In The Great Compression, we documented how six model providers deployed $200B+ to absorb every middleware function that stood between foundation models and enterprise workloads. In The Great Compression Was Never Just About Middleware, we showed the same logic executing at the services layer — absorbing the implementation relationship that consulting firms had claimed as their moat. In The Great Compression Has Reached the State Layer, we documented the compression reaching the execution substrate itself — the infrastructure that governs not what enterprise agents do, but whether they can continue. Now a CB Insights analysis of S&P 500 AI activity has confirmed the pattern from the demand side — and pointed, without fully naming it, at what the compression reaches for next.
Three posts into this series, the pattern is no longer a thesis. It is a documented sequence. Each prior compression targeted a layer enterprises had not yet recognized as strategic surface area. Middleware functions were already provider-native before most architects had mapped the structural change. The implementation relationship was already being absorbed before the services firms had named the threat. The execution substrate was already fused with a $35B contingent investment commitment before governance frameworks had a category for investment-coupled infrastructure risk. The compression does not announce its next target. It absorbs the substrate, and the market learns about it afterward.
The governance layer — the enterprise’s capacity to observe, interrupt, inspect, audit, and control its own AI systems — is the next compression surface. The market is beginning to confirm it. The architecture already explains why.
What Governance Actually Requires
There is a persistent confusion in enterprise AI about what governance means architecturally. In most organizations, AI governance is treated as a policy problem — a matter of frameworks, committees, risk registers, and compliance documentation. The NIST AI Risk Management Framework. Internal AI acceptable use policies. Ethical review boards. These are real and necessary. They are not governance.
Governance of autonomous agents is an infrastructure problem. To govern an agent — to actually control it rather than document your intention to control it — you must be able to do five things in production: observe what the agent is doing in real time, interrupt it mid-workflow without losing operational state, inspect the permissions it holds and the tools it has connected, audit the decisions it made and the data it accessed, and redirect it when it deviates from intended behavior. None of those capabilities are policy capabilities. Every one of them requires access to the layer that holds the agent’s working state.
That layer is memory: the accumulated context the agent carries across a multi-step workflow. It is tool connections: the live integrations the agent has established with enterprise systems and APIs. It is permission contexts: the authorization structures the agent has built through workflow execution. It is resumption logic: the record of where in a workflow the agent stopped, and what it needs to continue. The Alignment Gate made this argument structurally: the harness layer is the only place to govern recursive AI. The governance tools assume they can reach the substrate. That assumption is what the compression is now placing in question.
Governance without substrate access is documentation. It is the appearance of control, not the function of it.
The Market Is Arriving at This Conclusion
In March 2026, CB Insights and HumanX published their analysis of S&P 500 AI activity across partnerships, investments, M&A, and hiring from 2023 to 2025. The report contains, embedded in its findings, a market-scale confirmation of the architectural dependency the series has been tracking.
Their fourth key takeaway reads: “Enterprise AI is as much about control as capability. Several of the highest-potential AI markets with S&P 500 activity are in infrastructure and governance. As AI becomes more autonomous, enterprises are realizing they need systems to monitor, manage, and control how it behaves in production — capability alone isn’t enough.” That conclusion is correct. The framing is incomplete. It identifies the demand signal without identifying where the control infrastructure must ultimately live, or who is absorbing that layer as the demand signal rises.
The CB Insights Mosaic score for Know Your Agent — the category covering agent identity, permissions, monitoring, and control — ranking it #2 among all emerging AI markets. Six of the top ten emerging markets by that measure are agent-related. The categories immediately behind them — Platform as a Service, AI Agent Tool Libraries, LLM Benchmarking — are infrastructure and governance plays. The market is arriving, from the demand side, at the same conclusion the Alignment Gate reached from the architectural side: governance is infrastructure, not oversight.
The same report’s market scoring data is specific about where the demand is concentrating. Know Your Agent ranks second overall by Mosaic score, just behind IT Ops AI Agents. KYA covers agent identity, permissions, monitoring, and control — the exact functions that require substrate access to be operationally meaningful rather than observationally decorative. What the market data does not yet show is that the substrate those tools must sit on is being absorbed by the same compression the series has been documenting since Post 1.
The Compression Has Already Reached That Substrate
Post 3 of this series documented how the compression absorbed the execution substrate — the infrastructure that governs not what agents do, but whether they can continue. The OpenAI–AWS stateful runtime manages agents’ working states: memories, tool connections, user permissions, and resumption logic. It runs on Amazon Bedrock AgentCore. It is jointly built and jointly owned by a model provider and a hyperscale cloud provider. The $35B Amazon investment commitment is contractually contingent on the cloud partnership remaining intact.
The governance implication of that architecture was present in Post 3 but not its primary subject. It is the primary subject here. When the substrate that governance tooling must access is provider-native, governance tooling operates at the provider’s discretion. An enterprise deploying KYA platforms, agent observability tools, or permission management systems on top of a provider-controlled stateful runtime has built its control infrastructure on terrain the provider drew. The monitoring capability is real. The control is contingent.
