Today we're excited to announce Kong Gateway 3.9!
Since unveiling Kong Gateway 3.8 at [API Summit 2024](https://konghq.com/events/conferences/api-summit)API Summit 2024 just a few months ago, we’ve been busy making important updates and improvements to Kong Gateway. This release introduces new functionality around LLM support for [AI governance](https://konghq.com/blog/learning-center/what-is-ai-governance)AI governance and security and threat protection. Keep reading to learn more!
With the Kong Gateway 3.9 release, we also shipped new improvements to our [AI Gateway](https://konghq.com/products/kong-ai-gateway)AI Gateway. This new release ships with support for a new GenAI provider, Hugging Face, providing users with access to more than 1.1 million new AI models. You'll be able to easily secure, observe, and govern the Hugging Face models via the Kong AI Gateway in the same way you are currently able to do so for GCP Vertex, AWS BedRock, Azure AI, OpenAI, Mistral, Antrophic, Cohere, and more.
Support for AI agentic workflows has also been significantly improved by enhancing AI Gateway’s function-calling capabilities across every GenAI provider. Building chatbots, AI agents, and "copilot" capabilities has never been easier while ensuring governance, security, speed, and observability via the AI capabilities available through Kong's AI Gateway.
Given how mission-critical [API security](https://konghq.com/resources/reports/api-security-ai-threats-it-leader-insights-2025)API security is from a tech and financial perspective, we decided to further our API security offering with new API security functionality: injection protection and service-level rate limiting.
An injection attack is a type of security vulnerability where an attacker exploits flaws in a system to inject malicious data or code into a program, query, or request. The goal is to manipulate the system's behavior, often to gain unauthorized access, retrieve sensitive information, or execute malicious actions.
There are several different kinds of injection attacks (SQL, XSS, etc.), and now you can use Kong to protect your organization from these malicious threat vectors.
Kong Gateway can now enforce injection protection policies, all powered by the new [Injection Protection plugin](https://docs.konghq.com/hub/kong-inc/injection-protection/)Injection Protection plugin. This new enterprise plugin is designed to cover a wide range of common injection patterns, such as SQL, XSS, Server-side include, XPath Syntax, and Java Exception — all out of the box. The plugin will extract information from request headers, path, query, or body payload parameters and evaluate that content against pre-defined regular expressions. If the content matches any of the patterns, the request is flagged as malicious and blocked.
If our default patterns don't meet your needs, you can define custom patterns and have the gateway validate requests against those as well. This gives you the power to customize the injection protection plugin to fit the unique API security needs of your organization.
Learn more about getting started with the [Injection Protection plugin](https://konghq.com/blog/product-releases/content-inspection-injection-attack-protection)Injection Protection plugin on the Kong blog, or head over to the [plugin documentation](https://docs.konghq.com/hub/kong-inc/injection-protection/)plugin documentation.
Rate limiting is "bread-and-butter" API gateway functionality and is key in making sure that API traffic is secure, reliable, and performant.
Gateway 3.9 expands the scope of Kong rate limiting, allowing you to enforce fine-grained rate limits and access controls at the service level. While service-level rate limiting was already possible by combining the existing rate-limiting plugin with the advanced rate-limiting plugin, you can now do it with a single plugin dedicated to service-level protection. This enables you to enforce multiple rate limits for a single API at both the service and route or consumer levels when used in conjunction with other rate-limiting plugins.
The new Service protection plugin enables this. To learn more and get started, check out the [plugin documentation](https://docs.konghq.com/hub/kong-inc/service-protection/)plugin documentation.
Start with Kong Gateway 3.9 by [signing up for Kong Konnect](https://konghq.com/products/kong-konnect/register)signing up for Kong Konnect for free. Or, if you want to try Kong Gateway Enterprise 3.9, you can explore the options for getting started [here](https://konghq.com/install)here.
To explore the comprehensive list of features, fixes, and updates, please see the available CHANGELOG for Kong Gateway Enterprise [here](https://docs.konghq.com/gateway/changelog/)here.
Imagine you have a single Service, order-api . You want to apply a strict rate limit to most traffic, but you want to bypass that limit—or apply a different one—if the request contains a specific X-App-Priority: High header. Previously, you had t
[](https://konghq.com/blog/engineering/conditional-policy-execution)
How OAuth 2.0 Token Exchange Reshapes Trust Between Services — and Why the API Gateway Is Exactly the Right Place to Enforce It Modern applications don’t run as a single monolithic. They are composed of services — frontend APIs, backend microservi
[](https://konghq.com/blog/engineering/token-exchange-at-the-gateway)
How Kong Gateway 3.14 closes the consistency gap in IAM-based authentication across AWS, Azure and GCP — and what it means for your production deployments Starting with 3.13 (which addressed Redis support) and completed in 3.14, Kong now presents
[](https://konghq.com/blog/engineering/cloud-native-authentication)
Traditional APIs are, in a word, predictable. You know what you're getting: Compute costs that don't surprise you Traffic patterns that behave themselves Clean, well-defined request and response cycles AI APIs, especially anything that runs on LLMs
[](https://konghq.com/blog/engineering/monetize-ai-apis)
We're thrilled to announce the general availability of Kong Gateway 3.7 and Kong Gateway Enterprise 3.7. Along with enhancements and new features for both OSS and enterprise users, this version comes with the general availability of our edge AI Gate
[](https://konghq.com/blog/product-releases/kong-gateway-3-7)
Kong Gateway Enterprise 3.5 is packed with security features to support the use cases demanded by our enterprise customers through major improvements in Secrets Management integrations and our Open-ID Connect (OIDC) plugin. Additionally, we’ve a
[](https://konghq.com/blog/product-releases/kong-gateway-enterprise-3-5)
Managing gateway configurations at scale is harder than it looks. When a plugin needs to apply to most routes, but not all, teams could either duplicate configuration across routes and violate DRY (“Don’t Repeat Yourself”) principles, or write custo
[](https://konghq.com/blog/product-releases/kong-gateway-3-14)