The $1.6 Million Weekend: Why Simple API Gateways Fail in the Agentic Era

When an AI contract review API was exposed via MCP for agentic consumption, a single agent retry loop processed one document 1,000 times over a weekend, generating a $1.6 million bill. Traditional stateless API gateways fail in this context because they evaluate requests in isolation and cannot detect retry loops, scope drift, or cumulative cost patterns. The post argues that agentic API governance requires three pillars: economic governance (session-based spend tracking, loop detection, kill switches), behavioral governance (scope enforcement, privilege escalation detection across sessions), and identity governance (agent self-registration via Client ID Metadata Documents). Implementing this requires a hybrid architecture where identity validation stays stateless but governance becomes stateful, using a session-aware cache keyed to Mcp-Session-Id. The author warns that retrofitting governance after deployment is risky, and that stateless API assumptions built over 20 years are fundamentally incompatible with non-deterministic agentic consumers.