Speakeasy Defines the "AI Control Plane" -- the Governing Layer Enterprises Need to Safely Scale AI

Speakeasy published a reference architecture for what it calls an “AI control plane,” describing a governing layer that routes interaction between organizational AI agents and the systems they are allowed to access. The update outlines how connection, identity, policy enforcement, and observability fit together into a single controlled path for prompt, response, and tool-call flows.

The guide was developed from conversations with more than 50 technology executives and addresses the need for governance as tools such as Claude, ChatGPT, Cursor, and Copilot spread. One CIO of a Fortune 500 retailer said, “We're rolling out AI faster than we can govern it. I don't think anybody in this industry isn't,” said one CIO of a Fortune 500 retailer.

Functionally, the reference architecture defines the AI control plane as the layer between every AI agent in an organization and the systems it can access, unifying connection, identity, policy enforcement, and observability. It describes four functions: Connect, Control, Secure, and Observe, and it states that prompts, responses, and tool calls run through a single controlled path.

Speakeasy said it is building in this category, starting with the connection and identity layer and extending across the four functions. It also mapped vendor categories including LLM gateways, MCP gateways, identity providers, observability, and threat detection, and it said no single category constitutes a control plane on its own because “The AI control plane is what you get when you put these pieces on a single architectural foundation so they see each other,” the guide notes.