Community Spotlight

Manjunath Bhat is part of Gartner’s software engineering practice, where his work sits across software engineering, security engineering, and platform engineering. He has been with Gartner for 10 years, after earlier roles including engineering leadership at VMware, and has worked across Atlanta, Singapore, and Sydney. At Gartner, he launched the Hype Cycle for Platform Engineering, helped launch the first Magic Quadrant for DevOps Platforms, and has published work on AI-native software engineering and the agent development lifecycle.

His current view of software engineering can be divided into two related shifts. The first is AI in the software development lifecycle, where AI changes how existing software teams write, review, test, and maintain code. The second is the software development lifecycle for AI itself, where teams need new patterns for building, governing, and operating agentic systems. Most enterprise conversations now fall into one of these two buckets. Either leaders are asking how AI changes the work developers already do, or they are asking how the shape of software changes when agents become part of the system.

The biggest change is the shift from AI writing functions to building entire functionality. Early AI coding tools helped developers complete snippets, methods, or small pieces of code. Agents are now starting to complete larger units of work. That is not an incremental improvement in autocomplete. It changes where human value sits in the software process. When agents take on more of the execution aspects of work, humans perform more of the executive functions - before and after the task. Developers become more valuable for framing the problem, asking the right questions, making decisions, checking quality, taking accountability, communicating tradeoffs, and building trust with users and stakeholders.

That shift also changes how junior engineers should think about their careers. Bhat’s view is blunt. New engineers should not enter the market thinking only like employees waiting for tasks. They should think like builders or better still intrapreneurs. In an AI-native environment, the strongest junior profiles will look more entrepreneurial. They will have built products, tested ideas, learned how to turn vague problems into working systems, and developed judgment through making things. Inside companies, that same profile becomes the intrapreneurial developer: someone who works within an organization but still thinks like an owner, builder, and problem-solver.

Every API becomes a tool for an agent. There is no useful agentic software without APIs, because agents need APIs to take action, complete transactions, retrieve data, update systems, and interact with real workflows. Historically, API teams assumed the consumer was another human developer writing against the interface. That assumption is changing. Increasingly, the API consumer will be an agent. This raises the standard for consistency, clarity, contracts, authentication behavior, documentation, and predictable execution paths. Human developers can work around inconsistency. Agents are much less forgiving.

The enterprise adoption problem is not only talent or cost. Bhat argues that the real bottleneck is context engineering. Digital-native companies and AI labs often see faster productivity gains because their work is closer to greenfield development and has less legacy baggage. Large enterprises are different. Their advantage lies in messy internal processes, legacy systems, documents, operating rules, and tacit knowledge held by experienced employees. That messiness is often the company’s differentiation, but agents cannot use it unless it is captured and made available. Enterprises will not get Google-level or Anthropic-level productivity from coding agents until they can encode their internal context well enough for agents to produce software that reflects how the business actually works.

The larger technological shift is even more disruptive. Bhat expects a world where building software becomes as easy as writing a Google document. Today, a business user often has to wait for a team, a roadmap, a sprint, and a build cycle. In the next phase, that friction could collapse. A person may describe the need and receive a working app. That opens up enormous opportunities, but it also challenges the developer's traditional identity. The future developer is not just someone who writes code. The future developer is the person who knows what should be built, why it should work a certain way, how to verify it, and how to make others trust it.

API Feed

Big Story

Agentic API consumption creates a different operating problem for API teams. Derric Gilling recently shared an example where an AI-powered contract review API costs $1.58 per document because it loads the contract, runs five passes through a large language model for extraction, flags risks, and generates a summary. The unit cost looks manageable when the API is used by normal internal applications. The problem appears when the same API is exposed through the Model Context Protocol for agentic use.

A single timeout can change the economics. In the example, an agent begins retrying on a Friday evening. By Monday morning, the same document has been processed 1,000 times. When that pattern is applied across 1,000 contracts, the weekend bill reaches roughly $1.6 million. The issue is not that the API failed basic security checks. The token was valid, the scope was authorized, and the rate limits were respected. The issue is that every request was evaluated in isolation.

This is where traditional API gateway assumptions start to break. A standard gateway is built to validate each request, enforce rate limits, check authorization, and pass valid traffic downstream. That model works reasonably well when the consumer is a human-written application with predictable behavior. Agentic systems behave differently. They can retry for long periods, change tool calls based on intermediate outputs, hallucinate parameters, and create large volumes of activity from a single instruction.

The main gap is session awareness. Most Model Context Protocol gateway implementations today focus on securing the protocol and observing individual requests. They may use Mcp-Session-Id for routing so requests reach the right backend, but that does not automatically create behavioral governance. The gateway can see tokens, tools, and parameters. It cannot reliably know that the current call is the 500th retry of a failed operation unless it tracks activity across the session.

Economic governance is the first pressure point. Token-level rate limiting helps because different AI API requests have different cost profiles, but it does not solve repeated waste. A slow retry loop can stay under every static rate limit while continuing to spend money for hours. API teams need accumulated cost tracking, spend-velocity monitoring, duplicate-request detection, loop detection, and hard caps that can stop a session before the cost becomes material.

Behavioral governance is the second layer. Scope alone is no longer enough. An agent may have valid read access, but that does not mean it should be allowed to move from document search to human resources records to database exports inside the same workflow. Each call may appear valid on its own. The sequence can still show scope drift or privilege escalation. That requires risk scoring and human approval triggers based on behavior over time, not only on the current request.

Identity governance is the third layer. Traditional OAuth assumes that a human registers an application, receives credentials, and uses them in a defined way. Autonomous agents do not always fit that flow. Client ID Metadata Documents are an emerging mechanism for agent identity, enabling agents to self-register securely and operate at machine speed. For enterprises, the more important point is accountability. Audit logs need to show both the user behind the action and the specific agent performing it.

The practical architecture is likely to be hybrid. Identity validation can remain mostly stateless through JSON Web Token checks, claim extraction, and credential validation. Governance needs a state. API platforms will need short-lived session stores that track spend, call counts, request similarity, tool sequences, and abnormal behavior, all associated with a session identifier. That session state is what lets a gateway move from approving valid requests to managing agentic API consumption.

A gateway that only checks whether a request is allowed is no longer enough. Teams need to know whether the same request has been repeated too many times, whether spending is rising too quickly, whether the agent has drifted from its original task, and whether a human should approve the next step. The governance model has to match the way agents actually behave.

Resources & Events

apidays Amsterdam brings together API practitioners, architects, and platform leaders for two days focused on operating APIs as products in enterprise environments. The 2026 program includes sessions on API design, lifecycle management, governance, and platform strategy, as well as discussions on how APIs are evolving alongside AI-driven systems and automation. The event is designed for teams building and scaling API programs across organizations, with a mix of technical sessions and practitioner-led case studies. Details →

apidays Munich brings together API architects, platform engineers, and enterprise technology leaders for two days focused on API strategy, platform operations, and AI-driven enterprise systems. The 2026 program includes sessions on API lifecycle management, developer experience, event-driven architectures, and the operational challenges of managing APIs across distributed environments. Designed for teams scaling enterprise API programs, the event combines technical discussions, practitioner-led case studies, and platform engineering perspectives on how APIs are evolving alongside automation and AI-connected workflows. Details →

You can find a list of all Apidays events here

Apply to speak at Apidays Singapore, NY, London, Paris, and more here

Gartner IT Symposium/Xpo brings together CIOs, enterprise architects, and senior technology leaders focused on enterprise technology strategy, platform operations, and AI-driven transformation. The 2026 program includes analyst sessions and practitioner discussions on integration architecture, API strategy, AI operating models, cybersecurity, and the organizational changes required to support AI-connected enterprise systems at scale. Designed for technology leaders managing large enterprise environments, the event combines research-backed guidance with operational case studies and peer discussions around the future of enterprise IT execution. Details →

This report, informed by the experience of more than 10,000 technologists across 18 countries, examines how AI-assisted development is changing enterprise software operations and architecture decisions. One of the report’s strongest warnings focuses on exposing existing APIs directly to AI agents without redesigning them for agent-driven workflows. The Radar argues that simply converting APIs into MCP-compatible tools can increase token usage, create excessive context overhead, and expose sensitive operations without sufficient execution controls. Instead, Thoughtworks recommends building dedicated orchestration and control layers between enterprise APIs and AI systems. The report also explores cognitive debt in AI-assisted development, durable agents, semantic tool routing, and the growing need for operational controls around coding agents. Read →

Insight of the Week

Notion is pushing deeper into developer workflows with a new Developer Platform for AI agents and automation. The release adds Notion Workers for hosted custom code, database sync to pull external API data into Notion databases, an External Agents API, a Notion command-line interface, workspace-scoped OAuth, personal access tokens, updated developer docs, and stronger Model Context Protocol support. For API teams, the important shift is that Notion is no longer just trying to be the place where work is documented. It aims to become a programmable workspace where business context, internal tools, external APIs, and AI agents can run closer to the teams that use them.

For the Commute

In this APIdays session, Faith Ang and Patrine Tan explain how UX design principles were applied to improve developer productivity on APEX, Singapore’s central API platform, which supports more than 3,000 APIs across 38 government agencies and handles over 150 million API requests per month. The session examines operational problems, including API discoverability, onboarding friction, authentication failures, and integration complexity, as well as the design decisions that reduce support overhead and improve workflow reliability. GovTech Singapore reported a 70% reduction in API authentication support tickets and zero major API incidents after introducing contextual guidance, validation safeguards, and workflow-focused developer tooling across the platform.

Stay tuned for bold ideas, fresh perspectives, and the next wave of API innovation

-The Apidays Team