AI connectivity and agent traffic: what IAM teams need to know

TL;DR: AI traffic is shifting from human-facing API consumption to agent-to-agent token flows, making the traffic layer the new control point for security, governance, and performance as hypervolume growth accelerates, according to Kong. That re-centres identity decisions on access, routing, auditability, and blast-radius control instead of only API management.

NHIMG editorial — based on content published by Kong: The Age of AI Connectivity

Questions worth separating out

Q: How should security teams govern AI agent access to enterprise APIs?

A: Treat AI agent access as a machine identity problem, not a user-experience problem.

Q: Why do AI agents require different governance than human API consumers?

A: AI agents can discover, sequence, and repeat actions at machine speed, which makes their access patterns more dynamic than human-driven requests.

Q: What breaks when AI traffic is managed only through downstream services?

A: Controls fragment when each service tries to enforce its own policy, because the system loses a single view of identity, context, and blast radius.

Practitioner guidance

• Map AI traffic to a governed control plane Identify where prompts, tokens, MCP sessions, and model calls enter or leave the environment, then place policy enforcement and audit logging at those choke points so access is governed before it reaches downstream systems.
• Define blast-radius limits for agent-driven access Set explicit routing and permission constraints for agent sessions so a compromised workflow cannot fan out across multiple systems without containment or review.
• Separate human and machine access patterns Do not reuse approval flows built for people when designing access for agents.

What's in the full article

Kong's full blog post covers the architectural detail this post intentionally leaves for the source:

• Kong's framing of AI gateways as the traffic-layer control tower for prompts, tokens, and agent sessions.
• The article's own discussion of hypervolume scale, including why token throughput and latency are becoming economic variables.
• The reasoning behind its control-plane thesis for agentic AI, including routing, governance, and observability at the point of transit.
• Kong's examples of how MCP and future protocols fit into the emerging AI connectivity stack.

👉 Read Kong's analysis of AI connectivity and the agentic traffic layer →

AI connectivity and agent traffic: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →