DISCOVER & TEST KONNECT APIS IN REAL TIME WITH INSOMNIA 13 MIGRATE 50% FASTER WITH KONG MIGRATION SERVICES DON'T MISS OUT ON API + AI SUMMIT 2026 | PRICES INCREASE AUGUST 16
  • [Why Kong ](/company/why-kong)Why Kong
  • _API & AI CONNECTIVITY TECHNOLOGIES_
    The Unified API and AI Platform
    []
    API ManagementAI ManagementEvent ManagementMonetization
    Migration Services
    API Advisory Services + Forward Deployed EngineersNEW
    • RUNTIMES
    • [API Gateway ](/products/kong-gateway)API Gateway
    • [AI Gateway HOT](/products/kong-ai-gateway)AI Gateway HOT
    • [Event Gateway ](/products/event-gateway)Event Gateway
    • [Service Mesh ](/products/kong-mesh)Service Mesh
    • [Context Mesh ](/products/kong-konnect/features/context-mesh)Context Mesh
    • [Ingress Controller ](/products/kong-ingress-controller)Ingress Controller
    • [Kong Operator ](/products/kong-operator)Kong Operator
    • CORE SERVICES
    • [MCP Registry NEW](/products/mcp-registry)MCP Registry NEW
    • [API Service Catalog ](/products/kong-konnect/features/api-service-catalog)API Service Catalog
    • [Runtime Management ](/products/kong-konnect/features/runtime-management)Runtime Management
    • [APIOps & Automation ](/products/apiops-automation)APIOps & Automation
    • APPS & AI AGENTS
    • [Developer Portal ](/products/kong-konnect/features/developer-portal)Developer Portal
    • [Usage Billing & Metering ](/products/kong-konnect/features/usage-based-metering-and-billing)Usage Billing & Metering
    • [Observability ](/products/kong-konnect/features/api-observability)Observability
    • [KAi Agent ](/products/kong-konnect/features/kai-ai-agent)KAi Agent
    DEVELOPER TOOLS
    [Insomnia ](https://insomnia.rest/)Insomnia [Plugins ](https://developer.konghq.com/plugins/)Plugins [Volcano ](https://volcano.dev/)Volcano [Kong MCP ](https://developer.konghq.com/konnect-platform/konnect-mcp/)Kong MCP [Documentation ](https://docs.konghq.com/)Documentation [Open Source ](/community)Open Source
      • FOR PLATFORM TEAMS
      • [Developer Platform ](/solutions/building-developer-platform)Developer Platform
      • [Kubernetes and Microservices ](/solutions/build-on-kubernetes)Kubernetes and Microservices
      • [Observability ](/solutions/observability)Observability
      • [Service Mesh Connectivity ](/solutions/service-mesh-connectivity)Service Mesh Connectivity
      • [Kafka Event Streaming ](/solutions/kafka-stream-api-management)Kafka Event Streaming
      • FOR EXECUTIVES
      • [AI Connectivity ](/ai-connectivity)AI Connectivity
      • [Open Banking ](/solutions/open-banking)Open Banking
      • [Legacy Migration ](/solutions/legacy-api-management-migration)Legacy Migration
      • [Platform Cost Reduction ](/solutions/api-platform-consolidation)Platform Cost Reduction
      • [Kafka Cost Optimization ](/solutions/reduce-kafka-cost)Kafka Cost Optimization
      • [API Monetization ](/solutions/api-monetization)API Monetization
      • [AI Monetization ](/solutions/ai-monetization)AI Monetization
      • [AI FinOps ](/solutions/ai-cost-governance-finops)AI FinOps
      • FOR AI TEAMS
      • [Agent Gateway ](/agent-gateway)Agent Gateway
      • [AI Governance ](/solutions/ai-governance)AI Governance
      • [AI Security ](/solutions/ai-security)AI Security
      • [Token Cost Management ](/solutions/ai-cost-optimization-management)Token Cost Management
      • [Agentic Infrastructure ](/solutions/agentic-ai-workflows)Agentic Infrastructure
      • [MCP Production ](/solutions/mcp-production-and-consumption)MCP Production
      • [MCP Traffic Gateway ](/solutions/mcp-governance)MCP Traffic Gateway
      • FOR DEVELOPERS
      • [Mobile App API Development ](/solutions/mobile-application-api-development)Mobile App API Development
      • [GenAI App Development ](/solutions/power-openai-applications)GenAI App Development
      • [API Gateway for Istio ](/solutions/istio-gateway)API Gateway for Istio
      • [Decentralized Load Balancing ](/solutions/decentralized-load-balancing)Decentralized Load Balancing
      • BY INDUSTRY
      • [Financial Services ](/solutions/financial-services-industry)Financial Services
      • [Healthcare ](/solutions/healthcare)Healthcare
      • [Higher Education ](/solutions/api-platform-for-education-services)Higher Education
