AI-First Product Architecture

Agent Gateway for AI-first products.

An Agent Gateway lets Claude, ChatGPT, Siri, Gemini, and approved third-party agents access your product safely, with consent, scoped permissions, audit logs, and your business rules intact.

Start with one controlled customer journey. Prove agent access safely. Then let the wider platform strategy learn from something real.

Built for mobile apps, service platforms, customer accounts, and AI-first product systems.

In plain English

An Agent Gateway is the safe front door for AI assistants. It decides what an agent may read, what it may request, what needs user approval, and what gets logged, so customer AI, partner agents, voice assistants, and your own app can all use the same product capabilities with consent, scoped permissions, business rules, and audit.

Agent Gateway definition

An Agent Gateway is a secure action layer that lets AI assistants, partner agents, voice assistants and apps use product capabilities with consent, scoped permissions, approval flows, business rules and audit logs.

Only need Siri, Google Assistant, or Alexa in your app? That is a smaller, focused piece of work: see voice assistant integration.

Why this matters now

Customers are no longer using only your app, your website or your support channel. They are starting to use their own AI assistants to understand information, compare options, automate tasks and manage services, and that changes the interface between your product and the customer.

If your product cannot safely expose actions and data to agents, customers will work around you: screenshots, scraping, shared credentials, copy-paste, browser extensions, third-party tools, or AI browsers you cannot control.

Customers brought their own AI

Claude, ChatGPT, Gemini, Siri and on-device assistants are becoming daily tools. Customers increasingly expect to ask their assistant about the products and services they use.

Browser agents are becoming real

AI is moving into the browser. Assistants can increasingly read pages, navigate flows, fill forms and help users act across websites. That makes controlled product access more urgent, not less.

Agent protocols are becoming practical

MCP (the Model Context Protocol) is becoming an important integration layer. It exposes product capabilities to AI clients without building a separate integration for every assistant.

Voice and OS-level actions are real surfaces

App Intents on iOS and App Functions on Android let assistants trigger real product actions, not just open an app.

The broader platform solution will take time. A focused Agent Gateway can prove the path before everything else is ready.

The outcomes we deliver

Three concrete things your customers can do once an Agent Gateway is in place.

“Hey Claude, what’s going on with my account?”

Customers ask their own AI assistant and get a real, current answer pulled from your product, not a scraped screenshot, not a chatbot guessing from your help center. The actual data, with the right scopes, consent and audit trail.

Business outcome: Your product becomes the trusted source the customer’s AI can use, instead of another interface the customer has to work around.

“Switch me to the cheaper plan when it’s actually better for me.”

Third-party agents and comparison tools act on the customer’s behalf, because the customer gave explicit permission. No shared passwords, no scraping. The system stores a delegation record (this agent, these scopes, this duration, this user, this audit trail), revocable any time.

Business outcome: Comparison and optimization tools work through permissioned access, instead of pulling customers into scraping, shared passwords or unmanaged third-party flows.

“Tell me before I overpay.”

Your own proactive agents detect billing anomalies, usage spikes, plan mismatches or renewal moments, and notify the customer, explain what is happening and propose a safe action. The user stays in control.

Business outcome: The support call that did not happen. The complaint that never reached an app store review. The renewal that took care of itself.

What changes for the customer

What changes for the customer: today versus with an Agent Gateway.
Today With an Agent Gateway
I open the app, log in and click through three screens to see what is left on my plan.I just ask my AI. It already knows what it is allowed to know.
I’d use a comparison site, but I’m not sharing my password.I gave the comparison site read-only access to my usage for 90 days. Then it expired.
I only find out about the surprise charge when I open the bill.My provider warned me early and asked if I wanted to block the risky option. I tapped yes.
Siri cannot actually do anything useful with my account.“Siri, top up my prepaid by twenty euros.” Done, confirm with Face ID.
Every new AI feature feels like a separate project.The same action registry powers the app, agents, partners and voice.

The customer experience changes from opening your interface to approving useful actions.

External example: conversational finance

Want to explore what it could feel like to interact with financial data in a more conversational way?

simplebanking is an independent beta experiment. It is not an M-Squad project, but it shows the broader shift clearly: customers want faster, more natural access to their data.

Try the simplebanking beta → (opens in a new tab)

What an Agent Gateway is

An Agent Gateway is the safe action layer between your product and the agents that want to use it. It defines:

  • what agents can read
  • what agents can request
  • what requires user approval
  • what is logged
  • what can be revoked
  • which scopes exist
  • which business rules apply
  • which protocol surfaces expose the capabilities

It is not just an API gateway. A conventional API gateway routes traffic, manages rate limits and protects infrastructure. An Agent Gateway manages delegated action.

Agent Gateway vs API gateway

Agent Gateway versus API gateway, dimension by dimension.
Dimension API gateway Agent Gateway
Primary jobRoutes and protects API traffic.Controls delegated customer action.
Main userDevelopers and systems.Users, agents, partners, apps and assistants.
Permission modelAuthenticated access.Consent, scopes, expiry, revocation and delegation.
Write actionsExecutes valid API calls.Creates a plan, asks for approval, then executes.
AuditLogs technical calls.Logs actor, user, scope, action, approval and outcome.
Protocol surfaceREST, GraphQL and internal APIs.REST, MCP, app actions, voice and partner access.
Business roleInfrastructure control.Product control for AI-assisted customer action.

API gateways protect systems. Agent Gateways protect delegated customer action.

The Agent Gateway, in one glance

A single action layer in front of your existing systems. Many surfaces. One consent model. One audit trail. One action registry.

Agent Gateway architecture A stacked three-layer diagram. Top: four customer surfaces, the customer's AI, third-party agents, your own app and web, and voice assistants, each connected by a labelled arrow to a central Agent Gateway block. The gateway contains six capabilities: identity and access management (which reuses the customer's existing OAuth or OIDC by acting as another client), consent and scoped permissions, business rules, approve sensitive actions, rate limits and abuse protection, and a unified audit log. Below it sits a muted "your existing backend" block, connected through the existing APIs. The customer's AI Claude, ChatGPT, personal AI Third-party agents Comparison, finance, partner tools Your own app & web Mobile, desktop, web portal Voice assistants Siri, Google Assistant, Gemini MCP REST + OAuth REST App Intents / App Functions The layer we build Agent Gateway Identity & Access Management OAuth / OIDCGateway acts as another client. Consent & scoped permissions What. Who. For how long. Business rules Your rules. Every call. Approve sensitive actions Agent proposes. User confirms. Rate limits & abuse protection Caps. Quotas. Breakers. Unified audit log One record, every action, every actor. Existing APIs Your existing backend No rewrite required. The gateway is additive.

Reference architecture for a controlled Agent Gateway. Existing OAuth, OIDC and backend APIs stay in place. The gateway adds consent, scopes, approval flows, rate limits, abuse protection and audit logs.

Additive

The gateway sits on top of what you already have. The goal is not to rewrite your core system, it is to expose useful actions safely.

Identity-aware

If you already use OAuth or OpenID Connect, the gateway extends that model with finer scopes, agent clients, delegation records and revocation.

Safe by default

Read actions can execute directly when authorized. Write actions generate a plan the user approves, no unilateral authority over sensitive actions.

Protocol-flexible

MCP is one surface. REST is another. App Intents and App Functions are others. The durable layer underneath is the action registry.

The durable layer: the action registry

Models will change. Assistants will change. Protocols will change. The durable part is the action registry, the product contract agents can trust:

  • get_account_summary
  • check_usage
  • check_cost
  • estimate_next_bill
  • check_next_billing_date
  • summarize_recent_activity
  • compare_plans
  • request_plan_change
  • make_payment
  • open_support_case

Each action has required scopes, input and output schemas, a risk level, approval requirements, business rules, audit behavior and fallback behavior.

That is why a small first journey can still inform the wider platform: the registry defines reusable product actions, not a one-off demo flow.

MCP is one rendering. The action registry is the product contract.

A practical path through the existing system

1Foundation

6–10 weeks

Review existing APIs, auth and workflows. Choose the first lighthouse journey. Define the first action registry, the consent and delegation model and audit logging. Expose read-only REST actions for your own app and web; flag high-risk actions that need a plan/approve flow.

Outcome: A clean, auditable action layer your own product team can build against.

2Customer AI & internal agents

4–8 weeks

Generate the first MCP surface and connect a real AI client (e.g. Claude Desktop) to live product actions. Add one internal proactive agent, a plan/approve flow for selected writes, and revocation, expiry and audit views.

Outcome: A customer can use their own AI with your product, and your own agent can act, with consent.

