**MCP ACLs, Claude Code Support, and New Guardrails**
Kong AI Gateway 3.13 moves enterprises from AI experimentation to shipping production-grade agents by unlocking new capabilities focused on agentic security, developer productivity, and resilience, including MCP tool-level access control, expanded provider support, and smarter load balancing.
We know that successful AI connectivity programs often start with an intense focus on how you govern and protect LLM and MCP traffic. This is why Kong was first to market with an enterprise-grade [AI gateway](https://konghq.com/blog/enterprise/what-is-an-ai-gateway)AI gateway, and it’s why, in our last release, we added enterprise MCP proxy support to our already-existing LLM proxy in the [Kong AI Gateway](https://konghq.com/products/kong-ai-gateway)Kong AI Gateway.
And we’re still innovating.
Today, we're proud to announce one of the most significant updates to Kong AI Gateway yet. This release is all about helping you move from “we’re experimenting with LLM and MCP-powered workflows” to “let’s ship our first production-grade agent to market,” with a special focus on the hard problems to solve around agentic security, dev productivity, and resilience.
Kong AI Gateway 3.13 unlocks a wave of new capabilities that power enterprise-grade AI infrastructures — from MCP tool-level access control and circuit breakers to expanded provider support, advanced generation workflows, and load balancing improvements. If you’re building multi-model, agentic, real-time, or mission-critical AI systems, you’ll want to upgrade.
The full changelog can be found [here](https://developer.konghq.com/gateway/changelog/)here.
With the rise of agent architectures and multi-tool workflows, controlling what tools an agent (or user) can call — and when — is essential. Since the rise of MCP, organizations (and often different teams within organizations) have approached this problem in different, often non-standardized ways. Kong AI Gateway solves for this, giving AI and Infra teams the ability to standardize how their org:
Let’s consider exposing an MCP interface for fictitious airline KongAir's API. In the example configuration below, we can ensure that only users in the `booking-agents` consumer group will be allowed to consume KongAir MCP tools by default. Users that have been mapped to the `developers` consumer group will only be permitted access to the tools that allow flight details to be fetched.
plugins:
- name: ai-mcp-proxy
config:
mode: conversion-listener
logging:
log_payloads: true
log_statistics: true
consumer_identifier: username
default_acl:
- allow:
- booking-agents
deny:
- developers
scope: tools
include_consumer_groups: true
tools:
- description: Get KongAir planned flights
annotations:
title: Get KongAir planned flights
method: GET
path: /flights
parameters:
- name: date
in: query
description: Filter by date (defaults to current day)
required: false
schema:
type: string
acl:
allow:
- developers
- description: Get a specific flight by flight number
annotations:
title: Get a specific flight by flight number
method: GET
path: /flights/{flightNumber}
parameters:
- name: flightNumber
in: path
description: The flight number
required: true
schema:
type: string
acl:
allow:
- developers
- description: Fetch more details about a flight
annotations:
title: Fetch more details about a flight
method: GET
path: /flights/{flightNumber}/details
parameters:
- name: flightNumber
in: path
description: The flight number
required: true
schema:
type: string
acl:
allow:
- developers
- description: Book a flight
annotations:
title: Book a flight
method: POST
path: /flights/{flightNumber}/bookings
parameters:
- name: flightNumber
in: path
description: The flight number to book
required: true
schema:
type: string
request_body:
required: true
content:
application/json:
schema:
type: object
properties:
passenger_name:
type: string
passenger_email:
type: string
format: email
seat_preference:
type: string
enum: [window, aisle, middle]
required:
- passenger_name
- passenger_email
- description: Delete a flight booking
annotations:
title: Delete a flight booking
method: DELETE
path: /bookings/{bookingId}
parameters:
- name: bookingId
in: path
description: The booking ID to delete
required: true
schema:
type: string
server:
timeout: 60000These features help you ensure that AI traffic through the Gateway remains secure, governed, and compliant — even in highly dynamic, multi-agent environments.
Say goodbye to lock-in. This release adds first-class support for several new providers:
With these additions, Kong AI Gateway becomes a truly multi-cloud, multi-model AI platform — giving teams flexibility to choose providers based on cost, compliance, performance, or capability.
We're excited to empower organizations to govern a tool that nearly every developer uses, Anthropic’s Claude Code. With one line of configuration, access to Claude can be secured, governed, and observed end-to-end–finally adding that governance layer to Claude-powered dev productivity.
Views the docs [here](https://developer.konghq.com/how-to/use-claude-code-with-ai-gateway-anthropic/)here.
