Introduction
In our previous blog, we explored how enterprises can connect multiple tools and data sources to build a travel-planning AI agent using the Model Context Protocol (MCP). However, as organizations scale their agentic footprint, they face a new challenge: managing hundreds of deployed agents in production, MCP servers with multiple tools, but without centralized discoverability and governance.
In this blog, we shed light on how to address this issue and show how you can solve the problem at hand with Unity AI Gateway, enabling customers to manage agents and MCP servers in Databricks.
Databricks. We concisely outline
- The different flavors of MCP servers on Databricks and what use cases they address, respectively
- What we mean by the phenomenon of agent and tool sprawl, and
- How can the Unity AI Gateway, layered on top of Unity Catalog, be leveraged to solve this issue to successfully implement an agentic platform at enterprise scale.
Different flavors of MCP Servers on Databricks
MCP has become the de facto standard for providing standardized communication between agents and tools. Many platforms, including Databricks, provide MCP servers to provide agentic solutions with the ability to discover and use particular tools. One can query data with pre-configured managed MCP servers, connect to third-party APIs using external MCP servers, or develop custom tools to implement specialized business logic on Databricks.
Here is a brief table explaining different MCP Servers, their capabilities, and an example use-case to provide some guidance for the ‘when to use what’:
|
Tool |
Good for |
Example |
|
Genie |
Natural language interface for querying data. Ideal for building agents that need to access data or integrate Databricks data into a platform. |
Get insights about a specific business unit’s performance based on a curated Genie space. |
|
Vector Search |
Semantic Search on unstructured data. |
Semantic search to provide similar or supporting documents to an HR query. |
|
UC Functions |
Deterministic data retrieval or Python-based tools for agents. |
Functions with pre-determined logic and action where agents provide parameters, e.g., calling an external API to extract desired information, or lookup queries from specific data tables |
|
DBSQL |
Iterating on SQL queries for correctness |
Ideal for usage inside an IDE for development (like Cursor or Claude Code) |
|
External |
Connect to externally hosted or provided MCP servers and govern them as UC Connection |
3rd party organization exposing specific services through the MCP tool e.g., on a marketplace or as a paid offering. |
|
Custom |
Developing custom logic and/or enhancing a third-party MCP Server interface. |
Hosting custom MCP servers using Databricks Apps |
We have documented the above implementations in depth in our AI agent tools documentation. However, with such flexibility also comes a challenge in governing and managing these tools at scale.
The problem of Agent and Tool Sprawl
While the variety of MCP Servers enables the creation of truly powerful agentic workflows, a lack of proper discovery and governance can quickly lead to silos and inconsistencies. Consider separate business units, for example, each deploying their own specialized agents and MCP servers - perhaps for weather data or complex analytics - potentially using different authentication models. Without a central registry, other teams cannot easily find, reuse, or audit agents and/or tools, leading to redundant infrastructure, inconsistent access controls, and siloed, unmanaged automated workflows. This uncontrolled proliferation of agentic solutions and their associated tools is commonly referred to as Agent Sprawl or Tool Sprawl.
If we dive a bit deeper into this problem space, there are three core areas where these sprawls pose challenges for organizations scaling with MCP tools.
- Centralized discovery: Agent developers and platform administrators need a centralized system to discover, manage, and govern agents and MCP tools across their organization. Without a central catalog for these assets, users lack a proper way to find and utilize what they are searching for.
- Unified governance & security: Without a standardized approach to access control and governance, data assets face risks similar to other data or AI assets. Customers might inadvertently expose data or be forced to develop custom, non-scalable authentication management for every tool they use. This also holds for external services that you want to connect via MCP in a secure and governed way.
- Centralized authentication & identity propagation: Every MCP provider (whether internal or external) provides its own credentials, OAuth app registrations, and token refresh logic. Without a centralized layer, enterprises end up with different teams managing client secrets, rotation, and per-tool auth flows in silos. Hence, agents often fall back to a single shared service principal that masks who actually triggered an action. The result is duplicated credential handling, weak audit trails, and no clean way to enforce permissions on behalf of the requesting user.
