Guide intermediate

Zapier Rolls Out Enterprise AI Governance: App Controls, BYOM, and MCP Now Policy-Enforced

Zapier's April 2026 update gives IT and ops teams a unified governance layer across AI agents, no-code workflows, MCP connections, and SDK-built apps, including Bring Your Own Model via AWS Bedrock.

Published April 29, 2026 · Updated May 1, 2026 by Heidi Hildebrandt
Table of Contents
Pondero, operated by Hildebrandt AI LLC, earns a commission from some links on this page. This does not influence our editorial decisions. Read our affiliate disclosure

Zapier Rolls Out Enterprise AI Governance: App Controls, BYOM, and MCP Now Policy-Enforced

In brief: On April 23, 2026, Zapier announced a sweeping enterprise governance layer that now covers every surface where AI runs: no-code workflows, AI agents, MCP-connected assistants like Claude and ChatGPT, and SDK-built apps. IT and ops teams finally have a single policy control plane for all of it.

What Changed

Until now, Zapier’s enterprise governance was fragmented. IT teams could set policies on traditional Zaps, but AI agents and MCP connections operated in a separate lane. The April 23 release closes that gap with a unified policy layer Zapier is calling its governance suite.

The headline additions are App Access Controls and Action Restrictions. App Access Controls let administrators decide which of Zapier’s 9,000+ connected apps are available to each workspace, team, or individual user, and those restrictions apply consistently whether a user is building a Zap in the editor, directing an AI agent, or routing an MCP-connected tool. Action Restrictions go one level deeper: a sales rep can read and update contacts in HubSpot, but not delete them. That kind of granular permission is new for the MCP layer.

Bring Your Own Model (BYOM) is the other major addition. Enterprises running Zapier Agents can now route all agent processing through their own infrastructure, starting with AWS Bedrock. Your prompts, context, and outputs never leave your network. Zapier also added Log Streaming to SIEM platforms, with Datadog and Splunk supported on launch day, so every agent action and workflow execution flows into your existing security monitoring stack. Managed App Connections round things out by centralizing OAuth credentials through IT-controlled accounts, eliminating the shadow-automation problem of personal credentials scattered across a team.

Why It Matters

Zapier surveyed 200 enterprise executives for this launch and found that 93% say AI initiatives occasionally fail to reach production because of governance constraints, and 94% think governance needs to become continuously operating and embedded rather than a static policy document. Those numbers match what we hear from ops leaders every week.

The practical implication: if your team has been cautious about letting Zapier agents touch production systems or customer data, the new controls give you a concrete answer to security and legal’s objections. MCP governance in particular is significant. Most MCP deployments today have zero policy enforcement at the action level. Zapier is the first major automation platform to extend first-class governance controls into the MCP layer, which matters as more teams connect Claude, ChatGPT, and other AI assistants directly to their business apps.

The BYOM option is also worth flagging for regulated industries. Healthcare, finance, and legal teams that have been sitting out AI automation because of data residency requirements now have a credible on-ramp.

How to Use It

App Access Controls and Action Restrictions are available now at zapier.com/govern for Business and Enterprise plan customers. The setup lives in your workspace admin panel; open Settings → Governance. You can configure access by workspace, team, or individual user, and restrictions are enforced immediately across the Editor, Agents, and any MCP connections.

BYOM with AWS Bedrock requires an Enterprise plan. You connect your AWS account in the Governance settings, choose which Bedrock models Zapier Agents should use, and all inference routes through your infrastructure from that point on. Zapier’s documentation lists Claude 3.5 Sonnet and Anthropic’s Haiku as the initial supported models via Bedrock.

Log Streaming to Datadog or Splunk is also an Enterprise feature. Once configured, every Zap run, agent action, and MCP tool call emits a structured event to your SIEM. The event schema includes user ID, workspace ID, app name, action type, and outcome: enough context to write meaningful detection rules.

Zapier Agents moved from beta to general availability in this same release, with enterprise MCP support included. If your team has been waiting for Agents to stabilize before rolling out, now is the time to evaluate.

For teams not yet on Enterprise, the free and Business tiers gain access to Workspaces (isolated team environments with per-workspace app and policy configurations) when they reach general availability at the end of Q2 2026.

Zapier is a Pondero affiliate partner. If you sign up through links on this page, we may earn a commission at no extra cost to you. Our editorial coverage is independent. See our affiliate disclosure.

This post is part of Pondero’s daily coverage of AI tool updates. See all automation guides →