TL;DR: Gartner says incremental API and connector refactoring is no longer enough for agentic AI, warning that 40% of agentic AI initiatives could be cancelled by 2027 without a real-time context mesh for discovery, authorization, and action. The governance gap is structural: existing integration and access models assume stable, human-paced workflows, not runtime agent decision-making.
NHIMG editorial — based on content published by Kong: Agentic AI Integration: Why Gartner’s "Context Mesh" Changes Everything
By the numbers:
- Without this shift, Gartner warns, 40% of agentic AI initiatives are at risk of cancellation by 2027.
- Gartner predicts that inadequate identity controls will contribute to 25% of security breaches by 2028.
Questions worth separating out
Q: How should security teams govern agent access across APIs and MCP tools?
A: Security teams should treat agent access as delegated runtime authorization, not as a static application integration problem.
Q: Why do traditional integration models struggle with agentic AI?
A: Traditional models assume known systems, fixed paths, and predictable consumers.
Q: What should organisations measure when they build a context mesh?
A: Organisations should measure whether agent actions are traceable end to end, whether tool exposure is scoped to mission need, and whether policy enforcement is consistent across protocols.
Practitioner guidance
- Map the full agent data path Inventory how agents currently reach models, APIs, MCP servers, and peer agents, then identify where authorization is implied rather than explicitly enforced.
- Replace shared credentials with delegated identity Require token-based delegation for agent actions that represent a user or business process, and preserve an auditable chain from original request to downstream action.
- Scope tool exposure by mission Limit each agent to the smallest toolset and metadata set needed for a specific task, then review whether the same access would be acceptable if exposed to another agent in the estate.
What's in the full article
Kong's full blog covers the operational detail this post intentionally leaves for the source:
- A concrete breakdown of Kong Konnect's handling of MCP, REST, GraphQL, gRPC, Kafka, and AI-native traffic in one platform
- The article's seven-phase roadmap for outside-in integration and where the vendor says enterprises should begin
- Examples of how Kong maps separated communication paths to a shared control plane for agent-to-model, agent-to-environment, and agent-to-agent traffic
- The vendor's explanation of AI connectivity, metering, and developer self-service as the runtime layer behind its view of the context mesh
👉 Read Kong's analysis of Gartner's context mesh for agentic AI integration →
Context mesh for agentic AI: what it means for IAM teams?
Explore further
Real-time context mesh is now the governance baseline for agentic AI. The article is right that agents do not fail because they lack more connectors, they fail because the old integration model was never designed for runtime discovery, delegated action, and cross-system context. That makes context mesh a governance pattern, not a product feature. Practitioners should treat agentic integration as a control-plane problem with identity at its core.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
A question worth separating out:
Q: What is the difference between delegated identity and shared service accounts for agents?
A: Delegated identity ties an agent’s authority to a user or approved workflow, while a shared service account gives broad standing access that is hard to attribute and harder to contain. For agentic systems, delegated identity is the safer governance model because it preserves accountability and allows scope to be reduced at the point of action.
👉 Read our full editorial: Agentic AI integration needs a real-time context mesh