Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Agent-to-agent governance: what Kong Agent Gateway changes for teams


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: The core issue is that agentic systems break the assumption that identity, context, and execution stay in a single, reviewable flow, and Agent Gateway extends AI governance from LLM and MCP traffic into agent-to-agent communication, giving enterprises policy enforcement, observability, and audit logging across the full AI data path, according to Kong.

NHIMG editorial — what this means for NHI practitioners

By the numbers:

  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

Questions worth separating out

Q: How should security teams govern agent-to-agent communication in production?

A: Security teams should treat agent-to-agent communication as a separate governance layer, not just another API call.

Q: Why do multi-agent systems create new identity governance risks?

A: Multi-agent systems create new identity governance risks because authority is no longer confined to a single actor or request.

Q: What breaks when AI governance stops at LLM traffic?

A: Governance stops being effective when it covers only model prompts and responses because agents also exchange tool calls, delegated tasks, and event-driven context.

Practitioner guidance

  • Inventory every agent delegation path Document which agents can call which tools, which peers they can delegate to, and which data sources they can reach.
  • Bind agent actions to durable identities Require every agent participating in production workflows to authenticate as a stable runtime actor so downstream logs, access decisions, and investigations can be attributed without ambiguity.
  • Inspect agent traffic in flight Place policy enforcement where agent messages, tool outputs, and delegated prompts are exchanged so prompt injection and unauthorised instructions can be blocked before propagation.

What's in the full announcement

Kong's full product release covers the operational detail this post intentionally leaves for the source:

  • How Kong maps LLM, MCP, API, and A2A traffic into a single governance layer for production use.
  • Specific policy and observability capabilities for agent identity enforcement, message inspection, and audit logging.
  • How Kong positions Agent Gateway inside Kong Konnect for teams already using its API and AI Gateway stack.
  • Examples of the multi-agent patterns the vendor uses to demonstrate real-time governance in practice.

👉 Read Kong’s release on Agent Gateway for agent-to-agent AI governance →

Agent-to-agent governance: what Kong Agent Gateway changes for teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Agent-to-agent governance is becoming the missing middle of AI identity control. LLM gateways protected a linear model interaction, but agentic systems now move context through delegated workflows that can traverse tools, APIs, and event streams. That creates a governance layer that is neither classic IAM nor pure API security. Practitioners need to treat A2A as a distinct control surface because the authority to act is no longer concentrated in one request.

A few things that frame the scale:

  • Only 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation, according to AI Agents: The New Attack Surface report.
  • 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

A question worth separating out:

Q: Who is accountable when an AI agent passes unsafe instructions to another agent?

A: Accountability should rest with the programme that allowed the delegation path, the policy that permitted the exchange, and the owner of the runtime identity that executed it. If the organisation cannot reconstruct that chain, it does not have a defensible control model for agentic AI.

👉 Read our full editorial: Kong Agent Gateway expands governance across agent-to-agent traffic



   
ReplyQuote
Share: