APIs are the lifeblood of disruption . . . when leveraged correctly. The best, most disruptive businesses are able to harness API growth as a strategic opportunity. But how? With an API platform that drives innovation, faster delivery, and top-tier customer experiences alongside a top-notch…
[](/blog/product-releases/new-enhancements-to-konnect)
AI is quickly transforming the way businesses operate, turning what was once futuristic into everyday reality. However, we're still in the early innings of AI, and there are still several key limitations with AI that organizations should remain aware of to ensure that AI is being leveraged in a…
[](/blog/enterprise/automated-rag-hallucination-proof-llms)
The excitement around large language models (LLMs) and agentic AI is justified. These systems can summarize, generate, reason, and even take actions across APIs — all with minimal human input. However, as enterprises race to integrate LLMs into real-world workflows — especially when those…
[](/blog/enterprise/building-pii-sanitization-for-llms-and-agentic-ai)
As the need for speed in business can seemingly be at odds with the need for control, organizations developing APIs today face a critical challenge: how can you empower developers to build and deploy APIs quickly while maintaining enterprise-wide governance and security? More traditional API…
[](/blog/enterprise/federated-api-management)
It’s no secret that artificial intelligence (AI) is revolutionizing the way companies operate with its ability to sift through mountains of data and make accurate predictions at record speed. But with great power comes great responsibility. As AI systems are more regularly incorporated into…
[](/blog/enterprise/how-to-harness-ai-data-governance)
The momentum of Kong Insomnia continues with the latest v10 GA release, which ships with an incredible amount of capabilities like the long-awaited Collection Runner built into the application, a new governance capability called “Invite Control,” and an entirely new capability for AI consumption.…
[](/blog/product-releases/insomnia-10)
This post is part of a series on becoming a secure API-first company. For a deeper dive, check out the eBook Leading Digital Transformation: Best Practices for Becoming a Secure API-First Company. As APIs have become mission-critical , securing them against threats is crucial. APIs are an…
[](/blog/engineering/layered-security-for-managing-apis)
In token-based architecture, tokens represent the client’s entitlement to access protected resources. Access tokens (or bearer tokens as they're commonly known) are issued by authorization servers after successful user authentication. The tokens are passed as credentials in the request to the…
[](/blog/engineering/mtls-sender-constrained-tokens)In today’s modern digital environment, more organizations are relying on remote work than ever before. While this shift has given companies unprecedented flexibility when it comes to deploying their workforce, it has also presented challenges in keeping their devices, operations, and personnel…
[](/blog/engineering/ztna-vs-vpns)
APIs serve as the foundation for how software systems and services communicate and exchange data. But unmanaged and unsecured APIs can open up massive vulnerabilities that lead to disastrous security breaches and data leaks without proper governance. With API-related attacks increasing — and set…
[](/blog/enterprise/reduce-api-security-risks-with-standardized-governance)
The Open Web Application Security Project (OWASP for short) is a not-for-profit entity devoted to improving the security of software. Founded in 2001, OWASP is a global organization that supports thousands of volunteers globally to produce freely available articles, documentation, tutorials, and…
[](/blog/engineering/owasp-top-10-api-security-2023)
We live in an API-driven economy , where Application Programming Interfaces (APIs) are increasingly being used to open new revenue channels, accelerate time to market and democratize data. Enterprises are constantly striving to build faster, more reliable and easier to use APIs. They understand…
[](/blog/enterprise/kong-vs-apigee-pain-free-compliance)
If you've been online at all this week, chances are that you've heard about the Log4Shell zero-day ( CVE-2021-44228 ) in Log4J, a popular Java logging library. The vulnerability enables Remote Code Execution (RCE), which allows attackers to run arbitrary code on the target's machines. I know the…
[](/blog/engineering/log4j-log4shell)
Almost all aspects of businesses are transforming to digital and internet-based solutions. It’s happening from the ground up, starting with developers. You're building applications for your organizations, and you're racing to get software and services out to the market faster. The faster your…
[](/blog/enterprise/api-gateway-governance)Secure your AI infrastructure with prompt guards, PII sanitization, and centralized governance. Control LLM costs with token-based rate limiting and semantic routing across providers.