Artificer Digital The Artificer's Grimoire

Scout: Agent Registries — AWS vs. Microsoft vs. Google vs. AGNTCY

Summary

The April 12 MCP gateway scout positioned the registry as one of six slots in the emerging MCP middle tier — the control-plane half of the gateway pattern, concerned with tool discovery, signing, and approval workflow. Seven days later AWS dropped its Agent Registry into preview and the slot suddenly has four serious competitors: AWS Agent Registry (inside Bedrock AgentCore), Microsoft Agent 365 (GA May 1, 2026, $15/user/month), Google’s Gemini Enterprise Agent Gallery plus Vertex AI’s Cloud API Registry, and the Linux Foundation’s AGNTCY project — the AAIF-aligned neutral registry, not to be confused with the unrelated Zed/JetBrains “ACP Registry” for IDE coding agents, which the briefing from queue.yaml appears to have conflated. All four hyperscaler offerings claim protocol neutrality (MCP + A2A, with Microsoft adding its own SDK) and all four make the same implicit bet that the registry is the right place to absorb protocol fragmentation. The neutrality claims differ sharply. AWS indexes agents regardless of cloud but runs the control plane on AWS; Microsoft positions Agent 365 as “governance for any agent” while the identity floor is Entra and the billing floor is per-seat M365; Google catalogs through Gemini Enterprise with deep IAM/VPC-SC integration; AGNTCY is genuinely neutral (Apache 2.0, OCI-registry-based, self-hostable) but trails the hyperscalers on admin console polish. The decision shape is the one every enterprise has already had with the preceding control planes — directory, API gateway, container registry, observability platform: pick the one your identity and billing gravity already commits you to, and treat everything else as interop concerns.

Key Findings

1. The Four Offerings Are Architecturally Similar, Commercially Dissimilar

Every one of the four registries implements roughly the same data model: a catalog of agent and MCP-server records, each with a schema (MCP tool schema, A2A AgentCard, or a custom variant), some notion of signed/verified identity, a discovery API, and an approval workflow. The differences start with what else is bundled.

DimensionAWS Agent RegistryMicrosoft Agent 365Google Gemini Enterprise + Cloud API RegistryAGNTCY (AAIF / Linux Foundation)
StagePreview (Apr 2026)GA May 1, 2026Preview (registry pieces), GA (Gemini Enterprise)Active open-source, production users (Webex, others)
Protocol supportMCP + A2A + custom schemasMCP (Work IQ servers), A2A, Copilot/M365 Agent SDK, Foundry agentsMCP (Cloud API Registry), A2A, ADKOASF records describing MCP servers, A2A agents, Copilot manifests, custom types
Identity floorIAM + OAuth custom JWT; AgentCore Identity (GA)Entra Agent ID (preview)Google IAM + OAuth 2.0Cryptographic agent identity (Ed25519), Sigstore provenance
Cross-cloud indexingClaimed (“on AWS, other clouds, on-prem”) but manual registration for non-AWS; no federation yetClaimed for any agent, but auto-discovery is Microsoft-ecosystem-only todayGemini Enterprise indexes agents in VAI Agent Engine + marketplace; no explicit cross-cloud claimNative — any org can run its own directory and sync with others (OCI-based, distributed by design)
Governance primitivesIAM policies, approval workflow (draft → pending → approved), CloudTrail auditRBAC via Entra, policy templates, least-privilege scoping of tools/data, full lifecycle block/deleteIAM roles, VPC Service Controls, Model Armor, CMEK, audit logsOPA/policy-engine friendly (OASF separates capability from constraints); RBAC left to deployer
PricingNo charge during preview; AgentCore runtime/gateway/memory billed per use$15/user/month standalone or $99/user/month E7 bundle (building agents billed separately via Copilot Studio/Foundry)Gemini Enterprise from $21/user/month (Standard $30–35, Plus $50–60); Cloud API Registry in preview (not separately priced yet)Free software; infra costs only when self-hosted; Outshift offers a hosted variant
Consumer interfacesConsole, AWS CLI/SDK, exposed as an MCP serverEntra/Agent 365 console, Copilot Studio, Foundry, M365 adminGCP console, Gemini Enterprise UI, REST APICLI (dirctl), REST API, OCI-compatible pulls
Lock-in profileMedium-high: registry free but runtime/gateway/memory are AWS-native; account-scopedHigh: per-seat M365 license; Entra identity graph; Microsoft-ecosystem auto-discovery is the whole value propHigh: IAM tenancy, VPC-SC, and Gemini inference are deeply coupled to GCPLow: Apache 2.0, OCI-standard storage, portable OASF records, multiple vendors can operate directories

