---
title: "AI Agents Are Coming For Your APIs"
description: "AI agents are revolutionizing API usage and why smart companies are racing to embrace rather than block this unstoppable wave of traffic. It uncovers the technical challenges and massive opportunities that come with autonomous agent access to help engineering teams get ahead of the curve."
canonicalUrl: "https://zuplo.com/blog/2025/06/13/ai-agents-are-coming-for-your-apis"
pageType: "blog"
date: "2025-06-13"
authors: "martyn"
tags: "Model Context Protocol"
image: "https://zuplo.com/og?text=AI%20Agents%20Are%20Coming%20For%20Your%20APIs"
---
In a recent MCP Week discussion, John McBride, staff software engineer at Zuplo,
shared insights from his talk "Agents Are Coming For Your APIs." His message is
clear: the future remains fundamentally API-driven, even as AI agents reshape
how we interact with digital services.

The article highlights some of the key takeaways from that discussion around how
APIs and agents are going to interact and how engineers can prepare themselves
and their APIs.

_If you'd prefer to watch Martyn & John's conversation, you can in the video
below!_

<YouTubeVideo videoId="9GtN5_oKAz8" />

## The Loop That Never Sleeps

At their core, AI agents operate through a continuous validation loop. Unlike
the "one-shot" interactions we saw in early ChatGPT implementations, modern
agents persist until they achieve their goals. They consume JSON schemas, make
API calls, validate responses, handle errors, and iterate continuously.

This persistence creates both opportunities and challenges. Agents will
autonomously decide to use your APIs, and if your service fails them, they'll
simply move on to a competitor that has prepared for this agentic future.

## Why Blocking Isn't the Answer

The temptation to block agent traffic mirrors past reactions to web scrapers,
but this approach misses the bigger picture. Agents are already finding ways to
use platforms through suboptimal channels like browser automation tools that
click through user interfaces never designed for programmatic access.

Rather than playing defense, successful companies will embrace governance and
policy frameworks that enable controlled agent access. This isn't just about
preventing problems; it's about capturing opportunities in an increasingly
automated world.

Consider these examples:

- Rate limiting policies that recognize agent behavior patterns and provide
  appropriate cooling-off periods instead of blanket blocks

- Clear error handling that helps agents understand problems and correct course
  rather than endlessly retrying failed requests

- Batch processing endpoints that enable agents to submit multiple operations
  efficiently rather than making hundreds of individual calls

## Your API Response Is Your Dialogue

When agents interact with your API, your responses become the only communication
channel available. This makes traditional API design principles more critical
than ever:

### Schema Precision Matters More

Agents rely on JSON schemas to understand how to interact with your endpoints.
Unlike human developers who can interpret documentation contextually, agents
depend entirely on these structured definitions. Loose or ambiguous schemas will
cause agents to fail repeatedly in their validation loops.

### Error Messages Need Intelligence

Generic HTTP status codes aren't enough. Agents need explicit feedback about
what went wrong and how to fix it. Clear error messages help break agents out of
endless retry loops and enable them to course-correct effectively.

### Documentation Becomes Executable

Future API documentation will be increasingly use-case driven, written in
natural language that Large Language Models can process. The descriptions in
your OpenAPI specifications and MCP tools aren't just for human reference
anymore. They're instructions for AI systems.

## The Persistence Problem

This persistence cuts both ways. While an agent's ability to work continuously
provides value, it can also create operational challenges. A thousand agents
stuck in retry loops can overwhelm your infrastructure just as effectively as
any traditional DDoS attack.

Rate limiting becomes essential, but it's not just about quotas anymore. Smart
rate limiting policies can recognize agent behavior patterns and provide
appropriate cooling-off periods. Error handling needs to be designed to break
agents out of futile loops rather than encouraging endless retries.

## Rethinking API Design for Automation

Single-request endpoints may not suit agent workflows. Just as cloud providers
offer batch processing for LLM inference to reduce costs and improve efficiency,
APIs serving agents should consider:

### Bulk Operations

Enable agents to submit multiple requests in a single call, reducing both
network overhead and the chance of getting stuck in repetitive loops.

### Asynchronous Patterns

Implement submit-and-check patterns that allow agents to initiate long-running
processes and poll for completion, rather than holding connections or repeatedly
hammering endpoints.

### Self-Service Capabilities

Agents can't email sales teams or schedule meetings to get API access. Automated
onboarding, key generation, and account setup will become essential for
platforms that want agent adoption.

## The MCP Gateway to the Future

Model Context Protocol (MCP) represents a standardized way to expose API
capabilities to AI agents. Companies building developer tools are already seeing
the competitive advantage. For example, GitHub's early MCP server enables
seamless integration with AI coding assistants, creating new workflows that feel
increasingly natural to developers.

The pattern is simple but powerful: MCP servers are often just proxy to existing
REST APIs, but they present those capabilities in a format that agents can
discover and use autonomously.

## Key Takeaways for Engineering Teams

If you're starting out refactoring your API approach to suit a more "agentic"
end user, you might well want to consider these three tips right now before you
get into the newer, shiny stuff:

### Audit Your API Catalog

Review your OpenAPI specifications, schema definitions, and documentation.
Ensure they're precise, complete, and written with natural language processing
in mind.

### Implement Smart Rate Limiting

Deploy rate limiting policies that can handle the unique patterns of agent
traffic. These patterns are persistent, high-frequency, but often predictable.

### Consider MCP Implementation

Start with developer-facing APIs, but consider how MCP servers could make your
services more accessible to the growing ecosystem of AI agents.

The agent revolution isn't _coming_. It's already here and moving very, very
quickly. Ultimately, the question isn't whether AI agents will use your APIs,
but whether you'll be ready when they do.

Companies that prepare now will capture the opportunities of an automated
future, while those that resist may find themselves automated away.

_Have thoughts on this topic? Want to talk to us about our
[new remote MCP Server support](/blog/introducing-remote-mcp-servers) in Zuplo?
Join us in the #mcp channel of our [Discord](https://discord.zuplo.com).
We'd love to hear from you!_

## More from MCP Week

This article is part of Zuplo's MCP Week. A week dedicated to Model Context
Protocol, AI, LLMs and, of course, APIs centered around the release of our
[support for remote MCP servers](/features/mcp-servers).

You can find the other articles and videos from this week below:

- Day 1: [Why MCP Won't Kill APIs](/blog/why-mcp-wont-kill-apis) with Kevin
  Swiber
- Day 2: Zuplo launches
  [remote MCP Servers for your APIs!](/blog/introducing-remote-mcp-servers)
- Day 3: [The AI Agent Reality Gap](/blog/ai-agent-reality-gap) with Zdenek "Z"
  Nemec (Superface)
- Day 4:
  [Two Essential Security Policies for MCP & AI](/blog/essential-security-policies-for-mcp-and-ai)
  with Martyn Davies
- Day 5: AI Agents Are Coming For Your APIs with John McBride