TL;DR: Agentic AI adoption is accelerating, with 90% of organisations with visibility into their plans actively adopting AI agents, according to Kong, while the operational stack increasingly depends on LLMs plus MCP tools to make those agents useful. The security issue is that capability, access, and observability now converge in runtime infrastructure, and existing IAM models do not fully govern that convergence.
NHIMG editorial — based on content published by Kong: From Browser to Prompt: Building Infra for the Agentic Internet
By the numbers:
- 90% say their companies are actively adopting AI agents.
- 95% of generative AI initiatives go nowhere, according to a report published by MIT.
Questions worth separating out
Q: How should teams govern AI agents that use MCP tools in production?
A: Teams should govern MCP-enabled agents as runtime identities, not as ordinary API clients.
Q: Why do AI agents complicate existing IAM and API controls?
A: AI agents complicate IAM and API controls because they can choose tools dynamically and chain actions across a session.
Q: What breaks when MCP servers are exposed without strong governance?
A: What breaks is the ability to bound and explain agent behaviour.
Practitioner guidance
- Map every MCP server as an identity-bearing resource Document which agents can discover each server, what data or functions it exposes, and which team owns its policy and logging.
- Align policy, approval, and telemetry on the same runtime path Make sure access tiers, request logging, and usage analytics describe the same agent-to-tool interaction.
- Review whether dynamic tool selection breaks your current entitlement model Test whether an agent can change tool use mid-session without a corresponding governance event.
What's in the full article
Kong's full blog post covers the operational detail this post intentionally leaves for the source:
- The product-level breakdown of Kong AI Gateway 3.12 and its MCP Gateway capability
- The stepwise explanation of MCP governance, security, autogeneration, and observability in Kong's architecture
- The Volcano SDK workflow details for building agents with specific LLM and MCP selections
- The Prudential example showing how Kong describes real-world agentic AI adoption
👉 Read Kong's analysis of infrastructure for the agentic internet and MCP governance →
MCP governance for AI agents: what IAM teams need now?
Explore further
Agentic AI turns tool access into an identity problem, not just an integration problem. The article is right to centre MCP because the moment an agent can discover and consume tools at runtime, identity governance moves inside the action path. That changes how practitioners think about scope, accountability, and recoverability. The practical conclusion is that agent access must be governed as a live identity relationship, not a static integration list.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: How do security teams know if agent observability is actually working?
A: Observability is working only when teams can tie together token activity, tool calls, and latency for a specific agent session. If those signals are disconnected, the logs may show traffic but not governance. The test is whether investigators can reconstruct the path of a meaningful agent action from start to finish.
👉 Read our full editorial: Agentic internet infrastructure exposes new MCP governance gaps