How Gen-AI Can Support API Management

Generative AI (GenAI) is getting a very significant resonance both from a technology development perspective and as a use within many applications that are used every day. As a result, we are seeing the emergence of many providers of Large Language Models (LLMs) offering end users a wide variety of services inherent to GenAI, from chatbots to the creation of embeddings. While the plethora of providers offers a myriad of possibilities and features that can be implemented in the application flow, it has also opened up the presence of problems inherent in controlling GenAI flows and securing them. We investigated a way to remedy these problems with Kong AI Gateway which provides AI-specific API management and governance services through plugins aimed at studying, analyzing, and exploiting the GenAI flow. We tested how API calls may be modified with the advent of GenAI and also created a use case that, through state-of-the-art protocols such as OAuth2.0 and OIDC and standards such as JWT, demonstrates what the potential and critical issues of using LLM models within API calls are. Finally, we studied the security inherent in this technology by dwelling on LLM01 TOP 10 OWASP 2025, namely Prompt Injection, analyzing how Kong AI Plugins can actually mitigate this vulnerability and comparing them to a solution offered by an external library. AI-specific API calls will play an increasing role in applications and consequently will need to be managed and secured.