In the span of 24 hours this week, two established software companies each paid to own different layers of the enterprise AI agent stack. And these purchases give us a rough idea of what that stack currently looks like. On Thursday, May 28, Asana completed its acquisition of StackAI, a no-code AI workflow platform, for approximately $75 million. The next morning, Palo Alto Networks completed its acquisition of AI gateway company Portkey for an estimated $120 million to $140 million. That’s roughly double Portkey’s valuation just three months ago, according to a report in the Economic Times cited by Cybersecurity Magazine. Neither company disclosed formal financial terms.
Taken individually, each deal could be interpreted as a routine tuck-in acquisition by a company looking to accelerate its roadmap. Taken together, these map two adjacent tiers of the enterprise agent architecture that has begun to take shape over the past year. One is the execution layer, where agents read from and operate internally on the systems on which they actually perform business, and the other is the control layer, where the enterprise sees, routes, and controls the behavior of these agents.
This distinction is important to enterprise technology buyers. Most organizations deploying AI agents in 2026 have discovered that the hard problem isn’t getting the agents to produce output; It’s about ensuring agents run within Salesforce, Oracle, or traditional enterprise resource planning systems without unauthorized data access, runaway costs, or behavior that compliance teams can’t audit. The Asana acquisition addresses the first part of that problem. Palo Alto comes second.
What Asana bought: Cross-system execution without code
Over the past two years, Asana has positioned itself as what CEO Dan Rogers calls “the operating system for human-agent teams.” This framework had certain vulnerabilities. Asana agents can plan and track work, but they can’t execute tasks end-to-end within the enterprise systems where your business actually runs. StackAI, founded by MIT PhD students Tony Rosinol and Bernard Aceituno through Y Combinator’s Winter 2023 cohort, was built to fill that very gap.
The platform enables non-developers to design, test, deploy, and manage agents that read from and write to enterprise resource planning, customer relationship management, and IT service management systems such as Salesforce, Oracle, AWS, DocuSign, Slack, and Google Workspace. For example, without writing a single line of code, compliance teams can build an agent that retrieves agreements from a document store, checks them against customer relationship management policy rules, and routes flagged items to a Slack channel for review. StackAI’s customer base is concentrated in the financial services, healthcare, and professional services industries, where governance and audit requirements are raising the bar for agent platforms.
The company had raised a total of just under $20 million prior to the acquisition, most of which came from a $16 million Series A backed by Gradient, Epakon Capital, Lobby VC, LifeX Ventures, and Vercel CEO Guillermo Rauch. StackAI will continue to operate as a separate brand within Asana. Rossinol and Acetuno join the company under this agreement.
Asana’s decision to buy rather than build was also a competitive calculation under compressed schedules. Since the introduction of ChatGPT, the company has lost more than half of its market capitalization. Rogers, who replaced founder Dustin Moskowitz as CEO in March 2025, is betting that acquiring a cross-system execution layer, rather than building against Microsoft 365 Copilot’s agent stack or Salesforce’s Agentforce, will give Asana enough runway to make its “operating system” framework reliable before those alternatives become irrelevant.
What Palo Alto Bought: Governance for Agents Acting as Privileged Insiders
Portkey’s product addresses a different problem at a different layer. The company has built something called the AI Gateway. It is a routing, observability, and policy layer that sits between enterprise applications and the AI model application programming interface. According to Palo Alto’s own announcement, Portkey’s architecture processes trillions of tokens per month with the low latency required for agent-to-agent communication (the company’s claims have not been independently audited).
The security case for such products hinges on what happens when the agent fails or is compromised. OWASP’s Top 10 Agent Applications for December 2025 identified goal hijacking through prompt injection, tool misuse, identity abuse, and supply chain compromise as key risk vectors unique to autonomous agents, unlike the vulnerabilities that dominated previous AI applications. A 2026 survey of 500 U.S. security leaders by Vorlon found that one in three companies will experience a confirmed or suspected security incident involving an AI agent in 2025. IBM’s 2025 Cost of Data Breach Report found that 97% of organizations that reported AI-related breaches lacked adequate AI access controls.
Palo Alto’s framing of the problem is accurate. When an agent can run code, call application programming interfaces, and initiate financial processes without human supervision, it is no longer a chatbot. Agents become privileged insiders whose actions can no longer be controlled by the perimeter and identity controls that used to protect user-driven applications. The AI gateway integrated into Palo Alto’s Prisma AIRS platform provides four capabilities not previously offered by cybersecurity companies as an integrated service: agent traffic visibility, runtime threat detection for agent-specific attack patterns, automatic routing of requests to the best model, and control over runaway token costs.