AI infrastructure isn’t just about performance and scale — safety and compliance matter. That’s why this release brings built-in integration with Lakera.ai guardrails. With AI Gateway 3.13, you can:
Combined with [existing plugins](https://developer.konghq.com/plugins/?category=ai)existing plugins (such as prompt guard, PII sanitizer, and semantic caching), this makes Kong AI Gateway ideal for enterprise deployments where safety and compliance are non-negotiable.
Learn how to integrate with Lakera [here](https://developer.konghq.com/how-to/use-ai-lakera-guard-plugin/)here.
Modern AI workflows are complex. Think: batch inference, file-based generation, multi-modal inputs (text, image, audio), streaming outputs, and long-lived agent loops. This release expands support for:
All providers (old and new) that support these advanced text generation patterns (old and new) can now benefit from a unified, consistent interface — reducing complexity and speeding up development.
The support matrix can be viewed [here](https://developer.konghq.com/plugins/ai-proxy-advanced/#advanced-text-generation)here.
AI workloads increasingly demand high availability, low-latency scaling, and resilience. This release adds:
With these enhancements, Kong AI Gateway strengthens its role as a purpose-built load-balancing and traffic-management layer for GenAI and agent workloads.
AI systems have moved beyond single-model, one-off requests. What organizations need now is infrastructure that handles:
This release empowers you to build systems that meet — and exceed — those needs.
Ready to try out the new release of Kong AI Gateway? You can get started for [FREE with Konnect Plus](https://konghq.com/products/kong-konnect/register)FREE with Konnect Plus. If you already have a Konnect account, visit the official [product page](https://konghq.com/products/kong-ai-gateway)product page or dive straight into the [demos and tutorials](https://konghq.com/blog/product-releases/ai-gateway-3-11#:~:text=straight%20into%20the-,demos%20and%20tutorials,-.%C2%A0)demos and tutorials.
If you want to learn more, check out the updated [docs](https://developer.konghq.com/index/ai-gateway/)docs, [provider blueprints](https://developer.konghq.com/plugins/ai-proxy-advanced/)provider blueprints, and [example configurations](https://developer.konghq.com/plugins/?category=ai)example configurations on the website. Declarative config (decK / Terraform) tooling is already updated with new plugin settings for ACLs, guardrails, load balancing, and provider configuration.
Ready to build safer, smarter, multi-model AI infrastructure at scale? Dive in today and let us know what you build.
Kong Agent Gateway Is Here — And It Completes the AI Data Path Kong Agent Gateway is a new capability within Kong AI Gateway that extends our platform to more robustly cover agent-to-agent (A2A) communication. With this release, Kong AI Gateway n
[](https://konghq.com/blog/product-releases/kong-agent-gateway)
Bring Financial Accountability to Enterprise LLM Usage with Konnect Metering and Billing Showback and chargeback are not the same thing. Most organizations conflate these two concepts, and that conflation delays action. Understanding the LLM showb
[](https://konghq.com/blog/enterprise/llm-cost-management-ai-showback-and-chargeback)
The Shifting Economic Landscape: The AI token economy in 2026 is evolving, and enterprise leaders must distinguish between low-cost input tokens and high-premium output tokens to maintain profitability. Agentic AI Financial Risks: The transition t
[](https://konghq.com/blog/enterprise/ai-input-vs-output-cost-management)
What does the solution space look like so far? The solution landscape is complicated by the fact that MCP is still finding its footing, and there are many various OSS projects and vendors that are rapidly shipping “MCP support” in an attempt to take
[](https://konghq.com/blog/product-releases/enterprise-mcp-gateway)
Today, we're open-sourcing Volcano SDK, a TypeScript SDK for building AI agents that combines LLM reasoning with real-world actions through MCP tools. Why Volcano SDK? One reason: because 9 lines of code are faster to write and easier to manage tha
[](https://konghq.com/blog/product-releases/volcano)
If you're a builder, you likely keep sending your LLM credentials on every request from your agents and applications. But if you operate in an enterprise environment, you'll want to store your credentials in a secure third-party like HashiCorp Vault
[](https://konghq.com/blog/product-releases/hashicorp-vault-support-for-llms)
Today, we're excited to announce the general availability of AI Manager in Kong Konnect, the platform to manage all of your API, AI, and event connectivity across all modern digital applications and AI agents. Kong already provides the fastest and m
[](https://konghq.com/blog/product-releases/kong-ai-manager)