As referenced in Part 1 of our series on API and Artificial Intelligence (AI) governance, this series takes a 360° view across three axes: governance structure (People), governance workflows (Process), and governed systems (Technology). This blog post examines the technology axis, aspects to double down on and others that may need to change in your organization to support the AI revolution.
What We Got Right
In relation to the way technology is being used to manage and govern APIs here are are the aspects we should continue and expand upon:
- Specs-Based Interfaces: Declarative APIs, defined through OpenAPI, AsyncAPI, or GraphQL, provided machine-readable contracts ready for automated tooling and AI agent integration.
- Modular & Composite Architecture: Composing services from legacy and modern sources allowed incremental modernization—key for embedding AI into existing workflows.
- Shift from Code to Capability: Focusing on capabilities and specs as part of the Product mindset helped teams design for reuse, clarity, and proper classification of their APIs as a shared services with coherent capabilities. We should double down on the product mindset digitizing team's interaction and to unlock their business or technical capabilities by means of APIs. Don’t call me call my APIs, this presumes that all capabilities my team owns are enabled as APIs.
- Machine-to-Machine Standards (OAuth, JWT): These were critical for secure system-to-system interactions and are perfectly suited for AI agents that require scoped, automated access.
What Won't Work for AI
To support the adoption of AI, the technology for governing APIs needs to change in the following ways:
Runtime-Only Focus
It's not just about execution—it’s about discoverability, security, usability, integration, and experience.
As referenced in part 1 of this series, successful organization will be focused on the signal not the noise. The multiplier of AI is not the runtime technology. API Gateways and AI Gateways won’t be a differentiator but rather a commodity that is equally accessible. Governance must center on the management plane, not just the runtime technology or the gateways and the model.
Static Interfaces and Machine Inaccessible Metadata :
AI models and use cases evolve quickly. Current static interfaces are brittle. Future-ready governance must support adaptive contracts, context-aware and intent-base interfaces.
The future of integration is intent-based—static, version-bound APIs—designed for fixed-function human interaction—are a poor fit for the dynamic, adaptive needs of AI agents. What's needed is intent-based interaction—where contracts describe what the API means and does, not just the mechanics of input and output. Traditional schemas and interface definitions assume a static world where consumers can adjust to breaking changes and ambiguities over time. But in the agentic era, interfaces must be semantically rich, adaptive, and self-descriptive.
Hardcoded versions and externalized metadata make integration brittle and opaque. When metadata lives outside the spec, agents can't interpret the meaning, intent, or constraints of the interface. This hampers automation, increases coupling, and forces AI agents to rely on assumptions or brittle heuristics.
The way forward involves intent-based, context-aware protocols that decouple meaning from rigid structure.
Emerging standards like Model-Context Protocol (MCP) and Agent-to-API (A2A) are addressing this by redefining API interaction as a handshake conversation—where agents dynamically interpret capabilities, adapt to context, and invoke functionality based on declared intent rather than fixed methods.
These paradigms aim to transform APIs from static endpoints into interpretable, evolvable service surfaces—enabling smoother interaction between AI agents and digital systems, and laying the foundation for scalable, machine-native governance.
