Every major AI company is racing to ship autonomous agents, but almost nobody is talking about what happens when those agents go wrong. Microsoft just dropped an answer: the Agent Governance Toolkit, an open-source security layer that sits between your AI agent framework and the real-world actions your agents take.
The toolkit intercepts every agent action before it executes and checks it against security policies in under 0.1 milliseconds. It works with LangChain, CrewAI, Google ADK, OpenAI Agents SDK, LlamaIndex, and about a dozen other frameworks - no code rewrites required.
Seven Packages, Pick What You Need
The toolkit ships as a monorepo with seven independently installable packages:
- Agent OS - The core policy engine. Supports YAML rules, OPA Rego, and Cedar policy languages. This is the "kernel" that gates every action.
- Agent Mesh - Zero-trust identity using decentralized identifiers (DIDs) with cryptographic credentials. Agents get dynamic trust scores on a 0-1000 scale.
- Agent Runtime - Execution sandboxing modeled after CPU privilege rings (four tiers of access). Includes an emergency kill switch for rogue agents.
- Agent SRE - Production reliability: circuit breakers, error budgets, chaos engineering for agents.
- Agent Compliance - Maps to EU AI Act, HIPAA, and SOC2 with automated evidence collection.
- Agent Marketplace - Plugin signing and verification to prevent supply-chain attacks.
- Agent Lightning - Governs reinforcement learning training workflows.
Covering the OWASP Agentic Top 10
This is the first toolkit to address all 10 risks in the OWASP Agentic AI Top 10, published in December 2025. That list covers threats like goal hijacking (tricking an agent into pursuing a different objective), tool misuse, memory poisoning, and cascading failures. The toolkit tackles each with specific mechanisms: semantic intent classifiers catch hijacking attempts, a Cross-Model Verification Kernel uses majority voting across models to detect poisoned memory, and the Inter-Agent Trust Protocol encrypts agent-to-agent communication.
The MCP security scanner is particularly relevant right now. As the Model Context Protocol becomes the standard way agents connect to tools, the scanner detects tool poisoning and typosquatting in MCP servers - the kind of supply-chain attacks that are about to become a real problem.
The Practical Angle
Installation is straightforward: pip install agent-governance-toolkit[full] for Python, with TypeScript, Rust, Go, and .NET packages also available. The repo has 9,500+ tests and 20 step-by-step tutorials.
Microsoft has been clear this isn't meant to be a Microsoft-only project. They've said they want to move it into a foundation for broader community governance. As Principal Group Engineering Manager Imran Siddique put it: "A governance toolkit is only useful if it works with the frameworks people actually use."
For anyone building production agent systems, this fills a gap that was genuinely dangerous. We've been watching teams deploy agents with file system access, API keys, and database connections with essentially zero guardrails. A framework-agnostic security layer with sub-millisecond overhead removes most of the excuses for shipping insecure agents.