Key Takeaways
- Merck and Mastercard both achieved measurable production agentic AI results — and both organizations credit fixing foundational infrastructure before deploying any agent.
- The “plumbing” breaks down into four concrete layers: agent identity and access control, structured data lineage, observability and trace storage, and a buyer-owned control plane.
- At enterprise scale, each of those four layers is built by a separate dedicated team with a budget most mid-market companies cannot match.
- For 30-to-100-person mid-market operations, a buyer-owned Secure AI Gateway consolidates all four layers into one deployable control point — the only economically viable architecture.
- Skipping any single layer does not produce a slower agent deployment. It produces an unauditable one that will fail under governance scrutiny or in production.
- The four-week Plumbing Readiness Audit is the starting point — not because of urgency, but because agents deployed before the audit produce results you cannot trust.
Why Did Merck and Mastercard's Agentic AI Actually Work?
The agentic AI conversation resets every few months. First demos, then pilots. In mid-2026, two companies have moved it into new territory: production results. And both credit one thing for making it work — agentic AI infrastructure readiness, not model selection.
According to VentureBeat's May 2026 reporting, Merck and Mastercard are seeing measurable agentic AI outcomes at scale — Merck in pharmaceutical operations, Mastercard in financial intelligence and transaction processing. Neither is running a showcase. Both are running production.
Both organizations said the same thing when asked what made it work: the plumbing came first.
That phrase is the entire lesson of enterprise agentic AI deployment distilled into five words — and the thing most mid-market businesses are not hearing loudly enough, because the coverage skips past the boring infrastructure part and jumps to the outcomes.
The Enterprise vs. Mid-Market Plumbing Economics Problem
Here is the distinction that almost never gets written plainly. Merck and Mastercard can each build the four prerequisite infrastructure layers with separate dedicated teams. Their combined annual budgets for data engineering, identity management, observability, and AI governance can run into eight-figure expenditures. At that scale, you have an IAM team that does nothing but agent identity, an observability team that owns trace storage, a data governance team that manages lineage, and a platform team that builds the control plane.
A 50-person manufacturer in Northeast Indiana cannot do that. Neither can a 75-person professional services firm, a regional healthcare operator, or a growing financial services company in Allen County. They have one or two engineers, maybe a fractional CTO, and a technology budget that needs to justify itself quarterly.
The implication is direct: the four layers Merck and Mastercard built separately must be consolidated into a single deployable surface for mid-market operators to achieve the same foundational readiness. That consolidated surface is a buyer-owned Secure AI Gateway — not a vendor's managed offering, not a shared service account, not a collection of disconnected SaaS subscriptions. One architectural control point that owns all four plumbing layers simultaneously.
The mid-market does not get a discount. It gets the same coverage at a fraction of the structural complexity. That is the architectural insight the Merck and Mastercard story points toward.
The Four Plumbing Layers of Agentic AI Infrastructure Readiness
“Plumbing” is a useful metaphor but it can obscure specificity. Here are the four layers in concrete terms.
Layer 1: Agent Identity and Access Control
Every agent that acts on behalf of your business — reading a file, writing a record, calling an API, querying a database — must have its own verifiable, scoped identity. Not a shared service account. Not a developer's personal API key promoted to production. A dedicated machine identity with the minimum permissions required for the specific task.
The OWASP LLM Top 10 identifies excessive agency and insecure plugin design as two of the highest-risk failure modes in LLM-based systems. Both are identity problems: agents that can do more than they should, through credentials that are not properly scoped or audited. The CISA Zero Trust Maturity Model treats identity as the foundational control layer — a standard that applies equally to human users and machine agents. When an agent acts under a shared credential, you cannot answer the simplest governance question: which agent did that, and what was it authorized to do?
Without this layer, your agents are real but your audit trail is fiction.
Layer 2: Structured Data Lineage
An agent that produces an output — a recommendation, a draft, a calculation, a record update — must trace every input back to a source-of-truth system with a timestamp. This is the baseline requirement for trusting the output at all.
Structured data lineage means the agent records what it read, from which system, at what version, at what time, and how that data informed the output. Without lineage, you have an agent that produces answers. With lineage, you have an agent that produces auditable answers — a different category of output entirely.
The data stack required to support this lineage is not the stack most mid-market companies built for reporting and dashboards. It requires systems-of-record integration, timestamp preservation at the record level, and agent-readable metadata that travels with the data from source to output.
Layer 3: Observability and Trace Storage
Every action an agent takes — every read, decision branch, write, and tool call — must be recorded in a tamper-evident log that a human can query. Not a log file. Not a database table the agent itself can modify. A purpose-built observability layer with retention policies, query interfaces, and chain-of-custody guarantees.
This layer converts an agent from a black box into an auditable process — the kind of audit-trail discipline that ISO/IEC 27001 codifies as a core information security control. Most mid-market deployments skip it first because it feels like overhead. The value only becomes visible when something goes wrong, when a regulator asks, or when you want to measure agent performance against business outcomes. All three scenarios are inevitable.
Layer 4: A Buyer-Owned Control Plane
The control plane owns the agent's behavioral boundaries. It sets the policy: which tools the agent can use, which data sources it can access, which outputs it can write, and under what conditions it can escalate to a human. The control plane must be buyer-owned — your organization defines the policy, not the LLM vendor's defaults, not the SaaS platform's guardrails.
The buying decision for a mid-market control plane is not primarily a technical question. It is a governance question: who owns the behavioral contract for your AI employees? If the answer is “the vendor,” you do not have a control plane. You have a dependency.
The Plumbing Layer Audit Matrix
The following matrix maps each layer to its enterprise build pattern, its mid-market consolidated equivalent, and the failure mode that surfaces when the layer is absent.
| Layer | What It Does | Enterprise Approach | Mid-Market Approach | Failure Mode if Missing |
|---|---|---|---|---|
| Agent Identity & Access Control | Gives each agent a scoped, verifiable machine identity with minimum necessary permissions | Dedicated IAM team; per-agent service principals in Azure AD / AWS IAM / GCP Workload Identity; quarterly access reviews | Buyer-owned Gateway issues and rotates agent credentials; policy enforced at the Gateway perimeter; no shared keys in production | Agents share credentials; no audit trail of which agent acted; impossible to isolate a compromised agent without taking down all agents |
| Structured Data Lineage | Records what data each agent read, from which source, at which version, at what time, for every output | Data governance team; dedicated lineage tooling (e.g., Apache Atlas, OpenLineage); integration with systems-of-record | Gateway intercepts all agent data reads; attaches source, version, and timestamp metadata; lineage record written alongside agent output | Agent outputs are unverifiable; regulated industries cannot demonstrate data provenance; errors trace back to nowhere |
| Observability & Trace Storage | Records every agent action in a tamper-evident, human-queryable log with defined retention | Dedicated observability team; purpose-built trace infrastructure (e.g., OpenTelemetry + immutable log store); SOC review access | Gateway writes structured action traces for every agent invocation; immutable append-only log with configurable retention and query access for compliance teams | No forensic capability when something goes wrong; performance measurement is impossible; regulatory audits cannot be answered |
| Buyer-Owned Control Plane | Defines and enforces the behavioral contract for every agent: which tools, which data, which outputs, under what conditions | Platform engineering team builds custom policy engine; vendor SLAs negotiated at enterprise volume; policy changes gated through change management | Gateway IS the control plane; policy configured by the buyer organization; behavioral boundaries enforced at the perimeter, not inside the model | Agent behavior governed by LLM vendor defaults or SaaS platform settings the buyer cannot modify; policy drift invisible; no escalation path the buyer controls |
How Do You Score Your Agentic AI Infrastructure Readiness?
Answer each question with a factual Yes or No based on your current deployed state — not your intended state, not your roadmap. “We plan to” is a No.
Question 1 (Identity Layer)
Does every AI agent or automated LLM process run under a dedicated machine identity with scoped permissions — not a shared service account or a developer's personal API key?
If Yes: Your identity layer exists at baseline. The next question is whether it is enforced consistently across all agents, including agents added by third-party tools. A Yes is meaningful only if it applies universally.
If No: You do not have an identity layer. Every agent action is effectively anonymous from a governance standpoint. The IAM gap in agentic deployments is the most common first failure point — and the most exploitable, per OWASP.
Question 2 (Data Lineage Layer)
Can you produce a lineage record for any agent output — showing exactly which data sources the agent accessed, at what version, and at what timestamp — within one business day of a request?
If Yes: You have functional data lineage, even if it is manual. The standard to aim for is query-on-demand, not “we can reconstruct it given enough time.”
