The latest news and announcements about Kong, our products, and our ecosystem, as well as voices from across our community.
Imagine you've built a sophisticated smart house, controlling everything from lights to the espresso machine with just a smartphone tap. Now picture a hacker hijacking your system, turning your morning latte into a high-tech security breach. This collision of connectivity and vulnerability…
[](/blog/learning-center/what-is-api-security)
When speaking with our customers, and particularly with platform teams, we repeatedly hear about how difficult it is to discover and govern all the services and APIs that actively run on their infrastructure. In ever-expanding and changing environments, platform teams often grapple with the…
[](/blog/product-releases/create-an-internal-api-and-service-inventory)
Kong customers include some of the most forward-thinking, tech-savvy organizations in the world. And while we’re proud to help them innovate through traditional APIs, the reality is that their ambitions don’t stop there. Increasingly, our customers are investing heavily in real-time data and event…
[](/blog/product-releases/kong-event-gateway)
Open source software has become an indispensable component of modern software development. With its easy accessibility, it offers numerous benefits such as cost savings, flexibility, and collaborative innovation. Since the use of open source components has become so mainstream, it poses some unique…
[](/blog/engineering/implementing-an-open-source-vulnerability-management-strategy)
In the SaaS world, providers must offer tenant isolations for their customers and their data. This is a key requirement when offering services at scale. At Kong, we've invested a lot of time to provide a scalable and seamless approach for developers to avoid introducing breaches in our systems. In…
[](/blog/engineering/ensuring-tenant-scoping-row-level-security)
As cybersecurity takes the main stage, organizations face a significant challenge: how do you strike a balance between maintaining a high level of security and ensuring employees have enough data access to perform their jobs properly? Role-based access control (RBAC) is a solution that can support…
[](/blog/learning-center/what-is-rbac)
We’re excited to announce the general availability of Kong Insomnia 11! This release introduces third-party vault integrations for enhanced security, an all-new Git sync experience for more seamless collaboration, and support for multi-tabs to improve efficiency within the Insomnia application.…
[](/blog/product-releases/insomnia-11)
Cloud native application development relies heavily on APIs. APIs have proven themselves as a scalable and efficient way to capture, deploy, and scale functionality. Consequently, APIs became a target for malicious actors to misuse. Therefore, building quality APIs with adequate security controls…
[](/blog/engineering/secure-apis-with-kong-and-traceable)
Ensuring secure access to applications and APIs is critical. As organizations increasingly adopt microservices architectures and cloud native solutions, the need for robust, fine-grained access control mechanisms becomes paramount. This is where the combination of Open Policy Agent (OPA) and Kong…
[](/blog/engineering/secure-access-control-with-opa-and-kong)
Today we're excited to announce Kong Gateway 3.9! Since unveiling Kong Gateway 3.8 at API Summit 2024 just a few months ago, we’ve been busy making important updates and improvements to Kong Gateway. This release introduces new functionality around LLM support for AI governance and security and…
[](/blog/product-releases/kong-gateway-3-9)
APIs facilitate effortless communication and data exchange between applications and services. However, their inherent design, which codifies service capabilities within the API definition, makes them easily exploitable by malicious actors. API attacks in the US alone are projected to cost $506…
[](/blog/product-releases/content-inspection-injection-attack-protection)
More than 80% of developers and business leaders say AI investments have already created the opportunity for new products or services, according to Kong’s 2024 API Impact Report . Clearly, AI has proven its value and place in the enterprise, but with new innovations come new potential…
[](/blog/enterprise/cost-of-api-security-incidents-2025)
In today's interconnected web ecosystem, modern applications frequently need to communicate across different domains, making Cross-Origin Resource Sharing (CORS) a fundamental concept for web developers to master. This comprehensive guide explores CORS from its basic principles to advanced…
[](/blog/learning-center/what-is-cors-cross-origin-resource-sharing)
Application programming interfaces (APIs) are everywhere, and they play a role in running nearly everything in our digital-centric lives. Each time you launch a web page or an app on your phone, dozens of API calls are happening in the background to render an experience heavily customized to you.…
[](/blog/engineering/api-security-best-practices)
We're excited to announce the release of Kong Gateway 3.8 , a significant update that marks a major milestone in the evolution of our API management platform. This release is packed with enhancements designed to boost performance, fortify security, and provide greater flexibility and ease of use…
[](/blog/product-releases/kong-gateway-3-8)Secure your AI infrastructure with prompt guards, PII sanitization, and centralized governance. Control LLM costs with token-based rate limiting and semantic routing across providers.