The exploding adoption of AI coding assistants is boosting developer productivity and accelerating time-to-market, yielding substantial returns on investment. These AI-native practices increase developer productivity and speed up delivery, and they also facilitate more frequent product iterations, leading to faster innovation loops.
Enabling developers across the company to transform their software engineering practices by leveraging AI promises significant productivity gains – but only if we can integrate these tools and agents with safety and security.
Alan Davidson, Chief Information Officer, Broadcom.
As organizations worldwide see productivity improvements with AI-native development, many are adopting AI coding assistants to scale efficiency. But without enterprise-grade governance, AI coding assistants can expose organizations to serious risks—including data leakage, security flaws, and compliance violations. Broadcom was concerned about two common issues with AI-assisted coding: growing pressure and risk of shadow AI and safely augmenting coding assistants with access to internal tools through Model Context Protocol (MCP) integrations.
The case for an AI PaaS on private cloud for AI-assisted coding
Many enterprise organizations face the challenge of managing the business's enthusiasm for AI coding assistants. As organizations increase the pressure on development teams to innovate more quickly, development teams are pursuing unsanctioned AI experimentation. Prohibitions of AI assistants will do little to mitigate the rise of shadow AI. Therefore it’s important to consider the risks of not pursuing a centralized governance approach to AI-assisted coding. Risks may include the following:
- Individual developers using public, unapproved AI tools (such as MCP servers) – Developers use unapproved, consumer-grade AI tools in personal workflows, which often transmits proprietary source code to external third parties.
- Teams experiment with open source and public AI models without central oversight – Teams deploy or fine-tune open source models lacking crucial governance, legal review, and security hardening, risking licensing conflicts and insecure code.
- Prohibitive policies lead to shadow AI or ad-hoc solutions – The absence of a strong, organization-wide policy results in fragmented, unvetted "best practices," preventing central IT and security from maintaining a unified, compliant security posture.
Broadcom GTO’s AI working group required a secure, centralized approach for AI-native tools that are easy to adopt. The core requirements for Broadcom are what most organizations agree are essential: ensure integrity of the software supply chain; protect intellectual property; and support data privacy with AI-assisted software development. Beyond the concerns of policies and processes, the Broadcom team understood that AI assistants need an AI-ready platform that centralizes governance and observability in order to monitor and continuously optimize developer AI tools for ROI.
“Standards for AI integration, like model context protocol (MCP), are very early; it’s a fast-moving world, but they’re not all enterprise-ready yet,” says Davidson. “The solution that Tanzu Platform provides fills the gaps in these enterprise standards while delivering the telemetry we need to understand adoption, usage and continually improve our services.”
Tanzu Platform is a self-managed, AI-ready platform as a service (AI PaaS) for private cloud designed to streamline access to coding assistants and integrate with tools and processes utilized by developers and IT operations. However, the governance challenge extended beyond Broadcom’s initial need for coding assistant governance. Once an approved coding assistant had been safely adopted, Broadcom needed to establish secure and scalable integrations with other tools via the Model Context Protocol (MCP).
Why governance is key for Model Context Protocol integrations
Utilizing MCP is an effective way to connect AI coding assistants to integrated development environments (“IDEs”) and repositories or other tools that are needed for completing coding tasks with these assistants. By adding a layer of integrations to the coding assistant, users exponentially increase the power of the solution but also open the enterprise to more safety risks. For example, connecting MCP to coding assistants has become a new attack vector. In recent news, an MCP server was “spoofed” to launch malicious attacks within organizations for the first time. This illustrates the need for enterprise governance beyond the coding assistants, including curating the MCP servers themselves as part of AI-native coding practices.
Broadcom initially restricted internal use of local MCP servers due to its relative immaturity and associated risks. This decision, however, hindered the organization’s objective of implementing AI coding assistants globally. Recognizing the transformative potential of integrating various tools that are essential for AI-assisted coding, Broadcom GTO developed a novel MCP authorization structure to enable function chaining.
This capability allows for seamless task completion, such as linking internal ticketing systems directly through to code commitment, significantly reducing the time required for ticket resolution. Specifically, developers can utilize natural language processing to direct an AI agent to find their next task, have the AI coding assistant implement the requested changes, and automatically submit a pull request. While this process introduced complexity by layering authorization, the resulting gains in speed and efficiency are highly transformational.
Tanzu Platform deployed on VMware Cloud Foundation helped Broadcom centralize integrations with MCP servers to enable a secure connection to the tooling needed to enrich AI-assisted coding tools. Tanzu Platform enables the Broadcom GTO team to view usage for MCP servers so that they can tune and optimize those servers for maximum performance and also to determine patterns so they can retire unused servers and control technical debt and costs.
AI-native, private coding with Tanzu Platform
This transformative use case is set to redefine the software development life cycle within Broadcom GTO, and it serves as a blueprint for other enterprises, through the deployment of AI coding agents with extensible MCP integrations and the implementation of a strong governance framework. A key highlight of this initiative is its exclusive reliance on Broadcom's own software products, demonstrating the power and maturity of its technology in a real-world application.
This example is a powerful demonstration of Broadcom’s commitment to internal digital transformation, turning its own software intellectual property into a strategic asset for operational excellence and proving the business value of agentic AI in a complex, mission-critical environment.
To learn more about Tanzu Platform, visit the product website.