VMware’s New Tanzu Platform And AI Agents: 10 Security, Data And AI Key Innovations

From VMware’s new agentic Agent Foundations offering and SQL Assistant to releasing VMware Tanzu Platform 10.4—here are 10 new technologies and solutions VMware just launched that every partner needs to know about.

VMware’s innovation engine is roaring with the launch of the VMware Tanzu Platform 10.4, a revamped Tanzu Data Intelligence offering, and a brand-new Agent Foundations innovation for Tanzu.

From its new SQL Assistant and Tanzu Greenplum MCP server to its new AI Agent Foundation technology around zero-trust networking and scaling AI agents—VMware is investing heavily in AI security and agentic AI.

“Tanzu Platform 10.4 is the first private cloud application platform designed to meet the unique, high-velocity demands of the agentic era,” said Darin Zook, product marketing engineer for VMware’s Tanzu business, in a blog post.

“The real competitive advantage, however, lies in the platform’s pre-engineered design,” Zook said. “In the race to AI maturity, organizations cannot afford to spend years building the plumbing of a home-grown infrastructure.”

In addition to VMware Tanzu Platform 10.4, the Palo Alto, Calif.-based private cloud star launched Agent Foundations for Tanzu.

“Agent Foundations offer a deny-by-default sandbox with autoscaling and automated, enterprise-ready credential management to deliver safer agents,” said Camille Crowell-Lee, who leads VMware marketing for AI solutions, in a blog post. “It also provides more options for building agents with new agent buildpacks that offer built-in agent loops and custom code frameworks.”

CRN breaks down the ten most important new innovations and capabilities inside VMware Tanzu Platform 10.4, Agent Foundations and Tanzu Data Intelligence.

VMware’s New Agent Foundations

Agent Foundations on Tanzu provides a pre-engineered Platform as-a-Service (PaaS) environment for AI agents, built directly upon the infrastructure layer of VMware Cloud Foundation (VCF).

Agent Foundations is dubbed a secure-by-default agentic runtime designed to accelerate the delivery of autonomous AI applications.

“By codifying the agent-operator agreement, it allows platform engineers to deliver a curated experience and guardrails that enable developers to move fast, so they can build the future together,” said VMware’s Zook.

It allows platform engineers to manage AI services with the same tools they use for mission-critical business applications, without needing to become AI or data experts.

The new agentic runtime enforces a hard contract between developers and infrastructure, ensuring that agents remain within their authorized boundaries.

The goal is to enable enterprise developers to move beyond siloed AI experiments and into scalable, governed production on VCF.

Click through to read about the nine other big VMware releases for Tanzu.

3 Key Agent Foundations Innovations

Some of the most important new capabilities within Agent Foundations is immutable supply chain, zero-trust networking and sandboxing.

In terms of supply chain, instead of unverified Dockerfiles, Agent Foundation uses trusted Buildpacks to build agent containers that are automatically patched and verified. This enables automatic patching and aims to eliminate the risk of embedded malware.

Agent Foundation includes zero-trust networking and sandboxing by limiting agentic loops through pre-defined resource limits. Connectivity to internal systems and models is never open by default.

Access is explicitly granted only via secure service bindings, preventing wandering agents from accessing unauthorized data, VMware said.

Lastly, the new foundation’s structural secrets isolation technology prevents agents from reading each other’s credentials at runtime. It is combined with VMware vDefend, which extends protection across infrastructure services and external SaaS connections.

Scaling AI Agents On VCF With Agent Foundations

Agent Foundations on Tanzu programmatically leverage VMware Cloud Foundation IaaS APIs to abstract infrastructure complexity away from developers. This allows agents and their dependent services to always have the resources like compute, networking, and storage they need.

With its elastic environment, Agent Foundations automatically scales up and scales down underlying IaaS resources to optimize cost and performance of short-lived and long-running agents.

Agent Foundations also has high availability and lifecycle automation that provides four layers of high availability and self-healing infrastructure so that autonomous applications remain resilient.

It also offers a centralized AI gateway to control tools and model availability, usage, costs, and safety filters across public models and private models on VCF.

VMware Launches Tanzu Platform 10.4

Zook said VMware is delivering the industry’s first pre-engineered PaaS for agents on private cloud with Tanzu Platform 10.4.

“This is more than a suite of tools; it’s a pre-engineered foundation that codifies the relationship between those who build and those who govern,” said Zook. “Tanzu 10.4 enables enterprises to build and run agentic applications at business velocity and scale, while maintaining private cloud governance.”

He said the new platform removes the heavy lifting of platform engineering.

