TL;DR: Inline inspection, prompt-injection blocking, and data-loss controls are now being applied at the API gateway layer for AI and MCP traffic, according to Kong. The governance question is no longer whether AI needs protection, but which identity and policy controls can operate fast enough to keep model inputs, outputs, and tool calls within acceptable bounds.
NHIMG editorial — based on content published by Kong: Secure AI at Scale, Prisma AIRS and Kong AI Gateway Now Integrated
Questions worth separating out
Q: How should security teams control AI gateway traffic without slowing down applications?
A: Use central policy enforcement at the gateway, then apply narrow controls for prompts, responses, and tool calls based on sensitivity.
Q: Why do AI agents and MCP tools create new governance problems for IAM teams?
A: Because they expand the number of identity-bearing actions that happen at runtime.
Q: What do organisations get wrong about prompt injection prevention?
A: They often focus only on blocking malicious input and ignore unsafe output and downstream tool use.
Practitioner guidance
- Define gateway-level policy for AI prompts and responses Classify which inputs, outputs, and tool calls must be inspected, redacted, blocked, or rate-limited before they reach model endpoints or users.
- Broker MCP tool access through central authorisation Require authentication, scope checks, and audit logging before any agent or model can invoke external tools through MCP.
- Map AI traffic controls to identity ownership Assign policy ownership, approval responsibility, and review cadence for each AI application, agent, and model route so enforcement is traceable.
What's in the full article
Kong's full analysis covers the operational detail this post intentionally leaves for the source:
- Plugin-level configuration patterns for bidirectional prompt and response inspection
- Request Callout implementation details for fast gateway integration without a full plugin build
- MCP OAuth2 and proxy design choices for controlling tool access through the gateway
- Product-specific deployment guidance for teams already running Kong Gateway or Kong Konnect
👉 Read Kong's analysis of Prisma AIRS integration with Kong AI Gateway →
AI gateway security at the edge: what changes for IAM teams?
Explore further
AI gateway security is becoming an identity control plane, not a content filter. The important shift in this article is that prompts, responses, and tool calls are being governed as runtime traffic that can carry identity risk. That puts the gateway into the same strategic category as IAM policy enforcement, because it decides which AI interactions are allowed to continue. Practitioners should treat this as a control-plane problem, not a model-safety add-on.
A few things that frame the scale:
- 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Which governance frameworks should teams use for AI gateway policy?
A: Use identity and zero-trust frameworks for access scope, and pair them with AI risk governance where model behaviour is involved. For gateway policy, the relevant question is whether the control can prove who approved access, what was inspected, and how exceptions are tracked. That is what makes the control auditable.
👉 Read our full editorial: Kong AI Gateway integration shifts AI traffic security to the edge