Agentic Data Plane

Redpanda ADP Overview

Enterprises spent decades building governance for their human workforce: identity, access control, audit trails, and accountability. They never built the same controls for AI agents. Most agents run with broad credentials, no identity of their own, and no record of what they did, which is why enterprise AI so often stalls before it reaches production.

Redpanda Agentic Data Plane (ADP) closes that gap. ADP is governance infrastructure for enterprise agents: it sits between your agents and your data, gives every agent an identity, mediates every tool call and data access, and records every action so you can replay and audit it. With ADP, you connect agents to all your enterprise data, from real-time event streams to databases and business systems, and run them safely at scale without losing control.

ADP builds on open standards, including MCP, OAuth, OpenTelemetry, and the Kafka protocol, so governance sits above your choice of LLM, cloud, or agent framework. You stay free to adopt new models and frameworks as they emerge, without re-platforming or locking into a single vendor.

ADP is its own product surface. It runs on Redpanda, so there’s no separate cluster to stand up first: Redpanda provisions the underlying environment when you add ADP.

After reading this page, you will be able to:

  • Identify the key components of Redpanda ADP and their purposes

  • Describe how each component addresses enterprise governance and reliability requirements

  • Determine whether Redpanda ADP fits your organization’s requirements for AI agent deployment

Architecture

Agents and clients connect through ADP rather than reaching your systems directly. ADP gives every agent an identity and applies guardrails and spend caps, mediates tool and data access through MCP servers to your systems of record, and routes every LLM call through the AI Gateway. All activity streams to the Redpanda Data Platform as OpenTelemetry traces for replay, audit, and cost reporting.

Architecture diagram: Redpanda-managed agents
Figure 1. Redpanda ADP sits between your agents and clients and your external systems and LLM providers

AI Gateway

The AI Gateway is a managed proxy for LLM APIs. You configure an LLM provider once, and applications point at a Redpanda-hosted proxy URL while continuing to use the provider’s native SDK. Redpanda holds the upstream credentials, so application code never carries a provider API key and rotation happens in one place.

Because every LLM call flows through one managed entry point, you get usage and cost visibility broken down by provider, model, and user, across any agent framework or platform, including Redpanda’s own, without locking into any single vendor’s SDK. Applications authenticate with short-lived OIDC service-account tokens, and streaming responses pass through unchanged. To control spend, set caps and per-agent budgets in one place.

For more information, see How AI Gateway Works.

MCP servers

MCP servers translate agent intent into connections to databases, queues, HRIS, CRMs, and other business systems. They are the simplest way to give agents context and capabilities without writing glue code.

MCP servers are lightweight, support OIDC-based authentication, and enforce deterministic policies at the tool level. You pick a managed type from the marketplace and configure it with your credentials, or register a self-managed server. Policy enforcement programmatically prevents prompt injection, SQL injection, and other agent-based attacks.

With real-time debugging capabilities, you reduce integration time while getting enterprise-grade security. You can reuse your existing infrastructure and data sources rather than building new integrations from scratch.

For more information, see How MCP Servers Work.

AI agents

With Redpanda AI agents, you declare the agent behavior you want and Redpanda handles execution and orchestration. Instead of writing Python or JavaScript, you configure agents declaratively: set a system prompt, choose a model, and attach the tools the agent can use. You can orchestrate multiple specialized sub-agents, or bring your own frameworks like LangChain or LlamaIndex.

What makes this practical at scale is a broad library of prebuilt tools and integrations with built-in filtering, enrichment, and routing, which give declarative definitions real power.

The result is faster time-to-production, lower maintenance (declarative definitions instead of imperative code), and organizational consistency across teams.

For more information, see How Agents Work.

Built-in governance controls

Redpanda ADP addresses critical enterprise requirements across all components.

  • Security by design: MCP servers enforce policies at the tool level, programmatically preventing prompt injection, SQL injection, and other agent-based attacks. Policy enforcement is deterministic and controlled. Agents cannot bypass security constraints even through creative prompting.

  • Unified authorization: All components use OIDC-based authentication with an on-behalf-of authorization model. When a user invokes an agent, the agent inherits the intersection of its own permissions and the user’s permissions, so an agent can only do what the user behind it is allowed to do. This ensures proper data access scoping. An embedded identity provider lets any standards-compliant MCP client, such as Claude Desktop, Claude Code, or Microsoft Copilot Studio, connect over OAuth without custom header handling.

  • Complete observability: Redpanda ADP provides two levels of inspection. Execution logs (transcripts) give a read-only view of every agent run, capturing each prompt, response, and tool call with token and USD cost per conversation, plus status, duration, and an interactive timeline. Traces are emitted as OpenTelemetry data into an immutable Redpanda topic with 100% sampling. Real-time debugging tools let you inspect individual MCP server calls down to individual tool invocations with full timing data. You can view detailed agent actions in ADP and replay data for agent evaluations. For more information, see How Observability Works.

  • Compliance and audit: Redpanda ADP records every agent action and the data sources used in each decision, which supports audit and compliance efforts (for example, frameworks such as ISO 42001 or the EU AI Act). Execution logs are stored in Redpanda topics and can be materialized to Iceberg tables for longer-term retention and analysis.

Use cases

Common Redpanda ADP use cases include:

  • Automate financial operations: Build agents that reconcile invoices across vendors and ERP systems, monitor real-time spending against budget, or review contracts against approved templates and flag out-of-policy clauses for legal review.

  • Streamline HR and people operations: Answer employee questions against benefits, payroll, and HRIS systems; automate onboarding and offboarding workflows; or triage internal support tickets to the right team.

  • Improve customer experience: Route customer inquiries to the right team, summarize prior support history before an agent picks up the case, or surface relevant knowledge-base articles in real time.

  • Modernize infrastructure operations: Detect anomalies in real-time telemetry from cloud, network, or factory equipment, correlate signals across disparate monitoring systems, and auto-create maintenance tickets with the relevant context already attached.

  • Extend enterprise productivity tools: Integrate Microsoft Copilot or other workplace agents with internal data sources and systems that are otherwise inaccessible.

Next steps