Kong’s 2025 year in review shows the rise of AI connectivity

At a glance

What this is: Kong's year-end recap argues that 2025 was the year enterprises moved into AI connectivity, with agentic systems driving demand for unified governance, caching, billing, and identity controls.

Why it matters: This matters because IAM, NHI, and platform teams now have to govern APIs, tokens, models, and agents together rather than as separate control planes.

By the numbers:

• Kong research found 90% of enterprises are adopting AI agents.
• 79% expect full production rollout within three years.
• 72% of organizations are already implementing formal governance layers.

👉 Read Kong's 2025 year in review on AI connectivity and agentic governance

Context

AI connectivity is the control problem that emerges when APIs, LLMs, agents, and event streams all need to be governed through the same runtime path. Kong's recap treats that convergence as the defining shift of 2025, with agentic systems moving from experimentation into operational use.

For identity teams, the important point is not the marketing language around an AI gateway. It is that machine-speed access, token budgets, and agent behavior now sit in the same governance conversation as API discovery, workload identity, and authorization policy.

That makes this a broader IAM and NHI story, not a pure product story. The article is a year-in-review from Kong, but the underlying message is that conventional control planes are being asked to manage identities that act, call tools, and consume resources in real time.

Key questions

Q: How should security teams govern AI agents that consume APIs and event streams in real time?

A: Treat AI agents as governed machine actors, not just application clients. Security teams should enforce authentication, token budgets, scoped authorization, logging, and approval logic at the control plane, then map each agent workflow to an owner and a review process. The goal is to make runtime behavior observable and bounded before scale turns into sprawl.

Q: Why do AI gateways matter for IAM and NHI programmes?

A: AI gateways matter because they concentrate policy decisions for agent traffic, model calls, and downstream tool access in one place. That gives identity teams a practical enforcement point for machine identity governance, but only if the gateway is tied to entitlement, logging, and lifecycle controls instead of being treated as a pure traffic router.

Q: What do organizations get wrong about governing MCP-based agent access?

A: The common mistake is assuming the agent is trusted once the session starts. In practice, MCP creates a dynamic tool-discovery surface, so each tool and server needs its own identity, authorization, and scope boundaries. If those controls are inconsistent, a single agent workflow can reach more systems than the original approval intended.

Q: Who should own governance when AI, API, and billing controls converge?

A: Ownership should sit with a cross-functional model that includes IAM, platform security, and engineering, with clear accountability for policy, telemetry, and lifecycle management. Billing can inform usage and abuse detection, but it cannot replace identity governance. If no single team owns the runtime decisions, the control environment will drift as adoption grows.

Technical breakdown

AI gateway as a control plane for token budgets and policy

An AI gateway is a governance layer that sits between applications, models, and downstream services to enforce policy at runtime. In Kong's framing, it is meant to control token budgets, improve observability, and apply security checks at machine speed. That matters because agentic systems do not just call one API once. They can generate repeated, contextual, and sometimes unpredictable requests that multiply cost and risk unless the control plane can inspect, rate-limit, and authorize each step.

Practical implication: platform teams should treat AI gateways as policy enforcement points, not as simple routing infrastructure.

MCP gateway consistency and authentication problems

MCP, or Model Context Protocol, introduces a new integration surface because agents use it to discover tools and data sources dynamically. Kong highlights consistency and authentication as the main issues, which is the right focus. Without standard handling for MCP server identity, session trust, and tool authorization, organizations create a fragmented trust boundary where each integration behaves differently. That is especially risky when multiple agents or workflows share the same back-end services and credentials.

Practical implication: teams should classify MCP endpoints as governed access points and apply identity checks before tool invocation.

Converged API and AI traffic needs shared governance

The article repeatedly points to a converged operational model where APIs, models, and agents all move through the same infrastructure layer. That convergence matters because policy drift often appears when teams manage API traffic, model access, and event streams in separate silos. Once agentic systems become common, the control question shifts from whether traffic is authenticated to whether the platform can explain, meter, and bound machine-generated actions across the full request chain.

Practical implication: security architects should design shared governance for API, AI, and event traffic rather than maintaining separate rulesets.

NHI Mgmt Group analysis

AI connectivity is becoming the new identity control plane. Kong's year-in-review reflects a market shift that identity teams should already be planning for. The practical issue is not whether agents can connect to tools, but whether those connections can be governed with the same clarity that IAM expects from human and workload identities. Practitioner conclusion: treat AI connectivity as an identity governance domain, not an integration feature.

