Introduction
AI Gateway is ServiceNow's governance layer for AI agent connections. As enterprises deploy AI agents across platforms — building in AI Agent Studio, Microsoft Copilot Studio, AWS Bedrock, Google Vertex AI, and others — those agents increasingly rely on external tools and data sources via the Model Context Protocol (MCP). AI Gateway sits between agents and MCP servers, giving AI Stewards centralized control over which connections are allowed, how they're authenticated, what data can flow through them, and what's happening across all of them in real time.
AI Gateway is part of AI Control Tower and is configured through the AI Control Tower interface.
The March 2026 release is the second major update to AI Gateway. If you're new to the product or missed the initial launch, the section below covers what shipped in Q4 2025. If you're already up and running, skip ahead to What's New in March 2026.
What Shipped in Q4 2025 (Foundation Release)
The Q4 2025 release established the core governance, security, and an observability foundation that everything in Q1 builds on. Here's a brief recap.
1. Governance — MCP Server Registry and Lifecycle Management
AI Stewards gained a centralized registry of every MCP server in use within the enterprise. Servers created in AI Agent Studio are auto-discovered and surface automatically in AI Control Tower for review. Each server follows an Asset Approval lifecycle — In Review, Approved, Active, Deprecated — managed through the same Asset Approval Playbook used for other AI assets. Every approved server receives a secure Gateway URL; agents connect through that URL rather than directly to the server itself.
2. Security — Guided OAuth 2.1 Setup and Pause Controls
AI Stewards can register MCP clients through a guided experience that walks through OAuth 2.1 compliant setup, including configuration of authorization and token endpoints. Once a server is live, AI Stewards can Pause it — individually or globally — to immediately block all traffic through AI Gateway. This is the mechanism for rapid response to security incidents, unusual activity, or compliance concerns. Configurations are preserved when a server is paused; no setup needs to be repeated to resume.
3. Observability — Usage and Latency Insights
AI Stewards and Product Owners can monitor MCP server activity through the KPIs & metrics tab on any server record in AI Control Tower. Metrics include total requests per server and per tool, success rates, and latency (P50, P90, P95). These are available from the day a server is approved and active.
What's New for the Q1 2026 Release (March)
1. Centralized MCP Server Governance
AI stewards can now browse and import MCP servers directly from the MCP community registry (registry.modelcontextprotocol.io), integrated into AI Control Tower. Selecting a server from the catalog auto-populates the server details — URL, authentication type, and exposed tools — so intake no longer requires manual entry.
Two additional governance improvements ship alongside catalog integration:
- Auto-discovery from AI Agent Studio is already in place from the Q4 2025 release and continues to feed the registry automatically. When a product owner configures an MCP server in AI Agent Studio, it surfaces in AI Control Tower for AI Steward review without any separate intake step.
- Standardized approval workflows apply the existing Asset Approval Playbook to MCP servers. AI Stewards review, approve, or reject each server, and that decision determines downstream availability. Every server moves through a defined lifecycle: In Review → Approved → Active → Deprecated. The full history is logged.
Who this affects: AI Stewards managing the MCP server inventory; Product Owners who need visibility into what's approved and available.
2. Automated Client Registration
Registering a new MCP client used to require a separate setup step for every server on the same host. A product owner connecting agents from Copilot Studio to ten approved MCP servers had to repeat the full client registration process ten times — once per server, even when the platform was the same.
Q1 2026 introduces automated client registration via CIMD (Client Identity Metadata Document), which changes the model: an AI Steward registers a CIMD-enabled host once in AI Control Tower, and that single registration applies across all MCP servers on that host. When a new server is approved, it becomes accessible to that client without additional configuration.
Guided OAuth 2.1 setup, available since Q4 2025, continues to walk AI Stewards through client credential configuration for platforms that require manual registration.
Who this affects: AI Stewards setting up new MCP client connections; Product Owners using multiple servers on the same host.
3. Automated Sensitive Data Protection
AI Stewards can now activate PII detection for any individual MCP server using a single toggle in the AI Gateway setup tab of the server record. Once enabled, every call to that server is automatically scanned by PII Vault Service.
If sensitive data is detected in a request, AI Gateway blocks the entire payload. The traffic does not pass through, is not logged downstream, and does not reach the requesting agent. No code changes are required from the teams building agents — the protection is applied at the gateway layer, consistently, regardless of which client or agent initiated the call.
Activation is per MCP server. AI Stewards can enable it selectively for servers that handle sensitive data without affecting other servers in the registry.
Who this affects: AI Stewards responsible for data protection policy; compliance and security teams concerned with data leakage through agent connections.
Note: PII Vault Service integration is the protection layer for this release. See the AI Gateway Customer FAQ for additional detail on how PII detection works.
4. Enforced Approvals in AI Agent Studio
Prior to this release, AI Steward approval decisions in AI Control Tower were informational — product owners could still select unapproved servers in AI Agent Studio. Starting with the March 2026 release, enforcement is active.
When the mandate is enabled by an AI Steward:
- Dropdowns in AI Agent Studio show only approved MCP servers
- Unapproved and rejected servers are hidden from selection
- Servers that are Paused become immediately unavailable to agents building in AI Agent Studio
AI Stewards control whether the mandate is active. When it is, product owners always work with the current approval state — there is no lag between a governance decision in AI Control Tower and what's visible in AI Agent Studio.
Who this affects: AI Stewards enforcing governance policy; Product Owners building agents in AI Agent Studio.
5. Enhanced Connection Analytics
AI Stewards can now monitor MCP server access directly from the Security & privacy tab in AI Control Tower. The dashboard shows which clients are connecting to MCP servers, authorized access attempt counts, and failed access attempt counts — giving AI Stewards the visibility they need to spot connectivity issues and respond before users are impacted.
This builds on the usage and latency observability available since Q4 2025. The Q4 metrics cover request volume, tool-level call counts, success rates, and latency (P50/P90/P95) per server and per tool. The Q1 addition specifically adds the client dimension to connection health tracking.
Who this affects: AI Stewards monitoring connection health across multi-platform deployments.
Summary
|
Feature |
Role(s) affected |
Available |
|
MCP Server Registry and Lifecycle Management |
AI Steward, Product Owner |
Q4 2025 |
|
Guided OAuth 2.1 Client Setup |
AI Steward |
Q4 2025 |
|
Pause Controls (server-level and global) |
AI Steward |
Q4 2025 |
|
Usage and Latency Observability |
AI Steward |
Q4 2025 |
|
Centralized MCP Server Governance (catalog import) |
AI Steward, Product Owner |
March 2026 |
|
Frictionless Client and Server Setup (CIMD) |
AI Steward, Product Owner |
March 2026 |
|
Automated Sensitive Data Protection (PII Vault Service) |
AI Steward |
March 2026 |
|
Enforced Approvals in AI Agent Studio |
AI Steward, Product Owner |
March 2026 |
|
Enhanced Connection Analytics |
AI Steward |
March 2026 |
For more on AI Gateway — including how to get started, how pricing works, and answers to common questions — see the AI Gateway Customer FAQ
