Amruta Moktali
Chief Product Officer
Nabeel Adeni
Product Marketing

Table of Contents

Table of Contents

This is also a heading
This is a heading
Related Content

Tokenize-Once, Orchestrate Everywhere: How Skyflow + Camunda Scales Compliance

Read More
Watch our webinars
No items found.
This is some text inside of a div block.
This is some text inside of a div block.
Heading

Build AI Agents on Gemini Enterprise Agent Platform Without Exposing Sensitive Data

Amruta Moktali
Chief Product Officer
Nabeel Adeni
Product Marketing
April 22, 2026

Executive Summary

AI is moving from copilots to autonomous systems. Enterprises are racing to deploy AI agents on Gemini Enterprise Agent Platform. But most aren't stuck on models. They are stuck on data.

McKinsey reports that fewer than 10% of enterprises have scaled agents to deliver real value. A separate industry survey cited by McKinsey found that 80% of organizations have already encountered risky agent behaviors, including unauthorized systems access systems and improper data exposure (sharing or downloading sensitive data).

Skyflow is the runtime data control layer that sits between agents and sensitive data, purpose-built for Google Cloud. At Google Cloud Next 2026, Skyflow and Google Cloud announced a deeper integration, now available on Google Cloud Marketplace. The integration gives enterprises building on Gemini Enterprise Agent Platform the complete stack to deploy AI agents at scale in regulated industries, with sensitive data protected, governed, and auditable at every step.

The Challenge: AI Agents are Ready. Enterprise Data Isn't

AI agents are no longer experimental. They can reason, retrieve context, use tools, and take action across enterprise systems. In many enterprises, agents are already resolving customer issues, automating workflows, and collaborating with other agents.

Google Cloud's own platform reflects this: Gemini models reason across complex tasks, Agent Search on Gemini Enterprise Agent Platform grounds agents in enterprise context (via RAG), and 100+ connectors plus MCP support let agents use tools and take action across systems. Gemini Enterprise Agent Platform enables deployment at scale. Gemini Enterprise provides the runtime for goal-oriented, multi-step execution, with security, observability, and compliance built in.

However, when it’s time to move from demo to production, everything slows down and deployment halts. Security, Legal, and Compliance teams cannot approve what they cannot audit. Not because the agents aren't capable. Because the data isn't controllable.

What Makes Agents Hard to Govern?

What makes agents powerful is also what makes them hard to govern:

  • Autonomous: making decisions at runtime, not following fixed scripts.
  • Context-driven: pulling data dynamically across systems.
  • Memory-enabled: storing and reusing information across interactions.
  • Multi-agent: coordinating across workflows, tools, and other agents.

Sensitive data flows across multiple systems and agents through prompts, memory, and tool calls simultaneously. And yet, when asked simple questions :

  • What data did the agent access?
  • Why did it access it?
  • Where did that data go next?

There are no clear answers. Without those answers, approvals don’t happen.

What’s the Choice for Enterprise CTOs?

We’ve seen this pattern before. When enterprises adopted cloud data platforms, data was centralized faster than it could be governed. Sensitive data that once lived in isolated systems became interconnected, and it took years to build the controls and infrastructure needed to operate safely at scale.

AI agents accelerate that shift. But instead of just centralizing data, they move it continuously, dynamically, all at runtime. The attack surface is no longer a system. It’s every decision an agent makes.

The eventual outcome is a binary choice no enterprise engineering leader wants:

  • Block sensitive data entirely and break agent functionality, or
  • Expose it and accept the risk

Neither works at enterprise scale.

Three Gaps Blocking Production

The moment agents move toward production especially in regulated environments three key gaps show up immediately:

  1. Access controls end at the record. Agents operate inside it.
    Traditional systems control who reaches a record. They do not control what an agent extracts from it. By the time policies apply, the data is already in context, memory, or downstream outputs.
  2. Agents are not users.
    Agents don't have logins, security training, or fixed roles. They access data across systems and silos on behalf of other users, make decisions at runtime, and take actions without a human in the loop. When agents act, there is no clear owner in the audit log.
    A loyalty agent, support agent, billing agent, and fraud agent all need different views of the same data. Traditional identity systems were not built to make those distinctions at agent speed across systems, in real time. They were built for humans.
  3. No unified visibility exists across the agent lifecycle.
    Retrieval, reasoning, tool use, agent-to-agent communication, memory. No single view of how sensitive data flows across these steps. Without it, the security team cannot validate, the compliance team cannot prove control, and the legal team cannot sign off.

The Joint Solution: Runtime Data Control to Make Enterprise Data Agent-Ready

What enterprises need is not another compliance tool or governance framework. They need data control at runtime. A layer that:

  • Protects sensitive data from agents
  • Evaluates every data request as it happens.
  • Enforces field-level policy based on agent identity.
  • Logs every interaction end-to-end.

