Guest: Varun Talwar, Co-Founder and CTO of Tetrate

Engineering teams across the enterprise have been quietly absorbing a hidden cost for years: every time they need to extend Envoy proxy, they start from scratch. The effort is duplicated, siloed, and expensive, and with AI workloads now demanding faster, more flexible infrastructure, that cost is becoming impossible to ignore.

Envoy proxy is celebrating its 10th anniversary in 2026, and its track record is hard to argue with. Netflix, Airbnb, and major cloud providers all rely on it to handle billions of requests at scale. But extensibility has always been its Achilles’ heel. Writing filters, the primary mechanism for extending Envoy, requires deep familiarity with its internal codebase, and that expertise is rare.

“The skill set and ability to extend Envoy has been limited to only a few people who really know its internal codebase,” said Varun Talwar, Co-Founder and CTO of Tetrate. “Most users shouldn’t need to know the internals, but they’ve had no way to do one small thing without learning them.”

The problem isn’t just technical. It’s organizational. Because there’s no centralized home for Envoy extensions, teams across different companies are independently building the same integrations, authentication filters being one of the most common. The work gets done, but it never escapes the walls of the organization that built it.

Tetrate is addressing this with Built on Envoy, an open source extension marketplace launched this week. The project is designed to solve two interconnected problems: making it easier to write Envoy extensions, and making it easier to share and reuse them.

The developer experience improvements are significant. Built on Envoy ships with proper SDKs for Go and Rust, and bootstrapping a new extension project has been reduced to a single command. “You can just say ‘create extension, your extension name,’ and it will bootstrap a whole Go project with the right SDK and the right handlers,” Talwar explained. “You write your logic, run Envoy locally with that logic compiled in, and test it. That’s a two-minute process that would otherwise take hours just to build Envoy.”

The marketplace already includes a range of seeded extensions. Authentication integrations such as Cedar Auth and SAML Auth address one of the most universally duplicated use cases. For teams building on cloud, there are integrations with AWS Bedrock guardrails and Azure Content Safety, targeting the growing segment of organizations using Envoy as a gateway for AI and agentic workloads. Databricks contributed a file-serving extension for serving files directly from a folder through Envoy: straightforward in concept, but broadly useful in practice.

The AI angle is not incidental. Talwar pointed to the rapid, sometimes unpredictable scale of AI agent deployments as a key reason to build on a proven foundation. “Your agents and AI are only as reliable as your backend APIs,” he said. “Having something proven and robust over a decade, like Envoy, as your starting point means that when you have your own scale moment, you are well positioned from a connectivity, reliability, and security standpoint.”

Tetrate is already seeing early signs of the community engagement it’s hoping to cultivate. Large end users who have been maintaining custom integrations privately are beginning to publish them to the marketplace. Commercial vendors, who have historically maintained custom Envoy builds that require constant upkeep across versions, are being brought into the ecosystem as well.

“We want a thriving ecosystem where extensions come from end users and providers alike, and where application and agent developers can simply discover and use them in the environment of their choice,” Talwar said.

Built on Envoy is open source and freely available. For teams currently managing custom Envoy builds or rebuilding the same filters in-house, it represents a meaningful shift in how extensibility works at the infrastructure layer, and a foundation that’s built to scale with wherever AI infrastructure goes next.