Key Points
- Broadcom launches Tanzu Platform agent foundations for AI applications on VMware Cloud Foundation
- Platform enforces deny-by-default security with immutable supply chain and zero-trust networking
- Announcement made at AI in Finance Summit
Broadcom has announced Tanzu Platform agent foundations, a new platform designed to help enterprises deploy autonomous AI applications with built-in security controls. The company unveiled the product at the AI in Finance Summit, targeting organisations that need to move AI projects from experimental stages into full-scale production.
The platform extends Broadcom’s existing Tanzu Platform to support AI agents, which are software programmes capable of making autonomous decisions and executing tasks without constant human oversight. It runs on VMware Cloud Foundation (VCF), the company’s private cloud infrastructure product.
EVENT
Infosec Reimagined
Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.
EVENT
CIO Prism
CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.
For Indian enterprises running AI workloads on private cloud infrastructure, the announcement addresses a growing concern: how to govern autonomous AI systems that handle sensitive business data while maintaining the same security standards applied to traditional applications.
Why enterprises struggle with AI agent deployment
AI agents differ from conventional software because they combine code execution with autonomous decision-making. Traditional platforms were not built to handle systems that can independently access data, communicate with external services and take actions based on their own analysis.
According to Broadcom, organisations often build AI projects in isolated environments that fail to connect with core business data. This creates silos where experimental AI systems cannot scale into production because they lack proper governance frameworks.
Tanzu Platform agent foundations attempts to solve this by providing what Broadcom calls a ‘pre-engineered PaaS environment’, meaning a platform-as-a-service setup specifically designed for AI agents. PaaS allows developers to build and deploy applications without managing the underlying servers, storage and networking infrastructure.
Platform engineers can manage AI services using the same tools they already use for business-critical applications, the company stated. This removes the need for infrastructure teams to acquire specialised AI or data science expertise.
Security architecture
The platform enforces what Broadcom describes as a ‘deny-by-default’ runtime. This means AI agents are blocked from accessing any system, data or service unless explicitly permitted by administrators.
Advertisement
Three security features form the core of this approach. First, the platform uses an immutable supply chain. Instead of allowing developers to upload custom Dockerfiles, which are configuration files that define how software containers are built, the system uses trusted Buildpacks. These are pre-verified building blocks that construct agent containers automatically, with security patches applied by the platform rather than individual developers.
Second, structural secrets isolation prevents AI agents from reading credentials belonging to other agents running on the same infrastructure. In security terminology, this closes the door on lateral movement, where a compromised system uses stolen credentials to access other systems.
Third, zero-trust networking limits what resources AI agents can access. Connectivity to internal systems, external services and AI models is never open by default. Access must be explicitly granted through secure service bindings, which are controlled connections between the agent and its permitted data sources.
The platform integrates with VMware vDefend to extend these protections across infrastructure services and external software-as-a-service connections, according to the company.
Developer tools and data services
Tanzu Platform includes pre-built agent templates that developers can use as starting points. The platform provides what Broadcom calls ‘governed access’ to AI models, MCP servers and marketplace services. MCP, or Model Context Protocol, is a standard that allows AI agents to communicate with different tools and data sources using a common language.
IT organisations can pre-curate which services developers are permitted to use, maintaining central control over what AI agents can access.
For data storage and processing, the platform includes VMware Tanzu for Postgres with pgvector. Postgres is a widely used database system, and pgvector is an extension that enables it to store and search through the numerical representations that AI systems use to understand text, images and other data. The platform also includes caching, streaming, data flow services and Spring AI memory services for agent context management.
The platform uses VMware Cloud Foundation APIs to abstract infrastructure complexity from developers. This means developers do not need to manually provision compute, networking or storage resources when deploying AI agents.
Tanzu Platform leverages VMware vSphere Kubernetes Service (VKS) to deliver scalable marketplace services. Kubernetes is an open-source system for managing containerised applications across multiple servers.
Infrastructure scaling and operations
For ongoing operations, the platform offers elastic environment capabilities that automatically scale underlying infrastructure resources up or down based on demand. This optimises costs for both short-lived agents that complete specific tasks and long-running agents that operate continuously.
The system provides four layers of high availability and self-healing infrastructure, ensuring that mission-critical autonomous applications remain operational even when individual components fail, according to Broadcom.
A centralised AI gateway controls which tools and models are available to agents, manages usage limits and costs, and applies safety filters across both public AI models and private models running on VCF.
Your Questions, Answered
What is Tanzu Platform agent foundations?
Tanzu Platform agent foundations is Broadcom’s new platform-as-a-service environment designed specifically for deploying autonomous AI applications on VMware Cloud Foundation. It provides security controls and governance frameworks for AI agents.
How does the platform secure AI agents?
The platform uses a deny-by-default approach with three main features: an immutable supply chain using trusted Buildpacks, structural secrets isolation preventing agents from accessing each other’s credentials, and zero-trust networking requiring explicit permission for all connections.
What is the Model Context Protocol mentioned in the announcement?
Model Context Protocol (MCP) is a standard that allows AI agents to communicate with different tools and data sources using a common language. The Tanzu Platform provides governed access to MCP servers for developers building AI applications.
When will Tanzu Platform agent foundations be available?
Broadcom has not disclosed pricing or availability dates. The announcement was made at the AI in Finance Summit on 15 April 2026, but regional availability and further details remain to be confirmed.