Three Acquisitions, One Stack: How Enterprise AI Governance Is Being Assembled Layer by Layer

Three weeks. Three acquisitions. Three vendors buying the same problem from different angles.

Enterprise AI governance has a stack problem. Organizations deploying AI agents in production need
at minimum three things to manage risk: data governance controls that extend to AI workflows, model
evaluation and safety monitoring, and runtime traffic inspection for autonomous agents. None of
these capabilities existed at scale inside established security platforms twelve months ago. All
three are now inside major vendor platforms, not because the vendors built them, but because they
bought them.

The sequence matters. On May 19, Check Point acquired Deepchecks, an LLM safety and evaluation
platform, adding model
evaluation capabilities to its AI security portfolio. On May 27, Snowflake
acquired Natoma, an enterprise MCP platform that, according to Snowflake’s announcement,
extends data governance from static datasets to active AI workflows and integrates with Snowflake
Intelligence and Cortex Code. On May 29, Palo Alto Networks closed its acquisition of AI
gateway developer Portkey, integrating runtime agent traffic inspection, token management, and
agent identity authentication into the Prisma AIRS platform.

Three vendors. Three distinct technical layers. No coordination.

What Each Acquisition Actually Adds

The Deepchecks acquisition gave Check Point a pre-deployment evaluation capability. Before an
organization ships an AI model into a production workflow, it needs to know whether that model
behaves safely and consistently across edge cases. LLM evaluation tooling has been an acute gap in
enterprise security platforms, most security vendors know how to protect a network perimeter but
don’t have the technical depth to assess model behavior. Deepchecks fills that gap for Check
Point’s customer base.

Natoma, per Snowflake’s announcement, solves a governance continuity problem. Traditional data
governance tools manage data at rest, access controls, lineage tracking, compliance documentation.
When AI agents start querying, transforming, and acting on that data autonomously, governance tools
built for static datasets lose visibility. Natoma’s MCP integration extends governance to the
active workflow layer: what the agent did with the data, not just what data it could access. That’s
a fundamentally different control problem, and it’s the one that enterprise compliance teams are
currently navigating without adequate tooling.

Portkey, according to Palo Alto Networks, sits at the runtime layer. After the data is governed
and the model is evaluated, there’s still the question of what happens when the agent is actually
running. Portkey’s gateway inspects AI traffic in real time, manages token usage, and, per Palo
Alto Networks’ announcement, authenticates agentic interactions through a feature called Idira™ –
treating autonomous agents as privileged users who need identity verification at the moment of
action, not just at authentication setup. These are vendor-stated capabilities. No independent
evaluation of Portkey’s performance in production has been published.

The three layers, assembled separately, map to a coherent stack: evaluate before deployment,
govern the data layer, inspect the runtime. No single vendor owns all three. That’s the
architecture gap that still exists.

Why Acquisition and Not Development

Enterprise security vendors don’t typically build AI-native evaluation tools or MCP governance
extensions from scratch. The organizational distance between network security expertise and machine
learning interpretability is wide. The talent required to build Deepchecks’ evaluation methodology
is not the same talent that builds firewall rules. Acquisition is faster, and in a market where
enterprise buyers are demanding AI governance capabilities now, not in two years, faster matters.

There’s a secondary dynamic. As
enterprise AI agent deployment accelerates, the window for independent AI governance point
solutions to establish a standalone market is narrowing. Enterprise buyers consolidate security
spend around platform relationships. An independent AI gateway vendor competes on features and
price against the Palo Alto Networks customer success team during renewal. That’s a structurally
difficult position. The security platforms acquiring these tools understand this, and so did the
founders who sold.

What’s Still Missing

The acquisitions reveal the stack’s current shape. They also reveal what hasn’t been bought yet.

Incident response for AI failures doesn’t have a clear home in any of these platforms. When an AI
agent takes a wrong action at runtime, makes a decision it shouldn’t have, triggers a process it
wasn’t authorized to start, what’s the incident playbook? Security vendors have incident response
capabilities for traditional threats. The tooling for AI-specific failures (hallucination under
adversarial prompt injection, privilege escalation by an agent operating beyond its intended scope)
hasn’t been consolidated into a major platform yet.

Audit trail infrastructure for agentic actions is a second gap. Regulatory frameworks including
the EU AI Act are moving toward documentation requirements for automated decision systems. An audit
trail that reconstructs what an agent did, in what context, based on what data, using which model
version, is a compliance deliverable, not just a security one. The Natoma acquisition gets closer
to this for data governance, but the cross-layer audit trail connecting evaluation records,
governance logs, and runtime inspection data doesn’t exist as an integrated product.

Human-in-the-loop trigger mechanisms are a third gap. The agentic security stack being assembled
by acquisition is largely automated. Kill switches and escalation triggers, the mechanisms that
pull a human into the loop when an agent hits an ambiguous or high-stakes decision point, are
architecturally distinct from inspection and governance tooling. No acquisition in as of publication
directly addresses the orchestration layer where human override gets integrated into autonomous
workflows.

Implications for Enterprise Teams

Don’t bet on the independent market stabilizing. Three major acquisitions in two weeks signal that
platform vendors are moving aggressively to consolidate the AI governance stack. Enterprise teams
that have already deployed Portkey, Deepchecks, or Natoma as independent tools need to understand
their roadmap under new ownership: will integration with the acquirer’s platform be required,
optional, or eventually forced by sunset timelines?

For organizations still evaluating AI governance tooling, the platform consolidation argument is
real but not yet complete. The three layers acquired in May cover significant ground. The gaps
identified above, incident response, cross-layer audit trails, human-in-the-loop triggers, are
still served only by point solutions or custom builds. Buying into a platform for the covered
layers doesn’t solve the gaps, and no single vendor has announced it’s addressing all three.

Security and compliance teams should map their current AI deployment’s risk surface against the
three-layer framework: pre-deployment evaluation, data governance continuity, runtime inspection.
Where those layers are covered, the acquisition news is relevant for vendor relationship
management. Where the gaps sit, incident response, audit trail completeness, human override
architecture, the market hasn’t moved yet.

Watch the Q3 2026 M&A calendar. The gaps in this stack are visible to every security platform
vendor that’s watching the same acquisition news you are. Incident response for AI and cross-layer
audit trail tooling are the two most logical next acquisition targets. If a major vendor closes
either of those deals before Q4, the platform consolidation argument becomes significantly stronger
– and the window for independent vendors in those categories closes with it.