Google Gives Every Agent a Passport, and Your Agent Framework Matters as Much as Your Model

At Cloud Next '26 this week, Google Cloud unveiled what amounts to a full governance stack for autonomous AI agents. Agent Identity assigns every agent a unique cryptographic ID using auto-managed, SPIFFE-based x509 certificates, making every agent action traceable and auditable. Agent Gateway serves as centralized policy enforcement for agentic traffic, natively understanding both MCP and A2A protocols. The A2A protocol got a suite of new tooling for building, deploying, and evaluating cross-platform agent collaboration. And Google Workspace launched an MCP Server in preview, letting external agents synthesize Drive documents, draft Gmail responses, and manage Calendar logic through a standardized interface.

This matters because it is the first time a major cloud provider has shipped identity, authorization, policy enforcement, and interoperability tooling for agents as a unified product surface. The agent governance conversation has been stuck in frameworks and white papers. Google just turned it into infrastructure. For builders, the Workspace MCP Server alone changes the integration calculus for any agent that needs to touch enterprise productivity tools. For compliance teams, Agent Identity with SPIFFE certificates creates the audit trail that regulators have been asking for. The question is no longer whether agents need governance; it is whether your stack provides it.