The AI market in 2026 has shifted from model wars to workflow wars. Organizations have learned that an LLM alone is a liability – only a governed agent is an asset. WorkingAgents sits at this inflection point with two products built on top of MCP and A2A, the two protocols that have emerged as industry standards under Linux Foundation governance.
The probability of meaningful market traction within 18 months is 55–65%, with significant upside if execution timing is right. Here is why – and where the risks are.
The Tailwind Is Real
MCP SDK downloads grew from roughly 100,000 in November 2024 to over 8 million by April 2025, with over 10,000 active public servers adopted by ChatGPT, Cursor, Gemini, and Microsoft Copilot. A2A launched in April 2025 and is now backed by every major hyperscaler. The ecosystem is accelerating, not plateauing.
McKinsey reports 88% of respondents use AI in at least one business function, but only one-third have begun scaling at the enterprise level. 23% are scaling agentic AI somewhere and another 39% are experimenting. The gap between experimentation and production is precisely where governance tooling earns its budget.
Big Tech is expected to invest roughly $650 billion in AI infrastructure in 2026. That money is building enough AI systems that governance, routing, observability, and policy layers become budget-worthy line items – not afterthoughts.
Two Products, One Insight
The Connector (MCP Gateway) solves an immediate pain point: knowledge workers toggling between six browser tabs while security teams block agent access because nobody can audit what those agents touch. Organizations implementing MCP report 40–60% faster agent deployment times. The “give your AI the same keycard you carry” framing is clear and sells itself.
The Orchestrator (AI Agent Gateway) addresses a deeper problem. While 38% of enterprises were piloting agents by late 2025, only 11% reached production. The bottleneck is not model performance – it is durability, state management, retries, and human-in-the-loop approvals. Gartner predicts 40% of enterprise applications will embed task-specific AI agents by end of 2026, up from less than 5% in 2025.
The “start with Connector, graduate to Orchestrator” funnel mirrors how every successful enterprise platform has landed and expanded.
The Governance Advantage
The strongest part of this product is not “another agent builder.” It is the governance layer around agent and tool access. That lines up with where enterprise buyers are getting nervous.
A survey of 205 infrastructure and security leaders found 43% had no formal AI governance controls or only informal guidelines. Only 3% used automated prevention. Over-privileged AI had a 76% incident rate versus 17% for least-privileged AI. That is almost a perfect argument for WorkingAgents’ permission boundaries, audit trails, token management, and approval workflows.
Deloitte confirms that leaders scaling enterprise AI focus on ROI, safe practices, workforce readiness, and governance integrated into existing risk structures. McKinsey found 51% of respondents from organizations using AI had seen at least one negative consequence, with nearly one-third reporting consequences from AI inaccuracy.
Security teams are currently the biggest blockers of AI adoption. WorkingAgents’ focus on self-hosted deployment and least-privilege access at the gateway allows teams to bypass the security review bottleneck – which is the number one friction point for enterprise sales in 2026.
The credible differentiators: vendor-neutral deployment, zero-data-egress positioning, Virtual MCP Servers for granular permissions, centralized token handling, guardrails at three checkpoints, and audit logs with cost attribution. That combination is more interesting than the routing layer alone, especially for regulated buyers using several frameworks and model vendors at once.
The Competition Problem
This is the biggest risk. The competitive landscape is crowded and intensifying.
Platform giants are building natively. Microsoft Copilot Studio has A2A support. Amazon Bedrock AgentCore offers secure tool and data access with centralized policy controls. Google Vertex AI Agent Builder covers governance, IAM-based agent identity, and MCP management. Salesforce has Agentforce. SAP has Joule. These companies can bundle agent orchestration into products that mid-market companies already pay for.
MCP gateway startups are proliferating. MintMCP, Bifrost, TrueFoundry, Obot, Composio – all attacking the “connect agents to tools securely” problem with venture backing. Obot provides a complete open-source MCP platform including gateway, catalog, chat client, and agent orchestration.
Agent builder platforms overlap with Orchestrator territory. StackAI, Dust, n8n, LangFlow, Dify, and OpenAI AgentKit offer visual workflows for multi-agent coordination. LangSmith and LangGraph cover deployment, observability, human-in-the-loop pauses, and governance for engineering-led teams.
Consulting firms are competing for advisory dollars. Accenture, Deloitte, and PwC are building MCP and A2A into their enterprise AI practices, targeting the same mid-market companies.
In short, large vendors are moving down into governance while open-source frameworks move up into production tooling. The general-purpose “agent platform” map is already busy.
The Moat – Narrow but Achievable
The moat is not “we orchestrate agents.” The moat is: vendor-neutral, self-hosted, security-first governance for MCP and agent access across heterogeneous stacks.
This moat is narrow because permission systems are implementable by well-funded competitors, and the MCP spec itself is evolving toward fine-grained authorization natively. Future MCP versions will support granular permission controls including conditional permissions based on context and time.
Where the moat deepens:
-
Elixir/BEAM reliability. Supervision trees, fault tolerance, and hot code reloading make Elixir genuinely superior for always-on agent orchestration. Most competitors build on Python or Node, which struggle with the reliability requirements of autonomous workflows. This is a real technical advantage that is difficult to replicate.
-
Vertical expertise. Deep knowledge of specific industries – legal, healthcare, financial services – creates switching costs that horizontal platforms cannot match.
-
The consulting feedback loop. Every implementation teaches what mid-market companies actually need versus what the industry assumes they need. This is invaluable if formalized into product decisions.
-
The 50–500 employee gap. Companies too small for Accenture but too complex for self-serve platforms. White-glove implementation for this segment is underserved.
Risks Worth Watching
Protocol volatility. MCP and A2A are still evolving. The 2026 MCP roadmap is organized around priority areas rather than dates, and Working Groups drive the timeline. A major spec change could invalidate assumptions.
Commoditization of connectors. As MCP matures, the “connect agent to tools” layer may become table stakes bundled into every SaaS product, much like OAuth became invisible infrastructure. The AI Gateway by itself – multi-model routing, failover, cost control – looks easiest to commoditize because many proxies and cloud platforms already offer these features.
Agent-washing fatigue. Gartner predicts 40% of agentic projects will be scrapped by 2027 due to lack of ROI. The product must demonstrate cost attribution to prove value to CFOs.
Boutique scale limits. A consulting operation serving mid-market companies may struggle to build product and deliver services simultaneously. The consulting revenue is real but competes with product development time. At some point, a decision is needed: consulting-enhanced product company or product-enhanced consulting practice. The two require different resource allocation.
Shadow agents cut both ways. Security and compliance teams cannot allow arbitrary, unvetted agents accessing critical data. The governance story is a selling point, but it also means selling to security-conscious buyers who are inherently slower to adopt.
The Timing Window
The enterprise MCP working group does not exist yet but is being sought. There is roughly a 12–18 month window where demand outstrips supply of competent implementers.
89% of small businesses already use AI tools. The appetite is real. But there is a massive gap between “80% of HR teams use AI” and “we will buy a platform to govern our multi-agent workflows.” Most mid-market companies are still at the “someone installed an MCP server on their laptop” stage.
The 60–70% pilot failure rate means consulting expertise could be the wedge – but it also means longer sales cycles and more hand-holding than a pure SaaS play.
The Bottom Line
The products are architecturally sound, sitting at the intersection of two protocols with unstoppable momentum. The market need is real and growing. The primary risks are competitive intensity and building product at boutique scale against well-funded startups and platform incumbents.
The most likely good outcome is a profitable, services-assisted product company selling into platform engineering, security, and regulated mid-market teams. The least likely good outcome is becoming the default horizontal agent platform for everybody.
The winning position is one sentence: We make MCP and agent access auditable, least-privileged, and safe across any model, framework, or cloud.
That is the part of the market that looks underbuilt and increasingly necessary. Lead with governance. Let orchestration follow.