3Partners & voice

6–10 weeks

Open selected actions to approved partners with onboarding, docs and per-scope delegation. Connect App Intents (iOS) and App Functions (Android) so voice routes through the same gateway. Harden rate limits, monitoring and partner audits.

Outcome: The lighthouse project becomes a reusable product capability across app, partner, agent and voice surfaces.

Where this came from: an operator prototype

We designed and prototyped an Agent Gateway as part of a mobile-app relaunch evaluation for a German mobile operator with around 3 million app customers. The brief was not “build a chatbot”, it was “what makes the next app a platform, not just a rewrite?”

What the prototype proved:

  • A mobile app can use the same gateway as external agents, the Flutter app talked to its backend through the gateway, the same way an external agent would.
  • MCP (opens in a new tab) can expose real customer actions: a customer could ask an AI client a product question and the answer came from the same backend code path that served the in-app assistant. The AI did not guess, it asked the product.
  • Proactive agents fit the same model: usage checks, billing-anomaly detection and optimization agents all run through the same consent, delegation and audit model.
  • Voice becomes another surface, not another architecture: Siri, Google Assistant and Gemini route through App Intents (opens in a new tab) (iOS) and App Functions (opens in a new tab) (Android) into the same gateway.

The prototype tested whether app, agent, partner and voice access could share one controlled action layer. Existing backend APIs stayed in place; the gateway added the missing product controls: scopes, consent, approval flows, revocation, fallback behavior and audit logs.

Built in four days, by one engineer with AI-assisted development (how we build with AI), the gateway forced the right upstream questions early: what scopes should third parties have, which actions require approval, how consent is revoked, how long delegation lasts, what the audit log must prove, and what happens when an agent fails.

The gateway is not a chatbot feature. It is product infrastructure for the agent era.

How M-Squad helps in this environment

Organizations do not need to choose between waiting for the full platform strategy and taking unsafe AI shortcuts.

We help product and engineering teams build a lighthouse project, internal MVP or proof point for agent access: one valuable customer journey, a small set of safe actions, and a control layer designed for technical, security, privacy and management review.

We work alongside your internal teams to map the existing system, reuse APIs where possible, define the first action registry, and add consent, scoped permissions, approval flows, rate limits and audit logs.

Small enough to control. Real enough to matter. Useful enough to guide the wider platform strategy.

When an Agent Gateway makes sense

An Agent Gateway makes the most sense where customers have accounts, actions carry risk, and the organization needs control over who can do what, for whom, and for how long.

Strong fits

Products with customer accounts, authenticated workflows and meaningful user-specific actions:

  • Telecom & utilities
  • Banking & insurance
  • Mobility & travel, healthcare services
  • Subscription businesses & marketplaces
  • B2B SaaS, customer portals, logistics / field service

Weak fits

An Agent Gateway may be overkill if the product is mostly:

  • Public content or anonymous browsing
  • Simple lead generation
  • Static marketing pages
  • One-off prototypes
  • Anything without meaningful user-specific actions

Engagement options

Readiness Audit

~2 weeks

  • Readiness assessment
  • First lighthouse journey map
  • Existing API, auth and workflow review
  • Risk, compliance and constraint review
  • Recommended Phase 1 scope
  • Roadmap + rough effort estimate

Best for: Teams that know agent access matters, but need a safe first step inside the existing system.

Lighthouse Project

8–12 weeks once access, scope and decision path are clear

  • Action registry + consent model
  • Audit logging
  • Read-only product actions
  • First MCP surface
  • One demonstrable AI-client flow
  • One plan/approve write flow, if appropriate
  • Architecture notes your security, privacy and compliance teams can review

Best for: Teams that need visible progress, controlled risk and a real technical foundation. Depending on governance, this can be an internal MVP, a technical proof point or a customer-facing pilot.

Program

3–6 months

  • Full Phase 1–3 delivery
  • Partner-facing access model
  • App Intents / App Functions + voice
  • Internal proactive agents
  • Docs, monitoring, handover
  • Lighthouse journey grows into a reusable product capability

Best for: Teams that want agent access as long-term product infrastructure.

Related: AI agents, product systems, mobile app technology, AI-assisted engineering and did Apple just kill the App Store?

Start before the platform is ready

The broader platform solution will take time. A focused Agent Gateway can prove the path now. A 30-minute call usually clarifies which customer journey to start with, what can reuse existing systems, and where the first safe proof point lives.

Start a Project Explore AI agents →