Formal governance layers are arriving because unconstrained agent behavior is already a management problem. Kong's own recap says 72% of organizations are implementing formal governance layers as agent adoption rises. That is a strong signal that policy, observability, and runtime control are becoming prerequisites for scale. Practitioner conclusion: if governance is still bolted on after deployment, the programme is already behind the operating model.

AI fragmentation tax is a named operating risk, not just a platform inconvenience. The article's phrasing captures a real pattern: when APIs, LLMs, agents, and event streams are handled separately, overhead accumulates in policy design, billing, and security review. That tax lands on IAM and platform teams as duplicated controls and inconsistent approval logic. Practitioner conclusion: reduce control-plane fragmentation before agent sprawl makes it harder to unwind.

Identity and usage governance are converging for machine actors. Kong's addition of identity, metering, and billing to the same operational story shows where the market is heading. For NHI programmes, that convergence matters because entitlement, consumption, and accountability are starting to overlap at runtime. Practitioner conclusion: align IAM, FinOps, and platform governance around the same machine identity inventory.

Agentic adoption is outpacing the maturity of existing control assumptions. The article makes clear that enterprises are moving fast, but the control model still has to catch up with autonomous traffic patterns. Human-paced review cycles, static API policies, and separate tool governance will not map cleanly onto agentic execution. Practitioner conclusion: the architecture decision is now about who owns runtime authority, not just who owns the platform.

From our research:

• 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate, according to AI Agents: The New Attack Surface report.
• Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
• For deeper operating guidance, review OWASP Agentic AI Top 10 for the runtime risks that appear once agents start selecting tools dynamically.

What this signals

Agentic adoption is forcing identity programmes to move from static entitlement models to runtime governance. When agents can call tools, APIs, and event streams in real time, the practical question is no longer who has access in theory, but what the platform can prove about each action. That is why the AI gateway is emerging as a governance layer rather than a traffic convenience.

The larger signal is that machine identity, billing, and policy enforcement are collapsing into one operational problem. Teams that still separate IAM, FinOps, and platform control will struggle to explain agent behavior, cost, and accountability in the same review cycle.

For a broader view of how the market is shaping around this shift, the Ultimate Guide to NHIs , 2025 Outlook and Predictions frames the same trend: autonomous workloads are becoming a governance baseline, not an edge case.

For practitioners

• Map AI gateways to identity control objectives Define which policy decisions the gateway must enforce for agents, APIs, and event streams, including authentication, token limits, logging, and runtime authorization. Tie each decision to a named control owner so that governance is not spread across platform, security, and application teams without accountability.
• Inventory every agent-facing integration path List all routes where agents can reach models, tools, and downstream APIs, then mark which ones share credentials, policies, or event subscriptions. Use that inventory to identify where a single misconfigured integration could affect multiple services.
• Separate billing governance from access governance Treat metering and billing controls as adjacent to, but not a substitute for, identity and authorization policy. If the same platform handles usage charging and access control, document the boundaries so cost logic does not become a proxy for trust decisions.
• Review MCP trust boundaries before broad rollout Classify MCP servers, tool endpoints, and agent workflows by sensitivity, then decide which ones need stronger authentication, tighter scope, or explicit approval before execution. Revisit these boundaries whenever a new agent can discover or call additional tools.

Key takeaways

• Kong's recap shows that AI connectivity is becoming a governance problem, not just an infrastructure pattern, because agents now sit directly on top of APIs, models, and event streams.
• The strongest evidence in the article is market behavior itself: 90% adoption, 79% expected rollout, and 72% formal governance uptake all point to a category moving into operational control mode.
• IAM and NHI teams should respond by owning runtime policy, identity boundaries, and auditability before agent sprawl makes those controls harder to design retroactively.

Key terms

• AI Gateway: A governance layer that sits between agents, models, and backend services to enforce policy at runtime. It is used to control access, meter usage, inspect traffic, and apply security rules where machine-driven requests would otherwise move too quickly for manual review.
• MCP: Model Context Protocol, a standard for connecting AI agents to tools and data sources. In practice, it expands the trust boundary because tool discovery, authentication, and authorization must be controlled consistently across many integrations rather than trusted implicitly.
• AI Connectivity: The combined infrastructure used to connect APIs, models, agents, and event streams in one operational environment. It becomes an identity and governance challenge when access decisions, policy enforcement, and accountability all have to work at machine speed.
• Machine Identity: The identity assigned to a non-human workload, service, or agent so it can authenticate and access resources. For agentic systems, machine identity must also support runtime governance, because the same identity may be used for many different actions across a single workflow.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building or maturing an identity security programme, it is worth exploring.

This post draws on content published by Kong: The 2025 Kong Year in Review. Read the original.