Organizations are under immense pressure to develop and deploy AI agents quickly and at scale. However, since agentic AI systems rely on live data and complex integrations, they also introduce a massive new attack surface. 

Traditional security tools often miss the nuances of the entire AI lifecycle, from insecure models and prompt injections to data leakage within the AI supply chain, and fail to offer true protection at scale. Unlike standard web application firewalls (WAFs) or traditional API security tools, which lack the semantic context to understand AI payloads, purpose-built AI security is required to prevent sophisticated model manipulation.

Today, AI services and security protocols are often managed in separate, siloed systems, leading to fragmentation that slows delivery, creates governance blind spots, and leaves organizations vulnerable to shadow AI and malicious attacks. 

Without centralized governance, developers often spin up unauthorized LLM connections, making it impossible to prevent shadow AI in enterprise workflows. In enterprise environments attempting agentic adoption at scale, this level of complexity is a recipe for human oversight and error, leaving the door open for catastrophic data breaches and destructive acts.

Gain the oversight you need to protect, govern, and secure your AI services within a single unified environment. By integrating Noma’s AI-DR engine with Kong’s AI Gateway, you can apply consistent security policies, threat detection, and access controls across every AI interaction. This integrated approach delivers fast, tangible value through two core pillars:

• - **Kong** provides the centralized API management, observability, and AI governance required to orchestrate and scale services with confidence. By utilizing Kong Konnect, organizations can enforce AI security policies globally, pushing unified configurations down to all data-plane nodes instantly.
• - **Noma** provides the essential AI runtime security infrastructure for the agentic era by delivering deep visibility and continuous runtime protection. It combines proactive defense with real-time guardrails to govern autonomous actions, ensuring every AI agent remains resilient against the sophisticated runtime exploits of the modern AI landscape.

Together, they establish the best guardrails for autonomous AI agents, preventing unauthorized actions before they execute.

Let's describe a bit more how the products work together. The following diagram illustrates that all of your AI interactions, from the underlying APIs to the models themselves, can be consolidated into one, easy-to-manage environment with full visibility and proactive security.

At a high level, the architecture is organized and shows all Kong Gateways integrated with Noma Security Cloud to secure and govern agentic AI, MCP servers, and LLM traffic across multiple communication patterns:

• - **Kong Agent Gateway**: responsible for the A2A (Agent-to-Agent) Flow
• - **Kong MCP Gateway**: taking care of the MCP (Model Context Protocol) Servers and Tools consumption
• - **Kong LLM Gateway**: managing the LLM/GenAI models and inference flows.

These are centrally managed by Kong Konnect Control Plane and integrated with Noma Security Cloud for AI runtime protection and governance. Kong Konnect is the SaaS management layer responsible for Centralized configuration management, Policy distribution, Analytics and governance, Multi-cluster administration, etc.

Administrators interact with Konnect, which then pushes configuration down to the Kong AI Gateway Data Plane nodes.

Kong AI Gateway provides specific plugins to manage the flows.

• - **AI A2A Proxy Plugin**: Manages agent mediation, skill exposure, A2A protocol normalization, etc.
• - **AI MCP Proxy Plugin**: Proxies MCP traffic to existing MCP Servers; adds an MCP abstraction in front of RESTful Services.
• - **AI Proxy Advanced Plugin**: One of the most important AI Gateway plugins, providing: GenAI/LLM abstraction, multi-model routing, payload normalization, token management, retries/fallbacks, semantic caching, etc. This plugin makes it trivial to secure multi-model routing for LLMs, allowing dynamic switching between models without exposing raw API keys or bypassing security filters.

Besides, we can also configure other plugins Kong AI Gateway provides. For example, the Key Auth Plugin to implement authentication and identity validation between agents and the OTel Plugin to export telemetry and tracing data to the observability stack.

On the other hand, Noma Security Cloud Platform provides AI runtime security capabilities across all layers. The architecture highlights three major domains:

• - AI Agent Security
• - MCP Server Security
• - Runtime Protection

Each one of these Noma Services receives traffic from all three Kong AI Gateways, allowing centralized AI threat detection, compliance validation, anomaly detection, etc. That is possible thanks to the Noma Plugin, configured in each Gateway, which is responsible for enforcing the security policies, integrating Kong traffic flows with Noma Security Cloud Services:

• - A2A Flow:
• - Runtime inspection
• - Behavioral analysis
• - Threat detection
• - MCP Flow:
• - Tool validation
• - Anomaly detection
• - Tool abuse prevention
• - LLM/GenAI Flow:
• - Prompt injection
• - Data leakage
• - Jailbreak attempts
• - Malicious prompts
• - Unsafe outputs

In summary, Kong exports traffic/context as Noma returns policy and security decisions.

The addition of Noma to Kong’s Technology Partner Program reinforces our commitment to building a trusted ecosystem that helps customers innovate safely.

The **Technology Partner Program** focuses on integrations and plugins built for Kong’s commercial offerings. Premium plugins undergo rigorous validation against the latest releases and receive dedicated support from Kong’s engineering team.

For customers, this expands the developer ecosystem with seamless, secure integrations and access to cutting-edge AI security. For partners, the program unlocks direct engineering collaboration to optimize integrations for the world's most demanding enterprises.

Conceptually, this architecture positions Kong as the AI connectivity and governance fabric, including agents, MCP servers, and LLMs, and Noma as the AI runtime security layer.

The design reflects a next-generation agentic AI platform architecture where agents collaborate, Tools are dynamically discovered through MCP, LLMs are abstracted behind a governance layer, and every interaction is secured, observable, and policy-driven.

**Want to see the integration in action?** Visit [_noma.security_](http://noma.security)_noma.security_ and [_konghq.com_](http://konghq.com)_konghq.com_ to schedule a demo or learn more about the Kong partner program at[ ](https://konghq.com/partners) [_konghq.com/partners_](http://konghq.com/partners)_konghq.com/partners_.

**Q: How do you secure agentic AI at runtime?**
A: Securing agentic AI at runtime requires a combination of high-speed traffic orchestration and deep, AI-native guardrails. By integrating Kong's AI Gateway with Noma's AI-DR engine, organizations can apply real-time runtime inspection, behavioral analysis, and threat detection. This unified approach ensures that every autonomous action is validated against centralized security policies before it executes, protecting against prompt injections, data leakage, and unauthorized tool access.

**Q: What is the difference between A2A and MCP flows?**
A: A2A (Agent-to-Agent) flows govern how autonomous AI agents communicate, negotiate, and share data with one another. Securing this flow involves protocol normalization and behavioral analysis. Conversely, MCP (Model Context Protocol) flows handle how those agents connect to external tools, servers, and data contexts. Securing MCP flows focuses on tool validation, access control, and preventing tool abuse by the agent.

**Q: Why is prompt injection a risk for enterprise LLMs?**
A: Prompt injection occurs when malicious inputs manipulate an LLM into ignoring its original instructions or bypassing its safety constraints. In an enterprise environment, this is a massive risk because compromised LLMs can be tricked into leaking sensitive corporate data, executing unauthorized backend commands (via MCP tools), or generating harmful outputs. Traditional security tools lack the semantic understanding to detect these attacks, requiring AI-native runtime security like Noma to block them.

**Q: How does Kong Konnect enforce AI security policies?**
A: Kong Konnect acts as the centralized SaaS management layer and control plane. Administrators use Konnect to define AI security policies, routing rules, and analytics configurations. Konnect then automatically pushes these configurations down to all Kong AI Gateway Data Plane nodes in real-time. This ensures consistent, global enforcement of security policies across all A2A, MCP, and LLM flows without manual intervention.

**Q: Which plugins secure AI traffic in Kong Gateway?**
A: Kong Gateway utilizes three primary plugins to secure AI traffic:

1. - **AI A2A Proxy Plugin:** Manages agent mediation and normalizes A2A protocols.
2. - **AI MCP Proxy Plugin:** Proxies traffic to MCP servers and validates tool consumption.
3. - **AI Proxy Advanced Plugin:** Handles LLM abstraction, multi-model routing, token management, and semantic caching.
   Additionally, these integrate directly with the **Noma Plugin** to enforce runtime security decisions and threat detection.