What’s new with Unity Catalog at Data + AI Summit 2026

What’s new with Unity Catalog at Data + AI Summit 2026 | Databricks Blog Skip to main content

Summary

What's new in Unity Catalog, at a glance:

*Govern what AI agents do, not just what they access: Unity AI Gateway brings models, agents, tools, and MCPs under one runtime governance layer.

*Give agents the business context they need: Glossary and Domains create a shared, governed source of meaning for people and agents.

*Govern your entire estate across clouds and regions: one catalog, one set of policies, and consistent governance wherever your workloads run.

The agentic era is here. Hundreds of thousands of agents are now acting on enterprise data, querying it, reasoning over it, and making decisions with it in real time. That shift has changed what we ask of the catalog. The catalog has moved from a system of record to a runtime decision-maker for AI. Making those decisions takes three things:  control , so every action, human or agent, stays governed;  context , so agents understand the business and stop hallucinating; and  choice , so you're never locked into a single cloud, model, or format. Together, these are what governance has to mean in the agentic era. Five years ago, Databricks pioneered data and AI governance by releasing  Unity Catalog , the industry's only unified governance solution for data and AI across clouds, data formats, and data platforms. More than 14,000 organizations now govern their data and AI on Unity Catalog. Today, we're advancing Unity Catalog to deliver on all three: control, context, and choice. Here's what's new. Control: AI governance for all your agents For years, governing an asset meant governing access: who can query this table, who can call this model. But agents don't just access assets; they act through them, calling models, invoking tools, and connecting to MCP servers. To meet this shift, we are introducing a suite of capabilities built to govern the entire lifecycle of an agent's behavior. Unity AI Gateway: govern every model, tool, and agent Unity AI Gateway is our governance solution for enterprise AI. Built on Unity Catalog, it extends governance beyond data and AI assets to the runtime interactions between models, agents, MCPs, skills, and tools: Govern every AI asset in one place:   Register and govern Databricks-hosted and external models, MCP services, agents, and skills alongside your data, with the same access controls, discovery, lineage, and auditing you already use. Databricks provides foundation model services out of the box, plus managed MCP services for apps like Google Drive, Jira, Slack, and GitHub. Enforce what AI can do at runtime: Contextual Service Policies,  now in Beta , extend governance from who can access a model or tool to what it can do in a given interaction. Admins can allow, deny, or require approval for actions like writing to sensitive folders or pushing code. Built-in guardrails protect against PII exposure, prompt injection, and unsafe content Control AI spend across providers: AI Gateway budgets now cover external providers, including bring-your-own-key connections, so you see AI spend across Databricks-hosted and external models in one place. Hard spend caps stop requests when a budget is reached, rather than just alerting after the fact. Monitor and investigate AI activity:  Unified agent tracing in Unity AI Gateway captures model and MCP activity in one governed telemetry layer, and traces can be analyzed in  Lakewatch , Databricks' lakehouse-native SIEM.

Read the full  AI governance announcement . Governance Hub Governance Hub,  now in PrPr,  provides a centralized command center for data stewards and admins to govern your Databricks estate: monitor your posture, identify risks, prioritize remediation, and scale governance operations across data, AI, cost, and performance from a single experience. Attribute based access controls Recently, we announced the  General Availability of ABAC policies for row filtering and column masking, alongside Governed Tags and Data Classification, to help you protect sensitive data at scale. At Data + AI Summit, we are extending ABAC with: ABAC Grant Policies ( Beta for models ):  Define attribute-based access once to automatically grant EXECUTE permissions across all matching models, eliminating per-model overhead. Future support will expand to other securables, including AI components (MCP services, agents), tables, and volumes. Identity Attributes (Preview soon):  Build access rules using live user properties (e.g., department, region, clearance) synced from your identity provider or managed in Databricks, moving beyond rigid group-based access. Context Attributes (Preview soon):  Leverage request context, such as whether access originates from an agent, application, or workspace, to securely handle application- and agent-brokered access. Tag propagation (Private Preview available now): Automatically carry governed tags from source tables and columns to downstream tables and views as data is transformed, so your classification and access policies stay consistent without manual effort.

Role based access controls Role-based access control  (Public Preview coming soon) complements Databricks’ collaborative, inheritance-based identity and permission model by enabling customers to define groups that behave like roles. A role is just a group with a collection of permissions that users can assume. When a user assumes a role, they act as the role, and all actions, including data access are authorized as that role. RBAC lets customers model new use cases, such as exclusive access, where roles provide data-isolation boundaries for projects that work with sensitive data where data sets should not be accessed in combination, e.g. clinical trials, or country-specific data, or when performing highly-privileged tasks, such as debugging access control issues. Users can easily switch between roles in the UI, or by specifying a role in client OAuth flows, and the workspace adapts to exactly what that role allows. Context: open and adaptive enterprise context Agents are only as good as the context they have. Without a shared definition of what the business actually means, even a capable agent will guess.  Unity Catalog Semantics provides agents and humans with a single, shared source of meaning. Concepts and business KPIs are defined once, organized by domain, and accessible via SQL, APIs, and MCPs, so any tool or agent can...