gateway, the open source project used in production by organizations such as Bloomberg and other large enterprises. Tetrate is a major contributor to Envoy and Envoy Gateway, and brings that traffic layer to enterprises that need to enforce policy consistently across providers, geographies and environments.
Ory’s use of Tetrate Enterprise Gateway for Envoy helps validate that foundation. It shows that Tetrate can deploy and operate a robust, distributed Envoy-based traffic layer globally for demanding enterprise environments before extending those same strengths into AI agent security.
Key capabilities
Agent identity: Ory gives agents and users verifiable identities.OAuth2 and OIDC token flows: Ory Hydra issues and manages the tokens used to represent agent and user identity, support consent and step-up flows, and carry scoped access into runtime enforcement.Fine-grained authorization: Ory Keto applies least-privilege access policies.Dynamic runtime enforcement: Tetrate evaluates live requests to models, tools and enterprise systems at runtime, not just static tool visibility or allow lists.Parameter-level MCP control: Tetrate enforces Ory Keto policies on both tool access and request parameters, enabling step-up authorization based on the actual content and risk of each request.Visibility and auditability: Security teams can monitor agent behavior, privilege changes and policy enforcement.Proven Envoy foundation for large enterprises: The solution runs on Tetrate’s Envoy-based AI gateway, giving enterprises a robust traffic layer for distributed enforcement of central policy across providers, geographies and environments at global scale.
Use cases
Examples of ideal uses cases for the Tetrate-Ory joint solution include:
Retail: An agent can issue a refund up to an approved dollar amount, but a larger refund triggers step-up approval based on the refund amount parameter.Financial services: An agent can process routine transfers or account actions within policy, but larger transactions, higher-risk destinations or more sensitive account changes trigger step-up approval.Healthcare: An agent can access standard records or routine actions within policy, but requests involving sensitive records, higher-risk medication changes or larger data exports require step-up authorization.Government: An agent can complete routine case or records actions within policy, but access to restricted data, larger benefit disbursements or exception handling can require step-up approval.Customer support: An agent can apply normal credits or account updates, but larger refunds, sensitive account disclosures or high-risk account changes trigger step-up authorization.IT operations: An agent can handle low-risk automation tasks, but production changes, privileged access requests or actions with larger blast radius require step-up approval.HR: An agent can complete routine employee service actions, but compensation changes, access to sensitive personnel records or broader data exports require step-up authorization.
Availability
The joint solution is available now. Tetrate and Ory will collaborate on customer engagements, reference architectures, technical enablement and go-to-market efforts. The companies will also showcase the partnership at Identiverse 2026.
Please visit the Tetrate blog to learn more about this joint solution.
About Tetrate
Tetrate helps enterprises run AI inference with an intelligent routing layer. Tetrate Agent Router Enterprise provides an enterprise AI gateway for routing and governing model, MCP, and agent traffic across providers, regions, and environments. Built on Envoy AI Gateway, Tetrate gives teams a consistent way to route, observe, and control AI traffic at scale. More at tetrate.io.
About Ory
Ory is the modern choice for CIAM, B2B and Agent IAM, and one of the world’s most widely adopted IAM platforms. Ory manages more than 2.5 billion identities across open source and commercial deployments. Its infrastructure powers 10 percent of the top 40 websites and serves leading enterprises in financial services, technology, media, and other sectors requiring flexible, high performance identity solutions. With over 45,000 GitHub stars and 700 million downloads, Ory delivers enterprise grade security with developer-friendly flexibility. The company is backed by investments from Insight Partners, Balderton Capital, PHX Ventures, and IQT. For more information visit www.ory.com
Tetrate Media Contact:
Cristin Connelly
Cathey.co for Tetrate
cristin@cathey.co
Ory Media Contact:
Ory Corp
Press@ory.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/tetrate-and-ory-bring-dynamic-granular-control-to-enterprise-ai-agents-302790416.html
SOURCE Tetrate
