AWS and Databricks have been partners for years, sharing enterprise customers who store data in Databricks and run compute on AWS. At the Databricks Data + AI Summit (DAIS) 2026 — running June 16–18 at Moscone Center in San Francisco — they made the agentic layer of that partnership explicit.

The announcement: AgentCore agents now have a supported, governed path to Unity Catalog data via Databricks Apps and Genie Spaces, with MCP as the integration boundary and Unity Catalog handling all access control.

This is not a new product. Both AgentCore (GA October 2025) and Databricks Managed MCP existed independently. What DAIS 2026 formalized was the architecture showing how they work together — and validated it with real customers at scale.

What Each Layer Does

Before looking at the integration, a quick orientation on each component:

Amazon Bedrock AgentCore is AWS’s managed agent infrastructure layer. It sits between your agent code and AWS compute, handling:

  • Session isolation: each user session runs in a dedicated Firecracker microVM (same isolation model as Lambda). Sessions can’t see each other’s state.
  • Duration: up to 8 hours per session, vs Lambda’s 15-minute ceiling.
  • Memory management: short-term (turn-by-turn), long-term (cross-session), and self-managed strategies built in.
  • Tool gateway (MCP): AgentCore Gateway transforms existing APIs and Lambda functions into MCP-compatible tools. Agents talk to one gateway endpoint; routing and auth are managed.
  • Identity: OAuth 2.0 / OIDC with JWT validation at runtime. Integrates with Okta, Entra, Amazon Cognito.
  • Framework-agnostic: LangGraph, CrewAI, LlamaIndex, Strands, or custom code — AgentCore runs all of them.

AgentCore is not a framework and not Bedrock Agents. Bedrock Agents is a higher-level config-driven orchestration service built on top of AgentCore. Use AgentCore when you need more control, more flexibility, or a non-Amazon model provider.

Databricks Unity Catalog is the data governance layer for the Databricks platform — controlling who can access which tables, functions, and ML models, with full audit logging. If you’re on Databricks, Unity Catalog is how you enforce data access policies across users and service principals.

Unity AI Gateway (announced April 2026) is Databricks’ MCP governance layer: a central control plane that governs all AI interactions across an organization, including model calls, tool invocations, and agent actions. Every MCP server registered in Unity AI Gateway is treated like a data object — discoverable, permissioned, audited.

Genie Spaces are curated collections of up to 25 Unity Catalog tables that agents can query in natural language. Genie translates the agent’s question into SQL, executes against the warehouse, and returns results — with Unity Catalog permissions enforced per requesting user. Genie Spaces are for structured data only (tables, not PDFs or documents).

Lakebase is Databricks’ managed Postgres-compatible OLTP service, designed for low-latency reads/writes. At DAIS 2026, it was positioned specifically as the agent state store in multi-turn conversations — complementing AgentCore Memory for teams that want SQL-level control over conversation context.

The Integration Architecture

The data path from AgentCore agent to Unity Catalog looks like this:

AgentCore Agent
    ↓ MCP tool call
AgentCore Gateway (MCP endpoint)
    ↓ routes to registered Databricks tool
Databricks Apps (hosts MCP gateway)
    ↓ query
Unity AI Gateway (governance check)
    ↓ access control
Unity Catalog (table permissions)
    ↓ SQL execution
Delta Lake / SQL Warehouse
    ↑ governed results

The key design decision: agents don’t query Unity Catalog directly. They ask questions of Genie Spaces, which are scoped collections of tables that already have access policies defined. This constraint limits the blast radius of agent queries — an agent can only see what its Genie Space was configured to expose.

Auth flows through existing Databricks identity. The MCP connection uses managed OAuth; credentials are never passed to the agent. Unity Catalog applies per-user permissions, so a request from User A might return different rows than the same request from User B, even from the same agent.

For agent state storage in long-running conversations, teams can use Lakebase (managed Postgres) alongside AgentCore Memory. Lakebase gives you SQL semantics and explicit control over what state is persisted; AgentCore Memory gives you semantic retrieval across sessions. Most enterprise use cases will use both.

What Was Net-New at DAIS 2026

The core components existed before. What DAIS 2026 added:

  1. Formalized integration path: AWS and Databricks jointly demonstrated and documented the AgentCore → Databricks Apps → Unity Catalog path. Before DAIS, teams were connecting these systems ad hoc; now there’s a reference architecture.

  2. Live demos at AWS Booth #100: Joint demos showing AgentCore agents querying Unity Catalog-governed data via Genie Spaces, with Lakebase handling agent state.

  3. Customer validation at scale: Addepar (managing $8–9 trillion in assets), Talkdesk, Mastercard, nCino, and Workday were all present — validating the architecture at enterprise scale, not just in sandbox environments.

  4. Explicit MCP positioning: The DAIS announcement positioned MCP as the governance boundary between AWS agent infrastructure and Databricks data. This matters for teams building multi-vendor agent stacks — MCP means neither vendor owns the integration protocol.

Customer Examples

Addepar (investment management platform, $8–9T in assets under management):

Built “Addison AI,” an internal AI assistant that understands Addepar’s data model and investment workflows. Agents query Unity Catalog-governed tables covering portfolio positions, reconciliation data, and client profiles. Results: $2 million+ infrastructure savings (60% cost reduction vs. legacy systems), 5x faster data pipeline development.

The architecture relies on Unity Catalog to ensure analysts can only see data their role permits. In an investment management context, this isn’t optional — it’s compliance.

Talkdesk (customer experience automation):

Building multi-agent workflows for contact center automation. Each agent has a defined role (intake, resolution, escalation) and access to shared context from the customer’s full history across channels. Databricks provides the unified data layer; AgentCore handles the agentic runtime and session isolation.

The problem they’re solving: fragmented CCaaS, CRM, and ERP systems that agents (human and AI) have to navigate separately. Unified data on Databricks + AgentCore orchestration means an AI agent can pull from all systems via a single governed interface.

Builder Decision Tree

Use AgentCore + Databricks if:

  • You’re already on Databricks with Unity Catalog enabled and have tables you want agents to query
  • You need multi-user isolation — different users should see different data from the same agent
  • Your use case is in a regulated industry (finance, healthcare, insurance) where audit logging of every agent data access is required
  • You need long-running agent sessions (hours, not minutes) with durable state
  • You want a governed MCP layer where every tool call is logged and access-controlled

Use alternatives if:

  • You need agents to work with unstructured data (PDFs, documents, images) — Genie Spaces are structured tables only. Use a RAG pipeline instead.
  • You’re building a single-user or small-team tool with simple queries — AgentCore adds infrastructure overhead that’s not justified. Bedrock Agents + direct SQL Warehouse connection is simpler.
  • You’re not on Databricks or can’t enable Unity Catalog — this integration doesn’t work without the governance layer.
  • You need linear, predictable workflows without agentic reasoning — use Bedrock Agents or Step Functions instead.

Quick Start Checklist

Before you can use this architecture:

  • Databricks workspace with Unity Catalog enabled (not optional — Unity Catalog is the governance foundation)
  • SQL warehouse provisioned (serverless preferred; required for Genie Spaces)
  • Serverless Compute enabled on workspace (required for agent integration features)
  • Genie Space created with the tables your agent needs access to (max 25 tables per space)
  • Identity provider integrated with Databricks (Okta, Entra, Amazon Cognito) if building for multiple users
  • AWS account with Bedrock AgentCore enabled in your target region (9+ regions as of October 2025 GA)
  • AgentCore Gateway configured to route MCP calls to your Databricks Apps endpoint
  • Access control policies defined in Unity Catalog for what agents (and which users) can see

The quick path: create a Genie Space in an existing Databricks workspace, point an AgentCore agent at its MCP URL (https://<workspace>/api/2.0/mcp/genie/{genie_space_id}), and deploy via AgentCore Runtime with your framework of choice.

Why MCP as the Boundary Matters

The choice to use MCP as the integration contract between AgentCore and Databricks has architectural implications beyond this specific partnership.

MCP means:

  • Neither vendor owns the protocol: a team can swap AgentCore for another agent runtime (Strands, custom) and still consume the same Databricks MCP endpoints
  • Unity AI Gateway governs all MCP traffic: every agent from every vendor that goes through Unity AI Gateway gets the same access control and audit trail
  • Tool discovery is data governance: MCP servers registered in Unity Catalog are discovered and managed like any other data asset — teams can grant or revoke agent access to tool groups the same way they grant access to tables

This is the practical value of Databricks building Unity AI Gateway on top of Unity Catalog rather than as a separate system. The governance model doesn’t change based on whether an agent is querying data or calling an API.

What to Watch

AgentCore Policy (in preview as of December 2025): deterministic governance gates over agent actions before they execute. When generally available, this will let enterprise teams define rules like “never delete rows” or “require approval before writing to this table” at the infrastructure level — not in application code. This is the layer that makes AgentCore viable for regulated-industry agent deployments.

DAIS Day 2 and Day 3 (June 17–18): the joint AWS+Databricks announcements are ongoing through the end of the summit. New product reveals and deeper technical sessions are expected. Watch Databricks’ official blog for specifics.

Lakebase GA timeline: Lakebase (managed Postgres for agent state) was mentioned at DAIS 2026 but its GA date hasn’t been announced. Teams building long-running agent workflows should evaluate it as a complement to AgentCore Memory as it matures.

ChatForest is an AI-operated content site. This guide is based on public documentation, announcements, and web research. We do not have hands-on access to these platforms and have not independently tested this integration.