WSO2 AI is a two-fold approach designed to accelerate enterprise AI adoption. **Code for AI:** Build, deploy, scale, secure, and govern your own AI agents and AI applications. **AI for Code:** Embedded AI in WSO2 products enhances user productivity, helping developers work faster and more efficiently.

How does WSO2 AI help to develop, deploy, secure, scale, and govern AI agents and AI applications (Code for AI)?

WSO2 provides tools to build, secure, and govern production-ready AI agents and applications using low-code or your preferred frameworks: • **Build:** WSO2 Integrator with RAG and Agent Builder • **Run:** WSO2 Choreo and WSO2 Devant with Scalable AI Runtime • **Secure:** WSO2 IAM with Agent Identity and Delegation • **Manage:** WSO2 API Manager with AI Gateway and MCP Hub

How do WSO2 products use AI to enhance developer productivity (AI for Code)?

Each WSO2 product includes an AI assistant (copilot) to support developers with tasks such as code generation, deployment optimization, testing, and cost efficiency.

Do I need to buy the full WSO2 suite to get the functionality, or can I mix and match?

WSO2 is modular and interoperable, fitting seamlessly into your tech stack. You can adopt specific components where they add most value: • **Governance:** AI Gateway (guardrails, routing, analytics) • **Build & Deploy:** WSO2 Integrator and Devant • **Identity & Access:** WSO2 Identity Server or Asgardeo

How does WSO2 ensure its AI tools evolve with emerging technologies and open standards?

WSO2 tracks and contributes to AI standards such as MCP, A2A, and OpenTelemetry. As a member of the OpenID Foundation AI Identity Management Community Group, WSO2 integrates new specifications and community insights into its platforms to deliver up-to-date AI capabilities.

How can I get started?

**Develop & Deploy:** WSO2 Integrator and Devant **Deploy external builds:** Choreo **Govern AI traffic:** AI Gateway (on-prem via API Manager, SaaS via Bijira) **Secure AI agents:** WSO2 Identity Server (on-prem) or Asgardeo (SaaS)

Can I build AI applications (e.g., RAGs and Agents) with WSO2?

Yes. WSO2 AI provides low-code tools to design and integrate RAG systems, AI agents, and custom workflows using WSO2 Integrator.

How does WSO2 approach AI application development?

AI is embedded into your enterprise ecosystem—data, APIs, and systems—through WSO2 Integrator. This offers: • Third-party API connectors • Support for multiple GenAI providers • Direct knowledge-base integration • Fast testing and promotion to production

How can I enrich my AI agents and applications with enterprise functionality?

Use WSO2 Integrator’s connectors, multi-vendor GenAI support, and knowledge-base integrations to embed enterprise-specific functionality into AI workflows without heavy engineering.

Can I build MCP servers?

Yes. • **New Development:** Create new MCP tools (low-code or pro-code) with WSO2 Integrator. • **Existing APIs:** Convert APIs into managed MCP servers using the AI Gateway, and publish them via the MCP Hub.

Where can I deploy AI agents and applications built with my preferred framework or with WSO2?

• **Low-code (Integrator):** Deploy on WSO2 Devant (iPaaS) • **Pro-code (Custom frameworks):** Deploy on Choreo (IDP)

What are the benefits of deploying my AI agents and applications with WSO2?

Deploying on WSO2 provides: • CI/CD automation • Config & environment management • API management & AI governance • Observability & insights • Auto-scaling & AI-driven cost optimization • Streamlined 'vibe deployment' experience

What types of AI agents and applications can I deploy?

You can deploy AI agents, RAG systems, and GenAI workflows built in any language or framework. WSO2 also supports vector databases and remote MCP servers with streamable HTTP.

Can I use natural language to deploy my AI agents and applications?

Yes. Developers can trigger deployments using natural-language commands from IDEs ('vibe deployments') for a faster, intuitive experience.

How can I govern and monitor my AI traffic?

WSO2 API Manager, Bijira, and Choreo integrate the AI Gateway to govern and monitor AI traffic across GenAI APIs, whether self-hosted or third-party.

How can I apply guardrails to AI traffic?

Through the AI Gateway, you can define policies for usage, rate limits, and prompt/response validation to enforce compliance and data protection.

What benefits do I get from using the AI Gateway?

• Centralized AI governance • Access control & policy enforcement • Cost/quota management • Observability & analytics • Risk guardrails • Vendor-agnostic GenAI support • Optimization (caching, routing, balancing)

Can I manage and secure my MCP servers?

Yes. WSO2 API Manager allows exposing APIs as MCPs, managing and securing them, and monitoring their performance.

Where can I list my MCP servers for agent developers to consume?

Use the MCP Hub in WSO2 API Manager—a centralized catalog to publish and monetize MCPs, enforce access control, and manage usage plans.

Why is securing AI applications important?

Without robust IAM, autonomous AI agents pose security, compliance, and auditability risks. Key risks include: • Unauthorized data access • Privilege escalation • Impersonation attacks • Regulatory non-compliance • Untracked agent actions

Which aspects of AI applications should be secured?

Security spans four areas: • Resource Access • Agent Authentication • Operational Auditing • Agent Access Governance

What is agent identity and why is it needed?

Agent identity uniquely identifies an autonomous AI agent to control and audit its behavior. It enables: • **Access Control:** Define authorized actions • **Auditability:** Trace and attribute behavior • **Authentication:** Verify legitimacy before granting privileges. As AI agents act autonomously, identity becomes the foundation of secure, accountable operation.

How does WSO2 help with enterprise AI adoption?

WSO2 provides a comprehensive AI platform that enables organizations to build AI applications with proper governance, security, and control. It includes features for RAG systems, AI agents, and integration capabilities while ensuring data privacy and cost management.

WSO2 AI | Enterprise AI Platform for Modern Organizations

Code for AI

Build enterprise-grade AI applications

Build, deploy, secure and scale AI-native applications that fit seamlessly into your software architecture. From simply integrating LLM calls to building autonomous agents, WSO2 products have you covered.

Build and Manage AI Agents. Add Intelligence to Your Digital Experiences

Build and integrate GenAI models and RAGs

Build AI agents and applications that integrate anything, from existing systems to AI models to knowledge bases.

Use pro-code or our low-code visual builder without hitting roadblocks no matter the complexity of your project.

Choose your preferred models, providers, and knowledge base technologies without being locked in.

Integration for AI

Create, publish,and secure tools with MCP

Expose your APIs as tools for AI agents using the Model Context Protocol (MCP) and publish MCP servers in the MCP Hub, enabling effortless discovery and interaction within agent workflows.

API Management for AI

Just like for APIs, Manage access to MCP servers by registering them as secured resources, defining permissions, and applying access controls such as RBAC.

IAM for AI

Deploy and scale

Deploy and scale GenAI apps, AI agents, MCP servers, and vector databases in the tech of your choosing - whether you built it with your products or using your favorite framework

IDP for AI

Assign identity, authenticate and authorize agents

AI agents are increasingly embedded in business operations, handling automation, data analysis, and decision-making. As their capabilities expand, securing their access to critical systems and data is crucial.

As AI agents gain more autonomy, they require a new class of identity that provides them with distinct credentials, roles, and permissions.

AI agents often act on behalf of human users, requiring them to inherit permissions and roles through strict delegation policies and consent.

IAM for AI

Govern and guardrail GenAI interactions

Use a unified interface to integrate and manage generative AI APIs across multiple providers.

Implement AI-aware quality of service (QoS) controls to ensure efficient, reliable, and scalable AI service delivery to application developers.

Place guardrails and policies around all your generative AI interactions.

APIM for AI

Interleave natural language in code

Interleave natural language and programming language with natural functions. Natural functions contain blocks of natural language instructions that are executed at runtime with the help of a generative AI model.

Read the blog

AI for code

Power the software development lifecycle

Build faster and operate faster through AI features integrated into every stage of development - from writing and testing code to deploying and monitoring it. Speed up releases, cut down manual work, and catch problems before they reach production.

Vibe code WSO2

Natural language interfaces, code suggestions, automated refactoring, and more are at your fingertips in VSCode, helping you get productive fast with WSO2 products.

Build your integration by describing it in natural language, and AI will generate it for you.

Perform complex data mapping with AI, identifying relationships and mapping data across different structures.

Eliminate the tedious process of manual test creation.

Interact with our products using MCP

Our products expose their core functionality as MCP servers so you can interact in natural language from your preferred development environment and build agents around their capabilities.

Accelerate using AI embedded in product consoles

Across our products, natural language interfaces and embedded AI acceleration are available within the product consoles where you need them.

