Microsoft has released the Agent Governance Toolkit, an open source MIT-licensed project providing runtime policy enforcement for autonomous AI agents. The toolkit consists of seven independently installable packages covering policy enforcement, cryptographic agent identity, execution sandboxing, SRE practices, compliance mapping (EU AI Act, HIPAA, SOC2, OWASP), plugin supply chain security, and RL training governance. It integrates with major agent frameworks including LangChain, CrewAI, LangGraph, and OpenAI Agents SDK. The release comes amid growing concern over MCP server vulnerabilities, credential exposure risks, and the lack of IAM infrastructure capable of managing non-human agent identities. Key open questions remain around the semantic intent classifier's real-world accuracy and whether per-task least-privilege credential scoping is enforced consistently.
Table of contents
Agent Governance Is Getting Harder to Ignore #Microsoft's 7-Package Open Source Toolkit #Framework Integrations #Plugin Signing and Build Provenance #Limits of Runtime Policy Enforcement #Sort: