Universal Proxy: Bringing Hidden Tech into the Light

Enterprises are embracing AI at an incredible pace—and that’s exciting! However, this rapid adoption creates significant operational challenges. Without a clear, centralized strategy, many of these ambitious AI initiatives are at risk of stumbling, often due to issues with integration and control.

The Problem: N×M Integration and “Shadow AI”

Let’s call this the N×M integration challenge. Enterprises have ‘N’ different AI models (LLMs, open-source, proprietary) that need to connect to ‘M’ enterprise tools and data sources (databases, microservices, SaaS APIs). This results in brittle, bespoke, point-to-point integrations that are unscalable, insecure, and lead to spiraling costs.

The fragmented technology environment creates a major CISO concern: “Shadow AI.” Similar to “Shadow IT,” Shadow AI happens when teams deploy AI models and agents without security oversight. This leads to unknown endpoints, hard-coded API keys, and unprotected access to sensitive data. These uncontrolled systems create huge security gaps, compliance issues, and financial waste for the company. To secure your AI infrastructure, you first need to locate it. And, that requires a new platform forcontinuous discovery, centralized registration, and consistent governance.

The Solution: The Universal Proxy as Your Cloud-Native Control Plane

If you were with us at Kubecon CloudNative NA, you might have caught a demo of the Universal Proxy project. We are very excited to be announcing the first release of the project.  Ready to get started? Click here.  Not sure what it is?  Read on.

The Universal Proxy solves the N×M and the “Shadow AI” headaches. It’s a single reverse proxy and management layer. That is, it is the one way in for all your AI services. This changes your setup froma chaotic free-for-all toa secure, manageable “hub-and-spoke” model, putting security, monitoring, and cost checks all in one place.

Delivered as a streamlined Helm chart, its Kubernetes-native deployment ensures a familiar, “one-click” style experience within SUSE Rancher, offering a low Total Cost of Ownership (TCO) and seamless integration into modern CI/CD and GitOps workflows.

Pillar 1: Centralized Governance and Security

The Universal Proxy stops “Shadow AI” by actively managing AI assets and finding potential threats. The user interface (CISO’s dashboard) clearly separates known, managed assets (“Registered MCP Adapters”) from possible threats (“Discovered MCP Servers”).

It uses a simple Discover -> Register -> Secure process to automatically find risky, unauthenticated endpoints. Once found, they are brought under central control and protected by the proxy’s security and compliance tools. This creates the MCP Registry, a trusted, enterprise-wide catalog (or “App Store”) for all AI services.

Pillar 2: The Virtual MCP – AI-Enabling Your Entire Stack

The Universal Proxy’s strategic capability is its function as an extensibility engine that solves the N×M challenge. It creates a “virtual” MCP endpoint that acts as a translation layer, making your underlying APIs or data sources instantly AI-ready without rewriting legacy code.

• The Universal Proxy works as an extensibility engine to simplify complex connections (the N×M challenge). It creates a “virtual” control point that translates your existing APIs and data sources, instantly making them AI-ready without needing to rewrite old code.
• The Universal Proxy act as a private MCP registry to enable companies to “certify” their selection of MCP Server to expose to the users.
• OpenAPI Integration (virtualMCP capability): It can ingest an OpenAPI schema and dynamically generate a virtual MCP, instantly turning thousands of existing enterprise APIs into secure “tools” for AI agents, complete with granular Role-Based Access Control (RBAC).

Pillar 3: Governing Autonomy and Cost Control

The Universal Proxy manages the financial risk associated with “autonomous AI Smart Agents.” By serving as the necessary control plane, it ensures that these agents’ actions and the resulting costs from expensive LLM API calls are tracked, logged, and governed, preventing unbounded financial risk.

Strategic Outlook: An Open, Extensible Future

Aligned with SUSE strategy,  the Universal Proxy is now available as an open-source project. This is a critical differentiator, building community trust, preventing vendor lock-in, and ensuring interoperability within the wider CNCF-conformant ecosystem.

We encourage organizations and developers to register and help shape the future of enterprise AI governance.

Join the SUSE AI Universal Proxy Project

To gain access to the project and join the community, organizations and developers are encouraged to register at: Universal Proxy Project.