The Microsoft Agent Governance Toolkit (AGT) is an open-source, production-grade framework designed to enforce policy, identity, sandboxing, and reliability for autonomous AI agents. Its primary goal is to enable organizations to deploy AI agents safely and confidently, addressing critical governance concerns such as policy enforcement, agent identity, auditability, and compliance. AGT is engineered to cover all ten categories of the OWASP Agentic AI Top 10, providing deterministic controls against risks like prompt injection, tool misuse, and unauthorized actions.
AGT operates at the application middleware layer, intercepting every tool call, message, and delegation before the agent's intent is executed. This approach ensures that actions denied by policy are structurally impossible, not merely discouraged. The toolkit supports policy enforcement through YAML, OPA, and Cedar formats, allowing fine-grained control over agent behaviors. Policies can specify which actions are allowed, denied, or require human approval, and every decision is logged for audit and compliance purposes. The audit logs are tamper-evident, supporting regulatory requirements and incident response.
Identity management is a core feature, leveraging standards like SPIFFE, decentralized identifiers (DID), and mTLS to uniquely identify agents and track their actions. This prevents ambiguity in multi-agent systems and enables robust incident investigation. AGT also provides execution sandboxing with privilege rings, ensuring agents operate within defined boundaries and cannot escalate privileges or perform destructive operations without explicit approval.
Reliability engineering is addressed through the Agent SRE module, which includes kill switches, SLO monitoring, chaos testing, and circuit breakers. These features help maintain operational stability and allow for rapid response to failures or policy violations. The toolkit also includes compliance modules for OWASP verification, policy linting, and integrity checks, ensuring that deployed agents meet industry standards and best practices.
AGT is highly modular and supports integration with a wide range of agent frameworks, including Microsoft Agent Framework, Semantic Kernel, AutoGen, LangChain, CrewAI, OpenAI Agents SDK, Claude Code, Google ADK, LlamaIndex, Haystack, Mastra, Dify, Azure AI Foundry, and GitHub Copilot CLI. It provides SDKs for Python, TypeScript, .NET, Rust, and Go, enabling developers to implement governance across diverse environments. The Python SDK offers the full stack, while other language SDKs cover core governance features.
The toolkit includes CLI tools for installation checks, OWASP compliance verification, prompt injection audits, policy linting, and red teaming. It also features advanced capabilities such as tool poisoning detection, shadow AI discovery, real-time governance dashboards, prompt injection evaluation, and contributor reputation screening.
AGT is backed by formal specifications and nearly 1,000 conformance tests, ensuring reliability and adherence to standards. It aligns with OWASP Agentic AI Top 10, NIST AI RMF 1.0, EU AI Act, and SOC 2, providing comprehensive compliance mapping and automated evidence generation. Security is reinforced through SAST, secret scanning, fuzz testing, dependency monitoring, and OpenSSF Scorecard integration.
In summary, the Agent Governance Toolkit is a comprehensive solution for governing autonomous AI agents, offering deterministic policy enforcement, robust identity management, execution sandboxing, reliability engineering, and compliance support. Its modular design, multi-language support, and extensive framework integrations make it suitable for organizations seeking to deploy AI agents securely and in accordance with industry standards.
