TL;DR: Gartner’s view that 50% of software providers will need to expose context externally by 2029, versus less than 2% today, reframes AI competition around contextual delivery rather than raw data access, according to Kong’s analysis of the context economy. That shift makes governance, orchestration, and monetisation of context an identity problem as much as an application problem.
NHIMG editorial — based on content published by Kong: In the Context Economy, Context is King
By the numbers:
- Today, that number is less than 2%.
Questions worth separating out
Q: How should teams govern AI agent access to enterprise context?
A: Teams should treat context access as a governed entitlement, not a generic integration.
Q: Why do AI agents complicate traditional IAM and API controls?
A: AI agents complicate traditional IAM because they can consume context dynamically across many systems, often without a stable human session behind the request.
Q: What signals show that context exposure is becoming a governance problem?
A: Warning signs include uncatalogued APIs, unclear ownership for MCP tools, missing audit trails for agent requests, and no linkage between access policy and business value.
Practitioner guidance
- Define a context entitlement model Map which APIs, event streams, and MCP tools may expose context to AI agents, partner systems, and internal workloads.
- Instrument context usage end to end Require logging for who requested context, which agent or workload consumed it, which tools were invoked, and whether the request was metered or blocked.
- Separate discovery from access approval Allow agents and developers to find available context without granting standing access to the underlying data or tools.
What's in the full article
Kong's full blog post covers the strategic and commercial detail this analysis intentionally leaves for the source:
- The Gartner context-economy assumptions Kong is using to frame AI connectivity investment decisions.
- Kong's explanation of how APIs, event streams, and MCP tools fit into a unified context lifecycle.
- The platform capabilities Kong says are needed for discovery, governance, and monetisation of context.
- The business case Kong uses to connect context delivery with revenue capture and value leakage.
👉 Read Kong's analysis of the context economy and AI connectivity →
Context economy and AI agents: what IAM teams should re-evaluate?
Explore further
Context has become an identity governed asset, not just a data asset. Once APIs and MCP tools are the delivery path for AI systems, access control, auditability, and policy enforcement sit directly on the value layer. That means identity teams are no longer supporting the business context layer from the side. They are the control point that determines whether context can be safely consumed, priced, and traced.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How can organisations avoid overexposing context to partners and AI systems?
A: Use least privilege, explicit approval paths, and metering on every context delivery point. Separate discovery from entitlement, limit tool scopes, and review externalised context against legal, compliance, and commercial requirements before broad rollout. That prevents value leakage while keeping the system usable for agents and partners.
👉 Read our full editorial: Kong’s context economy thesis raises new AI governance pressure