Published on
June 23, 2026
Last Edited
June 23, 2026

Fiddler AI Control Plane for Coding Agents

The only inline enforcement at the agent's request and response path. Through the gateway you already run along with observability you already expect.
Fiddler Team
Table of Contents
Product

Key Takeaways

  • Coding agents are being mandated at the enterprise level. At Google, 75% of all new code is now AI-generated, but the governance controls haven't kept pace with adoption.
  • Coding agents co-authored with AI leak secrets at twice the baseline rate. With 28.6 million new hardcoded secrets hitting public GitHub in 2025 alone, inline enforcement is no longer optional.
  • Fiddler AI Control Plane is the only inline enforcement layer for coding agents that attaches to the gateway you already run. No new infrastructure, no SDKs, and no agent rewrites required.
  • Two telemetry streams, one control plane: Fiddler stitches agent-side OTel with gateway-side capture to deliver cost-per-PR attribution, active developer tracking, and model usage across the entire fleet.
  • Fiddler enforces policy before data leaves your network. Allow, block, or redact in under 100ms, with single-tenant SaaS or self-hosted deployment on AWS, GCP, or Azure.

The Shift Happened. The Controls Didn’t.

Coding agents are being mandated in organizations. At Google, 75% of all new code is now AI-generated and approved by engineers - up from 50% just last fall [1] - and peers across the industry have set similar top-down volume targets. The commercial curve tells the same story: a single coding agent reached a $2.5 billion run-rate within nine months of launch, with business subscriptions quadrupling since the start of 2026 [2].

The risk curve is climbing just as fast. 

  • 28.6 million new hardcoded secrets hit public GitHub in 2025, up 34% year over year, the largest single-year jump on record [3].
  • Commits co-authored by coding agents leaked secrets at roughly twice the baseline rate [4]. 
  • Even MCP configuration files, the connective tissue of agent tooling, exposed more than 24,000 unique secrets last year [5].
Adoption, output, and risk
Fig 01 · Adoption, output, and risk — sources in the references below.

The same three questions are landing on three desks and the stacks those leaders own weren’t built to answer them for agents that read code, call tools, and reason across systems.

  • CTO: Cost. Can you attribute yesterday’s agent spend to a team, a repo, and a model and defend it?
  • CIO: Adoption. Do you know which MCP servers and tools your agents called, which codebases they touched and whether the mandate is landing or stuck?
  • CISO: Risk. Would you know if an agent leaked a key an hour ago or only at the next audit?

Where Fiddler Operates and Why the Control Plane Matters

What is a Control Plane For Coding Agents?
A control plane for coding agents observes every agent request and enforces policy inline - before data leaves the network - across every agent, gateway, and model provider an organization runs. It is not a gateway; it attaches to the one you already have.

Every existing approach watches coding agents from somewhere. The question is whether that somewhere lets you act. Endpoint controls see one request on one machine. Observability platforms see telemetry after the fact. Dashboards can tell you on Tuesday what leaked on Monday. That isn’t governance; that’s an incident report.

Fiddler operates in a different plane: observability and guardrails, inline at the gateway you already run. Every request passes through it; every verdict lands before the data leaves your network.

Type of Solution Observability: What it Sees Guardrails: Can it Act Inline? What You Get
Endpoint controls (IDE plugins, local agent hooks) One request at a time, on one machine Locally only. Per-machine, easy to bypass, no fleet view Point protection, no governance
Observability-only platforms Telemetry after the request completes; often sampled No. Dashboards and alerts arrive after data has left the network Visibility without enforcement
Gateway-native logging Traffic metadata at the gateway Routing and rate limits, not model-based detection of PII or secrets Plumbing, not policy
Fiddler Control Plane: inline at your existing gateway Agent OTel stitched to gateway capture; full fidelity, no sampling Yes. Allow, Block, Redact verdicts in under 100 ms, before egress or commit Observability and guardrails from one integration point

The Only Inline Enforcement at the Agent’s Request and Response Path

The Fiddler AI Control Plane integrates inline with the LLM/MCP gateway you already run. No new gateway. No SDKs. No agent rewrites. Fiddler captures, evaluates, and enforces policy on every request and delivers full request context into one dashboard and alerts with OTel export for systems that need a copy.

The control plane from evals to guardrails to monitoring and governance for agents.
Fig 02 · The control plane from evals to guardrails to monitoring and governance for agents.

Two Telemetry Streams and One Control Plane

Fiddler offers full-context telemetry for safer agentic AI, stitching agent intent and gateway execution into a single end-to-end view.

  • Agent-side telemetry, including OTel, Claude Code, and Gemini CLI at launch, captures the “why”: the session, plan, files touched, and pull request context. 
  • Gateway-side capture, including LiteLLM and AgentGateway at launch, captures the “what”: requests, responses, tokens, latency, spend, and the verdicts that fired.

Each stream alone is half-blind. Fiddler joins the two, end to end. This mechanism delivers safe verdicts.   

  • Cost-per-PR exists only because agent sessions join to gateway spend
  • Verdicts are smarter because Fiddler Centor Models score the agent’s plan, not an isolated payload.

Model coverage flows through the gateways automatically: Anthropic, OpenAI, Google, AWS Bedrock, Azure OpenAI, and 100+ others, vendor-neutral by design.

Observability and Guardrails From One Integration Point

Live event stream on the observability side | Agent-plan analysis with an inline Block verdict on the guardrails side.
Fig 03 · Live event stream on the observability side | Agent-plan analysis with an inline Block verdict on the guardrails side.

Fleet-Wide Intelligence Across Every Developer, Token, And Dollar

Here’s something most teams don’t know: coding agents emit native OTel and don’t impose sampling; sampling is a collector configuration choice [6]. Full-fidelity counts aren’t a premium feature; they’re the default you keep by simply not configuring fidelity away. Fiddler ingests both telemetry streams unsampled.

There are four metrics your executive team cares about: 

  1. Cost with model breakdown 
  2. Adoption measured as active developers against seats 
  3. Cost per PR and commit 
  4. Model usage across the fleet

When your CTO now asks why spend doubled last month, you will be able to identify the team, repo, and model and whether the spend maps to merged PRs or to retry-loops burning tokens. 

Block Toxic Flows Before They Leave Your Network

Endpoint controls inspect requests in isolation. Inline at your gateway, Fiddler Centor Models see the agent’s plan across systems and gate calls on both request and response paths before any tool fires. 

For the two detectors - PII/PHI and Secrets - there are three verdicts, with allowlist exceptions:

  • Allow. The request is clean. It passes untouched and still lands in the trace, so the audit trail has no gaps.
  • Block. A toxic flow - a credential in a completion, cross-repo data movement - is stopped before egress or commit. The verdict lands in the trace, attributed to the session, the developer, and the PR.
  • Redact. A sensitive span, say, a customer email address in a prompt, is masked in-line and the request continues. The developer never breaks flow.

All of it runs as single-tenant SaaS or self-hosted in your AWS, GCP, or Azure account where prompts never leave your network. SOC 2 Type 2. HIPAA-ready.

Five Questions To Ask about a Control Plane for Coding Agents:

These five questions will tell you whether a product governs coding agents or merely watches them:

  1. Can it act inline - allow, block, redact - before data leaves the network, or only alert after?
  2. Does it require deploying a new gateway, or does it attach to the one you already run?
  3. Is the telemetry sampled, or full fidelity?
  4. Can it connect agent telemetry to gateway telemetry, or do you get two disconnected views?
  5. Does one policy cover every agent in the fleet, or only one vendor’s agent?

Fiddler’s answers: inline, yours, full fidelity, connected, and every agent.

References

[1] Fast Company, "Google CEO Sundar Pichai says 75% of the company's code is AI-generated," Fast Company, Apr. 2026. [Online]. Available: https://www.fastcompany.com/91531519/google-ceo-says-75-of-the-companys-code-is-ai-generated 

[2] Anthropic, "Anthropic raises $30B Series G at $380B post-money valuation," Anthropic, Feb. 2026. [Online]. Available: https://anthropic.com/news/anthropic-raises-30-billion-series-g-funding-380-billion-post-money-valuation 

[3] GitGuardian, "The State of Secrets Sprawl 2026," GitGuardian Blog, Mar. 2026. [Online]. Available: https://blog.gitguardian.com/the-state-of-secrets-sprawl-2026/ 

[4] Help Net Security, "29 million leaked secrets in 2025: Why AI agents' credentials are out of control," Help Net Security, Apr. 2026. [Online]. Available: https://www.helpnetsecurity.com/2026/04/14/gitguardian-ai-agents-credentials-leak/ 

[5] The Hacker News, "The State of Secrets Sprawl 2026: 9 Takeaways for CISOs," The Hacker News, Mar. 2026. [Online]. Available: https://thehackernews.com/2026/03/the-state-of-secrets-sprawl-2026-9.html 

[6] Anthropic, "Claude Code: Monitoring usage and OpenTelemetry," Anthropic Documentation, 2026. [Online]. Available: https://code.claude.com/docs/en/monitoring-usage

Experience Enterprise
AI Observability
Request demo