      • [Insurance ](/solutions/insurance)Insurance
      • [Manufacturing ](/solutions/manufacturing)Manufacturing
      • [Retail ](/solutions/retail)Retail
      • [Software & Technology ](/solutions/software-and-technology)Software & Technology
      • [Transportation ](/solutions/transportation-and-logistics)Transportation
    NEW
    Kong for Startups
    Apply for $100k credits & 50% off AI Gateway
  • [Pricing ](/pricing)Pricing
      • DOCUMENTATION
      • [Kong Konnect ](https://developer.konghq.com/konnect/)Kong Konnect
      • [Kong Gateway ](https://developer.konghq.com/gateway/)Kong Gateway
      • [Kong Mesh ](https://developer.konghq.com/mesh/)Kong Mesh
      • [Kong AI Gateway ](https://developer.konghq.com/ai-gateway/)Kong AI Gateway
      • [Kong Event Gateway ](https://developer.konghq.com/event-gateway/)Kong Event Gateway
      • [Kong Insomnia ](https://developer.konghq.com/insomnia/)Kong Insomnia
      • [Plugin Hub ](https://developer.konghq.com/plugins/)Plugin Hub
      • EXPLORE
      • [Blog ](/blog)Blog
      • [Learning Center ](/blog/learning-center)Learning Center
      • [eBooks ](/resources/e-book)eBooks
      • [Reports ](/resources/reports)Reports
      • [Demos ](/resources/demos)Demos
      • [Customer Stories ](/customer-stories)Customer Stories
      • [Videos ](/resources/videos)Videos
      • EVENTS
      • [API + AI Summit ](/events/conferences/api-ai-summit)API + AI Summit
      • [Webinars ](/events/webinars)Webinars
      • [User Calls ](/events/user-calls)User Calls
      • [Workshops ](/events/workshops)Workshops
      • [Meetups ](/events/meetups)Meetups
      • [See All Events ](/events)See All Events
      • FOR DEVELOPERS
      • [Get Started ](https://developer.konghq.com/)Get Started
      • [Community ](/community)Community
      • [Certification ](/academy/certification)Certification
      • [Training ](https://education.konghq.com)Training
      • COMPANY
      • [About Us ](/company/about-us)About Us
      • [We're Hiring! ](/company/careers)We're Hiring!
      • [Press Room ](/company/press-room)Press Room
      • [Contact Us ](/company/contact-us)Contact Us
      • [Kong Partner Program ](/partners)Kong Partner Program
      • [Enterprise Support Portal ](https://support.konghq.com/s/)Enterprise Support Portal
      • [Documentation ](https://developer.konghq.com/?_gl=1*tphanb*_gcl_au*MTcxNTQ5NjQ0MC4xNzY5Nzg4MDY0LjIwMTI3NzEwOTEuMTc3MzMxODI2MS4xNzczMzE4MjYw*_ga*NDIwMDU4MTU3LjE3Njk3ODgwNjQ.*_ga_4JK9146J1H*czE3NzQwMjg1MjkkbzE4OSRnMCR0MTc3NDAyODUyOSRqNjAkbDAkaDA)Documentation
  • [](/search)
  • [Login](https://cloud.konghq.com/login)Login
  • [Book Demo](/contact-sales)Book Demo
  • [Get Started](/products/kong-konnect/register)Get Started
[Blog](/blog)Blog
  • [AI Gateway ](/blog/tag/ai-gateway)AI Gateway
  • [AI Security ](/blog/tag/ai-security)AI Security
  • [AIOps ](/blog/tag/aiops)AIOps
  • [API Security ](/blog/tag/api-security)API Security
  • [API Gateway ](/blog/tag/api-gateway)API Gateway
|
    • [API Management ](/blog/tag/api-management)API Management
    • [API Development ](/blog/tag/api-development)API Development
    • [API Design ](/blog/tag/api-design)API Design
    • [Automation ](/blog/tag/automation)Automation
    • [Service Mesh ](/blog/tag/service-mesh)Service Mesh
    • [Insomnia ](/blog/tag/insomnia)Insomnia
    • [Event Gateway ](/blog/tag/event-gateway)Event Gateway
    • [View All Blogs ](/blog/page/1)View All Blogs
We're Entering the Age of AI Connectivity [Read more](/blog/news/the-age-of-ai-connectivity)Read moreProducts & Agents:
    • [Kong AI Gateway](/products/kong-ai-gateway)Kong AI Gateway
    • [Kong API Gateway](/products/kong-gateway)Kong API Gateway
    • [Kong Event Gateway](/products/event-gateway)Kong Event Gateway
    • [Kong Metering & Billing](/products/kong-konnect/features/usage-based-metering-and-billing)Kong Metering & Billing
    • [Kong Insomnia](/products/kong-insomnia)Kong Insomnia
    • [Kong Konnect](/products/kong-konnect)Kong Konnect
  • [Documentation](https://developer.konghq.com)Documentation
  • [Book Demo](/contact-sales)Book Demo
  1. Home
  2. Blog
  3. Enterprise
  4. Shadow AI Detection: The Enterprise Governance Guide
[AI Security](/blog/tag/ai-security)AI Security
July 7, 2026
6 min read