A runtime data control layer helps engineering teams control how data is used by autonomous systems. Skyflow is that layer, built for AI-native platforms and applications on Google Cloud.

Google Cloud + Skyflow = Better Together

Today, Skyflow is launching the Skyflow Runtime Data Security Agent for Google Cloud. It’s built on the Agent Development Kit (ADK) in Python, with full support for Agent-to-Agent (A2A) protocol, MCP-based integrations, and multi-agent architectures.

It connects natively to Gemini Enterprise agents. Gemini Enterprise Agent Platform gives engineering teams the platform to build, orchestrate, and deploy AI agents at scale. The Skyflow Runtime Data Security Agent adds what regulated enterprises need to take those agents to production: runtime data control at every step of the agent workflow. No need for Engineering teams to rebuild their architecture. Skyflow slots in and enforces data policy at every agent interaction.

Capabilities That Make This Partnership Work

  1. Runtime Sensitive Data Protection
    • As Gemini models reason and Gemini Enterprise agents retrieve context, Skyflow intercepts every data payload before it reaches the model.
    • Sensitive fields are tokenized at the moment of access. The agent gets the context it needs. Raw PII, PHI, or financial data never enters the model.
  2. Agent Identity and Fine-Grained Access Control
    • Every Gemini Enterprise agent gets a cryptographically verifiable identity. Skyflow evaluates every data request against that identity and the task context in real time.
    • A support agent sees a customer's name. Not their SSN. A billing agent sees the transaction type. Not payment credentials. Enforced per agent, per request, across every system simultaneously.
  3. Cross-System and Regional Data Control
    • As Gemini Enterprise agents operate across APIs, databases, and vector stores, Skyflow enforces data residency requirements continuously.
    • This simplifies global compliance with regulations like GDPR in Europe, HIPAA in US healthcare, and DPDP in India. Policies apply automatically, without rebuilding instances and agent logic for each regulation.
  4. End-to-End Auditability
    • Every data request, transformation, and policy decision across the Gemini Enterprise Agent Platform workflow is logged in one unified and queryable audit trail.
    • Google Cloud Logging and Google Cloud Monitoring surfaces agent behavior and health across long-running tasks.
    • Skyflow adds the data control layer that logs which sensitive fields were accessed, by which agent, for which task, at what time.
    • Compliance can point to one place and show regulators exactly what happened. Security approves. Legal signs off.

What Skyflow + Google Cloud Unlocks

Enterprises building on Gemini Enterprise Agent Platform can now:

  • Deploy agents in regulated industries without compliance trade-offs
  • Scale multi-agent workflows with governance built-in
  • Give security, legal, and compliance teams one unified and queryable audit trail

In Practice: Loyalty Escalation in Agentic Commerce

47% of retail and CPG brands already have AI agents in production for customer service, as per Google Cloud’s 2026 AI Trends in Retail. These agentic commerce concierges, powered by Gemini Enterprise for Customer Experience (CX), deliver personalized experiences grounded in real customer data: purchase history, loyalty tier, lifetime spend. The catch: that same customer data cannot reach Gemini as raw PII.

When a customer contacts support claiming VIP status and demanding an exception. Resolving it the traditional way means a transfer, a hold, a manual lookup across three systems, and a callback the next day. The Skyflow Runtime Data Security Agent resolves it in the same conversation, on Gemini Enterprise, with no raw PII touching the model at any point.

The Support Agent passes a tokenized ID to the Escalation Agent via A2A. Skyflow intercepts the data payload, tokenizes sensitive data fields, and passes protected context to Gemini Enterprise. The model reasons on signals, not raw records. The customer gets a resolution in the same conversation. No transfer, no hold and no callback. The agent handles this conversation end-to-end. Skyflow handles the sensitive data. The grounding that makes the agent useful does not become a potential attack surface leading to PII exposure.

Here is what that looks like in practice:

Diagram 1: Skyflow sits at every A2A handoff between the customer's agents, built on Gemini Enterprise. Skyflow controls what data gets sanitized and protected.

What's Next

Agents are becoming new consumers and producers of sensitive data across dozens of internal systems: customer data, operational data, partner data, employee data. The enterprises that build runtime data control into their agent stack now will deploy faster, clear approvals without re-architecting, and scale without accumulating compliance debt.

Explore Skyflow Runtime Data Security Agent for your use case and build your agent architecture: Talk to an expert

Stay tuned for a follow-up technical deep dive into A2A integration, tokenization flows, and field-level policy configuration inside multi-agent systems on Gemini Enterprise Agent Platform

Related Content

Healthcare
PHI

Data Protection in Healthcare: A Comprehensive Guide

Read More
Related Content

Data Protection in Healthcare: A Comprehensive Guide

Read More
Watch our webinars

When Privacy and Innovation Are Both P0 — With GoodRx

Sertifi’s Approach to Comprehensive Data Security

Build AI Agents on Gemini Enterprise Agent Platform Without Exposing Sensitive Data

Amruta Moktali
Chief Product Officer
Nabeel Adeni
Product Marketing
April 22, 2026

Executive Summary

AI is moving from copilots to autonomous systems. Enterprises are racing to deploy AI agents on Gemini Enterprise Agent Platform. But most aren't stuck on models. They are stuck on data.

McKinsey reports that fewer than 10% of enterprises have scaled agents to deliver real value. A separate industry survey cited by McKinsey found that 80% of organizations have already encountered risky agent behaviors, including unauthorized systems access systems and improper data exposure (sharing or downloading sensitive data).

Skyflow is the runtime data control layer that sits between agents and sensitive data, purpose-built for Google Cloud. At Google Cloud Next 2026, Skyflow and Google Cloud announced a deeper integration, now available on Google Cloud Marketplace. The integration gives enterprises building on Gemini Enterprise Agent Platform the complete stack to deploy AI agents at scale in regulated industries, with sensitive data protected, governed, and auditable at every step.

The Challenge: AI Agents are Ready. Enterprise Data Isn't

AI agents are no longer experimental. They can reason, retrieve context, use tools, and take action across enterprise systems. In many enterprises, agents are already resolving customer issues, automating workflows, and collaborating with other agents.

Google Cloud's own platform reflects this: Gemini models reason across complex tasks, Agent Search on Gemini Enterprise Agent Platform grounds agents in enterprise context (via RAG), and 100+ connectors plus MCP support let agents use tools and take action across systems. Gemini Enterprise Agent Platform enables deployment at scale. Gemini Enterprise provides the runtime for goal-oriented, multi-step execution, with security, observability, and compliance built in.

However, when it’s time to move from demo to production, everything slows down and deployment halts. Security, Legal, and Compliance teams cannot approve what they cannot audit. Not because the agents aren't capable. Because the data isn't controllable.

What Makes Agents Hard to Govern?

What makes agents powerful is also what makes them hard to govern:

  • Autonomous: making decisions at runtime, not following fixed scripts.
  • Context-driven: pulling data dynamically across systems.
  • Memory-enabled: storing and reusing information across interactions.
  • Multi-agent: coordinating across workflows, tools, and other agents.

Sensitive data flows across multiple systems and agents through prompts, memory, and tool calls simultaneously. And yet, when asked simple questions :

  • What data did the agent access?
  • Why did it access it?
  • Where did that data go next?

There are no clear answers. Without those answers, approvals don’t happen.

What’s the Choice for Enterprise CTOs?

We’ve seen this pattern before. When enterprises adopted cloud data platforms, data was centralized faster than it could be governed. Sensitive data that once lived in isolated systems became interconnected, and it took years to build the controls and infrastructure needed to operate safely at scale.

AI agents accelerate that shift. But instead of just centralizing data, they move it continuously, dynamically, all at runtime. The attack surface is no longer a system. It’s every decision an agent makes.

The eventual outcome is a binary choice no enterprise engineering leader wants:

  • Block sensitive data entirely and break agent functionality, or
  • Expose it and accept the risk

Neither works at enterprise scale.

Three Gaps Blocking Production

The moment agents move toward production especially in regulated environments three key gaps show up immediately:

  1. Access controls end at the record. Agents operate inside it.
    Traditional systems control who reaches a record. They do not control what an agent extracts from it. By the time policies apply, the data is already in context, memory, or downstream outputs.
  2. Agents are not users.
    Agents don't have logins, security training, or fixed roles. They access data across systems and silos on behalf of other users, make decisions at runtime, and take actions without a human in the loop. When agents act, there is no clear owner in the audit log.
    A loyalty agent, support agent, billing agent, and fraud agent all need different views of the same data. Traditional identity systems were not built to make those distinctions at agent speed across systems, in real time. They were built for humans.
  3. No unified visibility exists across the agent lifecycle.
    Retrieval, reasoning, tool use, agent-to-agent communication, memory. No single view of how sensitive data flows across these steps. Without it, the security team cannot validate, the compliance team cannot prove control, and the legal team cannot sign off.

The Joint Solution: Runtime Data Control to Make Enterprise Data Agent-Ready

What enterprises need is not another compliance tool or governance framework. They need data control at runtime. A layer that:

  • Protects sensitive data from agents
  • Evaluates every data request as it happens.
  • Enforces field-level policy based on agent identity.
  • Logs every interaction end-to-end.

