Shadow IT at Agent Scale — Obot’s on It.

The following is based on my recent conversation with Obot co-founder and CEO Sheng Liang. The full interview is embedded below.

Eighteen months ago, when I sat down with Obot co-founder and CEO Sheng Liang, AI agents were generating a lot of buzz but were limited in their capability. Sheng, a veteran of the Kubernetes world, knew this firsthand, having recently pivoted to AI. At that time his team was already working with early customers trying to build agents, and as he admitted when we recently caught up, “A couple of years ago we could barely get them working.”

Part of the challenge was the limited capability of the models themselves. Just as important, there was no standard way for agents to connect to external tools and enterprise systems. Every integration had to be hand-built, making it difficult to create agents that could do meaningful work.

Enter the Model Context Protocol

That changed with the arrival of Anthropic’s Model Context Protocol (MCP). Rather than writing custom integrations for every application, developers could use a common standard to connect AI agents to source code repositories, cloud infrastructure, collaboration tools, databases, and business applications.

By making those connections dramatically easier, MCP significantly expanded what agents could touch and do.  Those new capabilities also exposed enterprises to significant new security risks.

We’ve Seen This Before 

Sheng compares what’s happening today with AI agents to the rise of Shadow IT during the early days of cloud computing. Public cloud gave developers unprecedented agility by letting them provision infrastructure without waiting for IT. It accelerated innovation, but it also created a wave of unsanctioned infrastructure that organizations struggled to secure, manage, and even discover. AI agents are creating a similar dynamic.

Today developers and business users are downloading MCP servers from the internet, connecting agents to internal systems, and granting them API keys and OAuth tokens so they can act on their behalf. Many of those integrations happen outside traditional IT processes, leaving organizations with limited visibility into what agents are connected to, what they’re accessing, and what actions they’re taking. The result: Shadow AI.

Only This Time It’s Worse

What makes Shadow AI more dangerous than its predecessor is the way agents operate.  As John Willis, co-author of The DevOps Handbook, explained to me during a recent conversation at SCALE, traditional software executes predefined instructions. Agents make decisions, orchestrate multi-step workflows, determine which tools to invoke, and can even create additional agents. A single mistake, or malicious instruction, can quickly multiply at machine speed.

It’s this combination of broad access and increasing autonomy that makes the threat of AI agents fundamentally different from anything traditional software poses. Willis believes the answer is governance: a control point, an intermediary layer that sits between agents and enterprise infrastructure.

Sheng and the team at Obot had arrived at the same conclusion, and it’s what they set out to solve. To see why they recognized the opportunity so early, it helps to understand the team behind the company.

Not Their First Rodeo

Over the past two decades, Sheng Liang and his longtime collaborators, Will Chan, Darren Shepherd, and Shannon Williams, have built companies around major shifts in enterprise infrastructure. They founded Cloud.com, later acquired by Citrix, and Rancher Labs, whose Kubernetes management platform was acquired by SUSE.

One of the team’s keys to success has been a willingness to pivot when major technology shifts appear. Obot itself began as Acorn Labs, focused on simplifying Kubernetes development. That changed when they attended OpenAI’s first Dev Day in late 2023. Seeing AI up close, what most caught their attention was the ability to interact with the models through natural language. They began winding down the Kubernetes effort and shifted focus, first to a scripting language for AI, then to an agent that would let engineers automate DevOps tasks in plain natural language.

From building agents to governing them

Building that agent surfaced a real pain point: they had to hand-code every connector tying the agent to systems like GitHub and cloud providers. So when MCP came along, it immediately caught their attention. It solved exactly the problem they’d been fighting, and they became early adopters and evangelists, organizing the MCP Dev Summit and bringing together many of the leaders shaping the emerging ecosystem.

But adopting MCP also revealed the next problem. The very thing that made MCP powerful, the ability to connect agents to systems quickly and easily, was what created the governance gap. The hard problem wasn’t building AI agents anymore. It was governing the growing number of connections those agents were making into enterprise systems.

Developers were wiring agents to external collaboration tools, internal databases, and applications at an extraordinary pace. The question enterprises kept asking wasn’t how to build more capable agents. It was how to control what those agents could actually do. That realization changed Obot’s direction. Rather than building another AI agent, the company pivoted toward building the governance layer around them. After rebranding as Obot, the company announced a $35 million seed round late last year to pursue that vision.

A Firewall for AI Agents

The solution Obot developed consists of two complementary components: the Obot MCP Gateway and the Obot Registry.

Sheng describes the open-source Gateway as a firewall for AI agents. As he puts it, “The best way to secure your agent is to put in something like an MCP gateway. The agent can do whatever it wants, but when it tries to affect the outside world, it has to go through this gateway.” That’s where governance happens, whether the agent is reaching for a database, an API, cloud infrastructure, or an internal application.

The Gateway authenticates the request, verifies identity, evaluates organizational policy, and determines whether the requested action should be allowed. Every interaction can be logged, monitored, and audited. Sheng compares the approach to Java’s sandbox model: the agent can operate freely inside its environment, but every interaction with the outside world passes through a controlled boundary.

The companion Obot Registry addresses a different problem. Rather than allowing developers to download arbitrary MCP servers from the public internet, the Registry provides an enterprise-approved catalog of vetted integrations. Developers still have access to tools such as GitHub, Slack, Outlook, Notion, and other enterprise services, but IT knows those connectors have been reviewed, maintained, and meet organizational security requirements.

Together, the Gateway and Registry address a challenge many organizations are only beginning to recognize: AI agents need governance just as much as users do.

What Does This Mean for Developers?

That need for governance extends beyond IT and security. It also changes the role of the developer. Like many technology leaders, Sheng is frequently asked whether AI will replace software developers. His answer: developers aren’t going away any time soon. In fact, he’s still having trouble finding good ones. What he does believe is that the role is evolving significantly.

Rather than focusing on writing code in isolation, since those tasks can increasingly be done by AI, developers will need to operate at the level of a tech lead and truly understand the customer’s problems. They’ll need to communicate with the customer, understand where the industry is going and how the different parts of the system fit together, and from that, create the prompts that guide the AI models to generate the code.

As he put it, “If your goal is to quickly master one specific skill and live on it for the rest of your career, that’s probably no longer realistic.”

Sheng compares the transition to earlier moves from assembly language to high-level programming languages. Every increase in abstraction raised developer productivity while placing greater value on engineers who could think at the architectural level. 

The developers who thrive won’t simply be better programmers. They’ll become architects, reviewers, and the people who decide what AI should, and shouldn’t, be allowed to do.

The Bottom Line: The Time for Governance Is Now

When I spoke with Sheng eighteen months ago, AI agents were still largely a vision of what might be possible. Today they’re writing code, accessing enterprise applications, orchestrating workflows, and interacting directly with business systems.

The challenge is no longer making AI agents more capable. It’s bringing them under the same governance organizations already apply to people, applications, and infrastructure.

Whether enterprises adopt Obot or another approach, they’ll need a way to authenticate AI agents, control what they can access, enforce policy, and monitor their actions. The technology has advanced remarkably fast, bringing with it a new level of risk. Enterprise governance now has to catch up.

Pau for now.


Comments

Leave a Reply

Discover more from 808labs

Subscribe now to keep reading and get access to the full archive.

Continue reading