Kong A2A and MCP metrics expose the governance gap in AI tool adoption

At a glance

What this is: Kong is extending AI gateway telemetry to A2A and MCP traffic so teams can see how agents use tools, not just whether infrastructure is healthy.

Why it matters: That matters because IAM, NHI, and AI governance teams need evidence on tool usage, access scope, and blocked requests before they can control adoption at enterprise scale.

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

👉 Read Kong's release on A2A and MCP metrics for AI tool governance

Context

AI tool adoption becomes a governance problem once agents can call tools and exchange context at runtime. In that environment, uptime and latency are necessary metrics, but they are not sufficient to show whether the right tools are being used, whether access is over-broad, or whether an AI programme is drifting into shadow behaviour.

Kong’s update is best read as an observability layer for enterprise AI governance rather than a feature note. The real question for identity teams is how to pair traffic telemetry with access policy, entitlement review, and auditability across agentic AI, MCP, and A2A paths.

Key questions

Q: How should teams govern AI agents that call enterprise tools through MCP and A2A?

A: Teams should govern those agents as runtime identities, not just applications. That means tying each tool call to an approved identity, constraining the callable scope, logging method-level activity, and reviewing usage patterns alongside access entitlements. If the gateway cannot show what was used and by whom, the programme cannot prove control.

Q: What breaks when AI tool usage is measured only by uptime and latency?

A: What breaks is governance. Uptime and latency tell you whether the platform is available, but they do not show whether the right tools are being used, whether access is excessive, or whether adoption is drifting into shadow behaviour. Without usage telemetry, teams cannot make sound entitlement or audit decisions.

Q: How do security teams know whether AI agent access is operating outside its intended scope?

A: They look for repeated blocked calls, unexpected tool combinations, unusual consumer patterns, and agents that access data or services beyond their intended task. The signal is not just a policy violation. It is a mismatch between authorised scope and observed runtime behaviour across the agent path.

Q: Who should own AI gateway governance when MCP and A2A traffic scale quickly?

A: Ownership should sit across IAM, platform engineering, and security architecture, with clear accountability for authorisation policy, telemetry retention, and exception handling. The agent runtime may be technical, but the governance question is organisational: who can approve scope, review behaviour, and revoke access when usage no longer matches intent?

How it works in practice

A2A and MCP analytics as identity telemetry

A2A, or agent-to-agent communication, and MCP, or Model Context Protocol, both move beyond simple request counting. They expose which agents, consumers, methods, context IDs, and task IDs are involved in each exchange, along with request counts, latency, and status codes. That matters because agent behaviour is distributed across multiple hops, so a single log line rarely explains who invoked what, with which tool, and under which context. In practice, these metrics create an audit surface for governance decisions that would otherwise be inferred from incomplete logs or disconnected monitoring tools.

Practical implication: treat A2A and MCP telemetry as evidence for access review, policy tuning, and incident reconstruction, not just platform performance.

Why uptime metrics fail for AI tool governance

Traditional platform metrics answer whether a service is available and fast. They do not answer whether an AI agent is using approved tools, whether a method is being over-consumed, or whether access is producing business value. That is the governance gap Kong is targeting with adoption and consumption analytics. In identity terms, the problem is not availability alone. It is whether runtime tool use matches the intended scope of the identity, the workload, or the agent. Without that layer, platform teams can scale usage while remaining blind to misuse, waste, or policy drift.

Practical implication: add adoption and consumption measures to your control set before expanding agent access across production workflows.

Scope-based tool filtering and token exchange

Scope-based tool filtering and token exchange are the control mechanisms that make AI gateway governance meaningful. Scope-based filtering constrains which tools an agent can invoke, while token exchange lets the gateway mediate identity across services without exposing broader credentials than necessary. Combined with rate limiting and request logging, these controls turn raw connectivity into governed delegation. For security architects, the pattern is familiar from NHI management: narrow the trust boundary, reduce standing privilege, and record what was actually used rather than assuming policy alone will be followed.

Practical implication: map every agentic integration to a minimum tool scope and require gateway-mediated authentication before production rollout.

NHI Mgmt Group analysis

AI tool governance is becoming an identity problem before it becomes an observability problem. Kong’s release shows that organisations can no longer treat agent telemetry as a performance overlay. Once A2A and MCP become production patterns, the question shifts to whether each call is within an approved identity boundary and a defensible scope. That makes tool usage evidence part of governance, not just engineering diagnostics. Practitioners should align telemetry with entitlement decisions, not separate them.