# Shadow AI Detection: The Enterprise Governance Guide

Kong

Shadow AI detection is the practice of finding and governing unsanctioned AI tools, models, and API integrations that employees deploy without security approval. It has become urgent because these tools route live enterprise data to external models in real time, and traditional security stacks cannot see them. The 2026 Cordyceps disclosure, which exposed identical AI-generated vulnerabilities across 300+ GitHub repositories, showed how fast ungoverned AI can turn into a supply-chain crisis.

## What Is Shadow AI? (And Why Detection Can't Wait)

Shadow AI is any AI tool, model, or API integration deployed inside an organization without IT or security approval. Unlike sanctioned systems, it operates outside every review process your governance program depends on. That makes detection the first and most important step in bringing it under control.

Shadow AI is not simply the next version of shadow IT. Shadow IT typically involves unsanctioned software that stays inside a known perimeter. **Shadow AI routes live data — prompts, customer records, source code — to external models**, and its behavior is non-deterministic, so the same input can produce different outputs and different data exposure each time.

The evidence for urgency is concrete. The Cordyceps disclosure found identical AI-generated flaws propagated through CI/CD pipelines across more than 300 GitHub repositories, exposing them to supply-chain attacks [2]. IBM's 2025 breach research reinforces the stakes: **20% of breaches now involve shadow AI, adding roughly $670,000 to the average breach cost, and 97% of AI-related breaches lacked proper access controls** [1].

## The Shadow AI Threat Surface: What Enterprises Are Exposed To

Ungoverned AI expands the attack surface in ways security teams rarely have full visibility into. When any team can connect to an external model, the organization inherits risk it never assessed — and 96% of tech professionals say AI agents are a growing security risk [5]. The exposure spans data, compliance, and cost.