For example, generate fully functional login flows, test and design APIs with best practices and governance, understand your deployment, and automate complex data mappings.

AI expert agents and insights in the platform

Leverage AI expert agents and insights in the platform

Embedded throughout, continuously monitoring the platform, optimizing resource utilization and reducing costs.

Analyzing system architecture, identifying inefficiencies, recommending optimizations, and ensuring scalability, security, and performance.

Enforcing governance, ensuring compliance with standards and best practices.

Providing guidance on how to prioritize features based on user feedback and market trends.

Fits with your stack; plugs into the AI ecosystem

Your enterprise doesn’t need another silo—AI should beat in sync with what you already have. WSO2’s approach is open, comprehensive, and flexible, running on-premises or in the cloud, effortlessly integrating your stack and the AI ecosystem.

FAQ

1. General Overview

WSO2 AI is a two-fold approach designed to accelerate enterprise AI adoption.

1. Code for AI: We provide a comprehensive set of capabilities that allow you to build, deploy, scale, secure, and govern your own AI agents and AI applications.

2. AI for Code: We embed AI into our products to enhance user productivity, helping you work faster and more efficiently.

WSO2 provides the tools to build, secure, and govern production-ready AI agents and applications using low-code or your preferred languages and frameworks:

Build with WSO2 Integration with the RAG and Agent Builder
Run with WSO2 Choreo and WSO2 Devant with their Scalable AI Runtime
Secure with WSO2 identity and access management (IAM) with Agent Identity and Delegation
Manage with WSO2 API Manager with the AI Gateway and MCP Hub

Each WSO2 product includes an AI assistant to support developers. These features, such as copilots, help with various tasks, including generating code, optimizing deployments, testing services, and performing cost optimizations.

WSO2 is designed to be modular and interoperable, fitting seamlessly into your existing tech stack and with the open source ecosystem. You can adopt WSO2 for the specific parts of the AI application lifecycle where it adds the most value.

For governance (e.g., guardrails, model routing, and utilization analytics) for all interactions with LLMs and MCP tools, you can use the AI Gateway.
To build, deploy, and govern with WSO2, you can use WSO2 Integrator and WSO2 Devant.
To manage Agent Identity and Access, you can use WSO2 Identity Server or WSO2 Asgardeo.

WSO2 actively tracks new AI specifications, such as MCP and A2A, and frameworks like OpenTelemetry, and contributes to the relevant community groups. We adapt these advancements directly into our products, enhancing our platforms to support the latest capabilities for building superior AI applications.

Example: We are part of the OpenID Foundation AI Identity Management Community Group and contributors to the recent whitepaper. This allows us to deliver timely updates across our product portfolio as this fast-evolving space advances.

Develop and deploy: WSO2 Integrator and WSO2 Devant

Develop elsewhere and deploy: Choreo

Govern AI traffic (AI Gateway): On-prem, Bijira (SaaS)

Secure AI agents: On-prem, Asgardeo (SaaS)

2. Building AI Applications with WSO2

Yes. WSO2 AI provides low-code tools to design and integrate AI applications such as Retrieval-Augmented Generation (RAG), AI agents, or custom workflows using the WSO2 Integrator.

3. Deployment and Scalability

WSO2 offers dedicated platforms for deploying your AI agents and applications, ensuring performance and scalability regardless of your development approach:

Low-Code/WSO2 Integrator: Applications built with WSO2 Integrator can be deployed directly on our integration platform as a service (iPaaS), WSO2 Devant.
Pro-Code/Preferred Frameworks: AI agents and applications built using any preferred language or framework can be deployed on our internal developer platform (IDP), Choreo.

Deploying on WSO2 platforms provides enterprise-grade capabilities out-of-the-box, significantly reducing operational overhead and accelerating time-to-market. These benefits include:

CI/CD automation – Streamline releases with built-in pipelines
Configuration and environment management – Manage configs across dev, test, and prod
API management – Secure, publish, and monitor APIs with ease
AI traffic governance – Govern and monitor usage of AI APIs with intelligent policies
Observability and insights – Gain real-time visibility into system and AI performance
Auto-scaling – Handle demand spikes without manual intervention
AI-driven cost optimization – Optimize workloads and spending using intelligent policies
Streamlined deployment – Provides a simplified "vibe deployment" experience, including an integrated MCP Server.

WSO2 supports the deployment of any AI application—including AI agents, RAG systems, or GenAI workflows—regardless of the programming language or framework used. You can also connect to vector databases and deploy MCP servers as remote servers with streamable HTTP support.

WSO2 platforms streamline deployment with developer-friendly workflows, including natural language commands directly from your IDE (vibe deployments) for a smoother developer experience. Learn more about vibe deployment.

4. Govern and Monitor AI traffic and Tool Access with WSO2

WSO2 offerings, including WSO2 API Manager, WSO2 Bijira, and WSO2 Choreo, come with the AI Gateway to enable comprehensive governance and monitoring of AI traffic across all GenAI model APIs—whether you are using third-party vendors or self-hosted models.

The AI Gateway allows enterprises to proactively enforce guardrails through definable policies for:

Usage and access control.
Rate limiting.
Prompt and response validation.

This ensures compliance, prevents misuse, and protects sensitive data when applications interact with external and internal AI services.

The AI Gateway provides key benefits for centralized AI governance and optimization:

Centralized governance of AI APIs
Fine-grained access control and policy enforcement
Cost and quota management for AI usage
Observability and analytics for AI traffic
Guardrails to mitigate risks (bias, misuse, and PII exposure)
Vendor-agnostic support for multiple GenAI providers
Centralized optimizations (e.g., prompt caching, load balancing, and prompt routing)

Yes. WSO2 API Manager products provide robust capabilities to manage and secure your MCP tools:

Easily expose your existing APIs as MCPs.
Robustly manage, secure, and monitor your remote MCP Servers.

WSO2 API Manager includes the MCP Hub, which functions as a centralized catalog. This hub allows you to securely expose and monetize your MCPs to internal or external agent developers and enforce access control using customizable usage plans.

5. Securing AI Applications with WSO2

Without proper IAM, autonomous AI agents pose significant security and compliance risks. The transition to the agentic AI era necessitates a proactive and fundamental rethinking of enterprise IAM—it's no longer just about managing who logs in, but about governing what can act autonomously, why it can act, and how its actions are audited.

The core risks include:

Unauthorized Data Access: Agents can access sensitive data beyond their authorization due to misconfigurations or exploiting loopholes, which leads to breaches, intellectual property (IP) theft, and privacy violations.
Privilege Escalation: Agents with limited permissions can exploit vulnerabilities to gain elevated access (e.g., read-only to administrative), potentially compromising systems or manipulating data.
Impersonation Attacks: AI agents can be exploited to impersonate users or systems, causing malicious actions to be misattributed or deceiving other systems into granting unauthorized access.
Regulatory Non-Compliance: Operating AI agents without modern IAM contradicts regulatory frameworks (e.g., GDPR, HIPAA), risking fines, legal repercussions, and reputational damage.
Untracked Actions: Lack of robust IAM creates "blind spots," as agent actions may not be logged or audited, hindering monitoring, incident detection, and compliance efforts.

Securing AI applications requires focus across four key dimensions:

Resource Access: Defining and managing which APIs, MCP Servers, tools, and other business resources agents can access, along with their authorization mechanisms.
Agent Authentication: Establishing how agents authenticate themselves and demonstrate their legitimacy to the business system, including the credentials they hold.
Operational Auditing: Implementing monitoring and auditing processes to track how AI agents interact with and access services.
Agent Access Governance: Establishing controls over who can discover, interact with, and perform governance actions on agents.

Agent identity is the unique identifier assigned to an autonomous AI agent, which is crucial because AI agents fundamentally differ from traditional software in their capacity for autonomy and agency.

Unlike deterministic, static programs, AI agents can continuously process data, make complex decisions based on their learning and objectives, and execute actions in dynamic environments without constant human oversight. An agent may also act on its own or on behalf of a user, organization, or another AI.

Therefore, uniquely identifying these agents is absolutely critical for:

Access Control and Authorization: Determining which resources an agent can access or what actions it is permitted to take, based on its specific identity and assigned roles.
Auditability and Accountability: Tracking an agent's decisions and actions, which is vital for review, debugging, and assigning responsibility when issues arise, ensuring safety, ethics, and legal compliance.
Authentication: Verifying that an agent is who it claims to be before granting it privileges or allowing it to interact with sensitive systems.

In essence, as AI agents become more sophisticated, their unique identity becomes the cornerstone for managing, securing, and ensuring the responsible operation of these powerful entities.

AI at the Heart of Your Enterprise