Contents

• Introduction

• Interesting Content for this Week

• Upcoming Conferences

• Feedback & Share

Introduction

Hello! 👋

In this issue, I present interesting articles in the AI space that can affect API governance in the enterprise. (I’ll carry on my discussion on API governance frameworks in future issues). I want to also call out that l’ll be speaking at API Conference London in just under two weeks, on Evolving API Governance in the Age of AI. It would be great to see you there!

Interesting Content for this Week

On Runtime AI governance

An Agent Mesh for Enterprise Agents: Christian Posta, Idit Levine, and Keith Babo share a connectivity framework designed for artificial intelligence agent ecosystems that facilitates both inter-agent communication and interaction with tools, irrespective of the underlying operational environment.

Dockerizing MCP – Bringing Discovery, Simplicity, and Trust to the Ecosystem: As Model Context Protocol (MCP) is gaining prominence as the accepted standard for enabling communication and interaction between artificial intelligence agents and various tools, Docker has launched two key components, the Docker MCP Catalog and the Docker MCP Toolkit. These are designed to improve the transparency, reliability, and scalability of MCP servers. Mark Cavage and Tushar Jain share more insights in this article.

Fueling the Next Wave of AI Agents: Building the Foundation for Future MCP Clients and Enterprise Data Access: Howard Chi highlights some limitations with MCP usage in the enterprise, including the foundational enterprise need for semantic context. He discourses open-source Wren Engine as the solution to bridge this gap.

Why Every AI Agent Stack Needs a Human Schema: Greg Twemlow shares that a standardised protocol specifically for aligning agents with human values, intent, and ethical boundaries is missing as MCP’s and Agent2Agent form standards for AI agents. He dicusses concepts of a Personal Ethics Schema (PES) and a Personal Ethics Protocol (PEP).

Securing the Future of AI: How A2A and MCP Protocols Can Create Safe Agent Ecosystems: Anthony Alcaraz highlights the unique security vulnerabilities of Agentic AI. To mitigate these risks, the author advocates for comprehensive, multi-layered security frameworks designed specifically for agentic AI.

Rethinking API Access in the Age of AI Agents: Cameron Sechrist shares the inadequacies of traditional API Controls for AI such as rate limiting. A novel approach termed "harm limiting" is discussed, shifting focus from merely controlling access to guiding the utilisation of data once it has been retrieved via the API.

From Rate Limiting to Harm Limiting: Rethinking API Safety: Stefan in this article builds on the previous post from Wundergraph. The author introduces the concept of "harm limiting" as an essential evolution beyond simple access control and how it will provide proactive boundaries for AI behaviour.

Artificial intelligence (AI) shared responsibility model: Microsoft presents a model for secure and responsible operation of artificial intelligence (AI) systems.

Building A Secure Agentic AI Application Leveraging A2A Protocol: In this recent paper Idan et al, highlights the essential requirement for secure implementation of the Agent2Agent (A2A) protocol. The work proposes practical secure development methodologies and architectural best practices designed to foster resilient and effective A2A systems.

API Governance and Delivery

From Endpoints to Intentions: Preparing APIs for Autonomous Clients: Mike Amundsen shares that the rise of autonomous AI clients demands a significant evolution in API design strategy. To adapt APIs for this new generation of consumers, the author advocates for five key shifts.

API Governance: Tim Goodwill provides an overview of API governance, and discusses how a federated governance structure empowers autonomous domain teams while ensuring alignment with enterprise goals through central guidance.

Upcoming API Conferences

API Conference London: The Conference for Web APIs, API Design and Management. Date May 14th, 2025. Location: Park Plaza Victoria London, London, United Kingdom. I’ll be speaking on Evolving API Governance in the Age of AI.

Postman's annual user conference: POST/CON 25. Date: June 3rd & 4th 2025, Location: JW Marriott Los Angeles L.A. Live, Los Angeles, CA Register Here

APIdays Helsinki: Theme: “APIs for Innovation, Intelligence, and Impact” Date: June 3rd & 4th 2025. Location: Pikku-Finlandia, Helsinki Register Here. I will be speaking on ‘Beginning Lean API Governance (with some AI help)’.

APIdays Germany: Theme: “Accelerate AI Use Cases with APIs” Date: July 2nd & 3rd, 2025. Location: Smartvillage Bogenhausen, München, Germany. Register Here

APIdays London: Theme: “No AI Without APIs” Conference Date: September 22nd - 24th, Location: Convene 155 Bishopsgate, London EC2M 3YD

API Governance Consulting

I appreciate your feedback. Please help me improve this newsletter by filling out this 1 minute survey. If you find my newsletter useful, please forward and share it with a friend