AI agents force enterprises to rethink infrastructure and governance
Thu, 16th Jul 2026 (Today)
The growing use of AI agents is changing the technical and operational requirements facing enterprises, as automated systems begin interacting directly with application programming interfaces, company data and business workflows.
Technology executives expect AI agents to generate new forms of traffic, require machine-based authentication and increase demand for stronger controls over data use. Organisations are also assessing the operational costs, governance structures and employee practices associated with wider AI deployment.
The changes extend beyond the selection of individual AI tools. They involve the systems used to connect applications, the controls governing confidential information and the operating models used to manage technology across the business.
Agent traffic
Kong Vice President and Field CTO for Solutions Engineering APJ Ned Shawa said enterprises need to reconsider whether their API infrastructure is prepared to become the primary interface to the business.
As agentic AI becomes embedded in workflows, APIs could receive far more automated requests than traditional human-driven systems. This creates requirements around traffic controls, authentication, security and consumption tracking.
According to Shawa, technology teams need to prepare for APIs to be exposed to large volumes of agent-generated activity.
"That means rethinking rate limiting for agent-scale traffic, context mesh and MCP autobuilds, prompt injection protection, guardrails and PII sanitisation if we are exposing AI," he said. "It means authentication flows that work for machines, not just humans. It means metering that tracks API consumption as a revenue metric, not just an infrastructure metric, although chargebacks and showbacks are as important. And it means pricing models that align with how agents consume your services - per-call, per-transaction, per-outcome."
Kong's recent product announcements have focused on helping enterprises build and govern AI applications at scale.
These include the integration of Insomnia with Kong Konnect, Context Mesh and the MCP Registry within Kong Konnect for discovering and governing connections used by AI agents. Kong has also enhanced its AI Gateway with Agent Gateway capabilities.
The company's position is that API management will need to account for automated consumers that behave differently from employees, customers or conventional software applications.
Machine users
Tuned Global Managing Director Con Raso expects AI systems to become direct users of APIs as agent technology grows more capable.
Although Tuned Global operates in music streaming technology, Raso said the underlying change has broader implications for enterprise infrastructure.
Music services currently provide APIs that allow developers to connect applications with catalogues, streaming systems and related services. Raso expects AI systems to take over more of the work involved in querying and assembling those services.
"We're seeing that in the future, it will more likely be AIs that are querying our systems than developers directly. That's called MCP (Model Context Protocol), which is the technology that allows AI systems like OpenAI to use our APIs as though it was just an extension of itself," he explained.
"Developers could go to something like OpenAI and say, 'Here's what I'm building, I'm using Tuned Global, here are some credentials', and it would actually just use our infrastructure to actually build out a full end solution for them. It won't remove the developer but it will remove the plumbing."
The shift described by Raso would change the role of developers by allowing AI systems to handle more of the integration work between services.
It would also reinforce the infrastructure issues identified by Kong, since APIs designed for occasional developer use may have to support persistent automated activity by multiple AI agents.
Shadow AI
The expansion of AI use inside organisations is also creating governance concerns, particularly when employees enter sensitive business information into tools that employers cannot monitor.
ORCA Opti Founder and Managing Director Kathryn Giudes said generative AI adoption is moving faster than the controls governing its use.
Professionals are using personal accounts and unapproved platforms to complete workplace tasks, creating what the company describes as a "shadow AI" problem. This can make it difficult for organisations to determine where information has been sent or how it may be retained.
ORCA Opti has released Opti Assist Free, a sovereign AI governance assistant intended for regulated organisations.
The company said the service does not send user inputs to third-party AI providers or train on customer data. Organisations access it using a Microsoft 365 work or school email account.
"Banning ChatGPT did not work for Samsung, JPMorgan or Apple, and it will not work for a local council, hospital or defence supplier either," said Kathryn Giudes, Founder and Managing Director of ORCA Opti.
"The lesson was never 'ban AI'. The lesson was 'ungoverned AI is the risk.' Regulators have accepted that AI is inevitable. What they will not accept is that organisations can no longer say where their data went, who used it, or which foreign model is now trained on it. That is the visibility gap.
"Opti Assist Free is how we close it, not by banning AI, but by giving people a version of it they can safely say yes to."
The comments point to the need for organisations to understand which AI services employees are using and what information is being shared through them.
Operating costs
BRX Group founding Managing Partner Alison McKinnon said enterprises and brands are also facing uncertainty over how to organise teams and manage the operational impact of AI.
BRX Group recently launched CM.OSX, which stands for Critical Marketing Operating Systems. The service is designed to support chief marketing officers, marketing teams and in-house agency functions as they respond to AI-driven change.
McKinnon said large-scale deployment can create costs that are overlooked during initial planning.
"Nothing valuable comes without cost, and AI is no exception. Large-scale deployment introduces a range of operational expenses that often sit outside the initial business case. Every interaction carries a computational cost. Every workflow consumes tokens. Every layer of orchestration creates additional overhead. As workflows become more sophisticated, the cost of operating them can increase significantly," McKinnon said.
These costs can grow as organisations connect more models, agents, data sources and workflows. They may also require new skills and clearer responsibility for selecting tools, measuring outcomes and controlling expenditure.
"It is clear that organisations are entering a period of significant transformation where the opportunity is clear, but the path forward is not. That is what CM.OSX is here to fix."
The combined comments show that enterprise AI adoption is becoming an infrastructure and management issue, with APIs, data controls, operating expenses and organisational responsibilities developing alongside the technology itself.