Google’s Agent Platform is excellent.
Not built for you.
By Lindsay Hiebert · Founder · CISSP
Google formalized the “Agent Governance” category at Cloud Next '26 with five technical pillars: Registry, Gateway, Identity, Policies, Observability. The architecture is the most rigorous public articulation of agent governance to date — for a Global 2000 buyer with a platform engineering team, a cloud SRE function, full commitment to Google Cloud, and the capacity to author CEL policy. Most 50–2,000-employee organizations have none of those things. SanctumShield ships the governance artifact regardless of which cloud your AI runs on or who runs it.
The five-pillar architecture sets a new bar.
We learn from it. We cite it. We recommend it where it fits.
SPIFFE-based agentic identity, JSON-RPC-aware gateway parsing, CEL policy conditions, OpenTelemetry GenAI conventions — this is the technical depth the category needed, and Google published it openly. SanctumShield’s Executive Risk Report references the Google five-pillar model as the canonical architecture for buyers operating natively on Google Cloud.
What follows is not a competitive teardown. It’s an accounting of which buyers Google’s architecture serves directly, and where SanctumShield fits for everyone else.
What Google handles — and what SanctumShield handles alongside.
For each of Google’s five pillars, here’s the division of labor: what the platform does inside Google Cloud, and what SanctumShield does for the rest of your AI estate.
Auto-registers agents deployed natively on Vertex AI Agent Engine, Gemini Enterprise, Cloud Run, and GKE through Zero-Touch Onboarding.
Discovers and inventories agents running on AWS Bedrock, Azure OpenAI, Anthropic API direct, self-hosted Ollama, sovereign / air-gapped deployments — none of which Google's auto-registration touches.
Envoy-based data plane intercepting all ingress and egress agent traffic on Google Cloud, enforcing CEL-based IAM at the JSON-RPC body level.
Documents the Egress Mediation Gap when agents are deployed without a consistent gateway — required for any audit or insurance underwriting that asks about runtime control.
Cryptographic, ephemeral, scoped identity for each agent through Managed Workload Identity (SPIFFE / URN). First-class principals on Google Cloud.
Surfaces the Agent Identity Model Gap when a customer's agents authenticate with long-lived service accounts, shared API keys, or embedded secrets — the typical reality outside Google Cloud.
Two-layer model: IAM with CEL conditions (technical, platform-engineer-authored) plus a Business Policies layer for natural-language semantic governance (still evolving, sparse documentation).
Generates the regulation-anchored AI Acceptable Use Policy that maps to specific HIPAA / SOC 2 / EU AI Act / NIST AI RMF clauses — the policy layer auditors and counsel actually consume, written for executives who don't speak CEL.
OpenTelemetry GenAI conventions plus A2A trace headers and Application ID correlation across multi-agent swarms.
Flags the Observability Readiness Gap when a customer hasn't instrumented their agents for OpenTelemetry — the precondition for producing the trace records an EU AI Act Article 13 transparency audit may require.
Most mid-market AI doesn’t live inside Google Cloud.
Google Agent Platform’s Zero-Touch Onboarding auto-registers agents on GCP only. For everyone else — and the “everyone else” in 2026 is most of the mid-market — agents live on these non-GCP platforms, and Google’s registry never sees them:
Anthropic Claude, Meta Llama, Mistral, Cohere, AWS Titan, Stability — all served via Bedrock. Not in Google’s registry.
GPT-4 family, GPT-4o, GPT-4.5 — the most widely-deployed enterprise LLM endpoint outside of Google Cloud. Not in Google’s registry.
Claude 4.6 / 4.7 / Opus called directly from application code, bypassing both Google and AWS. Common for IDE plugins (Cursor, Claude Desktop, Zed). Not in Google’s registry.
Llama, Mistral, Gemma, Qwen, DeepSeek running on-prem or in private cloud. Not in Google’s registry.
Federal, defense, healthcare, regulated financial deployments that contractually cannot use a hyperscaler. Google Agent Platform cannot serve this segment at all.
Most mid-market organizations are practically multi-cloud even when they lead with one hyperscaler. Tying governance to one cloud’s platform is a procurement non-starter.
SanctumShield’s discovery layer covers all of these with the same 64-domain endpoint registry and the same regulation-anchored Executive Risk Report — independent of which cloud or hyperscaler the customer uses.
Even on Google Cloud, the architecture assumes a platform engineering team you probably don’t have.
Google’s five pillars are designed to be operated by specific roles. For organizations without those roles, the platform exists but isn’t consumable. Plain accounting:
| Google’s pillar | Required role to operate | What a 200-person SaaS actually has |
|---|---|---|
| Registry | Platform engineering — third-party agents need manual registration | Auto-registers GCP-native only; the rest of your agents are invisible |
| Gateway | Cloud SRE team to deploy and operate Envoy data plane | No SRE team; cannot run the data plane |
| Identity | SPIFFE infrastructure + certificate rotation expertise | SPIFFE is not a mid-market technology — most teams have never heard of it |
| Policies | Service Extensions + policy-as-code authoring (CEL) | No policy team to author CEL; the natural-language Business Policies layer is still maturing |
| Observability | OpenTelemetry pipeline + observability backend | No SRE team to operate the OTel stack |
The overwhelming majority of 50–2,000-employee organizations have none of these roles. The platform exists for them on paper. Operationally, it’s out of reach.
What you still need from SanctumShield even if you adopt Google.
Even Fortune 500 organizations that fully deploy Google Agent Platform still need the artifact the platform doesn’t produce: a regulation-anchored AI Acceptable Use Policy, a board-ready Executive Risk Report, and a verifiable attestation of authenticity for cyber insurance underwriters. Google ships the platform. SanctumShield ships the artifact.
- → Real-time policy enforcement at the gateway
- → Cryptographic agent identity attestation
- → OpenTelemetry trace records
- → CEL policy enforcement logs
- → Agent registration metadata
- → AI Acceptable Use Policy (14 sections, regulation-anchored, auditor-readable)
- → Executive Risk Report with five regulation-anchored findings + 90-day action plan
- → Board memo (1-page CEO-voice summary — on Sprint 3 backlog)
- → Verification URL on every report (insurer-channel attestation, queryable for 5 years)
- → AI Tools Registry with 60+ pre-rated services and training-policy disclosures
Use Google for the platform.
Use SanctumShield for the artifact.
If you have a platform engineering team, a cloud SRE function, and full commitment to Google Cloud: evaluate Google Agent Platform directly. It’s the most rigorous platform-layer answer available. Then come to SanctumShield for the artifacts the platform doesn’t produce.
If you don’t — and most mid-market organizations don’t — you still need the governance artifact: the AUP, the risk report, the auditor evidence, the underwriter documentation. That’s what SanctumShield produces, regardless of whether you ever deploy a platform.
Built, designed, and developed specifically for organizations that don’t have dedicated platform engineering or security teams.
See the artifact Google’s platform doesn’t produce.
Run the free Shadow AI Risk Calculator first. Then activate the $99/month subscription to generate your AUP and Executive Risk Report — with a verification URL your cyber insurance underwriter can confirm against, regardless of which cloud your agents live on.