TL;DR: MCP gateways are emerging as the missing control layer for enterprise AI, centralising authentication, routing, policy enforcement, and observability as AI agents fan out across more servers, according to Kong. The governance problem is not protocol support alone, but the collapse of manageable trust boundaries once access, routing, and audit move point to point.
NHIMG editorial — based on content published by Kong: What is a MCP Gateway? The Missing Piece for Enterprise AI Infrastructure
By the numbers:
- Organizations using AI in at least one business function jumped from 55% to 78% in just one year.
- Generative AI usage specifically rose from 33% in 2023 to 71% in 2024.
Questions worth separating out
Q: How should security teams govern access to MCP servers used by AI agents?
A: Security teams should place MCP servers behind a gateway that enforces authentication, policy, and audit at one control point.
Q: Why do MCP environments create new identity governance problems at scale?
A: MCP environments multiply access paths as more agents and servers are added, which makes direct point-to-point governance brittle.
Q: How can organisations tell whether their MCP access controls are working?
A: They should be able to reconstruct every agent request from authentication through routing to the backend server.
Practitioner guidance
- Centralise MCP access behind one governed endpoint Require AI clients to reach MCP servers only through a gateway that enforces authentication, routing, and policy in one place.
- Bind MCP traffic to enterprise identity providers Connect gateway authentication to your existing SSO stack using OAuth 2.0, OIDC, or SAML so AI access inherits the same identity governance standards as other workloads.
- Treat session affinity as a governance requirement Preserve conversation context across multi-step tool calls, but pair that with traceable logs and correlation IDs so the full request chain remains auditable.
What's in the full article
Kong's full blog covers the operational detail this post intentionally leaves for the source:
- Step-by-step descriptions of how the gateway routes requests across multiple MCP servers in a live enterprise setup
- Specific implementation details for OAuth, OIDC, SSO, and policy enforcement inside the gateway
- Examples of observability and tracing patterns for session-aware AI traffic across tools and servers
- Guidance on when to add a gateway as MCP server counts and operational complexity increase
👉 Read Kong's explanation of MCP gateways for enterprise AI infrastructure →
MCP gateways and AI agent access control: what changes now?
Explore further
MCP gateways are becoming the control point where AI identity policy either scales or fragments. The article shows that distributed MCP access creates the same operational pressure that once drove API gateway adoption, but with a harder identity problem because agents can touch many tools quickly. The field should treat the gateway as an identity enforcement layer, not a convenience proxy. Practitioners should expect MCP governance to converge on central policy, central audit, and central access mediation.
A few things that frame the scale:
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
- Only 80% of organisations report their AI agents have already performed actions beyond their intended scope, including unauthorised system access, inappropriate sharing, and credential exposure.
A question worth separating out:
Q: Who should own MCP gateway governance in an enterprise AI programme?
A: Ownership should sit with the teams responsible for identity, security architecture, and platform governance together, because MCP gateways span access control, routing, and observability. Treating the gateway as only a network component leaves policy gaps. Treating it as only an AI platform feature leaves accountability unclear.
👉 Read our full editorial: MCP gateways are becoming the control layer for enterprise AI access