A runtime data control layer helps engineering teams control how data is used by autonomous systems. Skyflow is that layer, built for AI-native platforms and applications on Google Cloud.

Google Cloud + Skyflow = Better Together

Today, Skyflow is launching the Skyflow Runtime Data Security Agent for Google Cloud. It’s built on the Agent Development Kit (ADK) in Python, with full support for Agent-to-Agent (A2A) protocol, MCP-based integrations, and multi-agent architectures.

It connects natively to Gemini Enterprise agents. Gemini Enterprise Agent Platform gives engineering teams the platform to build, orchestrate, and deploy AI agents at scale. The Skyflow Runtime Data Security Agent adds what regulated enterprises need to take those agents to production: runtime data control at every step of the agent workflow. No need for Engineering teams to rebuild their architecture. Skyflow slots in and enforces data policy at every agent interaction.

Capabilities That Make This Partnership Work

  1. Runtime Sensitive Data Protection
    • As Gemini models reason and Gemini Enterprise agents retrieve context, Skyflow intercepts every data payload before it reaches the model.
    • Sensitive fields are tokenized at the moment of access. The agent gets the context it needs. Raw PII, PHI, or financial data never enters the model.
  2. Agent Identity and Fine-Grained Access Control
    • Every Gemini Enterprise agent gets a cryptographically verifiable identity. Skyflow evaluates every data request against that identity and the task context in real time.
    • A support agent sees a customer's name. Not their SSN. A billing agent sees the transaction type. Not payment credentials. Enforced per agent, per request, across every system simultaneously.
  3. Cross-System and Regional Data Control
    • As Gemini Enterprise agents operate across APIs, databases, and vector stores, Skyflow enforces data residency requirements continuously.
    • This simplifies global compliance with regulations like GDPR in Europe, HIPAA in US healthcare, and DPDP in India. Policies apply automatically, without rebuilding instances and agent logic for each regulation.
  4. End-to-End Auditability
    • Every data request, transformation, and policy decision across the Gemini Enterprise Agent Platform workflow is logged in one unified and queryable audit trail.
    • Google Cloud Logging and Google Cloud Monitoring surfaces agent behavior and health across long-running tasks.
    • Skyflow adds the data control layer that logs which sensitive fields were accessed, by which agent, for which task, at what time.
    • Compliance can point to one place and show regulators exactly what happened. Security approves. Legal signs off.

What Skyflow + Google Cloud Unlocks

Enterprises building on Gemini Enterprise Agent Platform can now:

  • Deploy agents in regulated industries without compliance trade-offs
  • Scale multi-agent workflows with governance built-in
  • Give security, legal, and compliance teams one unified and queryable audit trail

In Practice: Loyalty Escalation in Agentic Commerce

47% of retail and CPG brands already have AI agents in production for customer service, as per Google Cloud’s 2026 AI Trends in Retail. These agentic commerce concierges, powered by Gemini Enterprise for Customer Experience (CX), deliver personalized experiences grounded in real customer data: purchase history, loyalty tier, lifetime spend. The catch: that same customer data cannot reach Gemini as raw PII.

When a customer contacts support claiming VIP status and demanding an exception. Resolving it the traditional way means a transfer, a hold, a manual lookup across three systems, and a callback the next day. The Skyflow Runtime Data Security Agent resolves it in the same conversation, on Gemini Enterprise, with no raw PII touching the model at any point.

The Support Agent passes a tokenized ID to the Escalation Agent via A2A. Skyflow intercepts the data payload, tokenizes sensitive data fields, and passes protected context to Gemini Enterprise. The model reasons on signals, not raw records. The customer gets a resolution in the same conversation. No transfer, no hold and no callback. The agent handles this conversation end-to-end. Skyflow handles the sensitive data. The grounding that makes the agent useful does not become a potential attack surface leading to PII exposure.

Here is what that looks like in practice:

Diagram 1: Skyflow sits at every A2A handoff between the customer's agents, built on Gemini Enterprise. Skyflow controls what data gets sanitized and protected.

What's Next

Agents are becoming new consumers and producers of sensitive data across dozens of internal systems: customer data, operational data, partner data, employee data. The enterprises that build runtime data control into their agent stack now will deploy faster, clear approvals without re-architecting, and scale without accumulating compliance debt.

Explore Skyflow Runtime Data Security Agent for your use case and build your agent architecture: Talk to an expert

Stay tuned for a follow-up technical deep dive into A2A integration, tokenization flows, and field-level policy configuration inside multi-agent systems on Gemini Enterprise Agent Platform