These 5 Companies Secretly Control AI

The surprise list of companies that actually control agents

Nate opens by flipping the usual assumption: the companies deciding whether your agent ships are often not OpenAI or Anthropic, but operators like Cloudflare, Stripe, Okta, Oso, Datadog, and Snowflake. His core point is simple but sharp: models are only one piece of the agent economy, while infrastructure companies increasingly control where agents run, what they know, what they can spend, and who can shut them down.

Compute matters, but it’s not the bottleneck people think

He quickly acknowledges the familiar AI infrastructure story—GPUs, power, data centers, networking, capex—but says that only answers whether AI can be served at scale. Once agents start doing real work, the bottleneck becomes governability: memory, approvals, authority, budgets, and intervention all have to be handled by infrastructure, not by the model itself.

Runtime is now a control point: Cloudflare, AWS, and Vercel

Nate spends real time on the idea that agents need more than stateless prompt-response loops; they need memory, scheduled execution, recovery, streaming, and tool coordination. That’s why he spotlights Cloudflare’s durable objects, AWS Bedrock AgentCore, and Vercel AI Gateway as different versions of the same thesis: runtime itself is becoming a strategic place to control agent behavior.

Identity gets weird the second an agent acts for a human

This is where he brings in Oso, Okta, WorkOS, Entra, and AWS identity. A user logging into an app is one thing; an agent acting across Google, Slack, GitHub, Salesforce, and a RAG pipeline is another entirely, especially when approvals happen asynchronously and secrets can’t just be handed over forever. His phrase is memorable: the dangerous agent isn’t necessarily the most capable one, but the one with “very fuzzy authority.”

Data platforms want to become the safe place where agents reason

Nate then moves into Snowflake and Databricks, arguing that agents are only as good as the governed meaning of the data they touch. He lists the classic failure modes—wrong joins, stale docs, mistaken metrics, unauthorized retrieval—and frames Snowflake Cortex and Databricks Mosaic AI as attempts to keep agents inside the semantic layer where business truth about ARR, customers, churn, and forecasts actually lives.

Money raises the stakes fast, and Stripe knows it

Once agents can issue refunds, make purchases, or move money, the control problem becomes much more serious. Nate says Stripe is uniquely well positioned because it already sits in the middle of payments, fraud, disputes, billing, issuing, treasury, and merchant onboarding, while Visa, Mastercard, and Amex are making a different bet: proving that agent transactions can run through the same institutional trust chain as card payments.

You’re not just logging agents—you’re watching work happen

He argues observability is badly underrated because agent failures often look valid on the surface: correct syntax, wrong tool, authorized data, wrong conclusion, or loops that quietly burn tokens. That’s where Datadog, LangSmith, Braintrust, Langfuse, and AWS come in, all trying in different ways to create one operational view that ties together traces, costs, tool calls, policies, and evals.

The kill switch, the seven questions, and the story that makes it real

Near the end, Nate turns practical: pick one workflow—support refunds, claims, usage checks—and answer seven questions about runtime, identity, data, tools, payments, observability, and who can stop the system. He lands the point with a story from a data-team leader describing agents “hacking around” human permission structures, which captures the whole thesis: agents do not respect org charts, so your governance model has to compensate.