If No: Your agents produce outputs without provenance. In financial services, healthcare, and manufacturing quality contexts, this is a compliance exposure. In any context, it means you cannot validate agent reasoning after the fact.
Question 3 (Observability Layer)
Are all agent actions — reads, decisions, writes, tool calls, and escalations — recorded in a log your compliance or operations team can query independently of the agent itself?
If Yes: You have observability. The follow-up question is tamper evidence: can the agent or the host system modify or delete those logs? If yes, the observability is not yet production-grade.
If No: You are flying blind. Without forensic capability, you will not know if your agents are working correctly until a business outcome breaks.
Question 4 (Control Plane Layer)
Does your organization — not an LLM vendor, not a SaaS platform — own and control the policy that defines what your agents are permitted to do?
If Yes: You have a buyer-owned control plane. Confirm the policy covers (a) tool access, (b) data source access, (c) output channels, and (d) human escalation triggers. A partial control plane is better than nothing but is not production-grade governance.
If No: Your agents' behavioral boundaries are defined by someone else's defaults. Review the authorization audit playbook to understand what that means for your liability exposure.
Question 5 (Integration and Consolidation)
Are the four layers above managed through a single, buyer-owned control point — rather than four separate tools, vendors, or configurations maintained by different teams?
If Yes: You have architectural consolidation. This converts four separate plumbing projects into one maintainable system.
If No: Even if you answered Yes to Questions 1-4, you have four separate systems to maintain, audit, and keep in sync. At mid-market scale, this maintenance burden tends to produce drift — one layer gets updated, others do not, and the gaps widen over time.
Scorecard: Reading Your Results
Count your Yes answers across all five questions, using the layer questions (1-4) as the primary signal and Question 5 as the integration multiplier:
| Yes Count | Interpretation |
|---|---|
| 0-1 Yes | No plumbing. Agents deployed in this state are producing unauditable outputs. Do not scale agent deployment until the foundational layers are in place. |
| 2 Yes | Partial plumbing. You have some infrastructure but significant gaps. Agents can run limited, low-stakes tasks but are not ready for anything that touches regulated data, financial records, or customer-facing decisions. |
| 3 Yes | Production-ready baseline. You can operate agents in production with appropriate scope limitations. The missing layer is a known risk that should be scheduled for remediation. |
| 4-5 Yes | Mature plumbing. You have the infrastructure foundation to scale agent deployment. The next conversation is measurement, optimization, and expanding agent scope — not fixing infrastructure. |
The Secure AI Gateway as the Consolidated Plumbing Surface
The architectural insight from the Merck and Mastercard reporting is not that enterprise companies built better plumbing. It is that they built any plumbing at all before deploying agents at scale. The same four layers are required at mid-market scale — but the implementation path is necessarily different.
At enterprise scale, the four layers are built by separate teams because each is complex enough to justify dedicated ownership. At mid-market scale, that organizational structure does not exist. The only viable architecture is consolidation: one control point that owns all four layers simultaneously.
This is the purpose of a buyer-owned Secure AI Gateway. Not a proxy. Not a firewall. An architectural surface that:
- Issues and enforces agent identities — every agent passing through the Gateway gets a scoped credential, a policy context, and a record of what it is authorized to do. Credentials rotate automatically. Shared keys are prohibited by Gateway policy, not by developer convention.
- Intercepts and annotates data access — every data read passes through the Gateway's lineage layer, which attaches source, version, and timestamp metadata before the data reaches the agent's context window. The lineage record is written alongside the output, not reconstructed after the fact.
- Writes structured action traces — every agent invocation produces a structured trace record. Reads, decisions, tool calls, outputs, and escalations are recorded in append-only storage that the agent cannot modify. Retention policy is configured by the buyer.
- Enforces the behavioral contract — the Gateway is the control plane. Tool access, data source access, output channels, and escalation triggers are defined in buyer-controlled policy, not vendor defaults.
The Gateway does not replace every element of a mature enterprise AI infrastructure. It does not handle model training, fine-tuning, or the data lake feeding agent context. What it does is consolidate the four prerequisite plumbing layers into one deployable, auditable control point — the architectural foundation Merck and Mastercard spent millions of dollars building separately, available to a 50-person mid-market operation as a single deployment. The approach is consistent with the shared-responsibility security principles the Cloud Security Alliance has applied to cloud infrastructure since the earliest days of cloud adoption.
