Notifications
Clear all
Topic starter
09/06/2026 11:21 pm
TL;DR: Identity, access, and operational control now span human, NHI, and autonomous system behaviours at the same time, positioning AI infrastructure and API platforms as a converging governance problem, with sessions on builders, architects, cloud native systems, and LLM deployments at the Sept. 30 to Oct. 1, 2026 event in Los Angeles, according to Kong’s API + AI Summit FAQ.
NHIMG editorial — here’s why we think this discussion matters
By the numbers:
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption.
- 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
- Systems with least-privileged AI access had a 17% incident rate vs 76% for over-privileged systems.
Questions worth separating out
Q: How should security teams govern AI infrastructure that depends on APIs and microservices?
A: They should treat the combined stack as one identity system and map every machine-to-machine handoff, token, and delegated permission to an accountable owner.
Q: Why do AI-enabled platforms complicate least privilege for IAM teams?
A: Because the system can initiate multiple tool calls and service interactions in one workflow, which expands the number of credentials and scopes that must be governed.
Practitioner guidance
- Inventory AI-connected identities List every service account, token, API key, and delegated credential used by model-driven workflows, then assign an owner and revocation path for each one.
- Tighten scopes on runtime credentials Replace broad standing permissions with short-lived credentials and the smallest viable API scopes for each AI-connected integration.
- Test governance at the integration layer Run access reviews against the actual AI and API execution path, including gateways, orchestration layers, and downstream services.
What to expect at the briefing
Kong's full FAQ covers the event logistics and registration detail this post intentionally leaves for the source:
- Ticket pricing and pass comparisons for in-person, virtual, and certification training access.
- Venue, hotel, accessibility, and travel information for attendees planning the Los Angeles event.
- Registration transfer, cancellation, and upgrade rules for different pass types.
- Speaker submission, sponsorship, and agenda timing details for teams considering participation.
👉 Read Kong's API + AI Summit 2026 FAQ on AI and API platform governance →
API + AI Summit 2026: what it means for AI and API teams?
Explore further
10/06/2026 1:40 am
AI infrastructure is becoming an identity governance problem, not just an architecture problem. Once AI systems sit inside the same delivery path as APIs, microservices, and cloud services, identity controls stop being perimeter checks and start becoming runtime governance. Kong’s event framing reflects that convergence across platform engineering and security operations. Practitioners should treat AI infrastructure as a shared control plane where access, delegation, and revocation must be legible across the whole stack.
A few things that frame the scale:
- Only 13% of organisations feel extremely prepared for the reality of agentic AI despite the majority racing toward autonomous adoption, according to The 2026 Infrastructure Identity Survey.
- That same survey found 70% of organisations grant AI systems more access than they would give a human employee performing the exact same job.
A question worth separating out:
Q: How can organisations tell whether their AI infrastructure governance is working?
A: Look for evidence that every sensitive credential has a named owner, a short lifespan, and a documented revocation path. If teams cannot answer who can act, when access expires, and how authority is withdrawn, governance is still aspirational rather than operational.
👉 Read our full editorial: API + AI Summit 2026 reframes AI and API governance
