Notifications
Clear all
Topic starter
24/06/2026 7:34 pm
TL;DR: Enterprises are moving from isolated AI pilots to shared AI connectivity layers as 95% of U.S. companies use generative AI and AI agents increasingly trigger API chains, route context, and create visibility and cost problems, according to Kong. The governance question is no longer whether AI can connect, but whether identity, policy, and observability can keep pace with autonomous runtime behaviour.
NHIMG editorial — based on content published by Kong: Managing the Chaos: How AI Gateways Enable Scalable AI Connectivity
Questions worth separating out
Q: How should security teams govern AI connectivity across multiple models and providers?
A: Security teams should govern AI connectivity with a central policy layer that handles authentication, authorisation, logging, redaction, and quota enforcement across all providers.
Q: Why do AI agents create governance gaps for IAM and NHI teams?
A: AI agents create governance gaps because they can initiate actions, route context, and chain API calls in ways that conventional IAM models do not expect.
Q: What breaks when shadow AI is not visible to the security team?
A: When shadow AI is invisible, security teams lose control over where prompts go, what data is exposed, and which identity is consuming AI services.
Practitioner guidance
- Inventory AI entry points and model routes Map every application, agent, and workflow that can call an LLM or external AI service, then record which provider, tool chain, and data class each path can reach.
- Centralise policy at the AI gateway Enforce authentication, authorisation, redaction, and audit logging in one control plane so teams do not implement inconsistent safeguards in application code.
- Bind token controls to business ownership Set quotas, rate limits, and cost attribution by application, team, and use case so runaway usage can be traced quickly.
What's in the full article
Kong's full blog covers the operational detail this post intentionally leaves for the source:
- Step-by-step explanation of how Kong AI Gateway applies policy across LLM providers, prompts, and downstream tools
- Implementation detail for semantic caching, token-aware limits, and provider routing in production environments
- Specific plugin behaviour for PII sanitisation, prompt filtering, and audit logging across AI traffic
- Platform configuration examples for teams that need to operationalise AI governance rather than just discuss it
👉 Read Kong's analysis of AI connectivity governance for enterprise AI traffic →
AI connectivity governance: what it means for IAM teams?
Explore further
25/06/2026 4:55 am
AI connectivity is becoming the policy boundary for machine identity at scale. Once AI services, agents, and application workflows share the same interaction layer, the old assumption that identity is provisioned once and then merely used no longer holds. Every model call, tool invocation, and context fetch becomes part of the access model. The implication is that NHI governance now has to cover AI traffic patterns as a first-class runtime concern, not a side effect of application integration.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Which frameworks help teams structure AI connectivity governance?
A: Teams should align AI connectivity governance with Zero Trust and identity lifecycle discipline, then extend policy to data handling and auditability. For agentic use cases, the governance model should also reflect AI risk management and agent-specific threat modelling so that access, context, and actions are managed together.
👉 Read our full editorial: AI connectivity governance is becoming the control layer for agents
