The biggest problem with AI agents in production isn't getting them to work. It's getting them to behave consistently. Galileo's new open-source project, Agent Control, takes a direct shot at this problem by giving teams a single place to define what their agents can and can't do.
Released March 11 under the Apache 2.0 license, Agent Control is a centralized control plane (think of it as a policy server that sits between your agents and the outside world). You write rules once, and every agent in your stack follows them, whether you're running CrewAI, Strands Agents, or something custom.
How It Actually Works
The core idea is a pluggable evaluator system. A single policy can chain together multiple checks from different vendors: Galileo's own Luna model for toxicity detection, NVIDIA NeMo for topic filtering, AWS Bedrock for compliance, plain regex for catching Social Security numbers, and whatever custom evaluator you want to build. Policies update at runtime, so you don't need to redeploy agents to change the rules.
Practical use cases include blocking PII leakage, steering agents toward cheaper LLMs for simple tasks, requiring human approval before an agent executes a financial transaction, and enforcing brand voice standards.
The Integration List
Strands Agents, CrewAI, Glean, and Cisco AI Defense are the launch partners. The project ships with a server, SDK, examples, and docs, all available on GitHub.
"The number one blocker for enterprise agents is no longer the models," said Dev Rishi, GM of AI at Rubrik. "The industry needs transparent, community-driven guardrails."
That framing is accurate. Most companies building with agents today aren't struggling with model quality. They're struggling with governance: how do you make sure Agent #47 in your customer service fleet doesn't accidentally share internal pricing data or go off-brand?
Galileo, backed by Battery Ventures, Scale Venture Partners, Databricks Ventures, and ServiceNow, is positioning Agent Control as the vendor-neutral answer. The Apache 2.0 license means no lock-in, and the pluggable architecture means you're not betting on any single guardrail provider.
For teams running more than a handful of agents, the "write once, enforce everywhere" pitch solves a real operational headache. The open-source approach also means the community can extend it for frameworks Galileo hasn't prioritized yet. Whether enterprises actually adopt a startup-led open-source governance layer over building their own remains the real question.