In today's digital landscape, APIs are the backbone of modern applications, and AI is the engine of innovation. As organizations increasingly rely on microservices and AI-powered features, the API gateway has become the critical control point for managing traffic. But as LLM/GenAI and MCP requests flow through these gateways, they bring a new wave of security challenges. How do you protect your organization from prompt injection, data leakage, and malicious outputs without disrupting the flow of innovation?
Palo Alto Networks and Kong are excited to answer that question by announcing the new integration between Prisma® AIRS™ and the Kong AI Gateway. By bringing the industry's most comprehensive AI security to the world's most popular API gateway, we are empowering organizations to secure their AI traffic at scale. This partnership provides a centralized enforcement point for AI security, allowing you to manage policies and protect your applications and agents without adding friction for your developers. It’s security at the speed of AI, allowing you to Deploy Bravely.
Kong is a leader in API management, trusted by organizations worldwide to secure, connect, and manage their APIs and microservices. Kong Gateway acts as the central nervous system for application traffic, making it the ideal location to enforce security policies consistently and efficiently.
On top of the API gateway, Kong has developed Kong AI Gateway to support GenAI infrastructures as well as emerging protocols like Model Context Protocol (MCP).
Kong AI Gateway provides, natively, extensions, called plugins to implement AI-based use cases:
Prisma AIRS delivers real-time, inline security for all your AI applications and agents by scanning all prompts, responses, and tool calls for threats.
A primary concern is prompt injection, where bad actors manipulate AI models with malicious inputs to hijack their functionality. Without protection, an organization's AI could be tricked into bypassing safety protocols, generating harmful content, or even executing unauthorized actions, creating a significant security liability. Prisma AIRS can detect and block prompt injection attacks that seek to manipulate your models.
Furthermore, AI models handle vast amounts of data, making data leakage a critical threat. The unintentional exposure of sensitive information — such as personally identifiable information (PII), financial records, or proprietary data — can lead to severe compliance violations, financial penalties, and a catastrophic loss of customer trust. Prisma AIRS helps prevent sensitive data leakage by blocking or redacting PII, financial information, and other confidential data.
Finally, ensuring that AI outputs are safe and free from malicious content is paramount. Unfiltered AI could generate harmful, biased, or even malicious code, which could then be used in your business applications. This not only poses a risk to your internal systems but could also expose your customers to dangerous content, possibly leading to issues including, but not limited to, legal and reputational damage. Prisma AIRS stops unsafe and malicious outputs, including harmful content and malicious code, and enables your AI models to produce only safe, ethical, and trustworthy results.
The Prisma AIRS integration with Kong is designed for flexibility, meeting you where you are in your AI security journey. There are two distinct methods for integrating Prisma AIRS with the Kong Gateway, allowing you to choose the approach that best fits your needs.
For the most comprehensive, bidirectional AI security, there's the Prisma AIRS Plugin. As a standard Kong plugin, it provides deep integration and robust protection.
Rather than relying on one-way security that only checks user inputs, this plugin offers bidirectional protection, inspecting both the prompts going to your LLMs and the responses coming back. For a business, this is a game-changer. By scanning upstream prompts, you can prevent threats, like prompt injection and sensitive data leakage, before they ever touch your models. This protects your models from being manipulated by malicious actors and safeguards customer and proprietary information, helping you avoid costly data breaches, compliance fines, and reputational damage.
Equally critical is the ability to scan downstream responses. AI models, if compromised or simply unmonitored, can generate malicious or unsafe content. Imagine a customer support chatbot accidentally providing a user with a phishing link or malicious code. This could directly expose your customers to harm, leading to legal liability and a complete erosion of trust. By analyzing all outputs, the plugin ensures that every piece of information your AI provides is safe, ethical, and aligned with your business standards.
Finally, the plugin enables centralized policy enforcement. Instead of managing security policies on a per-application basis, which is prone to error and inefficiency, you can now apply rich security policies across all your AI services from a single, central point within the Kong AI Gateway. This approach not only streamlines operations and reduces management overhead but also ensures that your security posture is consistent and scalable. For businesses, this means fewer security gaps, a more efficient security team, and the ability to confidently scale your AI adoption without sacrificing protection.
This is the recommended approach for organizations seeking the highest level of AI security and control.
For organizations that need speed, simplicity, and flexibility, Prisma AIRS is leveraging Kong's new Request Callout plugin. This innovative method allows you to integrate Prisma AIRS by simply dropping a code snippet into your Kong configuration.
Rather than wrestling with configurations or plugin management, businesses can now secure their AI services by simply inserting a code snippet into their Kong API gateway configuration. This direct, UI + code-based approach provides immediate value, enabling teams to get their applications up and running with a critical layer of defense in a matter of minutes, not hours or days. For a business, this means a faster time to market for new AI-powered products and features.
The true business value of this approach lies in its ability to provide targeted security at the most critical point: the user's prompt. As user inputs travel through the API gateway, the Prisma AIRS Request Callout inspects them in real-time. This inline defense is specifically designed to stop prompt injection attacks — where bad actors try to manipulate your AI models — and prevent sensitive data leakage from user inputs before they ever reach the LLM. For an organization, this protection translates directly into reduced risk of data breaches, compliance violations, and reputational damage. It ensures that the AI applications are not only secure but also trustworthy for both the company and its users.
This simplified, developer-friendly workflow empowers your engineering teams to build and deploy with confidence. They don't need to become security experts or navigate a complex security framework. Instead, they can focus on what they do best: building innovative solutions, knowing that a foundational layer of security is already in place. This streamlined process not only accelerates development cycles but also lowers the operational overhead and potential for human error, ensuring that security is a seamless part of the development lifecycle rather than a roadblock.
This approach provides a fast and efficient way to secure your AI prompts, ensuring that only safe and compliant requests reach your models.
"Securing AI requires meeting customers where they are," said Jaimin Patel, Sr. Director of Product for Prisma AIRS at Palo Alto Networks. "Our integration with Kong is security at the speed of AI, allowing you to Deploy Bravely."
The future of application development is built on AI and managed through API gateways. With the new Prisma AIRS integration for Kong AI Gateway, you no longer have to choose between speed and security.
Visit Palo Alto Networks' and Kong's documentation portals to learn more about the integration and decide which method is right for you. Ready to see it in action? Get a 30-day trial of Kong Konnect and request a demo and start your free trial of Prisma AIRS today.
MCP servers expose all tools by default. There are two problems with this: security (agents get capabilities they shouldn't have) and performance (too many tools degrade LLM tool selection). The solution? Put a gateway between agents and MCP server
Kong Gateway is an API gateway and a core component of the Kong Konnect platform . Built on a plugin-based extensibility model, it centralizes essential functions such as proxying, routing, load balancing, and health checking, efficiently manag
The Kong MCP Registry acts as a central directory for AI agents and clients to access services that provide context or take action. For AI agents, think of it as a combination of a "Service Catalog" and a "Developer Portal." It offers the metadata,
The evolution of AI agents and autonomous systems has created new challenges for enterprise organizations. While securing API endpoints is well-understood, controlling access to individual AI agent tools presents a unique authorization problem. Toda
Why AI guardrails matter It's natural to consider the necessity of guardrails for your sophisticated AI implementations. The truth is, much like any powerful technology, AI requires a set of protective measures to ensure its reliability and integrit
Introduction to OWASP Top 10 for LLM Applications 2025 The OWASP Top 10 for LLM Applications 2025 represents a significant evolution in AI security guidance, reflecting the rapid maturation of enterprise AI deployments over the past year. The key up
The goal of Integration Platform as a Service (iPaaS) is to simplify how companies connect their applications and data. The promise for the first wave of iPaaS platforms like Mulesoft and Boomi was straightforward: a central platform where APIs, sys