Why Runtime is Commodity and Governance is the Moat
Anthropic just shipped Managed Agents — a serverless runtime for deploying AI agents at scale. No infrastructure to manage, automatic scaling, built-in tool execution. It’s genuinely impressive engineering.
It also doesn’t solve the hard problem.
Running an agent is a compute question. Proving that agent is safe, auditable, and compliant with the EU AI Act is a governance question. The entire industry is racing to answer the first one. Almost nobody is seriously answering the second.
That gap is where the real moat is being built.
The Runtime Layer Is Becoming Commodity
Think back to 2008. If you wanted to run a web application, you bought servers, set up racks, hired ops staff. AWS changed the question from “how do I run this?” to “what do I want to build?” Compute became infrastructure. Infrastructure became commodity.
Agent runtime is following the same curve, just faster.
Managed Agents gives you serverless execution for Claude-based agents. LangGraph Cloud gives you stateful agent graphs with persistence. CrewAI Enterprise wraps multi-agent orchestration in a managed service. Modal, Fly.io, and a dozen others will add native agent primitives by year end. Every major cloud provider will have an “Agent Hosting” product within 18 months.
They are all solving the same problem: where does my agent run?
That is a solved problem, or will be. Horizontal infrastructure always commoditizes. The differentiation disappears when the technology matures, and agent runtime technology is maturing fast. What you get from Managed Agents today will be a checkbox feature in AWS Lambda by 2027.
This is not a criticism of Anthropic’s work. Commoditization is how good technology spreads. It is a signal about where to build defensible value.
The Governance Gap Nobody Is Talking About
Here is what none of these runtime platforms answer:
- Who approved this agent for deployment?
- What is its documented scope of action?
- Can you show an auditor every decision it made over the last 90 days?
- If it caused harm, can you reconstruct exactly why?
- Does it meet the requirements of the EU AI Act?
The EU AI Act came into full effect in August 2025. For organizations deploying AI systems in the EU — or serving EU users — it is not optional law. The relevant obligations for high-risk AI systems are specific and demanding:
Article 9 requires a continuous risk management system, not a one-time review. Risk must be identified, estimated, evaluated, and mitigated throughout the entire lifecycle of the system.
Article 12 requires logging. Specifically: automatic recording of events to the degree necessary to identify risks and enable post-market monitoring. For agents making consequential decisions, “to the degree necessary” means comprehensive.
Article 14 requires human oversight measures. The system must be designed so that humans can understand, intervene, and override. Not in theory — in practice, with documented controls.
Annex IV defines the technical documentation that must exist before a high-risk AI system is placed on the market: intended purpose, version history, design specifications, risk assessment, test results, monitoring procedures.
Article 15 requires accuracy, robustness, and cybersecurity standards throughout the lifecycle — with particular attention to errors and faults.
None of the agent runtime platforms — Managed Agents, LangGraph Cloud, CrewAI Enterprise — provide any of this. They are execution environments. Governance is out of scope, by design. That is not a flaw in their product strategy; it is an accurate understanding of what they are building. But it means every team deploying on those platforms needs to answer the compliance question themselves.
Most of them are not.
Why Governance Is the Moat
Runtime is horizontal. The same execution environment works for a legal document agent, a customer support agent, and a supply chain optimization agent. There is nothing domain-specific about it — which is exactly why it commoditizes.
Governance is vertical. What “safe” means for a medical diagnosis agent is different from what it means for a marketing copy agent. The rules that govern a financial advice agent are not the rules that govern an internal HR policy agent. Domain-specific governance constitutions — the precise behavioral boundaries, permitted actions, escalation conditions, and audit requirements for a specific type of agent in a specific regulatory context — are defensible intellectual property.
This is not just a product architecture argument. It is a legal reality. The EU AI Act treats different risk categories differently. A GPAI system with systemic risk has different obligations than a limited-purpose internal tool. Building governance infrastructure that encodes those distinctions, and can prove compliance to a regulator, is genuinely hard work that does not transfer between platforms.