  • - **Data exfiltration**: Sensitive prompts and files leave the perimeter the moment they reach an external model.
  • - **Compliance violations**: Uncontrolled data flows breach HIPAA, GDPR, and SOC 2 obligations.
  • - **Supply-chain vulnerability**: AI-generated code and dependencies introduce flaws like those in the Cordyceps disclosure.
  • - **Model integrity**: Unvetted models can return manipulated, biased, or poisoned outputs.
  • - **Audit and accountability gaps**: No record of who called which model, with what data, or when.
  • - **Cost and rate-limit exposure**: Untracked token consumption drives runaway spend and throttling.

Closing this surface requires governance where AI traffic actually flows — not in a dashboard bolted on after the calls have already left the building.

## Why Traditional Security Tools Cannot Detect Shadow AI

Most enterprise security tools were built for a world of static endpoints and known applications. They inspect files, configurations, and logs — but they sit outside the live data plane where AI calls happen. That structural gap is why shadow AI slips past them.

Each category has a specific blind spot:

shadow-ai-blind-spots

The common thread is that these tools react after the fact and never observe the AI request itself. Detecting shadow AI requires visibility at the traffic layer, where every AI call is made — and that is the job of an AI gateway.

## How an AI Gateway Delivers Real-Time Shadow AI Detection

An **AI gateway** is the control plane that sits between your users and applications and the external AI providers they call. Every AI API request passes through it, which means every request is visible, logged, and subject to policy before it ever reaches a model. [Kong AI Gateway](https://konghq.com/products/kong-ai-gateway)Kong AI Gateway is built to occupy exactly this position in the enterprise architecture.

Because it inspects traffic inline, Kong AI Gateway turns shadow AI from an invisible risk into a governed flow. Its core detection and control capabilities include:

  • - **Real-time detection of unauthorized models**, flagging any call to a provider outside approved policy.
  • - **Token-based rate limiting** that caps consumption and cost per team, model, or application through [token-based rate limiting](https://developer.konghq.com/plugins/ai-rate-limiting-advanced/)token-based rate limiting.
  • - **PII and PHI detection and redaction** before prompts leave the organization — the AI Sanitizer covers 20+ categories of sensitive data across 12 languages.
  • - **Model allowlisting** so only approved providers can receive traffic.
  • - **Prompt guards** that block unsafe or non-compliant requests at the gateway.
  • - **A full audit trail** recording user, model, timestamp, and token count for every call.

This is the shift from reacting to AI risk to governing it. Kong research found that **54% of enterprises with AI governance frameworks rely on an AI gateway as their control plane**, reflecting how central the traffic layer has become to [enterprise AI governance frameworks](https://konghq.com/blog/learning-center/what-is-ai-governance)enterprise AI governance frameworks. For a deeper primer, Kong explains [what an AI gateway is](https://konghq.com/blog/enterprise/what-is-an-ai-gateway)what an AI gateway is and how it fits the broader stack.

### Federated AI Governance

**Federated AI governance is** a model where a central team sets baseline policies while individual teams retain autonomy to operate within them. In Kong, this works through workspaces: platform leadership defines organization-wide rules, and each team manages its own configuration underneath.

Policy inheritance makes the baseline non-negotiable. A rule such as "never route PHI to external models" is defined centrally and inherited by every workspace, so no team can opt out. This structure holds across multi-cloud and hybrid environments, giving large organizations one consistent governance posture instead of dozens of independent ones. It directly addresses the [agentic AI governance and shadow AI risk](https://konghq.com/blog/enterprise/agentic-ai-governance-managing-shadow-ai-risk)agentic AI governance and shadow AI risk that grows as AI adoption spreads across teams.

## Building a Shadow AI Governance Framework: A Phased Approach

A shadow AI governance framework works best when it is rolled out in stages, moving from visibility to enforcement without stalling the teams already using AI. The following four phases align with the Govern, Map, Measure, and Manage functions of the NIST AI Risk Management Framework [3].

  1. - **Discover**: Run the gateway in observation mode to build a baseline inventory of every model, team, and data flow already in use.
  2. - **Define**: Set policies, model allowlists, and redaction rules based on what discovery reveals.
  3. - **Enforce**: Turn on rate limits, alerting, and SIEM integration so violations are blocked and surfaced in real time.
  4. - **Optimize**: Expand federated governance to new teams and refine policies as adoption grows.

