Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Agentic AI hackathon winners: what they mean for IAM teams


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: Agentic AI is moving from concept to working infrastructure, with projects spanning session memory, MCP integration, and autonomous rollback agents built on Kong AI Gateway, according to Kong. The signal is clear: API gateways are becoming identity and control points for agents, so governance has to move beyond simple request mediation.

NHIMG editorial — based on content published by Kong: Announcing the winners of Kong Agentic AI Hackathon

Questions worth separating out

Q: How should organisations govern agentic AI systems that can call tools and act on their own?

A: Organisations should govern agentic AI as a runtime identity problem, not only an application feature.

Q: Why do AI agents complicate existing IAM and NHI controls?

A: AI agents complicate IAM and NHI controls because they can combine memory, tools, and timing into a sequence that changes effective privilege during execution.

Q: What breaks when session history is treated as harmless state in agentic systems?

A: Session history stops being harmless when it preserves decisions, tool references, or operational cues that influence later actions.

Practitioner guidance

  • Map agent session state to governance scope Define which conversation history, summaries, and session identifiers an agent may retain across requests.
  • Register MCP-connected tools as governed access paths List every tool exposed through MCP and assign an owner, scope, logging requirement, and review cadence.
  • Separate decision rights from actuation rights For rollback, remediation, or other autonomous actions, define what the agent may observe, what it may recommend, and what it may execute.

What's in the full analysis

Kong's full blog post covers the project details this post intentionally leaves at the governance level:

  • The named hackathon winners and the specific build details behind each project
  • How the Session History Plugin uses x-ai-session-id and MongoDB to preserve state
  • How the AgenticAI-MCP-Client connects to the Mongo MCP Server and structures queries
  • How the autonomous rollback agent monitors gateway configurations and reverses failures

👉 Read Kong's announcement of the 2025 Agentic AI Hackathon winners →

Agentic AI hackathon winners: what they mean for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Agentic AI turns the API gateway into an identity governance control point. The hackathon’s strongest signal is not the novelty of the projects but the placement of trust at the gateway layer. When agents carry session memory, call tools through MCP, and trigger operational actions, the gateway becomes the place where identity, policy, and execution meet. Practitioners should treat API infrastructure as part of the identity perimeter, not just the transport layer.

A few things that frame the scale:

  • 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so, according to AI Agents: The New Attack Surface report.
  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.

A question worth separating out:

Q: How do security teams decide whether an autonomous rollback agent has too much power?

A: Security teams should compare what the agent can observe, what it can recommend, and what it can execute. If one actor can monitor failures and trigger remediation without any independent containment layer, it has too much power. The safest pattern is to narrow actuation rights and preserve a separate human or policy checkpoint for high-impact actions.

👉 Read our full editorial: Kong hackathon winners show how agentic AI changes API governance



   
ReplyQuote
Share: