What shipping containers in 1956 teach us about AI governance in 2026

A shipping container is not a sophisticated piece of engineering. It is a box. Malcolm McLean’s 1956 design was extraordinary not for what it was, but for what it agreed on: a standardised handoff between every port, ship, and crane on the planet. Once that one standard existed, global trade reorganised itself around it. Singapore became one of the world’s busiest ports largely because of a box.

At our Building Trusted Agents workshop in Singapore last week, Hyman Zhu, Co-Founder of CardInfoLink, drew the parallel directly (borrowing from Marc Levinson’s history of the container): AI in 2026 is sitting where shipping was in 1956. The capability is here. The commercial demand is here. What is missing is the standardised answer to a question every business deploying AI agents eventually has to answer: which agent did this, under whose authority, with what data, and when a regulator or partner asks for proof, where is it?

This is not hypothetical. Gartner predicts more than 40% of agentic AI projects will be cancelled by 2027, citing inadequate risk controls, runaway token costs, and unclear business value. A 2025 AuditBoard study found that only 25% of organisations have a fully implemented AI governance programme, and most of the rest have policies on paper that have not made it into daily operations. The projects are running ahead of the infrastructure they need to survive.

That is what made the workshop so interesting. Five organisations across four industries, building on the same foundation, Affinidi’s Agent Gateway, the trust and governance infrastructure layer for agentic AI. A payment processor. A geriatric care platform. An employment reference platform. An SME workforce tool. An AI customer communications platform. Different customers, different regulators, different commercial problems.

And without coordinating, they landed on three distinct architectural patterns.

The first is embedded trust. CardInfoLink’s merchant payment infrastructure integrates it directly. What they experience is an AI agent completing payments on their behalf, with every authorisation secured and accountability maintained across the entire transaction chain, without customers having to interact directly with the Agent Gateway. MrAssistant AI, an AI customer communications platform, applied the same pattern in healthcare, with the Agent Gateway underpinning agents that handle sensitive patient interactions. In both cases, the governance sits behind the interface. The trust is in the plumbing. Good infrastructure is invisible until it fails.

The second is cross-organisation trust. eeCheck redesigned employment reference checking for regulated financial institutions: The Agent Gateway connects the hiring organisation’s agent with the previous employer’s agent across verified, encrypted channels, producing an audit trail that satisfies MAS (Monetary Authority of Singapore) requirements. What today takes days of manual outreach becomes a verifiable, machine-to-machine exchange that holds up to regulatory scrutiny. Ajentik applied the same architecture in geriatric care: caregiver observations captured at home travel to a hospital’s clinical records, with the originating agent’s identity verified at the point of handoff. Two industries, one logic — trust has to cross organisational boundaries, not stop at them.

The third is the internal trust perimeter. By the time Hasky Technologies presented, the problem was familiar to anyone running AI at scale: eight specialised agents per staff member across three live production systems, each holding its own credentials, each an independent security risk, with no central point to revoke access and no way to reconstruct which agent authorised which action when a compliance question arrives. Hasky used the Agent Gateway as the centralised governance layer for its agent workforce, where credentials are managed centrally, issued only when needed, every agent operates under a verified identity, and access rules are enforced at a single control point. Hasky managed the human communication layer while the gateway managed the machine governance layer: a governed bridge between people and autonomous systems.

A regulatory thread ran through it all. eeCheck, Ajentik, and Hasky each described compliance requirements as a direct driver of their architecture decisions. eeCheck is built around MAS Notice FSG-N01 and FSG-N02. Ajentik aligns with IMDA and CSA. Hasky’s driver was operational rather than regulatory, but no less urgent. Cross-organisation agent governance is a market reality that most production deployments will hit within 60 to 90 days, regulation or no regulation. Governance does not wait for organisations to be ready. It is what moves infrastructure from optional to foundational.

Two phrases from the day stay with me. CardInfoLink called The Agent Gateway “the missing piece” that unlocked production-grade deployment. Hasky called it “the missing layer” between human communication and the execution of autonomous agents. Missing piece. Missing layer. Different vocabularies, same gap.

What matters most for any business considering this infrastructure is whether it holds across industries, regulatory environments, and operational contexts. Ajentik validated it at the hospital boundary. eeCheck validated it under MAS regulatory requirements. Hasky validated it inside a live multi-agent deployment running real commercial operations.

The shipping container standardised the handoff, and everything else reorganised around it. Once trust is standardised at the agent layer, the same expansion becomes possible with AI agents operating across organisational boundaries, businesses scaling without rebuilding governance from scratch at every new integration point.

Five proofs of concept, across four industries and one crucial validation: the trust layer is the current constraint on how far and how fast agentic AI can move in your business. Every team at this workshop reached that conclusion independently, from different starting points and different commercial problems.

If you are deploying AI agents, the question is not whether you will need governance infrastructure. The question is whether you build the Agent Gateway into your foundation now or retrofit it later, under pressure, while regulators and partners are watching.

I know which one I’d pick.

---

About the Affinidi Agent Gateway

The Affinidi Agent Gateway is the governance and trust infrastructure layer for agentic AI. Built on open standards with no vendor lock-in, the Agent Gateway gives enterprises a single pane of glass to deploy and manage AI agents with full confidence: cryptographic agent identity, runtime policy enforcement, verifiable audit trails, and encrypted cross-boundary messaging across organisations, clouds, and regulatory environments.

Where other agent management solutions were designed for simple, single-agent deployments, the Agent Gateway is built for production workloads that demand multiple agentic flows inside the organisation, and across organisations, meeting the audit requirements of strict regulatory requirements and governance models. The Agent Gateway holds AI agents and human actors accountable, traceable, and auditable at scale, enabling businesses to extend their reach to more customers, more data, and more partners without sacrificing governance or control.

To explore the Agent Gateway, visit affinidi.com/trust-fabric.