Because these controls run as plugins on the same gateway you already operate, each phase extends existing infrastructure rather than replacing it. Reviewing the [OWASP Top 10 LLM vulnerabilities](https://konghq.com/blog/engineering/owasp-top-10-ai-and-llm-guide)OWASP Top 10 LLM vulnerabilities during the Define phase helps prioritize which policies to enforce first.

### Conclusion

Shadow AI is already inside your organization, routing live data to models you never approved. The organizations that stay in control are the ones governing AI where it actually flows — at the traffic layer, in real time. Kong AI Gateway gives enterprise security and platform teams that reference architecture: one control plane for detection, policy, and audit across every AI call. [Request a demo](https://konghq.com/contact-sales)Request a demo to see how Kong governs shadow AI at scale.

## Frequently Asked Questions

**What is shadow AI detection?**

Shadow AI detection is the practice of identifying unsanctioned AI tools, models, and API integrations deployed without security approval. It relies on visibility at the traffic layer, where AI calls are made, because these tools route live data to external models in ways traditional security stacks cannot see.

**How do enterprises detect shadow AI?**

Enterprises detect shadow AI by inspecting AI traffic at an AI gateway that sits between users and external providers. The gateway logs every call, flags unauthorized models, and enforces policy in real time. Kong research found that 54% of enterprises with governance frameworks use an AI gateway as this control plane.

**What is the difference between shadow AI and shadow IT?**

Shadow IT is unsanctioned software that usually stays within a known perimeter. Shadow AI routes live data — prompts, records, and code — to external models and behaves non-deterministically, so its data exposure and outputs vary from one call to the next. That makes shadow AI harder to detect and higher risk.

**What are the HIPAA risks of shadow AI in healthcare?**

Routing protected health information to an external LLM without a Business Associate Agreement is a potential HIPAA violation, regardless of whether a breach occurs. Ungoverned AI also fails HIPAA's audit-trail requirement, leaving organizations unable to prove how PHI was accessed or transmitted.

**What is federated AI governance?**

Federated AI governance is a model where a central team defines baseline policies while individual teams keep autonomy to operate within them. Central rules — such as never routing PHI to external models — are inherited by every team, ensuring one consistent posture across multi-cloud and hybrid environments.

**What is the Cordyceps AI vulnerability disclosure?**

The Cordyceps disclosure identified identical AI-generated vulnerabilities propagated through CI/CD pipelines across more than 300 GitHub repositories, exposing them to supply-chain attacks. It demonstrated how ungoverned AI-generated code can spread the same flaw at scale before anyone detects it.

#### References

  1. - IBM. Cost of a Data Breach Report 2025. [https://www.ibm.com/reports/data-breach](https://www.ibm.com/reports/data-breach)https://www.ibm.com/reports/data-breach
  2. - SecurityWeek. Exploitable CI/CD Vulnerabilities Expose Repositories to Hijacking (2026). [https://www.securityweek.com/exploitable-ci-cd-vulnerabilities-expose-millions-of-repositories-to-hijacking/](https://www.securityweek.com/exploitable-ci-cd-vulnerabilities-expose-millions-of-repositories-to-hijacking/)https://www.securityweek.com/exploitable-ci-cd-vulnerabilities-expose-millions-of-repositories-to-hijacking/
  3. - NIST. AI Risk Management Framework (AI RMF). [https://www.nist.gov/itl/ai-risk-management-framework](https://www.nist.gov/itl/ai-risk-management-framework)https://www.nist.gov/itl/ai-risk-management-framework
  4. - U.S. HHS Office for Civil Rights. HIPAA Guidance. [https://www.hhs.gov/hipaa/index.html](https://www.hhs.gov/hipaa/index.html)https://www.hhs.gov/hipaa/index.html
  5. - SailPoint. 96% of Enterprises Say AI Agents Are a Security Risk (2025). [https://www.businesswire.com/news/home/20250528829358/en/](https://www.businesswire.com/news/home/20250528829358/en/)https://www.businesswire.com/news/home/20250528829358/en/
- [AI Security](/blog/tag/ai-security)AI Security- [Enterprise AI](/blog/tag/enterprise-ai)Enterprise AI- [AI Connectivity](/blog/tag/ai-connectivity)AI Connectivity- [Governance](/blog/tag/governance)Governance