Portkey CEO Rohit Agarwal explained that scaling AI in production requires “a delicate balance between complete flexibility for developers and absolute control for security teams.” This balance has not been previously achievable with existing security tools built for human users, and this is exactly what the EU AI law enforcement obligations, which come into force on August 2, 2026, will formalize as a legal requirement for high-risk AI deployments.
How the Enterprise AI Agent acquisition fits into the broader stack
The Asana-Palo Alto deal didn’t happen in a vacuum. In March 2026, Google completed its $32 billion acquisition of Wiz, the largest AI-era security integration to date. F5 acquired CalypsoAI in January 2026. CrowdStrike acquired Pangea, and Kato Networks acquired Aim Security in September 2025. In December 2025, AlixPartners predicted that the number of M&A transactions in enterprise software would surge 30-40% year-on-year in 2026 due to AI integration pressures.
Collectively, these deals suggest a pattern in which enterprise agent spending now flows not just into the agent product itself, but into the infrastructure surrounding the agent (execution, gateways, observability, control). Eric Hanselman, principal analyst at 451 Research and S&P Global, noted that companies that are able to capture the benefits of agentic AI early will have a significant competitive advantage, but their success will depend on having the right data infrastructure and governance in place, which is exactly what Asana and Palo Alto are currently purchasing.
The competitive environment is dense. Microsoft is deploying Agent 365 and Copilot Studio, which combine identity, governance, and execution layers. Salesforce has made Agentforce, with a reported $800 million in annual recurring revenue, a central part of its product strategy. ServiceNow has rebuilt its entire commercial model around an autonomous AI layer. Zendesk acquires Forethought in one of the largest deals in the last 20 years. IBM completed its acquisition of Confluent in March 2026 to provide real-time data to enterprise agents. Asana and Palo Alto’s deal is small compared to hyperscalers’ budgets. Asana’s $75 million stake is a rounding error compared to what Microsoft spends in a week. The question is whether execution layers and security gateways are sufficiently differentiated from those offered by Microsoft and Salesforce to survive as separate software categories, or whether they will be absorbed into a broader platform by the end of the year.
What the AI agent security gateway feature looks like in practice
Framing has real limits. The two layers that Asana and Palo Alto purchased are just part of the enterprise agent stack. The orchestration logic for coordinating multiple agents across multiple departments (analysts are starting to call it agent mesh) remains a contentious issue between Microsoft’s Copilot Studio, Salesforce’s Agentforce, IBM’s watsonx Orchestrate, and independent vendors such as LangGraph and LiteLLM. Standards governing the identity of Zero Trust agents, the format of audit logs, and the allocation of contractual liability if an agent misbehaves have not yet been finalized by a designated standards body.
An analyst note in AI Weekly warned that Asana’s $75 million bet assumes that human and agent orchestration will remain separate software layers for at least the next 12 to 24 months, rather than being absorbed into Microsoft 365 Copilot or Salesforce Agentforce. That is the central risk of this paper. No-code agent building platforms like StackAI are themselves vulnerable to commoditization by the same hyperscalers that integrate their application programming interfaces.
For enterprise software buyers, the actual interpretation is even narrower. The two most immediately necessary layers to deploying a production AI agent—getting the agent running across core systems, and keeping that execution managed and auditable—have measurable price tags attached. The remaining layers of contention, namely who will coordinate agents across departments and what criteria will govern agent identity and responsibility, have yet to be determined. What is bought first tends to shape what is built next.
FAQ
What does Asana pay StackAI and what does it get?
Asana paid approximately $75 million for StackAI, a no-code AI workflow platform that allows enterprise teams to build and deploy agents to perform tasks across systems such as Salesforce, Oracle, AWS, and Google Workspace without writing code. The acquisition gives Asana a cross-system execution layer that was missing in its existing agent product, and StackAI will continue to operate internally as a standalone brand.
What is an AI Security Gateway and why did Palo Alto Networks acquire Portkey?
The AI Security Gateway is a routing, observability, and policy layer that sits between enterprise applications and AI model application programming interfaces to monitor agent behavior, route requests to the appropriate model, and enforce controls over data access and token costs. Palo Alto Networks acquired Portkey to integrate this functionality into its Prisma AIRS platform to address specific risks that arise when autonomous agents operate with human insider access privileges rather than constrained applications.
How does the enterprise AI agent stack relate to the competition between Microsoft and Salesforce?
Microsoft and Salesforce have built competing execution and governance layers through Copilot Studio and Agentforce, respectively, and there is a 12-24 month window for these platforms to integrate and for a critical period for Asana and Palo Alto to establish their place in the stack.
Which Enterprise AI Agent acquisitions were completed in May 2026?
Asana completed its acquisition of StackAI on May 28, 2026, and Palo Alto Networks completed its acquisition of Portkey on May 29. The two transactions in adjacent layers of the enterprise agent infrastructure stack were completed within 24 hours of each other.
