AI governance guide
Unity AI Gateway and service policies are in Beta. Account admins manage access to these features from the account console Previews page. See Manage Databricks previews.
AI governance keeps the AI your organization uses safe, compliant, and cost-controlled. On Databricks, Unity AI Gateway is the control plane for AI. It routes every model and MCP request, enforces rate limits and cost controls, applies service policies (also called guardrails), and records usage across any model provider and any coding agent. Unity Catalog governs the assets behind it, such as models, MCP servers, and functions, with the same privileges and policies you use for data. As a result, you don't maintain a separate access model for AI.
This governance applies to external AI, not just Databricks-hosted resources. You govern the following in the same way:
- External coding agents, such as Claude Code, Cursor, Codex, and Gemini CLI, by routing them through a Databricks model service.
- External MCP servers, registered as Unity Catalog MCP Services.
- External models from any provider, such as OpenAI, Anthropic, and Google, accessed through Unity AI Gateway.
This guide is for workspace and account administrators setting up AI governance for the first time. After you complete it, your teams can use AI productively while Databricks enforces your rules automatically.
For a hands-on start, go to the tutorial: govern a coding agent's GitHub access or moderate a model service's content.
How AI governance works on Databricks
Unity Catalog is the foundation for AI governance on Databricks. It governs your AI assets as securables, the same way it governs your data. Unity AI Gateway is the control plane for the traffic to those assets, and service policies govern the content of each request and response. AI governance spans three dimensions:
- Asset governance: Unity Catalog manages every model, MCP server, function, and connection as a securable object, governed with the same privileges and ABAC grant policies you use for tables and volumes.
- Traffic governance: Unity AI Gateway routes every model service and MCP service request from a central control plane, and enforces rate limits, budgets, and usage tracking.
- Behavior governance: Service policies allow, deny, or require approval for individual requests and responses, based on who is calling and what the request and response contain.
When an agent calls a tool or model, Databricks authenticates the request, authorizes it against Unity Catalog, and routes it through Unity AI Gateway before it reaches any external system:

Prerequisites
- A workspace that is enabled for Unity Catalog. See Get started with Unity Catalog.
- Account administrator access to enable previews, or an account administrator who can enable them for you.
Set up AI governance
Set up governance across your AI assets, traffic, and service behavior, and then confirm that it works.
Step 1: Enable the AI governance previews
Unity AI Gateway and service policies are in Beta. An account administrator must enable them from the Previews page in the account console before you can use them. See Manage Databricks previews.
Unity Catalog asset governance is generally available and does not require a preview.
Step 2: Govern access to your AI assets in Unity Catalog
Unity Catalog manages AI assets as securable objects, so you grant and revoke access to them with the same privileges and ABAC grant policies you use for tables and volumes. Focus on the two primary AI assets:
- MCP Services: Govern access to MCP servers registered as Unity Catalog securables, with tool filtering and service policies. See MCP Services in Unity Catalog.
- Models: Govern access to registered ML models, including Databricks-hosted foundation models. See Manage model lifecycle.
Unity Catalog also governs the functions that agents use as tools, with the same privileges. For tool use in agents, MCP Services provide the richest governance, including tool filtering and service policies.
Grant only the privileges each principal needs. Access to an AI asset determines what an agent acting on a user's behalf can reach.
Step 3: Route and control AI traffic with Unity AI Gateway
Unity AI Gateway is the agent control plane. It routes traffic to the model and MCP services your organization uses, enforces cost controls, and records usage from one place, through the same Unity Catalog governance layer:
- Review how Unity AI Gateway works and how to get started. See AI governance with Unity AI Gateway.
- Create model services for your LLMs, including Databricks-hosted and external-provider models. See Create and manage model services.
- Point your coding agent at a Databricks model service, so its traffic is governed and costed through Unity AI Gateway. See Integrate with coding agents.
- Set rate limits and spend caps to protect capacity and control cost. See Configure rate limits for AI services using Unity AI Gateway.
- Govern access to MCP servers registered as Unity Catalog MCP Services, with grants, tool selection, and service policies. See Connect agents to third-party tools with MCP Services.
Step 4: Apply service policies to requests and responses
After you govern your assets and traffic, add controls on the content of individual requests and responses. A service policy, also called a guardrail, is a type of attribute-based access control (ABAC) policy scoped to AI services. Attach a service policy to a Model Service or MCP Service to allow, deny, or require approval for an interaction based on its content. For example, block a request that contains PII or deny an out-of-policy tool call.
Databricks has built-in service policies (guardrails) for common risks such as PII, prompt injection, and unsafe content, or you can author a custom one. See Service policies for AI securables and Create and attach a service policy.
Step 5: Monitor usage and cost
Confirm that your governance is working and track activity over time:
- Track model and MCP usage, including who called what and when, in governed usage tables.
- Analyze cost across models, principals, and tags.
- Inspect full request and response payloads in inference tables.
Tutorials
Put these capabilities into practice with a tutorial:
- Tutorial: Govern a coding agent's GitHub MCP access
- Tutorial: Implement guardrails on a model service with service policies
Next steps
- Learn how service policies control the content of requests and responses.
- Explore Unity AI Gateway for full model service and MCP service governance.