AI gateway control layers for agentic systems: what teams need now

TL;DR: As organizations move from LLM experiments to production AI, Kong says fragmented model, MCP, and API integrations create governance, observability, and security gaps that edge inspection and gateway control are meant to close. The core issue is not model choice but control-plane sprawl, where policy, routing, and data protection are no longer centrally enforceable.

NHIMG editorial — based on content published by Kong: Building a Secure, Scalable AI Infrastructure with Kong and Akamai: A Technical Introduction

By the numbers:

• Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
• 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems.
• 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.

Questions worth separating out

Q: How should security teams govern AI tool access in MCP-based environments?

A: Security teams should treat MCP tools as privileged capabilities and enforce authentication, authorisation, and logging before the request reaches the server.

Q: Why do AI gateways matter for enterprise IAM programmes?

A: AI gateways matter because they create a central point for identity, routing, and observability across model and tool traffic.

Q: What breaks when prompt injection is handled only inside the model layer?

A: The control breaks because the malicious input has already entered the session before the model tries to interpret it.

Practitioner guidance

• Map the AI request path end to end Document where prompts, model calls, MCP tool invocations, and response filtering occur so policy gaps are visible across the full path, not only at the application edge.
• Enforce tool-level authorisation for MCP servers Require authentication and per-tool policy checks before an agent can reach an MCP server, especially when the server exposes multiple capabilities by default.
• Separate model access from data access controls Treat model selection, retrieval access, and downstream data exposure as different control domains so a model switch does not silently expand privilege.

What's in the full article

Kong's full blog post covers the operational architecture details this post intentionally leaves at the strategy layer:

• The request-by-request flow across Kong AI Gateway, Akamai Firewall for AI, and Akamai LKE in a production deployment.
• The specific policy controls for LLM traffic, MCP servers, and REST APIs, including how routing and authorisation are enforced.
• The platform components used for observability, logging, tracing, and token-based rate limiting across AI traffic.
• The practical placement of edge filtering for prompt injection, data exfiltration, and AI-specific denial-of-service scenarios.

👉 Read Kong's analysis of secure AI infrastructure for agentic applications →

AI gateway control layers for agentic systems: what teams need now?

Explore further

View Full Forum →  |  NHI Foundation Course →