Two things are worth calling out in that table. First, every hyperscaler registry claims “cloud-agnostic indexing.” In practice this means “you can paste a URL or a JSON AgentCard for an external agent.” None of the three offer credential-broker-level control over agents that actually run elsewhere. Second, AGNTCY is the only option that does not invoice you for the registry itself — but you buy hosting, operations, and the console-polish gap.

2. The “ACP Registry” Naming Collision Is Real and Matters

The queue brief referenced “ACP Registry (Linux Foundation Agentic AI Foundation neutral registry).” This appears to conflate two distinct projects that both use the acronym “ACP”:

  • AGNTCY / OASF (the AAIF-adjacent project) — Cisco’s donation, now under the Linux Foundation. Provides the Agent Directory Service, OASF (Open Agent Schema Framework) for describing agents, and SLIM messaging. This is the genuine neutral-registry answer, with Cisco, Dell, Google Cloud, Oracle, and Red Hat as formative members and 75+ supporting companies. Production user cited: Webex.
  • Agent Client Protocol ACP Registry (Zed + JetBrains, Jan 2026) — a very different thing. It is a curated catalog of IDE-embeddable coding agents (Claude Code, Codex CLI, Gemini CLI, GitHub Copilot CLI, etc.) served to Zed and JetBrains editors over a JSON-RPC protocol. This is IDE plumbing, not an enterprise governance layer.

For the enterprise-governance decision the briefing is framing, AGNTCY is the correct neutral counterweight to the three hyperscalers. The Zed/JetBrains ACP Registry is parallel infrastructure for a different problem (IDE–agent interop) and is out of scope for this scout except as a cautionary note on how overloaded the “agent registry” label has become.

3. Identity Is Where Lock-In Actually Lives

Every registry claims to be a catalog, but a catalog without identity is a phone book. The load-bearing question is: which identity system authorizes the agents the registry indexes?

  • AWS couples the registry to AgentCore Identity (GA), which issues workload identities to agents and brokers OAuth against downstream services (GitHub, Salesforce, Slack). Identity lives in AWS IAM; portability means re-issuing agent credentials.
  • Microsoft couples the registry to Entra Agent ID (currently preview, converging with Agent 365 on May 1 2026 when the Entra-based Agent registry blade is retired). This is the deepest lock-in on offer because Entra is already the identity floor for most large enterprises — Agent 365’s whole pitch is “agents are first-class directory citizens subject to the same lifecycle, conditional-access, and risk-scoring you already run for humans.”
  • Google couples the registry to Google Cloud IAM plus per-agent OAuth 2.0 credentials, with VPC Service Controls and Model Armor adding perimeter enforcement. Tenancy is the GCP project.
  • AGNTCY takes a different bet entirely — cryptographic agent identity (Ed25519 keys with Sigstore provenance) is native to the OASF record. Agents carry their own signed identity; the directory doesn’t need to be the trust anchor, which is exactly what makes distributed/federated directories possible.

The architectural consequence: adopting a hyperscaler registry is downstream of the identity system you already run. If Entra is your IdP, Agent 365 will be frictionless and leaving it will be expensive. If you run AWS IAM as the enterprise floor, AgentCore Identity is the path of least resistance. AGNTCY’s cryptographic-identity approach is the only one that survives an identity-provider swap — but you are signing up to run your own trust infrastructure.

4. The Hyperscalers Are Converging on the Same Feature Set, Not the Same Commitment

Read the AWS, Microsoft, and Google press in a row and you’ll notice all three say some version of: “discover any agent, governance for every agent, works cross-cloud.” The feature lists are remarkably similar — approval workflows, policy enforcement, audit trails, MCP + A2A support, catalog-style discovery. The differences are in depth of commitment:

  • AWS is the most protocol-pluralist of the three. Custom record types are a first-class registry citizen. The registry itself is exposed as an MCP server, meaning MCP-speaking clients (Kiro, Claude Code) can query it directly — a genuinely open design move. It also ships today with explicit “MCP + A2A native” support, where competitors are still adding A2A incrementally.
  • Microsoft has the most enterprise-ready governance story. Agent 365 is the only offering that ships with Microsoft’s “unified Agent registry surfaces all agents including Copilot Studio, Agent Builder, SharePoint, M365 Agent SDK, AI Foundry, Data Fabric, Entra-only registrations, Microsoft-provided agents, internally built agents, and even third-party ones.” That scope is narrower than it sounds — auto-discovery is Microsoft-ecosystem-only, and third-party agents must self-register — but the integration with Entra ID Governance, conditional access, and Microsoft Defender for Cloud Apps is unmatched.
  • Google’s registry story is split across two services. Gemini Enterprise’s Agent Gallery handles agent-level cataloging and sharing, while Vertex AI’s Cloud API Registry handles MCP server/tool governance. The seam between them is the least-polished product surface of the four hyperscaler offerings, but when it works, Google’s VPC-SC and CMEK controls are the strongest data-residency story.
  • AGNTCY has the most interoperability. OASF is explicitly designed to model MCP servers, A2A agents, Copilot manifests, and custom types in one schema. The Agent Directory Service is OCI-based, meaning any OCI-compatible registry (including the ones your platform team already operates for container images) can host records. This is where an academic paper on The AGNTCY Agent Directory Service goes out on a limb the hyperscalers won’t: the directory isn’t supposed to be the trust anchor, the signatures are.

5. IBM watsonx Orchestrate Is the Fifth Option the Brief Undercounts

The brief framed the landscape as four-player, but IBM watsonx Orchestrate with Agent Catalog and the Agent Connect Framework is a serious fifth contender for regulated enterprises. The Agent Catalog validates every agent at registration, offers a partner-ISV distribution channel (80+ enterprise-app integrations), and ships with Agent Connect as a standardized way for external agents in any framework to plug in. The positioning is different from the hyperscalers: IBM is going narrower on “curated, validated, consumable” rather than wider on “index everything you have.” For enterprises already running watsonx elsewhere, this is the path of least resistance; for everyone else, it’s a narrower play. Flagging it here so the decision framework in §Practical Implications accounts for it rather than pretending it doesn’t exist.

6. What Cross-Cloud Actually Means (And Mostly Doesn’t)

The Bedrock press run repeatedly claimed the registry indexes agents “whether on AWS, other cloud providers, or on premises.” That is technically true in the sense that you can paste a URL for a non-AWS agent into the registry. It is misleading in every practical sense: the registry does not provision, manage, authenticate, or federate those agents. The SiliconANGLE coverage was careful to note that “integration with external or on-prem agents will likely require manual registration, and cross-cloud or federated discovery capabilities are not yet clearly established.” The same caveat applies — more strongly — to Microsoft and Google. An enterprise running agents on two hyperscalers and subscribing to all three registries would end up with three overlapping indexes and still have no cross-platform governance. AGNTCY’s distributed-directory architecture is the only offering that makes federated discovery an actual design goal rather than a marketing claim.

This is also the point where the prior MCP-gateway scout becomes load-bearing. The registry answers “what agents/tools exist and who can touch them.” The gateway answers “can this call actually go through.” In a cross-cloud deployment the gateway has to be a neutral point or the governance story falls apart — and that’s why Solo.io, Kong, and Zuplo are in the conversation alongside the hyperscaler registries rather than competing with them. The registry slot and the gateway slot decouple cleanly; you can pick a hyperscaler registry and still run a neutral gateway, or run AGNTCY with a hyperscaler gateway. Most teams will pair them.

Practical Implications

A Decision Framework by Organizational Profile

Single-cloud-committed enterprise (AWS / Azure / GCP): Default to your hyperscaler’s registry. The marginal cost of cross-cloud neutrality is not worth the daily friction of running infrastructure that fights your identity system. AWS Agent Registry if you’re AWS-first, Microsoft Agent 365 if Entra is the IdP, Gemini Enterprise if you’re GCP-first. In all three cases, bring a neutral MCP gateway (Solo.io, Kong, Zuplo per the prior scout) to avoid locking the data plane at the same time as the control plane.

