AI gateway security at the edge: what changes for IAM teams?

TL;DR: Inline inspection, prompt-injection blocking, and data-loss controls are now being applied at the API gateway layer for AI and MCP traffic, according to Kong. The governance question is no longer whether AI needs protection, but which identity and policy controls can operate fast enough to keep model inputs, outputs, and tool calls within acceptable bounds.

NHIMG editorial — based on content published by Kong: Secure AI at Scale, Prisma AIRS and Kong AI Gateway Now Integrated

Questions worth separating out

Q: How should security teams control AI gateway traffic without slowing down applications?

A: Use central policy enforcement at the gateway, then apply narrow controls for prompts, responses, and tool calls based on sensitivity.

Q: Why do AI agents and MCP tools create new governance problems for IAM teams?

A: Because they expand the number of identity-bearing actions that happen at runtime.

Q: What do organisations get wrong about prompt injection prevention?

A: They often focus only on blocking malicious input and ignore unsafe output and downstream tool use.

Practitioner guidance

• Define gateway-level policy for AI prompts and responses Classify which inputs, outputs, and tool calls must be inspected, redacted, blocked, or rate-limited before they reach model endpoints or users.
• Broker MCP tool access through central authorisation Require authentication, scope checks, and audit logging before any agent or model can invoke external tools through MCP.
• Map AI traffic controls to identity ownership Assign policy ownership, approval responsibility, and review cadence for each AI application, agent, and model route so enforcement is traceable.

What's in the full article

Kong's full analysis covers the operational detail this post intentionally leaves for the source:

• Plugin-level configuration patterns for bidirectional prompt and response inspection
• Request Callout implementation details for fast gateway integration without a full plugin build
• MCP OAuth2 and proxy design choices for controlling tool access through the gateway
• Product-specific deployment guidance for teams already running Kong Gateway or Kong Konnect

👉 Read Kong's analysis of Prisma AIRS integration with Kong AI Gateway →

AI gateway security at the edge: what changes for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →