In 2025, AI agents were the talk of the town. The interest in building agents rose, as did interest in making agents more actionable with API connections. The reason? Without APIs, AI can’t sync with sanctioned enterprise integration points to pull any valid real-time data or orchestrate actions across applications.

Central to the agent-to-API discussion this year was Model Context Protocol (MCP), a proposed universal standard for integrating AI agents with external data, tools, and functions. The interest in MCP was a firestorm, accompanied by an incredible number of MCP servers coming to market and many MCP-compatible features in API tooling.

MCP and AI agents dominated the discussion in 2025, both online and at our yearly Platform Summit. But with real-world use cases still emerging and competing protocols, will the MCP trend continue throughout 2026? And how will the rise of AI agents impact the API economy going forward? Below are my predictions based on analysis and recent movement as of late 2025.

1. More Focus on Getting an ROI From AI

Before we go deep, we should talk about the elephant in the room. The fact that 95% of enterprise generative AI pilot initiatives have failed to provide a return on investment (ROI), according to an MIT study. The rush into AI has been driven by hype, fear of missing out (FOMO), and high VC funding. Sometimes, the urge to innovate has leapfrogged real business outcomes.

AI has more staying power than other tech trends. But the AI bubble is arguably inflated and will likely experience a correction soon. By how much? That’s for the economic analysts to say. Regardless, generative AI has shown real promise in certain areas, but in 2026, more pressure will be placed on tech leadership to justify their use of AI and measure and prove an ROI from AI initiatives.

How will this affect integration and APIs? Well, I imagine it will encourage enterprises to double down on the fundamental aspects of preparing for AI in order to actually productionize many of these lofty dreams. This includes their internal data strategy and solving the integration challenge — this is where APIs come in to help, therefore I see them as increasingly relevant.

2. Standards Will Crystalize for Agent-to-API Communication

2025 really saw the consolidation around Model Context Protocol (MCP), and the enthusiasm is anticipated to crossover into next year, with agents finally starting to talk to each other in corporate settings, predicts Kyle Campos, Chief Technology and Product Officer at CloudBolt. “In 2026, we’ll see a surge in Model Context Protocol (MCP) adoption, cross-agent communication, and effective multi-agent systems,” he says.

MCP also became a protocol of choice for connecting AI agents with external APIs. Still, much more work is required to solidify MCP best practices and standard expectations beyond the protocol itself. Therefore, in 2026, we will see the cementing of strategies to expose APIs to AI agents. More standard expectations and case studies will emerge for a litany of technical aspects of having AI agents consume APIs. As folks try to operationalize this, the caveats will show themselves.

Some areas I expect to see more thinking and feature development around include: rate limiting, caching, routing, authentication, authorization, error responses, MCP server discovery, and agentic experience.

3. Agent Experience Takes the Spotlight

Developers aren’t going anywhere. But I see agentic experience (AX) taking the spotlight for discussion in the coming year. In essence, this will mean rethinking how digital interfaces can be repositioned for agentic consumption — this includes APIs.

More API and SaaS providers will position themselves for AI agents in 2026. This will mean publishing MCP servers, following MCP best practices, and considering support for other emerging standards for agent-to-API interactions.

It will also mean repositioning knowledge centers that have traditionally only been catered to human eyes. For APIs, I’m talking about making more AI-accessible developer portals, accompanied by documentation and descriptions of API sequences (or workflows) that accomplish common use cases.

4. We’ll See Early Success with Mutable AI Flows

Let’s be real. AI agents aren’t doing much more than data retrieval at this point. Due to their indeterministic nature, we can’t stomach entrusting them with much more capability than GET requests. But this is changing, and in 2026, we’ll see more proven safe usage of agents interacting with high-value endpoints that actually perform state changes tied to real-world functions.

These endpoints could be related to actually initiating payments, ordering a car, sending invoices to clients, and generating and sending emails. The possibilities for us lazy humans are endless. As the AI bubble tries to recoup its investments, more pressure will be put on agents to actually do things.

5. The Authorization Issue Will Be Front and Center

Things will break. Especially the things that are already broken. Broken access control is already a prevalent issue for APIs — it remains the top application security risk according to OWASP — and AI agents will expose weaknesses in access for the world to see.

At their core, autonomous agents are powered by large language models (LLMs), which are nondeterministic and can thus act erratically — funnelling an API with requests to no end or linking together incorrect operations. With over-scoped long-lived access tokens providing unlimited access to a myriad of API functions, it could spell disaster. It’s also easy to configure authorization for things like MCP servers once and forget about it, leading to another type of shadow IT problem for agentic API permissions.

“Shadow agentic AI is the next frontier of shadow IT,” says Mayur Upadhyaya, CEO at APIContext. “We’re no longer just talking about unsanctioned apps or BYOD. We’re now facing autonomous tools that can take actions, connect to internal systems, and trigger workflows without visibility or control.”

Upadhyaya continues to add that the auditing of agentic guardrails is still nascent. “Agentic tools using APIs to ‘self-serve’ critical functions can easily connect to undocumented MCP endpoints, leaving no audit trail and bypassing existing security controls.” Therefore, 2026 will likely see a heightened emphasis on identity, scope, delegation, and auditing of agent-to-API privileges.

82% of US companies have seen AI agents ‘go rogue’ in the last year, according to API management company Gravitee. In their study, this was defined as agents making incorrect decisions, exposing data, or triggering security breaches.

As a response to these issues, I’m excited about this concept of just-in-time authorization, which Jacob Ideskog unveiled at the Platform Summit 2025. This is the concept of issuing ephemeral, short-lived tokens with limited granular scopes. This should help enforce least privilege and zero trust, allowing end users to delegate authorization to AI only when it needs it, and no longer. This will be necessary for platforms to build more human-in-the-loop controls, too.

6. Some APIs Rise to Power AI… Others Become More Sheltered

We will see tumultuous times with two opposing trends occurring in the wake of increased AI use. Firstly, some APIs will become more integral for AI to function. This includes APIs that connect with AI services, like cloud-based large language models and generative AI applications.

APIs will also be incredibly useful to train AI and inform agents in real time as another option for standard external data retrieval mechanisms. This will help boost efforts around context engineering and agentic knowledge bases. They will also continue to power core internal and partner API strategies and monetized software-as-a-service.

However, other APIs will diminish in use as they are shuttered down or their previously open nature becomes more limited (or becomes monetized). This includes social media data, free platform data, or public sector endpoints.

This follows a slough of public-facing APIs being recently limited or completely shuttered by Slack, Salesforce, OpenAI, X, and other outlets. It’s also in line with the ongoing move from a previous open, global internet toward more geographically dependent, protected estates, a trend called digital sovereignty.

Some shutdowns seem more to do with the API not being able to justify a business value, such as the recent Marvel API deprecation. While some API limitations are economically or politically motivated, increased access controls are also driven by a need to protect sensitive data and intellectual property from autonomous AI.

7. The API Industry Will Double Down on (and Extend) Existing Standards

While other competing API standards do exist, the world has largely solidified around RESTful APIs that serve JSON over HTTP and are documented using the OpenAPI Specification (OAS). That fact hasn’t changed much over the last ten years and isn’t expected to shift drastically in 2026.

The interesting change we’re seeing, however, is the rise of add-ons to the OpenAPI Specification that enhance and redefine what API definitions are capable of.

For instance, there’s a compelling argument for using Arazzo, an OpenAPI Initiative subproject, to document sequences of API flows and make AI usage more deterministic. There’s also the Overlays Specification, announced in 2024, which specifies how changes to an OpenAPI definition can occur programmatically.

We’ve also seen interesting movement in TypeSpec, open sourced by Microsoft, an OpenAPI-compatible framework for design-first API development.

Other new standards — such as the IETF’s Problem Details for HTTP APIs, which defines API error objects, and the IETF’s API Catalog, which proposes a method to enhance API discovery — will be helpful means to bring more standardization to API operations, further aiding AI understanding and use.

So, I anticipate the industry will double down on OpenAPI and existing standards and, through these new add-ons, continue to extend what the specification can accomplish while cementing its role within design-first, API-first architectures — whatever you want to call them.

It should be said that various styles like gRPC, GraphQL, webhooks, asynchronous APIs, and event-driven protocols have entered the fold, and they will continue to serve their purpose for their respective use cases, which are now pretty well defined.

8. New Monetization Models Will Become More Common

When developers use APIs, the status quo for monetization has typically been a pay-per-call format or perhaps a subscription tier model. However, the tech industry is shifting to more AI-native monetization models, which I anticipate will change how some SaaS-y APIs productize their offerings.

Specifically, we will likely see more API business models that are token-based, as in, you are charged by the number of tokens an API call uses. This is necessary since, in the AI age, the processing underlying a single request can vary dramatically between different methods and is highly dependent on the prompt and context required to process the request.

Alternatively, some pricing structures are emerging that are outcome-based, when the end result is extremely clear. This could be for multistep actions that link together multiple calls on the backend, such as user onboarding journeys. Or it could be the successful generation and human approval of an image for use in marketing purposes.

9. Slightly More API as a Product Mindshare

A lack of a product mindset can stunt many fledgling internal tech initiatives — take platform engineering, for instance, in which a lack of product forethought is a common anti-pattern. Many enterprise AI pilot programs fail for the same reason.

The same is true for APIs — whether you’re building private servers or external-facing endpoints, having a product is a key recipe for usage and end success. Yet the API as a product mindset is still getting its legs in many organizations. Some still view APIs as technical offshoots. Some developers are confused when you talk about API products, since they view them as just a connector for a local library.

I don’t think we’ll change the world overnight on this one. But we’ll probably see a bit more API as a product thinking emerge as folks come to terms with the end benefits of building API first (and design and specification first, for that matter), as well as understand the caveats of not building APIs as products.

The list could go on, but not taking a product stance upfront with API development can cause a myriad of problems:

• Inconsistent designs across a portfolio
• Specification drift and broken clients
• API sprawl, shadow, and zombie endpoints
• Redundant APIs and management technologies
• Missing governance and security guardrails
• A lack of advocacy and little adoption
• Unclear ROI from the get-go

10. Community Matters More Than Ever

To round things out with a nice ten-numbered list, here’s a final, admittedly self-serving prediction: I predict communities like Nordic APIs will continue to be an important vessel for aggregating great minds and sharing helpful knowledge.

People matter. With AI-generated content everywhere, I think authentic human voices in writing, in-person networking, and actual events come with an even higher degree of integrity and importance for advancing trade discussion on important topics.

It’s important to share success stories and failures, best practices, and up-to-date strategies on how to navigate this fascinating mess of APIs and AIs we’ve gotten ourselves into.

As part of this, I predict that Platform Summit 2026 will be a huge success, with fascinating topics and more attendance than any previous Summit. We’ve already opened up the call for speakers here, as well as sponsor opportunities here.

What the Agentic Future Holds

They might not always directly get the attention, but APIs underscore so many moments in technology cycles, and now is no different in this AI-fueled tech age. I’m excited about what the future will bring and how our community will shape the future of intelligent, secure design for the next generation of digital platforms. Keep the predictions above with a grain of salt, and hold onto your hats. A lot is about to happen.