What happened
On June 24, 2026, Noma Security and Kong announced an integration embedding Noma's runtime AI security directly into Kong's AI Gateway. The joint solution monitors and enforces policy on AI agent interactions — prompts, model responses, tool calls, MCP activity, and API traffic — as they flow through Kong's gateway, combining Kong's AI connectivity/governance fabric with Noma's independent runtime enforcement layer.
Why it matters
Most enterprises already route AI traffic through an API gateway; this integration adds runtime security enforcement without a separate network hop or agent deployment. It specifically addresses the gap that API gateways alone cannot fill: determining whether an MCP server is malicious, whether a tool call is authorized, or whether a response carries data exfiltration content.
Applicability
Enterprises using Kong as their AI gateway layer should evaluate the Noma integration now; security teams seeking runtime AI agent controls without new infrastructure should prioritize this.