For years, the enterprise has been caught between two conflicting forces. Developers seek the agility and speed to innovate at the pace of business, while platform engineers are tasked with ensuring that this development innovation adheres to the business’s operational, security, and compliance standards. This inherent tension is significantly amplified in the age of AI. The shift from simple “chatbots” that answer questions to autonomous agents capable of executing tasks, accessing data, and making real-time decisions presents one of the most significant pressure tests enterprises have ever faced.
Today, Broadcom is introducing VMware Tanzu Platform 10.4 and aims to bridge this gap with a true agent-operator agreement. This is more than a suite of tools; it’s a pre-engineered foundation that codifies the relationship between those who build and those who govern. By delivering the industry’s first pre-engineered PaaS for agents on private cloud, Tanzu Platform 10.4 enables enterprises to build and run agentic applications at business velocity and scale, while maintaining private cloud governance.
Unlocking the future by solving for the past
Every agentic journey starts with a simple truth: You cannot build apps of the future on a legacy foundation. In the rush to adopt AI, many organizations fall into a common trap. They attempt to “bolt on” capabilities to run agentic apps to a fragmented, home-grown, or even commercial developer platform. They spend months or even years stitching together open source frameworks, identity providers, data connectors, and AI models, only to realize they’ve built their own version of Frankenstein’s monster, a science project that hasn’t been built for scale.
Tanzu Platform offers a pre-engineered platform as a service (PaaS) for agents on your private cloud. By providing a ready-to-use foundation that is secure by design, Tanzu Platform removes the heavy lifting of platform engineering. Instead of building the infrastructure-related plumbing, teams can focus on higher value tasks and the business logic that helps define the agent-operator agreement between developers and platform engineers. This pre-engineered PaaS approach eases the Day 2 realities of running and managing applications, including AI—such as fleet-wide governance, automated CVE remediation, and deterministic service binding— by building these functions into the fabric of the platform from Day 1. In the race to AI maturity, the winner isn’t the enterprise that builds the best bespoke app platform; it’s the one that uses the best platform for building and running differentiated applications and agents.
However, the platform is only the start of this modernization. An autonomous agent is only as smart as the data and services it has access to. If your organization is trapped in aging J2EE systems, your AI agents are going to be blind.
The agent-operator agreement really starts here. Tanzu Platform helps developers modernize existing applications with platform-powered modernization that handles the heavy lifting of technical debt and automates converting legacy systems into modern Spring Boot services. For the 62 percent of enterprise AI applications built in Java, this becomes the moment that “unlocks” instant value. By clearing the path, Tanzu Platform grants developers the agency to stop acting as digital archaeologists and start focusing their time on high-value agentic logic. It’s a bridge from the past to the future that burns down debt while building up innovation.
The service marketplace: The engine of governed autonomy
In the agentic era, “speed to integration” is often cited as a key metric, but for the enterprise, speed without safety is a liability. An agent capable of “speed of thought” responses is functionally useless if it is sidelined for days waiting on a manual ticket for database credentials or API access. Tanzu Platform 10.4 addresses this by bringing the same robust secrets management and automated credential injection our customers have long relied on into modern agentic applications. By extending this “bind” experience to include AI-specific resources like MCP servers and LLMs, we are enabling compliance-ready velocity to remain the standard.
A screenshot of the Tanzu Hub interface on Tanzu Platform shows the marketplace, showing a curated catalog of enterprise-ready data, AI and messaging services.
Here’s how that service marketplace works: Platform engineers curate and publish a marketplace of “guaranteed ready” services, ranging from traditional databases and caching to Model Context Protocol (MCP) servers and enterprise-grade LLMs, and a growing ecosystem of independent software vendors (ISVs). This gives developers (and their agents) the autonomy to self-serve resources with a single command, while the platform provides the real value through deterministic service binding. By automatically injecting credentials and security configurations directly into the runtime, Tanzu Platform creates a zero-trust environment by default. Developers and agents never handle secrets, and platform engineers never manually provision infrastructure.
This easy bind experience now also extends to applications hosted on vSphere Kubernetes Service (VKS), so regardless of whether a service is a high-performance database, a specialized ISV tool, or a modern AI tool, the connection will still be governed, audited, and encrypted. By automating the plumbing of connectivity, the marketplace ensures that when an agent reaches for private data, or external vendor APIs, it does so through a secure, pre-validated channel. Tanzu Platform helps you integrate faster. Even better, it helps you build a foundation where you don’t have to perform manual service integration in the future.
Governing autonomous action at scale
The moment we grant AI the agency to act, we must then solve for the accountability gap. In a world of traditional software, we audit the code; in a world of agentic AI, we must audit the decision. If an agent executes a trade, scales a cluster or accesses sensitive customer data, the enterprise must be able to answer a fundamental question: “Who authorized this, and why?”
Tanzu Platform 10.4 eliminates the anonymity of autonomous actions by ensuring that every tool call is tied to a verifiable identity. This isn’t just a technical handshake; it is the foundation of a new agent-operator agreement. By tying every autonomous action to a verified identity and a human-governed policy, Tanzu Platform changes the calculus that autonomous does not equal unmanaged.
Think of Tanzu Platform as an industrial-grade AI sandbox. With more secure guardrails, agents are free to reason and execute, while the platform maintains a forensic audit trail of every tool call and model interaction. This level of oversight turns the black box of AI into a transparent audit ledger, giving enterprises the confidence to finally move agents out of the lab and into the heart of their most mission-critical production environments.
A shared responsibility for security
Finally, the agent-operator agreement redefines security as a true shared responsibility rather than an operational bottleneck. In the modern software factory, security is no longer a point-in-time review; it is an automated constant integrated across the entire delivery lifecycle. For the developer, this means “shift left” visibility into the real-time security posture of their application repositories and running instances side by side within Tanzu Hub. When a vulnerability is detected in a piece of code, Tanzu Platform can provide automated recipes to instantly upgrade dependencies, like Java versions, within their existing workflow. If the vulnerability exists within the running runtime stack, the developer is granted the agency to resolve it with a single “restage” button, instantly rebuilding the application with patched dependencies without touching a single line of application code.
A screenshot of the application detail view for a Spring app, providing a unified dashboard for operational health. The view highlights critical vulnerability remediation status for both buildpacks and Spring libraries, including one-click “Restage App” capabilities, alongside real-time metrics for underutilized resources, request rates, and latency.
For the platform engineer, the agreement shifts the focus from chasing individual app teams to governing the health of the entire fleet. Through the “3 R’s” (repave, repair/restage, and rotate), the platform continuously shrinks the window of vulnerability in the background by automating infrastructure updates and credential rotation. In the face of a critical global CVE, the platform engineer holds the “emergency button.” This centralized control allows them to force a fleet-wide restage or buildpack update across the entire organization in just minutes, creating a continuous process of compliance that protects the business while allowing developers to remain focused on high-value innovation.
Extending value delivered
While the shift toward agentic AI represents a new frontier for the enterprise, the foundation of that innovation remains a robust, secure, and highly automated application platform. We know that our customers already see immense value in how Tanzu Platform simplifies complex operations and accelerates developer velocity. By listening closely to your challenges, we’ve designed Tanzu Platform to take that value even further. These latest enhancements aren’t just incremental updates; they are strategic capabilities designed to harden your infrastructure, unify service consumption, and enable existing mission-critical applications—and the new AI agents that will run alongside them—to benefit from the same gold-standard operational excellence.
New capabilities being introduced with Tanzu Platform 10.4:
- Enterprise-scale service management – Platform engineers can now manage massive fleets of services with centralized lifecycle operations, including backup, restore, and automated updates, directly from the Tanzu Hub interface. This eliminates the need for manual per-instance management and offers a consistent operational standard across a private cloud estate.
- Tanzu Platform services can be universally consumed by applications across VMware Cloud Foundation – In the past, connecting a VKS-hosted application to a database managed by Tanzu Platform required manual ‘plumbing’—handling connection strings and managing credentials or secrets. Tanzu Platform 10.4 eliminates this friction by treating VKS as a first-class consumer of platform services. Now, a developer simply discovers the required service in the Hub marketplace and initiates a bind. The platform handles the rest: it programmatically injects the credentials and configuration directly into the VKS namespace, creating a secure, encrypted tunnel between the app and the data. Whether your app lives on the platform or on VKS, the path to data is always the same: discover, create, and bind.
- Unified application-centric visibility – A new Tanzu Hub experience for application teams brings a tailored “app first” view of the entire environment. This centralized dashboard integrates real-time insights into security vulnerabilities, resource consumption, and Spring library compliance, making it easier for teams to troubleshoot and optimize applications faster.
- Optimized upgrade planning – New intelligent upgrade tools use real-time foundation data to reduce the risk and effort of platform maintenance. By predicting the impact of updates before they occur, the platform allows for parallel, non-impacting upgrades that keep the environment current with the latest features and security patches. This release also introduces the ability for stack and buildpack upgrades without having to upgrade the control plane, and parallel tile upgrades.
- Expanding workload support – The introduction of the block storage volume service expands the platform’s ability to handle stateful applications. By automatically managing the setup and configuration of high-performance persistent storage, the platform enables more complex workloads, like distributed databases and stateful AI agents, without increasing operational overhead.
The bottom line
Tanzu Platform 10.4 is the first private cloud application platform designed to meet the unique, high-velocity demands of the agentic era. By codifying the agent-operator agreement, it allows platform engineers to deliver a curated experience and guardrails that enable developers to move fast, so they can build the future together.
The real competitive advantage, however, lies in the platform’s pre-engineered design. In the race to AI maturity, organizations cannot afford to spend years building the plumbing of a home-grown infrastructure. They need a platform that is ready for agentic workloads on Day 1. Tanzu Platform removes the undifferentiated heavy lifting of platform engineering, providing a battle-tested, more trusted environment where security, governance, and connectivity are already addressed. For the enterprise, this is the ultimate shortcut to agentic innovation: stop building the platform, and start building the agents that will transform your business.
To explore what’s new in Tanzu Platform 10.4, dive deeper into the details and documentation for the full release notes on our documentation page.
You can also visit the official Tanzu Platform product page to learn more about Tanzu Platform, get started with a hands on demo, or connect with our experts.
Join our webinar on May 6th to learn more about Tanzu Platform 10.4, see live demos of what’s new, and find out how you can plan your upgrade to the latest long-term support (LTS) release of Tanzu Platform.