Table of Contents

  • What Is Shadow AI? (And Why Detection Can't Wait)
  • The Shadow AI Threat Surface: What Enterprises Are Exposed To
  • Why Traditional Security Tools Cannot Detect Shadow AI
  • How an AI Gateway Delivers Real-Time Shadow AI Detection
  • Building a Shadow AI Governance Framework: A Phased Approach

## More on this topic

_eBooks_

## AI Projects in Regulated Sectors: Strategies & Insights

_Webinars_

## You Secured Your APIs. Then You Added AI.

## See Kong in action

Accelerate deployments, reduce vulnerabilities, and gain real-time visibility. 

[Get a Demo](/contact-sales)Get a Demo
**Topics**
- [AI Security](/blog/tag/ai-security)AI Security- [Enterprise AI](/blog/tag/enterprise-ai)Enterprise AI- [AI Connectivity](/blog/tag/ai-connectivity)AI Connectivity- [Governance](/blog/tag/governance)Governance
Kong

Recommended posts

# AI Data Governance: A Practical Framework for the Agentic Era

[Enterprise](/blog/tag)EnterpriseMay 30, 2026

AI data governance is the set of policies, processes, and controls that manage how data flows into, through, and out of AI systems. It covers who can access which models, what data reaches an LLM, how outputs are monitored, and whether every interac

Kong

# AI Gateway vs. Direct LLM API Integration: The Architecture Decision Defining Your AI Strategy

[Engineering](/blog/tag)EngineeringJuly 2, 2026

Most teams start the same way. A developer creates an API key, calls OpenAI or Anthropic, and ships a prototype. The problems surface when that prototype becomes five production services calling three providers. Hardcoded provider dependencies are

Kong

# Agentic AI Governance: Managing Shadow AI and Risk for Competitive Advantage

[Enterprise](/blog/tag)EnterpriseJanuary 30, 2026

Why Risk Management Will Separate Agentic AI Winners from Agentic AI Casualties Let's be honest about what's happening inside most enterprises right now. Development teams are under intense pressure to ship AI features. The mandate from leadership

Alex Drag

# Kong and Noma Partner to Deliver Advanced Agentic AI Security and Runtime Protection

[Enterprise](/blog/tag)EnterpriseJune 15, 2026

Organizations are under immense pressure to develop and deploy AI agents quickly and at scale. However, since agentic AI systems rely on live data and complex integrations, they also introduce a massive new attack surface.  Traditional security tool

Nadav Lotan

# Kong Gateway Governance: Unifying APIs and AI Infrastructure

[Enterprise](/blog/tag)EnterpriseJune 1, 2026

You can see this visualized in the diagram below. As you move to the right, you get smaller and smaller circles — more services, deployed faster, in a more distributed manner to add resiliency and features. As you move to the right, your control and

Kong

# Anthropic Acquires Stainless. What's It Mean for AI Connectivity?

[Enterprise](/blog/tag)EnterpriseMay 22, 2026

The Stainless deal tells you where the easy wins are headed. Turning an OpenAPI spec into a TypeScript SDK, a Python client, and an MCP server is going to be a button. That's good. It lowers the activation energy for getting an agent to call your

Alex Drag

# LiteLLM vs Kong: Choosing the Right Enterprise AI Gateway for Production

[Enterprise](/blog/tag)EnterpriseMay 7, 2026

For many buyers, this is where the evaluation begins: the part of the stack responsible for controlling, shaping, and observing AI traffic as it moves between applications and AI models. Once the baseline requirements are met, the question then shif

Adam Jiroun

# AI Data Governance: A Practical Framework for the Agentic Era

[Enterprise](/blog/tag)EnterpriseMay 30, 2026

AI data governance is the set of policies, processes, and controls that manage how data flows into, through, and out of AI systems. It covers who can access which models, what data reaches an LLM, how outputs are monitored, and whether every interac

Kong

# AI Gateway vs. Direct LLM API Integration: The Architecture Decision Defining Your AI Strategy

[Engineering](/blog/tag)EngineeringJuly 2, 2026

Most teams start the same way. A developer creates an API key, calls OpenAI or Anthropic, and ships a prototype. The problems surface when that prototype becomes five production services calling three providers. Hardcoded provider dependencies are

Kong

# Agentic AI Governance: Managing Shadow AI and Risk for Competitive Advantage

[Enterprise](/blog/tag)EnterpriseJanuary 30, 2026

Why Risk Management Will Separate Agentic AI Winners from Agentic AI Casualties Let's be honest about what's happening inside most enterprises right now. Development teams are under intense pressure to ship AI features. The mandate from leadership

Alex Drag

# Kong and Noma Partner to Deliver Advanced Agentic AI Security and Runtime Protection

[Enterprise](/blog/tag)EnterpriseJune 15, 2026

Organizations are under immense pressure to develop and deploy AI agents quickly and at scale. However, since agentic AI systems rely on live data and complex integrations, they also introduce a massive new attack surface.  Traditional security tool

Nadav Lotan

# Kong Gateway Governance: Unifying APIs and AI Infrastructure

[Enterprise](/blog/tag)EnterpriseJune 1, 2026

You can see this visualized in the diagram below. As you move to the right, you get smaller and smaller circles — more services, deployed faster, in a more distributed manner to add resiliency and features. As you move to the right, your control and

Kong

# Anthropic Acquires Stainless. What's It Mean for AI Connectivity?

[Enterprise](/blog/tag)EnterpriseMay 22, 2026

The Stainless deal tells you where the easy wins are headed. Turning an OpenAPI spec into a TypeScript SDK, a Python client, and an MCP server is going to be a button. That's good. It lowers the activation energy for getting an agent to call your

Alex Drag

# LiteLLM vs Kong: Choosing the Right Enterprise AI Gateway for Production

[Enterprise](/blog/tag)EnterpriseMay 7, 2026

For many buyers, this is where the evaluation begins: the part of the stack responsible for controlling, shaping, and observing AI traffic as it moves between applications and AI models. Once the baseline requirements are met, the question then shif

Adam Jiroun

# AI Data Governance: A Practical Framework for the Agentic Era

[Enterprise](/blog/tag)EnterpriseMay 30, 2026

AI data governance is the set of policies, processes, and controls that manage how data flows into, through, and out of AI systems. It covers who can access which models, what data reaches an LLM, how outputs are monitored, and whether every interac

Kong

# AI Gateway vs. Direct LLM API Integration: The Architecture Decision Defining Your AI Strategy

[Engineering](/blog/tag)EngineeringJuly 2, 2026

Most teams start the same way. A developer creates an API key, calls OpenAI or Anthropic, and ships a prototype. The problems surface when that prototype becomes five production services calling three providers. Hardcoded provider dependencies are

Kong

# Agentic AI Governance: Managing Shadow AI and Risk for Competitive Advantage

[Enterprise](/blog/tag)EnterpriseJanuary 30, 2026

Why Risk Management Will Separate Agentic AI Winners from Agentic AI Casualties Let's be honest about what's happening inside most enterprises right now. Development teams are under intense pressure to ship AI features. The mandate from leadership

Alex Drag

# Kong and Noma Partner to Deliver Advanced Agentic AI Security and Runtime Protection

[Enterprise](/blog/tag)EnterpriseJune 15, 2026

Organizations are under immense pressure to develop and deploy AI agents quickly and at scale. However, since agentic AI systems rely on live data and complex integrations, they also introduce a massive new attack surface.  Traditional security tool

Nadav Lotan

# Kong Gateway Governance: Unifying APIs and AI Infrastructure

[Enterprise](/blog/tag)EnterpriseJune 1, 2026

You can see this visualized in the diagram below. As you move to the right, you get smaller and smaller circles — more services, deployed faster, in a more distributed manner to add resiliency and features. As you move to the right, your control and