The governance tools enterprises are buying assume neutral substrate access. That assumption is what the compression is systematically dismantling.
— Tom M. Gomez, Luminity DigitalThe compression has equipped itself with four distinct mechanisms for substrate absorption, each documented across this series. Acquisition absorbed discrete harness functions — OpenAI’s eight harness-layer purchases, each converting an independent vendor into a provider-native capability. Open-source protocol control established the standards that governance tooling must implement — Anthropic’s Model Context Protocol at 97 million monthly SDK downloads, Google’s Agent Development Kit at seven million. Managed runtime integration created the infrastructure layer governance tooling sits on top of — Microsoft’s Agent Framework, AWS Bedrock AgentCore, Google Vertex AI Agent Engine. And definitional engineering drew new infrastructure categories in terrain that existing contracts and governance frameworks had not yet mapped.
Neutral Substrate Access
Governance tooling assumes it can reach agent identity, permissions, working memory, and tool connections through open, provider-neutral interfaces. The monitoring layer sits above the substrate and reads from it independently.
This assumption held when the execution layer was fragmented and no single provider controlled the full runtime stack.
Prior architectureProvider-Native Substrate
The stateful runtime now holds working memory, tool connections, permission contexts, and resumption logic in provider-controlled infrastructure. Governance tooling built on top reads what the provider exposes.
Substrate access is a feature of the provider relationship, not an architectural property of the governance tool.
Current architectureEach mechanism has left governance tooling one layer higher than the substrate it needs to reach. The KYA category is not exempt from this dynamic. It is its clearest expression. The demand is real; the structural dependency is not yet priced into either the market valuations or the enterprise procurement decisions that are funding it.
The M&A Wave Confirms the Pattern
CB Insights projects that the next phase of enterprise AI consolidation will target agent frameworks, governance platforms, data infrastructure, and vertical AI — estimating 200+ deals in the mid-term window, driven by established vendors using acquisition to close capability gaps faster. The projection is credible. The strategic logic behind those acquisitions is not what acquirers believe it to be.
Of enterprise AI investment rounds flowing to infrastructure and model-layer companies across 2023–2025, per CB Insights. Seven of the top eight S&P 500 investment targets are infrastructure or model plays. The capital follows the layer being absorbed. The compression’s prior targets attracted investment precisely because they held strategic surface area — until that surface area was absorbed. Governance platforms are the next tier in that sequence.
Corporate acquirers approaching governance platform targets believe they are buying control capability — the ability to observe, interrupt, and audit autonomous agents operating across enterprise workflows. What they are acquiring is governance tooling whose substrate access is already contingent on provider relationships the acquirer does not control. The acquisition premium flows to the target’s current valuation, which reflects real demand for governance capability. It does not reflect the structural dependency that makes that capability contingent.
The compression’s prior targets understood this dynamic only after the absorption was complete. Independent harness-layer vendors built genuine technical capability and watched it become structurally dependent on provider protocols and runtime integration before the market had priced the dependency. Governance platform vendors are in an earlier version of the same position. Their tooling is real. Their substrate access is assumed. The compression is assembling the conditions under which that assumption fails.
Enterprises acquiring governance platforms in the projected M&A wave are not buying governance independence. They are buying governance capability whose operational depth is bounded by the provider relationships beneath it. The acquisition premium flows to the seller. The structural dependency flows to the buyer — and through the buyer, back to the provider.
The Governance Layer Is the Surface
The three prior posts in this series each identified a compression target after the absorption was underway. The governance layer is not yet fully absorbed. The KYA category is early-stage. Agent observability tooling is fragmented. Permission management for autonomous agents has no established standard. The governance frameworks that enterprises are building now — internal and external, technical and procedural — are being built on assumptions about substrate access that the compression is systematically undermining.
This is not a theoretical risk. It is the same structural move documented three times in succession, reaching the next layer. The compression has equipped itself with four proven mechanisms and a demonstrated willingness to use definitional engineering to draw new infrastructure categories before governance frameworks, enterprise contracts, and regulatory standards have mapped them. The governance layer has no natural immunity to this sequence. It has the same structural vulnerability as every layer that preceded it: its operational value depends on substrate access, and the substrate is being absorbed.
Every enterprise agent running on a provider-native stateful runtime, evaluated by provider-native tooling, governed by frameworks that assume neutral substrate, represents an enterprise that has concentrated not just technology dependencies but governance capacity — the actual ability to control its AI — in a single provider relationship. When that relationship changes, as all provider relationships eventually do, governance does not migrate. It collapses. What the enterprise believed it controlled, it was merely permitted to monitor.
The governance nightmare hasn’t arrived. The market is beginning to see its outline in demand signals, Mosaic scores, and M&A projections. The architecture has been explaining its shape since Post 1. The tide is coming in. The question is whether enterprise architects can see the waterline moving before the substrate beneath their governance stack is no longer theirs.