Multi-cloud enterprise running agents in more than one hyperscaler: You cannot solve this with one of the hyperscaler registries, because none of them federate. Two viable shapes:

  1. Federated hyperscaler registries — deploy each cloud’s native registry for its own agents, glue them together with a neutral gateway and a thin discovery layer. High operational complexity, best governance depth per cloud.
  2. AGNTCY as the master index — run AGNTCY as the cross-cloud catalog of record and let hyperscaler registries be per-cloud mirrors. Lower operational complexity, thinner per-cloud governance (because you’re not using the Entra ID Governance or VPC-SC features natively). This is the architecture the AGNTCY docs are designed for, and where its Webex production deployment points.

Regulated industries (healthcare, finance, EU data residency): Gemini Enterprise has the strongest data-residency story (CMEK, VPC-SC, Model Armor, regional Google Cloud processing). Microsoft Agent 365’s Entra-integrated governance and Defender coverage is the strongest story for US-based regulated enterprises already on M365. AWS Agent Registry’s CloudTrail integration satisfies SOC 2 / FedRAMP audit requirements but the preview status matters — don’t commit to it for production regulated workloads until GA. AGNTCY is self-hostable anywhere, which matters most for air-gapped, sovereign-cloud, or on-prem regulated deployments.

Open-source-first / neutrality-committed organizations: AGNTCY is the only serious answer. The OASF data model is portable, the directory is self-hostable, the cryptographic-identity story survives vendor changes. Expect to invest in the operations work the hyperscaler offerings are absorbing for you.

Pre-production / small-scale / fewer than 10 agents: Skip the formal registry entirely. Use the MCP registry primitives (.well-known/mcp.json server cards per SEP-1649/2127) and a spreadsheet. You are not yet at the scale where the registry’s value exceeds its operational cost.

The Decision Axes That Actually Matter

After normalizing the marketing language, four decision axes survive:

  1. Identity floor gravity — is your IdP already Entra, AWS IAM, or Google IAM? If yes, the matching registry is the path of least friction and the others cost 10× to operate.
  2. Protocol pluralism you will actually use — do you need to catalog agents outside your home cloud? If yes, AGNTCY or a federated design; if no, any hyperscaler.
  3. Governance depth required — if you need conditional access, DLP, risk-scored agent behavior, and integration with an existing SOC stack, Microsoft Agent 365 is alone in the quality tier. If you need policy-as-code and VPC-level perimeter, Gemini Enterprise. If you need CloudTrail-style audit plus IAM-native authorization, AWS Agent Registry.
  4. Exit cost tolerance — how painful is it when you swap away? AGNTCY: low (portable OASF records, OCI-standard storage). AWS and Google: medium (registry records portable, but runtime and identity are not). Microsoft: high (Entra graph, per-seat licensing, and deep M365 integration make Agent 365 the stickiest of the four).

What Pairs With What

Per the prior scout, the registry is one of six slots in the middle tier. The pairings that look sane in April 2026:

  • AWS Agent Registry + Solo.io agentgateway + OpenLLMetry-to-Datadog + E2B sandbox — the AWS-first enterprise stack.
  • Microsoft Agent 365 + Microsoft mcp-gateway + Azure Monitor + Daytona sandbox — the Entra-committed stack.
  • Gemini Enterprise + Cloud API Registry + Envoy AI Gateway + Google Cloud Observability + Colab MCP Server — the GCP-first stack.
  • AGNTCY directory + Kong or agentgateway + OpenLLMetry + E2B or Modal — the neutral stack.
  • IBM watsonx Orchestrate Agent Catalog + IBM mcp-context-forge + existing IBM observability — the IBM-shop stack.

Open Questions

  1. Will any of the four registries implement real cross-registry federation? AWS’s roadmap mentions “cross-registry federation for searching across multiple registries as one,” but no timeline, no protocol, and no hint that Microsoft or Google will participate. AGNTCY is the only offering where federation is a design primitive rather than a marketing bullet. Whether the hyperscalers converge on AGNTCY’s model or build proprietary federation is the single biggest open question for multi-cloud enterprises.

