Notifications
Clear all
Topic starter
09/06/2026 11:21 pm
TL;DR: AI infrastructure is becoming more complex as engineers, architects, and leaders gather around production AI systems at Kong's AI + API Summit on Sept 30 to Oct 1, 2026, with sessions, workshops, and certification training focused on how these systems actually run. The governance problem is no longer tooling hype, it is whether IAM, NHI, and access controls can keep pace with AI-driven runtime behaviour.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
Questions worth separating out
Q: How should security teams govern AI infrastructure access in production?
A: Security teams should tie every AI runtime action to a named identity, a bounded secret, and a specific approval boundary.
Q: Why do AI infrastructure programmes create new identity governance risk?
A: They create risk because machine-speed workflows can combine APIs, secrets, and delegated authority faster than conventional review cycles can observe.
Practitioner guidance
- Inventory AI runtime identities List every service account, token, certificate, and workload identity used by AI pipelines, then map each one to the system, environment, and owner that can revoke it.
- Separate production authority from development convenience Block shared credentials between non-production and production AI workflows, and require distinct secrets for inference, orchestration, logging, and data access paths.
- Bind approvals to execution context Require policy checks at the point of API use, not only at deployment time, so that access decisions reflect the current runtime context.
What to expect at the briefing
Kong's full article covers the operational detail this post intentionally leaves for the source:
- Event agenda detail on the architecture sessions and workshops that shape the AI + API Summit programme
- Practical registration and certification options for teams that want hands-on guidance rather than analysis alone
- Information about the in-person and virtual access formats for practitioners planning attendance
- Sponsor and event logistics that matter once a team has decided the summit is relevant to its roadmap
👉 Read Kong's AI + API Summit details for production AI infrastructure sessions →
AI infrastructure governance at API Summit, Sept 30: are controls ready?
Explore further
10/06/2026 1:39 am
AI infrastructure governance is becoming an identity problem before it is an architecture problem. The event language is about sessions, workshops, and production systems, but the real issue is who or what is allowed to act inside those systems. When AI infrastructure touches secrets, APIs, and runtime automation, IAM and NHI controls become the limiting factor, not the compute layer. Practitioners should treat AI infrastructure as an identity governance surface, not just a platform stack.
A few things that frame the scale:
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption, according to The 2026 Infrastructure Identity Survey.
- 69% of security leaders agree identity management must fundamentally shift to address agentic AI systems, according to the same survey.
A question worth separating out:
Q: What should identity teams ask before approving AI platform expansion?
A: Identity teams should ask which actions are truly necessary, which ones require human approval, and which ones should be limited to workload identity with explicit context. If the answer is vague, the platform is likely accumulating hidden privilege. The right question is not whether AI can do more, but whether the governance model can still explain who is acting.
👉 Read our full editorial: AI infrastructure governance at API Summit: what practitioners need
