How has API governance evolved to become a C-level or even boardroom-level concern?
MM: Becoming AI-ready has become a C-level priority, as AI adoption and its integration with customer-facing services impact future business success. API governance is now directly linked to AI performance and outcomes, making it a strategic business issue rather than just a technical challenge.
API management is now recognized as a business enabler, which the boardrooms are concerned about, beyond the technical teams.
CIOs and CTOs would easily understand API management, but for non-technical management leaders in the business, API management and governance might be a harder concept to grasp. If I were to ask you to explain it in one or two sentences to these leaders, what would you say?
MM: Agents are like the brain, generating ideas, while APIs are the tools needed to make those ideas happen. API management and governance ensure that these tools are effective and lead to better outcomes.
Governance best practices, including tracking all APIs and ensuring quality, are essential for creating a solid foundation for future growth. Like building a house with a weak foundation, entering AI without a solid API foundation risks failure. A strong API foundation supports scalability and future success.
Preparing for AI means managing uncertainty and optionality. AI agents, being non-deterministic, may shift behavior unpredictably, requiring flexibility in API management.
Successful organizations use a platform-driven approach, creating an abstraction layer that allows for dynamic API usage and technology adaptation to meet evolving needs, especially for AI agents.
You mentioned the importance of building a strong foundation, with APIs being one key component. What other ingredients contribute to this solid foundation?
MM: There are three key ingredients:
- APIs: These are the tools that enable agentic systems to function, serving as the foundational component for AI-driven tasks
- Data management: AI systems require high-quality data to function effectively. Poor data quality, such as duplicates, can undermine AI initiatives and lead to failure.
- Integration: Contrary to the idea that AI agents can automatically connect systems, certain processes, such as ISO certifications, need to follow a deterministic and ordered procedure. These processes need to be integrated and available for the agent to use as a tool.
Once these three ingredients are in place, the AI layer can be built successfully on top of them.
With the widespread use of generative AI, there are growing concerns around privacy and security. What measures can be taken to address these concerns and ensure protection?
MM: Organizations should focus on making AI models faster, more affordable, and capable of running on the edge, reducing the need to send data to external providers and keeping data within the organization.
Many AI technologies lack established authentication and authorization practices, which are crucial for enterprise environments. Applying these security mechanisms ensures compliance with local data protection regulations.
As AI innovation often overlooks security and privacy, platform providers should integrate data privacy features, ensuring they are built into the AI process rather than left to be implemented separately by AI teams.