Shadow AI is now measurable only if teams can see method-level behaviour. The most important failure is not that an agent exists, but that teams cannot tell which tools it used, how often, or on whose behalf. Kong’s approach highlights the governance blind spot created when logs describe traffic but not intent or task context. Practitioners should treat blocked requests, low-adoption tools, and unexpected consumer patterns as governance signals, not noise.

Runtime governance gap: enterprise AI programmes need a control plane that can see both access and consumption, because policy without telemetry cannot prove compliance. This is the central lesson of AI gateway governance at scale. If teams cannot correlate identity, method, context, and usage, they will not be able to certify agent behaviour or explain cost growth. Practitioners should build control models that join authentication, authorisation, and usage analytics in one review cycle.

Agent-to-agent communication raises the bar for lifecycle governance across non-human identities. A2A does not remove the need for lifecycle controls, it makes them harder to manage because the execution chain is longer and more distributed. When agents are added faster than offboarding, recertification, and scope review can keep up, governance debt accumulates. Practitioners should assume that every new agent path expands the review burden on IAM, IGA, and platform teams.

Identity teams should expect AI gateway telemetry to become a board-level evidence source. The value of these metrics is not limited to engineers chasing latency. They also support accountability questions about who approved access, what was used, and whether AI investment translated into controlled adoption. Practitioners should prepare reporting that connects agent behaviour to risk, spend, and policy outcomes in the same operating view.

From our research:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to the AI Agents: The New Attack Surface report.
• Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to the AI Agents: The New Attack Surface report.
• For a broader control framework, review OWASP Agentic Applications Top 10 alongside gateway telemetry to connect runtime visibility with policy enforcement.

What this signals

Runtime telemetry will become a prerequisite for AI governance evidence. As A2A and MCP usage scales, teams will need one control view that connects identity, method, context, and consumption. Without that join, access reviews and audit reports will rely on partial logs rather than defensible behavioural evidence.

Tool adoption data will start shaping access policy as much as request logs do. When high-usage tools, blocked requests, and low-adoption paths are visible together, platform teams can distinguish useful expansion from risky overreach. That is where AI gateway metrics move from operational reporting into governance decision support.

The next maturity step is not more dashboarding but tighter alignment between AI gateway evidence and access lifecycle controls. Teams that already manage machine identities and secrets should extend the same discipline to agent paths, then validate it against Top 10 NHI Issues and external guidance such as OWASP Agentic AI Top 10.

For practitioners

• Correlate agent identity with tool consumption Join A2A method, MCP context, consumer, and task identifiers to the identity or workload that was authorised so reviews can distinguish approved use from drift.
• Set minimum tool scopes before broad rollout Require scope-based tool filtering for every production agent path and review those scopes alongside the credential or token that authenticates the call.
• Use blocked requests as governance signals Track denied calls, repeated retries, and unexpected method patterns to spot overreach, broken integrations, or policy settings that are too permissive or too restrictive.
• Tie AI adoption metrics to entitlement reviews Use adoption, latency, and tool frequency data to decide where access should expand, remain unchanged, or be withdrawn at the next access review.

Key takeaways

• AI gateway metrics matter because agent adoption, not just service health, now determines whether AI programmes are governable.
• The strongest evidence in this release is the move from traffic visibility to method, context, and consumer-level accountability.
• Practitioners should pair telemetry with scope controls and lifecycle review before expanding A2A or MCP access further.

Key terms

• A2A Communication: A2A communication is agent-to-agent interaction in which one software agent exchanges tasks, context, or results with another. For governance, it matters because the trust boundary moves beyond a single agent and into the handoff between identities, where approval, logging, and scope can drift.
• MCP Metrics: MCP metrics are operational measurements attached to Model Context Protocol traffic, such as request counts, latency, and status codes. They help teams see how tools are being used by AI systems so they can connect access decisions to real runtime behaviour rather than assume policy compliance from configuration alone.
• Scope-based Tool Filtering: Scope-based tool filtering limits which tools an AI system or agent can call based on the authority it has been granted. It is a runtime control, not a static label, and it becomes essential when agent behaviour can change from one task to the next.
• Shadow AI: Shadow AI is the use of AI agents or AI-enabled workflows that security, IAM, or governance teams cannot reliably see, approve, or audit. In practice, it often appears when tool access expands faster than identity controls, leaving gaps in accountability, logging, and lifecycle oversight.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Kong: Introducing Kong A2A and MCP Metrics: Visibility and Governance for AI Tool Adoption at Scale. Read the original.