TL;DR: Anthropic’s acquisition of Stainless signals that generating SDKs and MCP servers is becoming routine, but governing agent-to-tool and agent-to-model traffic remains the harder enterprise problem, according to Kong. Runtime policy, telemetry, and auditability now define whether AI connectivity is deployable at scale.
NHIMG editorial — based on content published by Kong: Anthropic Acquires Stainless. What's It Mean for AI Connectivity?
By the numbers:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%).
Questions worth separating out
Q: How should teams govern AI agents that can reach APIs, events, and memory?
A: Teams should govern those agents as runtime identities, not as isolated integrations.
Q: Why do AI agents create a different access problem from standard automation?
A: AI agents can combine tools, events, and memory dynamically, so their access path is not fixed at provisioning time.
Q: What breaks when agent connectivity is built without a runtime control layer?
A: Without a runtime control layer, enterprises lose visibility into which model or agent made each call, which data was consumed, and whether the action was within policy.
Practitioner guidance
- Define a runtime governance boundary Place policy enforcement, telemetry, and audit capture in the path of every agent-to-tool and agent-to-model call.
- Classify agent-accessible systems by risk and cost Inventory which APIs, events, and memory stores agents can reach, then assign policy based on blast radius and business impact.
- Create a neutral multi-model control plane Standardise routing, logging, and policy evaluation across all model runtimes, including hosted and self-hosted deployments.
What's in the full analysis
Kong's full article covers the architectural and runtime detail this post intentionally leaves for the source:
- How Kong frames the split between build-time connector generation and runtime governance for agentic systems.
- Why API gateways, agent gateways, context infrastructure, and metering are treated as separate control functions.
- How multi-model estates complicate neutrality, auditability, and cost attribution across enterprise AI traffic.
- Which operational decisions belong to the platform team once agents begin using APIs, events, and memory together.
👉 Read Kong’s analysis of AI connectivity, agent governance, and control plane design →
Anthropic acquires Stainless: what changes for AI connectivity?
Explore further
Generation-to-governance gap: The market is converging on fast connector generation, but the real enterprise risk sits in runtime control. SDK and MCP creation make access paths cheaper to build, yet they do not establish who can use them, when, or how actions are audited. The implication is that connectivity tooling without governance now creates operational debt rather than capability.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to SailPoint.
A question worth separating out:
Q: Which frameworks should guide governance for agent connectivity and AI tool use?
A: Use a combination of identity, zero trust, and AI risk frameworks to define control boundaries across models, tools, and memory. For agentic systems, align governance with neutral policy enforcement, auditability, and least privilege so changes in vendor runtime do not change the control standard.
👉 Read our full editorial: Anthropic acquires Stainless: AI connectivity outgrows connector generation