Companies are rapidly adopting AI, but it's not all roses. The excitement comes with significant risks, such as shadow AI, runaway costs, and security nightmares. This post explores the real challenges organizations face in AI governance today and highlights how forward-thinking companies are beginning to tackle them.
Companies are charging headfirst into AI, with research around [agentic AI in the enterprise](https://konghq.com/resources/reports/agentic-ai-enterprise-adoption-report)agentic AI in the enterprise finding as many as 9 out of 10 organizations are actively working to adopt AI agents.
LLMs are being deployed, agentic workflows are getting created left and right, and the promises of what this technology will bring are endless. But behind the scenes, our customers tell us that there's another piece of the story, with shadow AI, runaway costs, security nightmares, and organizational uncertainty.
We recently spoke with some of our customers about AI governance – the good, the bad, and the ugly – and the message was unanimous: the opportunity is massive, but the risks are too.
Here's what we learned about the real challenges around AI governance that companies are facing today — and how forward-thinking organizations are starting to solve them.
One fear we hear about again and again? Teams are moving independently while leadership scrambles to establish guardrails.
Engineers are spinning up their own MCP servers, calling LLMs directly, and creating hordes of agents while platform teams worry about future cleanup nightmares.
One of our [2025 Kong Innovator Award ](https://konghq.com/blog/news/2025-kong-innovator-awards-winners)2025 Kong Innovator Award winners, [H&M](https://konghq.com/blog/news/2025-kong-innovator-awards-winners)H&M, experienced this firsthand. As teams across the organization began adopting LLMs independently, the company found itself facing security risks, operational inefficiencies, and a complete lack of financial governance. Without centralized visibility, it was nearly impossible to scale AI safely across the enterprise.
The root cause? Teams are unsure whether governance belongs to AI squads, platform engineering, security, or a new AI Center of Excellence, leading to slow decision-making while engineers move fast on their own.
Elizabeth Brand, VP and Global Head of Cloud at Prudential, speaking at our [API Summit 2025](https://konghq.com/resources/videos/ai-transformation-with-kong-ai-gateway-at-prudential)API Summit 2025, described AI as a "once-in-a-decade opportunity" to solve previously difficult and time-consuming problems. Prudential is using AI to refactor legacy applications, decompose them into smaller components, and eliminate duplicate APIs — transforming modernization timelines from years to weeks or months.
But here's the catch: most organizations we talk to admit that their APIs are far from agent-ready, with missing specs, inconsistent design, and poor observability remaining as blockers.
The challenge is compounded by data privacy and security fears, with everyone anxious about PII exposure, accidental data leaks, and targeted attacks.
Remember when cloud costs spiraled out of control because nobody was watching? AI governance faces the same risk — but faster.
Token spending is unpredictable and already scaring finance teams, with customers desperate for centralized limits, multi-model routing, and semantic caching to avoid these runaway costs.
Another Kong Innovator Award winner, [SeatGeek](https://konghq.com/blog/news/2025-kong-innovator-awards-winners)SeatGeek, created a solution to address this challenge.
As LLMs became central to their operations, SeatGeek faced a challenge: these LLM requests looked just like ordinary HTTP traffic, making it nearly impossible to ensure trust and safety in AI-driven integrations. The team at SeatGeek used Kong to create centralized LLM request validation at the API gateway layer, which eliminated the risk of spoofed traffic, avoided duplicating code across more than a dozen microservices, and reduced engineering time by 2–3 weeks per service.
Perhaps the most interesting insight from our customers: API teams speak in terms of requests and responses, while AI teams talk about tokens and models, making bridging that language gap part of governance itself.
Education, change management, and internal alignment repeatedly came up as the largest blockers to effective AI governance. But this is nothing new. For any large-scale, enterprise-wide project, the people piece will always be one of the major challenges, even more so than the technology.
Customers see the risks of decentralization and are actively exploring AI gateways and MCP gateways to regain control.
H&M's transformation illustrates this perfectly. By implementing [Kong AI Gateway](https://konghq.com/products/kong-ai-gateway)Kong AI Gateway, they pivoted from a fragmented, high-risk model to a secure, scalable, and governed AI platform with centralized control, observability, and governance for all AI traffic.
The results? AI service onboarding time dropped from weeks to days, they gained immediate financial oversight and cost visibility, and they established 100% centralized logging and auditability for compliance.
Good specs, security scopes, and predictable behavior aren't nice-to-haves anymore — they're prerequisites for safe agentic workloads.
Prudential's approach demonstrates this. By breaking down applications into smaller components and eliminating API duplication, they're reducing ecosystem complexity while preparing their infrastructure for AI-driven workflows.
Companies are already looking for ways to control token consumption and avoid bill shock. Implementing AI governance is an essential part of keeping your finance team happy, as well as your developers.
As H&M was building its centralized AI governance platform, the team implemented Kong AI Gateway features like intelligent LLM routing and centralized rate limiting for AI traffic to avoid incurring runaway costs. The team anticipates seeing major savings going forward — and having the visibility to predict the costs they will have.
Here's the surprising silver lining: none of our customers claim to have figured out the one simple solution to solving AI governance problems. The playbooks are still being written, so everyone has the chance to think creatively and put innovative solutions in place.
As Liz Brand from Prudential put it, companies in the successful 5% are those that obsessively learn and relentlessly pursue different solutions than what worked a decade ago. This is a "wipe the slate clean" moment.
AI governance isn't a future problem: it's the AI reality. The organizations that will succeed aren't necessarily the ones with the most AI projects or the biggest budgets. They're the ones who recognize that governance, security, and cost control need to be built into the foundation, not bolted on after the fact.
84% of companies report a hit to gross margins from AI costs. Sustainable AI businesses avoid [the hidden AI fragmentation tax](https://konghq.com/blog/enterprise/hidden-ai-fragmentation-tax)the hidden AI fragmentation tax by being proactive.
The good news? You're not alone in figuring this out. Every organization — from global retailers to financial services giants — is navigating the same challenges. The difference between chaos and control comes down to one thing: centralizing governance before shadow AI forces your hand.
Ready to take control of your AI governance strategy? Learn more about how Kong AI Gateway is helping enterprises scale AI securely and cost-effectively.[ Contact us to get started](https://konghq.com/contact-sales) Contact us to get started.
CLIs, MCP, and the Real Governance Tradeoffs Shaping Enterprise AI Agents The CLI case is real Let's start with the strongest version of the CLI argument. For well-known tools baked into model training data (e.g., git, grep, curl, jq, docker, kub
[](https://konghq.com/blog/enterprise/cli-vs-mcp-enterprise-ai-governance)
Bring Financial Accountability to Enterprise LLM Usage with Konnect Metering and Billing Showback and chargeback are not the same thing. Most organizations conflate these two concepts, and that conflation delays action. Understanding the LLM showb
[](https://konghq.com/blog/enterprise/llm-cost-management-ai-showback-and-chargeback)
The Shifting Economic Landscape: The AI token economy in 2026 is evolving, and enterprise leaders must distinguish between low-cost input tokens and high-premium output tokens to maintain profitability. Agentic AI Financial Risks: The transition t
[](https://konghq.com/blog/enterprise/ai-input-vs-output-cost-management)
The first pillar is enablement. Developers need tools that reduce friction when building AI-powered applications and agents. This means providing: Native MCP support for connecting agents to enterprise tools and data sources SDKs and frameworks op
[](https://konghq.com/blog/enterprise/agentic-ai-developer-platform)
Agent-to-agent communication is the next frontier of AI infrastructure. As teams decompose monolithic AI workflows into specialized agents — a research agent, a booking agent, a summarization agent — the calls between those agents become as importa
[](https://konghq.com/blog/product-releases/kong-ai-gateway-3-14)
The Requirement : Article 10 of the EU AI Act mandates strict data governance for high-risk AI systems. This includes error detection, bias monitoring, and arguably most critically for enterprise use — ensuring that sensitive personal data (PII) is
[](https://konghq.com/blog/enterprise/eu-ai-act-compliance)
Claude Code is Anthropic's agentic coding and agent harness tool. Unlike traditional code-completion assistants that suggest the next line in an editor, Claude Code operates as an autonomous agent that reads entire codebases, edits files across mult
[](https://konghq.com/blog/engineering/claude-code-governance-with-an-ai-gateway)