“Instead of building the infrastructure-related plumbing, teams can focus on higher value tasks and the business logic that helps define the agent-operator agreement between developers and platform engineers,” Zook said.

This pre-engineered PaaS approach eases the Day 2 realities of running and managing applications, including AI—such as fleet-wide governance, automated CVE remediation, and deterministic service binding—by building these functions into the fabric of the platform from Day 1, he said.

“These latest enhancements aren’t just incremental updates; they are strategic capabilities designed to harden your infrastructure, unify service consumption, and enable existing mission-critical applications—and the new AI agents that will run alongside them—to benefit from the same gold-standard operational excellence,” Zook said.

Tanzu Platform 10.4 New Service Management Innovation

New innovation inside Tanzu Platform 10.4 includes a new service management ability that allows platform engineers to manage massive fleets of services with centralized lifecycle operations— including backup, restore, and automated updates, directly from the Tanzu Hub interface.

This eliminates the need for manual per-instance management and offers a consistent operational standard across a private cloud estate.

Additionally, Tanzu Platform services can now be universally consumed by applications across VMware Cloud Foundation.

In the past, connecting a VKS-hosted application to a database managed by Tanzu Platform required manual ‘plumbing’—handling connection strings and managing credentials or secrets.

“Tanzu Platform 10.4 eliminates this friction by treating VKS as a first-class consumer of platform services. Now, a developer simply discovers the required service in the Hub marketplace and initiates a bind,” said Zook.

“The platform handles the rest: It programmatically injects the credentials and configuration directly into the VKS namespace, creating a secure, encrypted tunnel between the app and the data,” he said.

Tanzu Platform 10.4 New Hub, Upgrade Tools And Block Storage

Inside the new Tanzu Platform 10.4 is a new Tanzu Hub experience for application teams that brings a tailored “app first” view of the entire environment.

“This centralized dashboard integrates real-time insights into security vulnerabilities, resource consumption, and Spring library compliance, making it easier for teams to troubleshoot and optimize applications faster,” Zook said.

Additionally, VMware added new intelligent upgrade tools that use real-time foundation data to reduce the risk and effort of platform maintenance.

By predicting the impact of updates before they occur, the platform allows for parallel, non-impacting upgrades that keep the environment current with the latest features and security patches, VMware said

“This release also introduces the ability for stack and buildpack upgrades without having to upgrade the control plane, and parallel tile upgrades,” Zook said.

Lastly, Tanzu Platform 10.4 introduced a block storage volume service that expands the platform’s ability to handle stateful applications.

“By automatically managing the setup and configuration of high-performance persistent storage, the platform enables more complex workloads, like distributed databases and stateful AI agents, without increasing operational overhead,” Zook said.

Tanzu Data Intelligence 10.4: SQL Assistant

VMware released its new Tanzu Data Intelligence 10.4, which features new capabilities aimed at simplifying data access, reducing manual administration, improving resilience and optimizing clients’ AI investments.

One big feature inside Tanzu Data Intelligence 10.4 is its new SQL Assistant, a capability that empowers users to query data using natural language prompts instead of manually writing SQL code.

The SQL Assistant allows users to interact with their data using natural language questions such as: ‘Show sales trends by region for Q3 compared to last year,’ VMware said.

The AI-powered SQL Assistant system automatically translates the natural language search query into a SQL query for VMware Tanzu Greenplum and fetches the answer.

Analysts can choose to copy the AI-generated SQL query into an editor for refinement, or they can bypass SQL entirely and rely on the natural language answers.

Tanzu Greenplum MCP Server

To help customers better manage data warehouses, VMware launched its new VMware Tanzu Greenplum MCP server that wraps multiple critical system insight functions into a secure, AI-friendly API.

“This new feature empowers AI-assisted data platform administration, reducing the burden on internal resources,” Arnab Chakraborty, a VMware product marketing executive, said in a blog post. “Database administrators can now use natural language to interact with the platform.”

From checking system health to surfacing underused data that can be safely removed and pinpointing performance tuning settings—the MCP server acts as a unified hub for automated platform management and health checks.

Transparent Data Encryption

Inside the new Tanzu Data Intelligence 10.4, VMware has built native Transparent Data Encryption (TDE) to secure data at rest.

The new capacity was launched to help secure missing data when it comes to unauthorized operating system access or physical theft.

“Administrators can seamlessly enable TDE during the initialization of a new cluster and use their existing Key Management Service (KMS). Once initialized, every piece of user data is automatically encrypted,” Chakraborty said.

“Even if a bad actor manages to bypass physical security and copy the raw data directory directly out of the cluster, the data would be fully encrypted on the disk,” he said.