Consider what real governance infrastructure looks like in practice:
Incoming agent request
|
v
[Governance Proxy]
- Verify request against constitutional rules
- Check permitted action scope
- Log to WORM audit trail (hash-chained)
- Evaluate against risk tier (EU AI Act Art. 9)
- Require human approval if threshold exceeded
|
v
[Runtime] (Managed Agents / LangGraph / custom)
- Execute the verified, logged request
|
v
[Response]
- Post-execution logging
- Deviation detection
- Compliance record updateThe runtime is interchangeable. The governance proxy is not. It embeds the organization’s specific risk tolerances, the regulatory requirements for its industry, the audit trail format required by its compliance team, and the escalation logic specific to its operating context.
Switching from Managed Agents to LangGraph Cloud is a configuration change. Rebuilding the governance layer is months of work.
The Proxy Pattern in Practice
The architecture is straightforward to explain and non-trivial to implement correctly. A governance proxy sits between your application and the agent runtime. Every request passes through it. Every response is logged against it.
A minimal version looks like this:
async function governedAgentCall(
request: AgentRequest,
runtime: AgentRuntime,
governance: GovernanceLayer
): Promise<AgentResponse> {
// Pre-execution: verify, log, potentially block
const decision = await governance.evaluate(request);
if (decision.requiresHumanReview) {
return await governance.escalate(request, decision.rationale);
}
if (!decision.permitted) {
await governance.logRejection(request, decision.rationale);
throw new GovernanceViolation(decision.rationale);
}
const auditId = await governance.openAuditRecord(request, decision);
// Runtime execution — could be Managed Agents, LangGraph, anything
const response = await runtime.execute(request);
// Post-execution: log result, check for deviation
await governance.closeAuditRecord(auditId, response);
await governance.detectDeviations(request, response, decision);
return response;
}The runtime object is injected. You can point it at Managed Agents today and LangGraph Cloud tomorrow. The governance layer — the evaluate, escalate, openAuditRecord, and detectDeviations logic — stays constant. That is where your compliance posture lives.
What makes this non-trivial is not the pattern. It is what goes inside those governance functions: the constitutional rules that define permitted behavior, the risk scoring that determines escalation thresholds, the hash-chain verification that makes audit records tamper-evident, the formal verification that proves the rules are internally consistent.
That work is the moat.
What This Means If You Are Building on Managed Agents
Anthropic’s Managed Agents is a good product. It reduces operational overhead for running Claude-based agents. If you are building internal tooling on Claude and you want less infrastructure to manage, it is a reasonable choice.
But deploying on Managed Agents does not make you compliant with the EU AI Act. It does not give you an audit trail your legal team can review. It does not give you a risk management system that satisfies Article 9. It does not give you the technical documentation Annex IV requires.
Those things require a governance layer that is separate from, and sits above, the runtime layer.
If you are a company serving EU users, or operating in a regulated sector, or building AI systems that touch consequential decisions — health, finance, legal, employment — the governance question is not optional and it will not be answered by your choice of runtime platform.
The enforcement posture of EU member states is hardening. The first significant enforcement actions under the AI Act are already being prepared. The organizations that will navigate this cleanly are the ones that treated governance as a first-class architectural concern, not an afterthought layered on after deployment.
The Question That Actually Matters
Every conversation in the AI infrastructure space right now is about runtime: which platform is faster, cheaper, more scalable, better integrated. These are real engineering questions worth answering.
But the question that determines whether an AI system can operate in regulated markets, survive an audit, and maintain organizational trust over time is different.
It is not: where does your agent run?
It is: can you prove it is safe?
Runtime is how you execute. Governance is how you prove. One is becoming infrastructure. The other is the moat.
Arbitra is a runtime-agnostic governance layer for AI agents. It works with Managed Agents, LangGraph, and custom runtimes. If you are building agents that need to operate in regulated environments, reach out to learn about our governance infrastructure.
