Make MCP Production-Ready: Introducing Kong’s Enterprise MCP Gateway
With Kong AI Gateway 3.12, Kong aims to solve the pressing problems around MCP server consistency, MCP authentication, AI workflow costs, and more
The Model Context Protocol (MCP) represents a transformative shift in how AI agents connect to data and tools, but the path to production-readiness and real-world AI value is still fraught with challenges.
As organizations rush to adopt MCP and build agentic workflows, they're encountering four critical barriers:
- Consistency and sprawl issues as developers spin up ad-hoc MCP servers without standardized processes or governance
- Major security gaps stem from MCP's still-evolving authentication specification, novel identity management challenges, and tool protection use cases
- As more servers and tools are added to MCP workflows, more — and often, irrelevant — context is added to every prompt, leading to significantly more expensive and less performant LLM interactions
- Resilience risks abound as infrastructure providers struggle to handle the massive load that agents will introduce.
These aren't minor hurdles. In fact, they're fundamental obstacles that must be solved before MCP can truly scale in enterprise environments.
What does the solution space look like so far?
The solution landscape is complicated by the fact that MCP is still finding its footing, and there are many various OSS projects and vendors that are rapidly shipping “MCP support” in an attempt to take advantage of the hype and attention around MCP.
Unfortunately, many early attempts at solutions have missed the boat, and organizations find themselves in a place where they now have even more MCP challenges than they may have had before, with no easy way to identify which solutions promise real value. Some examples include half-hearted tools that:
- Help you generate MCP servers but don’t include support for enforcement of consistent MCP server generation standards around guardrails, security, authN, etc.
- Re-use existing API gateway authN policies that were made for the HTTP API world instead of AuthN policies that are created and/or updated to suit very specific MCP needs
- Help organizations identify and build more and more tools without giving them the ability to semantically select between different tools and avoid the performance burdens associated with excess MCP tool calling
- Promise MCP observability, but really just capture minimal information around how many MCP servers might exist and who might be consuming them
At Kong, we’ve taken a different approach — one that prioritizes meaningful support over chasing hype, building on our trusted foundation as the innovator in AI gateway infrastructure, and leveraging our deep expertise from shipping the first enterprise-grade AI gateway for LLM traffic, agentic workflows, and advanced AI-powered automation.
We’re solving the pressing problems around enterprise MCP usage. Here’s how.
MCP server generation, standardized
In today's rapidly evolving AI landscape, the imperative is clear: organizations must accelerate agent development and rapidly validate what drives business value. Success requires a robust ecosystem of APIs and MCP-enabled tools that empower agents to leverage leading LLMs for mission-critical outcomes without introducing excess governance risks and/or costs.
Today, engineers are spinning up MCP servers left and right. Many organizations have no way to standardize this process and enforce MCP server development best practices around quality, security, visibility, and resilience. This, as you might anticipate, leads to buggy, risky MCP server development and exposure. And it means more time and money eventually spent debugging and mitigating serious incidents.
Kong AI Gateway eliminates this friction entirely with our new MCP server generation capability. With Kong AI Gateway, you’re able to take any existing Kong-managed REST API and generate a remote MCP server (hosted by Kong) so that agents, AI coding tools, and other AI applications can better consume the functionality of your existing APIs as tools.
But, it's much more than just server generation. We’ve already talked about how enabling server generation without the ability to enforce standards and guardrails at the moment of generation can lead to more problems than it ever solves.
This is where the AI Gateway truly helps.
By offloading MCP server generation responsibilities to Kong AI Gateway, you can use Kong’s policy/plugin engine and automation solutions to automatically apply security and observability for every single MCP server that is generated from your REST APIs, eliminating the governance issues associated with today’s disparate MCP server development sprawl.
Organizations can now transform their existing API infrastructure into MCP-compatible tools instantly, without writing a single line of server code or managing deployment complexity. This native integration accelerates agent development cycles from weeks to minutes without the future risk of serious security, quality, cost, or resilience issues, allowing teams to focus on what truly matters: building intelligent agents and AI applications that deliver measurable business value.
And that’s just the beginning of our MCP Gateway. Read on to learn more about the new OAuth policy/plugin and MCP observability, plus some hints about what's coming next.
Solve for novel MCP authorization challenges with the new MCP OAuth policy
Security has been one of the most significant barriers to MCP adoption in enterprise environments. The MCP specification was initially released without a comprehensive authentication framework, creating critical vulnerabilities that left organizations unable to safely deploy MCP servers at scale.
Fortunately, in June 2025, the official MCP specification introduced OAuth support, establishing that MCP servers should function as OAuth Resource Servers and delegate authentication and token issuance to separate Authorization Servers.
Kong AI Gateway's new OAuth 2.1 implementation, available in version 3.12, fully aligns with this specification by positioning Kong as the OAuth Resource Server in the MCP authentication flow.
This native integration means that Kong not only enforces authentication standards but also serves protected resource metadata directly to MCP clients, eliminating the need for custom authentication logic in each individual MCP server.
The impact of this centralized approach is transformative for enterprise deployments. As organizations build growing ecosystems of MCP tools — whether hand-coded or auto-generated from APIs — each one requires proper security to ensure MCP clients are authenticated when accessing sensitive data and services.
Rather than burdening developers with implementing OAuth for every MCP server they create, Kong's OAuth plugin secures all MCP servers simultaneously at the gateway level with a single configuration. This centralization dramatically reduces security risk, accelerates deployment timelines, and ensures consistent authentication policies across the entire MCP ecosystem. For enterprises navigating the complexity of agentic AI adoption, Kong's MCP Auth implementation provides the production-grade security foundation that makes large-scale MCP deployments viable.
Understand every aspect of your MCP rollout
Kong is solving for MCP server generation consistency and AuthN, but that’s not all that an organization needs to be aware of. Whether in development and test for preparation’s sake or in prod, organizations also need dedicated MCP observability.
Without comprehensive observability, platform teams operate blindly, unable to track which tools agents are invoking, identify performance bottlenecks, or understand the resource consumption patterns that drive LLM costs.
Kong AI Gateway 3.12 introduces purpose-built MCP traffic observability that brings the same level of monitoring rigor to MCP servers that enterprises have long expected for traditional APIs. The platform provides granular tracking of tool usage patterns, enabling teams to understand which MCP capabilities agents rely on most heavily and identify underutilized servers that may be candidates for deprecation. Equally important, Kong captures prompt and completion sizes flowing through MCP interactions, surfacing the context bloat that drives unnecessary LLM expenses and degrades agent performance.
Beyond usage analytics, Kong's observability framework delivers real-time performance monitoring of MCP servers themselves. Teams gain visibility into latency metrics, error rates, and throughput patterns across their entire MCP ecosystem, enabling proactive identification of performance degradation before it impacts agent reliability. This telemetry integrates seamlessly with existing observability stacks, providing platform teams with a unified view of their agentic infrastructure.
For organizations managing dozens or hundreds of MCP servers across development and production environments, this level of visibility transforms MCP from an opaque black box into a fully instrumented, governable component of the AI infrastructure stack, which is essential for maintaining service-level objectives and optimizing both performance and cost at scale.
With this new level of MCP observability, organizations can continue to further centralize and standardize how they capture monitoring and observability metrics for their APIs, event streaming, and AI-powered applications. Of course, you can see these metrics and dashboards native in Konnect as well as in your enterprise-wide SIEM and observability tooling.
What’s next for Kong’s enterprise MCP Gateway?
Kong AI Gateway 3.12 marks just the beginning of our MCP Gateway journey. While we won’t reveal too much just yet, we’d like to share a glimpse into the product areas we’re actively developing for upcoming releases.
- Optimize MCP context and LLM costs: You’ll be able to leverage Kong AI Gateway’s underlying semantic intelligence to automate the selection and injection of tools based on specific prompts and agent needs. This will drastically increase LLM performance and reduce overall LLM costs associated with MCP usage.
- Curate tool collections for specific use cases: Group related MCP servers into domain-specific bundles (like "DevOps" with GitHub, Jira, and Jenkins) that can be exposed through dedicated gateway endpoints, enabling agents to access contextually relevant toolsets without manual server discovery.
- Centralize policy management at the server bundle level: Apply authentication policies and tool selection rules once per bundle rather than per server, dramatically simplifying governance while ensuring consistent security and access controls across all MCP servers within each collection.
Rest assured, there's much more coming, but we wanted to give you little insight into where we're going in the near future. If you’ve got any questions or requests for our MCP Gateway, please reach out to your Kong CSM or point of contact.
How can I get started with the Kong MCP Gateway?
Kong’s MCP Gateway is a part of our larger AI Gateway offering and is an enterprise-only solution that leverages paid plugins. You can use the MCP Gateway functionality in both Kong Gateway Enterprise for fully self-hosted deployments and in Kong Konnect for hybrid and cloud deployments where you also get the value of Konnect’s Developer Portal, Service Catalog, Advanced Analytics, and more.
If you want to try the new MCP Gateway, either reach out to your CSM or a known point of contact at Kong — or book a demo to explore an enterprise POC.
Not just the MCP Gateway: Kong introduces advanced new LLM Gateway functionality
Kong AI Gateway isn’t just an MCP Gateway. It started as and continues to be the most advanced and feature-rich LLM Gateway on the market.
And this is crucial for both MCP and LLM use cases, and both will rely on each other and both are critical parts of the AI data path that need building, running, discovering, and governing.
We’ve already discussed our MCP updates. Now it’s time to turn attention to the breakthrough new LLM Gateway value that was added in 3.12 with the new LLM as a Judge policy/plugin, GCP Model armor integration, and more. Let’s dig in!
Bolster LLM output and quality with the LLM as a Judge policy
As organizations deploy AI applications and agents at scale, ensuring output quality and safety becomes paramount. However, traditional rule-based validation struggles to evaluate the nuanced, natural language responses that LLMs generate. The "LLM as a Judge" approach addresses this by leveraging a separate LLM instance to assess the quality, accuracy, relevance, and safety of primary LLM outputs before they reach end users or trigger downstream actions.
This approach enables sophisticated evaluation criteria that would be impractical to encode as static rules: detecting hallucinations, verifying logical consistency, assessing tone appropriateness, and identifying potential policy violations. The trick here is governance. Like any other best practice and approach, “LLM as a Judge” must be implemented across the organization consistently to drive the most value and deliver maximum LLM confidence – something that will only become more and more important in an MCP, AI agent, and AI coding assistant world.
Your team now has the power of this consistency in your Kong AI Gateway with the new LLM and a Judge policy/plugin. When enabled, Kong AI Gateway will leverage a third-party LLM to evaluate responses from proxied LLMs to determine quality. From here, the AI Gateway can:
- Filter problematic outputs
- Route responses for human review
- Continuously improve MCP and agentic workflow reliability
And it can do all of this consistently and without sacrificing velocity by designing and enforcing "LLM as a Judge policy" as automated guardrails leveraging Kong’s industry-leading automation solutions.
Strengthen your AI security posture with the new GCP Model Armor integration
Google Cloud's Model Armor represents a significant advancement in enterprise AI safety, providing sophisticated content filtering, PII detection, and adversarial attack prevention specifically designed for production LLM deployments.
Kong AI Gateway's new native integration with Model Armor enables organizations to leverage Google's enterprise-grade safety controls without building custom middleware or introducing additional latency into their AI workflows. This integration is particularly valuable for enterprises already invested in the Google Cloud ecosystem, as it allows security policies configured in Model Armor to be enforced consistently across all LLM traffic flowing through Kong — whether targeting Google's Vertex AI models or third-party providers.
By centralizing Model Armor enforcement at the gateway layer, organizations gain unified protection across their entire multi-model AI infrastructure while maintaining the flexibility to apply differentiated safety policies based on use case, user context, or compliance requirements.
More improvements to the LLM Gateway
While the LLM as a Judge policy and Model Armor integration top the list of LLM Gateway highlights, we introduced more important functionality in AI Gateway 3.12:
- PII sanitization now works on the response as well as on the request: You can sanitize both incoming requests and outgoing responses to and from an LLM, ensuring that no PII makes it into a model or out of an already-compromised model.
- You can now use AWS MemoryDB as an additional vector storage system in addition to Redis.
Where can you learn more?
If you aren’t already investing in an AI Gateway strategy, you’re likely behind others in your space. Luckily, Kong offers what you need to get started and rapidly ship AI workflows into production. If you want to learn more, check out the AI Gateway docs or reach out to your main Kong’s point of contact. We look forward to working with you and seeing what AI applications and agents you build on top of Kong’s advanced LLM and MCP infrastructure.
Did you hear about Kong’s other MCP support across the platform?
We aren’t just building MCP support into the AI Gateway. We’ve also announced brand-new MCP support across other areas of Konnect that we highly recommend you check out.
- MCP consumption and production flows with new MCP-enabled AI coding tool access to your Developer Portals
- MCP integration and composition in Konnect
- The new Konnect MCP server webpage
Check out the blog and webpage, or reach out to your Kong point of contact to learn more.
AI-powered API security? Yes please!
