Kong controls the AI traffic path. Noma secures the agent behavior happening on that path.
As enterprises move agents into production, where they call tools, access data, interact with APIs, and take actions, new risks are created. To reduce this risk, security teams need runtime visibility and policy enforcement, not just model-level controls.
The new partnership between Noma and Kong gives teams the ability to secure AI agents where they operate: across prompts, model responses, tool calls, MCP activity, and API traffic. By embedding Noma’s security context directly into the Kong AI Gateway, it grants a hardened execution layer that governs, observes, and protects every agent interaction as it happens. Kong acts as the AI connectivity/governance fabric, and Noma, as the AI runtime security layer. This unified approach ensures that as your enterprise scales autonomous workflows, your AI runtime remains fast, resilient, and inherently secure.
The Challenge: Speed vs. Security in AI
Organizations are under immense pressure to develop and deploy AI agents quickly and at scale. However, since agentic AI systems rely on live data and complex integrations, they also introduce a massive new attack surface. Traditional security tools often miss the nuances of the entire AI lifecycle, from insecure models and prompt injections to data leakage within the AI supply chain, and fail to offer true protection at scale.
Today, AI services and security protocols are often managed in separate, siloed systems, leading to fragmentation that slows delivery, creates governance blind spots, and leaves organizations vulnerable to shadow AI and malicious attacks. In enterprise environments attempting agentic adoption at scale, this level of complexity is a recipe for human oversight and error, increasing the risk of data exposure, unauthorized tool use, and actions that violate policy.
The Solution: Kong + Noma
The new integration grants the insights you need to protect, govern, and secure your AI services within a single unified environment. By integrating Noma’s AI-DR engine with Kong’s AI Gateway, you can apply consistent security policies, threat detection, and access controls across AI interactions routed through Kong AI Gateway.
Fig 1. Kong + Noma Security integration architecture for a single unified environment
This integrated approach delivers fast, tangible value through three core pillars:
- Kong provides the centralized API management, observability, and AI governance required to orchestrate and scale services with confidence.
- Noma provides the essential security infrastructure for the agentic era by delivering deep visibility and continuous runtime protection. It combines proactive defense with real-time guardrails to govern autonomous actions, ensuring every AI agent remains resilient against the sophisticated runtime exploits of the modern AI landscape.
- Noma Access Control enforces fine-grained, policy-driven access controls across every AI interaction, ensuring agents, tools, and MCP servers operate only within explicitly authorized boundaries. By combining identity-aware enforcement with real-time policy evaluation, Noma prevents unauthorized tool use, blocks privilege escalation, and ensures that every agent action is traceable, auditable, and compliant.
Now all your AI interactions, from the underlying APIs to the models themselves, can be consolidated into one, easy-to-manage environment with full visibility and proactive security.
Strengthening the Ecosystem
Noma supports multiple AI gateway solutions to address our customers’ needs, and as the leader in this space, Kong was a natural move to partner with. Moreover, the addition of Noma to Kong’s Premium Technology Partner Program reinforces our commitment to building a trusted ecosystem that helps customers innovate safely.
“As organizations move from testing phases toward broad deployment of agentic workflows, comprehensive agentic security cannot be an afterthought,” says Niv Braun, Noma CEO and Co-Founder. “By partnering with Kong, we are making it possible for enterprises to embrace AI at scale without compromising on governance or safety.”
Conclusion
Together, this partnership means fewer blind spots, more consistent enforcement, and a safer path to production AI agents. Kong gives enterprises the AI traffic/connectivity layer, and Noma adds runtime security for agent behavior, tool use, MCP activity, and policy decisions. For security and platform teams navigating the shift to agentic AI, that combination is what production readiness actually looks like.
Want to see the integration in action? Visit noma.security to schedule a demo or learn more about the Kong partner program at konghq.com/partners.