  2. Does Microsoft’s “auto-discovery is Microsoft-only” limitation stay permanent? Agent 365’s pitch depends on “all agents, everywhere, one pane of glass.” The moment that breaks for third-party agents, enterprises will need a secondary registry anyway — which erodes Agent 365’s strategic position. Microsoft has the agent ecosystem partnerships to fix this; whether they prioritize it against their own Copilot Studio growth is uncertain.

  3. Is OASF the winning schema, or does each hyperscaler entrench its own? OASF can describe MCP servers, A2A agents, Copilot manifests, and custom types. AWS’s “custom record types” and Microsoft’s extended Agent 365 schema are doing similar work in proprietary dialects. The schema war is the registry war in disguise. If OASF gets picked up by the MCP server cards SEP authors (SEP-1649 / SEP-2127), this is effectively over; if not, the hyperscalers win by default.

  4. How does Microsoft Agent 365 pricing scale for non-human agent populations? $15/user/month aligns with existing M365 seat economics, but a large enterprise will run 10–100× more agents than humans. Microsoft has not yet clarified whether “user” includes agents; the answer reshapes the cost model entirely.

  5. Will AGNTCY get console polish in time to matter? The architecture is sound and the backing (Cisco, Dell, Google Cloud, Oracle, Red Hat) is credible. But enterprise buyers buy consoles, not architectures. AGNTCY’s hosted variant via Outshift is the answer, but its feature depth vs. Microsoft Agent 365 is — frankly — not close yet. Twelve months to close that gap, or the hyperscalers lock the market.

  6. How does the Edition 7 MCP enterprise gateway picture intersect with this? The prior scout’s conclusion was that teams pick “one vendor for auth+policy+transport+registry” plus separable observability and sandbox choices. With four credible registry options now on the table, the registry slot is looking increasingly separable from the gateway slot — a neutral gateway with a hyperscaler registry or vice versa both become coherent designs. Watch whether Solo.io, Kong, and Zuplo start shipping AGNTCY-first configurations as the default neutral path.

Sources

  1. AWS Agent Registry for centralized agent discovery and governance is now available in Preview — AWS
  2. AWS Launches Agent Registry in Preview to Govern AI Agent Sprawl Across Enterprises — InfoQ
  3. The future of managing agents at scale: AWS Agent Registry now in preview — AWS ML Blog
  4. AWS targets AI agent sprawl with new Bedrock Agent Registry — InfoWorld
  5. AWS: Agents shouldn’t be secret, so we built a registry — The Register
  6. AWS previews a cloud-agnostic registry for managing agentic fleets at scale — SiliconANGLE
  7. AWS Agent Registry: Discover and manage agents, tools, and resources — AWS Docs
  8. Supported record types — AWS Docs
  9. Amazon Bedrock AgentCore Pricing — AWS
  10. Microsoft Agent 365: The Control Plane for Agents — Microsoft
  11. Microsoft Agent 365: The control plane for AI agents — Microsoft 365 Blog
  12. Agent Registry convergence with Microsoft Agent 365 — Microsoft Learn
  13. Governing Agent Identities (Preview) — Microsoft Learn
  14. Agent 365 Licensing: What It Covers and Costs — SAMexpert
  15. 6 core capabilities to scale agent adoption in 2026 — Microsoft Copilot Blog
  16. Work IQ MCP overview (preview) — Microsoft Learn
  17. Register and manage ADK agents hosted on Vertex AI Agent Engine — Google Cloud Docs
  18. Register and manage A2A agents — Google Cloud Docs
  19. IAM roles and permissions | Gemini Enterprise — Google Cloud Docs
  20. New Enhanced Tool Governance in Vertex AI Agent Builder — Google Cloud Blog
  21. Guide to Gemini Enterprise: features, pricing, and implementation — Revolgy
  22. Linux Foundation Announces the Formation of the Agentic AI Foundation (AAIF) — Linux Foundation
  23. Linux Foundation Welcomes the AGNTCY Project — Linux Foundation
  24. AGNTCY docs — AGNTCY
  25. The AGNTCY Agent Directory Service: Architecture and Implementation — arXiv
  26. Evolution of AI Agent Registry Solutions: Centralized, Enterprise, and Distributed Approaches — arXiv
  27. The ACP Registry is Live — Zed (noted for naming-collision disambiguation; not the AAIF registry)
  28. IBM watsonx Orchestrate Agent Catalog — IBM (fifth option flagged in §5)