This matters because moving from AI pilots to AI employees is not primarily a model selection question. It is a governance infrastructure question. The model is the easy part. The governance infrastructure determines whether agents produce business value or business liability.
The NIST AI Risk Management Framework provides the governance vocabulary for why these four layers matter. Its MAP, MEASURE, MANAGE, and GOVERN functions all presuppose that you have the observability and control infrastructure to implement them. The Gateway is what makes those functions operationally possible for organizations that cannot field separate teams for each.
One forward-looking note: once the plumbing works, the economics of running agents through it change. Token cost reductions from emerging model providers only benefit you if the infrastructure routing and logging those token flows is already in place. Similarly, data sovereignty requirements — where your data lives, how it moves, who has access — are only enforceable through a control plane that owns those decisions at the infrastructure level.
What Does Agentic AI Infrastructure Readiness Look Like in Northeast Indiana?
Auburn, Fort Wayne, and the broader Northeast Indiana corridor — DeKalb County, Allen County, Whitley County, Noble County — is home to a specific category of mid-market operator this analysis applies to most directly.
The regional economy here is not a monolith. It includes precision manufacturers running SAP or ERP systems with decades of operational data. It includes healthcare organizations navigating HIPAA in an environment where AI vendor claims outpace regulatory clarity. It includes financial services companies, agricultural processors, logistics operators, and professional services firms watching the agentic AI conversation with a mix of interest and appropriate skepticism.
What these organizations share is a structural reality: operational data worth protecting, regulatory obligations worth taking seriously, and technology teams too small to build four separate infrastructure layers from scratch. They are watching larger competitors explore agentic AI and trying to understand whether the technology is available to them or only to organizations with enterprise-scale engineering departments.
The honest answer is that agentic AI is accessible at mid-market scale — but only through the consolidated architecture. Allen County organizations currently running AI pilots without the four plumbing layers in place are not behind the curve. They are at the exact right moment to pause, run the five-question readiness test, and make a deliberate decision about infrastructure before scaling agent deployment.
The organizations that will look back on 2026 as the year they got ahead of this are not the ones that deployed the most agents. They are the ones that built the plumbing first, deployed agents into a governed infrastructure, and scaled from a position of auditability rather than retroactive remediation.
For Fort Wayne manufacturers navigating AI governance alongside ERP systems, the four-layer plumbing audit is directly applicable to the production data environment agentic AI will read from and write to. The stakes of unscoped agent identity in a manufacturing context are not abstract — they involve operational records, quality data, and supplier integrations that carry real business and regulatory weight.
The 4-Week Plumbing Readiness Audit: Where to Start
If your five-question score is 0-3 Yes, the productive next step is a structured audit before any additional agent deployment. Not because of timeline pressure — because agents deployed before the audit produce results you cannot trust or defend, and retrofitting governance onto a live agent deployment is significantly harder than building it first.
The Cloud Radix Plumbing Readiness Audit runs four weeks and covers:
- Week 1 — Identity Inventory: Map every AI agent, automated LLM process, and AI-adjacent service account currently in your environment. For each, document what it is authorized to do, under what credential, and whether that credential is scoped to the minimum necessary permissions.
- Week 2 — Data Lineage Assessment: For your three highest-stakes data sources, assess whether lineage can be reconstructed from current logging, or whether the infrastructure needs to be built. Identify the systems-of-record integration points a Gateway lineage layer would need to intercept.
- Week 3 — Observability Gap Analysis: Review current logging infrastructure for agent actions. Assess whether logs are queryable by compliance or operations teams without agent involvement, whether they are tamper-evident, and what the current retention policy covers.
- Week 4 — Control Plane Review: Document who currently controls the behavioral parameters for each agent. Identify any agent whose policy is governed by vendor defaults rather than buyer-defined configuration. Produce a remediation priority list.
The output is not a report that sits in a drawer. It is a specific, prioritized infrastructure roadmap that tells you exactly which of the four plumbing layers to build first, in what sequence, and through which consolidated architecture. For most mid-market operators, that architecture is the Secure AI Gateway — one deployment covering all four layers rather than four separate projects competing for the same limited engineering bandwidth.
To start, review the AI consulting services page, then contact our team to scope an engagement against your current infrastructure state.
The Agents Are Ready When the Plumbing Is Ready
Frequently Asked Questions
Q1.What is agentic AI infrastructure readiness and why does it matter in 2026?