To help address agent and tool sprawl, Databricks has introduced Unity AI Gateway. The capability enables the management of agents and MCP servers in Databricks. In the next sections, we are going to focus on tool sprawl, including out-of-the-box managed MCP servers (which have on-behalf-of-user auth by default), as well as external MCP servers hosted in a customer’s environment or by another platform. This gives customers a central place to govern, discover, and manage MCP tools across the enterprise.
Unity AI Gateway for a governed agentic platform
The Unity AI Gateway is the missing piece that turns fragmented MCP deployment into a governed, searchable ecosystem. Unity AI Gateway in Databricks is a Unity Catalog–backed registry that provides centralized discovery, governance, and access control for all MCP servers across an organization’s workspaces. This is now integrated in the Databricks Unity AI Gateway as the unified governance, guardrail, and observability layer that extends Unity Catalog across every LLM and MCP call your AI agents make (see the blog post for more information).
Exposed as the MCP Servers tab under the Unity AI Gateway, it lists each server with the server type (that you can also filter on), the status, and who created and is the owner of the MCP server. Figure 1 outlines the Unity AI Gateway within a hypothetical organization. Additionally, clicking the "Register MCP Server" button launches a wizard. This wizard guides you through the process of creating your own individual MCP servers and also presents pre-configured, out-of-the-box MCP servers available in the Databricks Marketplace. A selection of these is also shown in Figure 1 and can be installed right away. We did some similar work in the previous blog with a web search MCP (blog), if you want to get hands-on experience.
Figure 1: Unity AI Gateway with ability to search, filter and discover available MCP servers in the marketplace.
If you want to use an MCP server from the catalog list above, you can investigate the details by selecting the server from the list. In Figure 2, we show a sample MCP server that
- Is mapped to the bu_data_product.mcp (which represents <catalog>.<schema> in Unity catalog)
- Shows the endpoint URL of that MCP server that an agentic solution would interact with
- Contains seven different tools to, e.g., create a connection to a cluster, run a command, and more.
Note that you can also simply take the MCP server and try it out in the AI Playground in Databricks - an easy way to prototype your agent (refer to this blog for a similar example).
Figure 2: Details information for a UC function managed MCP server.
Because servers are backed by UC objects (for example, UC connections for external MCP or Databricks Apps for custom MCP), the catalog inherits fine-grained Role-based Access Control (RBAC), audit, lineage, and tagging, allowing platform admins to scope which tools are exposed, enforce per-user/on‑behalf‑of‑user authorization, and log all agent tool usage for compliance and monitoring.
Drive for unification
By introducing Unity AI Gateway, we move from a fragmented landscape of isolated agentic solutions and MCP servers to a governed, searchable fabric of agents and tools that every organization can reliably build on. Instead of each team reinventing integrations and authentication patterns, agentic implementations, and MCP servers, we make these assets discoverable throughout the whole organization with consistent access control, lineage, and monitoring.
This unification is what turns collections of agents into a true agentic platform. Centralized discovery accelerates development by preventing teams from redoing the implementation work that has already been done. In addition, composing new agents from existing, proven MCP servers rather than starting from scratch significantly reduces time-to-production. Standardized governance and on‑behalf‑of‑user authorization make it safe to expose powerful capabilities broadly, while audit and observability give platform teams the levers they need to manage risk and cost at scale.
Finally, taking the travel-planning agent from our previous blog: It is straightforward to ship this agentic solution once. The hard problem is scalability in terms of discoverability, reusability and agent/tool governance. Here Unity AI Gateway makes that the default path. MCP servers cataloged once and reused, credentials and on-behalf-of-user authorization handled centrally, and every call observable through the same audit surface as the rest of the data and AI estate.
