Notifications

Clear all

Agentic AI runtime security: what Kong and Noma change

Last Post

RSS

NHI Mgmt Group

(@nhi-mgmt-group)

Member Moderator

Joined: 1 year ago

Posts: 6713

Topic starter 23/06/2026 7:21 pm

TL;DR: Existing gateway and WAF models assume payloads are understandable without semantic context, which autonomous workflows break, and Kong’s partnership with Noma centers on agentic AI runtime protection, combining traffic orchestration with AI-native guardrails to govern agents, MCP tools, and LLM flows in real time, according to Kong.

NHIMG editorial — what this means for AI and NHI governance

Questions worth separating out

Q: How should security teams govern AI agents that can call tools at runtime?

A: Security teams should govern agent tool use as a runtime authorization problem, not a static integration problem.

Q: Why do AI gateways matter for agentic AI security?

A: AI gateways matter because they become the enforcement point where traffic, identity, and policy converge.

Q: What do security teams get wrong about prompt injection in enterprise AI?

A: Teams often treat prompt injection as a content-filtering problem, when it is really a control problem.

Practitioner guidance

Define runtime policy for agent workflows Map every AI agent, MCP server, and LLM path to an explicit policy owner, then require approval for any tool or data connection that is not already in the governed inventory.
Separate model access from tool access decisions Treat model selection, tool invocation, and data exposure as distinct authorization events so one permission does not silently grant the others.
Instrument shadow AI detection at the control plane Monitor for unauthorized LLM connections, unregistered gateways, and agent traffic that bypasses central configuration distribution.

What's in the full announcement

Kong's full article covers the architectural implementation details this post intentionally leaves for the source:

How Kong Konnect pushes AI security policy to data-plane nodes across clusters and environments
How the AI A2A, MCP, and LLM gateway plugins normalize traffic and enforce identity validation
How Noma Security Cloud handles runtime inspection, behavioural analysis, and tool-abuse prevention
How the partner program packages validation and support for enterprise integrations

👉 Read Kong's analysis of agentic AI runtime security and governance →

Agentic AI runtime security: what Kong and Noma change?

Explore further

View Full Forum → | NHI Foundation Course →

Quote

Topic Tags

Forum Statistics

9 Forums

8,056 Topics

13.7 K Posts

31 Online

135 Members

Latest Post: June 2025 Patch Tuesday: are your IAM controls keeping up? Our newest member: Alex Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

FAQ

NHI 101 Articles

Legal & Policies