Managed MCP Gateways for Enterprises
Augusto Marietti, CEO of Kong, on the end of tokenmaxxing
Kong is trying to become the control point between enterprise agents and the systems they touch. An MCP gateway matters because a large company will not let dozens or hundreds of MCP servers talk directly to employees and agents without one place to enforce identity, permissions, logs, and approved tool discovery. That turns MCP from a developer convenience into infrastructure a security team can actually run in production.
-
MCP was designed as the standard way AI tools connect to external systems, but its authorization support is optional and transport specific. That leaves room for an enterprise gateway layer that centralizes access rules instead of trusting each MCP server to implement security correctly.
-
Kong has extended its old API gateway playbook into AI traffic. The product stack now includes MCP Registry for registering and governing approved MCP servers, MCP tool ACLs for per tool permissions, and Agent Gateway for agent to agent traffic, all inside the same control plane.
-
The broader market is converging on the same shape. Databricks positions AI Gateway as the secure path from enterprise agents to third party tools over MCP, while Docker has added an MCP gateway and catalog. The pattern is clear, raw MCP is useful, managed MCP is what enterprises buy.
This is heading toward a world where every enterprise exposes internal software as agent callable tools, but only through a governed gateway layer. If MCP becomes the default language for tool calling, the winning vendors will be the ones that own policy, discovery, and traffic enforcement across thousands of tools and agents, not just the protocol itself.