Kong Inc. today revealed it has acquired OpenMeter, a provider of a metering and billing software based on an open source software project.
Ross Kukulinski, vice president of product management for Kong, said OpenMeter will enable Kong to embed the usage-based metering and billing capabilities into Kong Konnect, a platform for managing application programming interfaces (APIs), early next year. In the meantime, Kong will continue to make the OpenMeter software available both as open source software and via a software-as-a-service (SaaS) application service that OpenMeter provides.
Adding the ability to monetize APIs is especially critical today for any application that needs to access large language models (LLMs) hosted in the cloud via an API, he added. Most of those use cases require organizations to pay to access those services using tokens that are generated by each input and output. The metering and billing capabilities that will be added to the metadata generated by Kong Konnect to make it simpler for organizations to track those costs as they expand the number of AI agents they deploy, said Kukulinski.
OpenMeter CEO Peter Marton added that in the absence of usage-based pricing, the cost of infusing AI into applications becomes too chaotic to manage.
There are, of course, other use cases where metering and billing capabilities are required, including simply accessing various cloud services that are typically consumed as needed. However, given the scale at which AI services are going to be invoked, the need to be able to meter and bill for services accessed via an API will become more widespread, noted Marton.
AI agents, for example, will trigger thousands of API and data calls per second, increasing both the scale and variability while at the same time adding additional latency challenges, he added.
It’s not clear to what degree IT teams are prepared to manage APIs at that level of scale, but that capability will be crucial in the AI era. The challenge, as always, is not just building APIs, but also securing and maintaining them. Cybercriminals have already discovered that they can attack LLMs using the same tactics and techniques that they already use to compromise other API-based services.
Unfortunately, API security has not always received the level of attention it deserves. Many cybersecurity teams assume that the application developers who create APIs will secure them. Most of those developers, however, have limited application security expertise, so it’s not uncommon for APIs to be misconfigured in ways that can be easily exploited. The issue is that in the age of AI the level of risk that could be potentially created by a misconfigured API is about to substantially rise.
Hopefully, organizations will proactively address these types of cybersecurity issues as they look to monetize various classes of AI-driven services, but there will most likely be a few major incidents before organizations realize the full extent of a challenge that is likely to require a new approach to API management.