Agentic AI infrastructure readiness is the state of the four foundational layers — agent identity and access control, structured data lineage, observability and trace storage, and a buyer-owned control plane — that must be in place before AI agents can be safely deployed in production. In 2026, the relevance is concrete: Merck and Mastercard have demonstrated that production agentic AI outcomes are achievable, and both credit the infrastructure foundation as the prerequisite. Readiness matters because agents deployed without this infrastructure produce outputs that cannot be audited, defended to regulators, or reliably measured.
Q2.Can a mid-market company (30-100 employees) afford to build all four plumbing layers?
Yes — through the consolidated Secure AI Gateway architecture. Building four layers with four separate teams is an enterprise-scale investment. The mid-market path is consolidation: one deployable control point that enforces all four layers simultaneously. For most mid-market operators, the consolidated architecture is not a compromise — it is the appropriate architecture for their organizational scale.
Q3.What is the biggest risk of deploying agents before the plumbing is in place?
The most immediately visible risk is an unauditable deployment: agents acting under shared or overly broad credentials, producing outputs with no lineage record, taking actions that cannot be traced in a tamper-evident log. When something goes wrong — an incorrect output, an unintended data write, a compliance question — the organization has no forensic capability to answer what happened. The secondary risk is that fixing the infrastructure retroactively, with live agents already in production, is significantly harder than building it first.
Q4.How does the Secure AI Gateway differ from a standard API gateway or reverse proxy?
A standard API gateway manages traffic routing and rate limiting. A reverse proxy manages request forwarding. A Secure AI Gateway is purpose-built for the four plumbing layers specific to agentic AI: it issues scoped agent credentials, intercepts and annotates data reads for lineage, writes structured action traces to tamper-evident storage, and enforces a buyer-defined behavioral contract. These functions require semantic understanding of agent actions, not just traffic management.
Q5.How does agentic AI infrastructure readiness map to the NIST AI Risk Management Framework?
NIST's four functions — MAP, MEASURE, MANAGE, and GOVERN — require operational infrastructure to implement. MAP requires the identity layer and observability layer. MEASURE requires trace storage and lineage. MANAGE requires a buyer-owned control plane. GOVERN requires all four layers together. The plumbing is the technical implementation of the framework.
Q6.What does a Fort Wayne or Northeast Indiana mid-market readiness audit actually look like?
For a 30-to-100-person operator in Allen County, DeKalb County, or the broader Northeast Indiana corridor, the audit starts with an identity inventory of every existing AI process and service account, then moves through data lineage gaps in the ERP or systems-of-record, observability of agent logs, and control-plane ownership. The output is a prioritized roadmap that almost always points to a single consolidated Secure AI Gateway deployment rather than four separate engineering projects.
Q7.What should we do if we score 0-1 on the five-question readiness test?
Do not scale current agent deployments, and do not add new agents to production. A 0-1 score means agents are running in an unauditable state. The first step is the four-week Plumbing Readiness Audit, which produces a specific, prioritized infrastructure roadmap. The second step is deploying the consolidated architecture — most commonly the Secure AI Gateway — before resuming agent deployment.
Sources & Further Reading
- VentureBeat: venturebeat.com/infrastructure/merck-and-mastercard-are-seeing-real-agentic-ai-results — Merck and Mastercard are seeing real agentic AI results — both say the plumbing came first (May 2026).
- OWASP: genai.owasp.org/llm-top-10 — OWASP LLM Top 10 risk catalogue covering excessive agency, insecure plugin design, and related agent failure modes.
- NIST: nist.gov/itl/ai-risk-management-framework — NIST AI Risk Management Framework with the MAP, MEASURE, MANAGE, and GOVERN functions.
- CISA: cisa.gov/zero-trust-maturity-model — CISA Zero Trust Maturity Model establishing identity as the foundational control layer.
- ISO: iso.org/standard/27001 — ISO/IEC 27001 Information Security Management standard covering audit-trail and chain-of-custody discipline.
- Cloud Security Alliance: cloudsecurityalliance.org — Shared-responsibility security guidance applicable to consolidated AI infrastructure control planes.
Run the 4-Week Plumbing Readiness Audit
Get a prioritized, four-layer infrastructure roadmap built around a single buyer-owned Secure AI Gateway — the consolidated architecture mid-market operators in Fort Wayne and Northeast Indiana actually need before scaling agent deployment.
