I caught up with Nigel Douglas from Cloudsmith at PlatformCon Live Day London 2026, and the conversation went straight to platform engineering’s most urgent open question: how do we actually govern AI agents once they are running everywhere?
Agentic Development Platforms Are Coming Regardless
Nigel’s framing was direct: autonomous agents are coming whether platform teams are ready or not, and agentic development platforms (ADPs) are the near-term, unavoidable direction. The interesting part of his argument was not that ADPs will exist — most people at the conference agreed with that — but where he located the risk if platform teams do not move first.
LLMs on Workstations Are Shadow Infrastructure
The sharpest line from the conversation: running LLMs on individual developer workstations is shadow infrastructure — no governance, no visibility, and no way for a platform team to know what models, what data, or what capabilities are in play until something goes wrong. That is the same shadow-IT problem platform teams have fought for a decade with unsanctioned SaaS tools and personal cloud accounts, just recompiled for the AI era with a much larger blast radius, since a workstation-hosted model can hold credentials and take actions, not just store data.
Nigel’s prescription is one platform teams already know how to execute: manage agents inside the platform, where the platform controls what skills and instructions an agent has access to, rather than leaving that decision to whatever a developer happened to install locally.
Pull Models Through a Governed Registry
Cloudsmith’s specific answer is to act as a central registry — not just for packages like NPM and PyPI, but for AI models pulled from sources like Hugging Face. The point is not to slow developers down with an extra hop; it is to make the registry the enforcement point for ADP governance controls, so that a model pulled into a production pipeline has gone through the same provenance and policy checks as any other dependency, instead of being pulled directly from an open registry with no intermediate control.
This is the same software-supply-chain logic behind container image signing and verification pipelines and Quay robot accounts for CI/CD — the registry layer is where you actually get to say no, and skipping it because “it’s just a model file” is exactly the gap attackers and, more mundanely, unvetted third-party models will find first.
Related Reading
- PlatformCon London 2026: The AI Era Runs on Platforms
- Your IDP Is the Foundation for Agentic AI
- Container Image Signing and Verification Pipelines
- Quay Robot Accounts for CI/CD Container Pulls
About the Author
I am Luca Berton, AI and Cloud Advisor. I work at the intersection of platform engineering, cloud security, and enterprise AI deployments. Book a consultation.