Kong

# Anthropic Acquires Stainless. What's It Mean for AI Connectivity?

[Enterprise](/blog/tag)EnterpriseMay 22, 2026

The Stainless deal tells you where the easy wins are headed. Turning an OpenAPI spec into a TypeScript SDK, a Python client, and an MCP server is going to be a button. That's good. It lowers the activation energy for getting an agent to call your

Alex Drag

# LiteLLM vs Kong: Choosing the Right Enterprise AI Gateway for Production

[Enterprise](/blog/tag)EnterpriseMay 7, 2026

For many buyers, this is where the evaluation begins: the part of the stack responsible for controlling, shaping, and observing AI traffic as it moves between applications and AI models. Once the baseline requirements are met, the question then shif

Adam Jiroun

## Ready to see Kong in action?

Get a personalized walkthrough of Kong's platform tailored to your architecture, use cases, and scale requirements.

[Get a Demo](/contact-sales)Get a Demo

## step-0

    • Company
    • [About Kong ](/company/about-us)About Kong
    • [Customers ](/customer-stories)Customers
    • [Careers ](/company/careers)Careers
    • [Press ](/company/press-room)Press
    • [Events ](/events)Events
    • [Contact ](/company/contact-us)Contact
    • [Pricing ](/pricing)Pricing
      •    * [Terms](/legal/terms-of-use)
      •    * [Privacy](/legal/privacy-policy)
      •    * [Trust and Compliance](https://trust.konghq.com/)
    • Platform
    • [Kong AI Gateway ](/products/kong-ai-gateway)Kong AI Gateway
    • [Kong Konnect ](/products/kong-konnect)Kong Konnect
    • [Kong Gateway ](/products/kong-gateway)Kong Gateway
    • [Kong Event Gateway ](/products/event-gateway)Kong Event Gateway
    • [Kong Insomnia ](/products/kong-insomnia)Kong Insomnia
    • [Documentation ](https://developer.konghq.com)Documentation
    • [Book Demo ](/contact-sales)Book Demo
    • Compare
    • [AI Gateway Alternatives ](/performance-comparison/ai-gateway-alternatives)AI Gateway Alternatives
    • [Kong vs Apigee ](/performance-comparison/kong-vs-apigee)Kong vs Apigee
    • [Kong vs AWS ](/performance-comparison/kong-vsaws)Kong vs AWS
    • [Kong vs IBM ](/performance-comparison/ibm-api-connect-vs-kong)Kong vs IBM
    • [Kong vs Mulesoft ](/performance-comparison/kong-vs-mulesoft)Kong vs Mulesoft
    • [Kong vs Postman ](/performance-comparison/kong-vs-postman)Kong vs Postman
    • Explore More
    • [Kong for Startups ](/solutions/startup-program)Kong for Startups
    • [Open Banking API Solutions ](/solutions/open-banking)Open Banking API Solutions
    • [API Governance Solutions ](/solutions/api-governance)API Governance Solutions
    • [Istio API Gateway Integration ](/solutions/istio-gateway)Istio API Gateway Integration
    • [Kubernetes API Management ](/solutions/build-on-kubernetes)Kubernetes API Management
    • [API Gateway: Build vs Buy ](/campaign/secure-api-scalability)API Gateway: Build vs Buy
    • Open Source
    • [Kong Gateway ](https://developer.konghq.com/gateway/install/)Kong Gateway
    • [Kuma ](https://kuma.io/)Kuma
    • [Insomnia ](https://insomnia.rest/)Insomnia
    • [Kong Community ](/community)Kong Community

Kong enables the connectivity layer for the agentic era – securely connecting, governing, and monetizing APIs and AI tokens across any model or cloud.

  • English
  • Japanese
  • Frenchcoming soon
  • Spanishcoming soon
  • Germancoming soon
[Everything is 200 OK](https://status.konghq.com/)
© Kong Inc. 2026
Interaction mode