Hyperscaler Gateways as Governance Layer
Kong
This is a bundling story, not a feature race. Once AI routing, caching, and tool governance sit inside the cloud gateway a company already runs, the buying decision shifts from adding a new control plane to switching on more policies in an existing one. That makes the incremental software budget feel close to zero, because the team is reusing the same cloud contract, admin surface, identity system, and traffic path it already pays for.
-
Azure is explicit that its AI gateway is an extension of API Management, not a separate product. It can expose REST APIs as MCP servers, govern MCP tools, and add semantic caching for LLM traffic. For an Azure standard shop, that turns AI governance into another policy on the gateway already in production.
-
AWS is moving the same way. AgentCore Gateway can turn existing APIs and Lambda functions into MCP tools, sits in front of tool calls as a governed entry point, supports semantic tool search, and now plugs directly into Bedrock server side tool execution. That reduces the need for a separate vendor just to wrap tools and enforce policy.
-
Kong still matters where one cloud gateway cannot cover the real estate. Azure supports self hosted gateway, and AWS says AgentCore Registry can work across AWS, on prem, and other clouds, but each hyperscaler still starts from its own platform. The strongest reason to buy Kong is one policy layer across AWS, Azure, GCP, and private infrastructure at the same time.
The market is heading toward a split. Single cloud enterprises will increasingly accept the hyperscaler gateway as the default place to meter tokens, approve tools, and log agent traffic. Independent platforms win where architecture is fragmented, compliance keeps workloads off a single cloud, or central platform teams need one consistent control plane across mixed environments.