API and AI connectivity convergence: what IAM teams need to know

TL;DR: API management and integration are converging under AI pressure, with newer vendors rising and legacy platforms falling behind, according to Kong. The identity lesson is that AI connectivity expands the number of machine and agent touchpoints, so governance now has to follow runtime access paths instead of static integration diagrams.

NHIMG editorial — based on content published by Kong: Recapping What the 2025 Gartner Magic Quadrant for API Management Report Says About APIs and AI Success

By the numbers:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

Questions worth separating out

Q: How should security teams govern AI systems that connect to multiple APIs and data sources?

A: Treat each AI connection as a governed identity path, not just an application integration.

Q: Why do AI-connected integrations increase machine identity risk?

A: They increase risk because one workflow can accumulate access across many services, often through tokens or secrets that were created for a narrower purpose.

Q: What breaks when machine credentials are reused across AI workflows?

A: Reuse breaks accountability and containment.

Practitioner guidance

• Map AI connectivity to accountable identities Inventory each AI-facing integration, the identities it uses, and the downstream systems it can reach.
• Separate agent permissions from downstream resource permissions Give AI workflows the narrowest possible initial access and enforce explicit boundaries before they can reuse that access against other tools or services.
• Tie lifecycle controls to runtime purpose Rotate and revoke machine credentials based on the purpose and duration of the AI connection, not on broad platform refresh cycles.

What's in the full article

Kong's full blog post covers the market framing and product strategy detail this post intentionally leaves for the source:

• Kong's explanation of why it believes API management and integration are converging around AI workloads.
• Specific product positioning for its AI connectivity line and how it maps to APIs, LLMs, MCP, and event streaming.
• The company's view on why it thinks traditional integration approaches are no longer sufficient for AI-critical environments.
• The surrounding API Summit context and how Kong is framing its future platform direction.

👉 Read Kong's recap of Gartner's 2025 API management report and AI connectivity view →

API and AI connectivity convergence: what IAM teams need to know?

Explore further

View Full Forum →  |  NHI Foundation Course →