Systems | Development | Analytics | API | Testing

Enforce API Standards with Custom Linting in Kong Insomnia 13

As APIs grow across teams, keeping them consistent becomes difficult. Some APIs follow naming conventions and include clear descriptions, while others don’t. Over time, these differences make APIs harder to understand, review, and maintain. That is where API linting helps. That made it possible to apply custom Spectral rules as part of local development, Git workflows, or CI checks.. Teams can now upload and manage custom Spectral rulesets directly from the Insomnia UI.

How to Proxy Every AI Traffic Pattern Through One Gateway

Production AI no longer generates one kind of traffic. It generates four patterns, and most teams govern only one. **AI traffic management** starts with a single decision: **proxy AI traffic** through one control point instead of letting it flow straight from application code to model providers. Skip that step and security teams have no policy chokepoint, token spend climbs with no meter, and every new provider adds an integration nobody owns.

Announcing Kong AI Gateway 2.0: Built for the Pace of Agentic AI

We have big news for platform and AI infra teams: *Kong AI Gateway 2.0 is available today in private beta*. It runs on its own dedicated runtime, ships on its own release cadence, and carries a completely reimagined user experience designed around the way teams actually build with AI: models, MCP servers, and agents as first-class citizens, not plugins bolted onto an API gateway.

Kong and ModelOp Partner to Deliver Zero-Trust Security for the Agentic Enterprise

We're thrilled to announce a strategic technology partnership between **Kong** and **ModelOp**. As enterprises rapidly transition into the agentic era, they face a critical challenge: how to deploy AI fast enough to stay competitive without taking on unacceptable regulatory or security risks. Together, **ModelOp** and **Kong** are solving the "last mile" problem of enterprise AI delivery.

Kafka in a DMZ: Protecting AWS MSK with Kong Event Gateway

Running Apache Kafka on Amazon Managed Streaming for Apache Kafka (MSK) gives you a managed broker with no ZooKeeper to operate, automated patching, and multi-AZ replication handled by the service. What it doesn't give you is a safe, governed way to expose Kafka access beyond your VPC boundary. That problem looks simple on the surface. It isn't. And how you solve it has significant implications for security posture, operational complexity, and monthly cost.

Shadow AI Detection: The Enterprise Governance Guide

Shadow AI detection is the practice of finding and governing unsanctioned AI tools, models, and API integrations that employees deploy without security approval. It has become urgent because these tools route live enterprise data to external models in real time, and traditional security stacks cannot see them. The 2026 Cordyceps disclosure, which exposed identical AI-generated vulnerabilities across 300+ GitHub repositories, showed how fast ungoverned AI can turn into a supply-chain crisis.

Enterprise-Grade MCP Access Control Is Here. Your Gateway Makes It Real.

*Kong makes every MCP client and server work with Enterprise-Managed Authorization, whether they speak the protocol or not.* The MCP demo impressed the room. Then someone asked how 5,000 employees would connect to 40 MCP servers, and the answer was: one OAuth consent screen at a time. Per user. Per server. No central policy, no unified audit trail, and nothing stopping a personal account from getting wired into a work tool.

AI Gateway vs. Direct LLM API Integration: The Architecture Decision Defining Your AI Strategy

Enterprise AI adoption is accelerating. In PwC's April 2025 survey of 308 US business executives, 88% said they plan to increase AI-related budgets in the next 12 months . But scaling AI from pilot to production exposes a structural problem most teams discover too late: **direct LLM API integration** creates fragility at scale. The question is not whether your organization will consume multiple LLMs. It is how you will govern that consumption without building bespoke infrastructure for every provider.