Microsoft Releases Open-Source Agent Governance Toolkit for Runtime Security Across All Major Frameworks
Microsoft has released the Agent Governance Toolkit, a sweeping open-source security framework spanning seven packages and four languages — Python, TypeScript, Rust, Go, and .NET — designed to address all ten OWASP agentic AI risks out of the box. The release marks the most comprehensive cross-framework governance layer the industry has seen to date, covering everything from a sub-millisecond policy engine supporting YAML, OPA Rego, and Cedar rules, to cryptographic agent identity using Ed25519 signing, execution rings with kill switches, and SRE-style circuit breakers for chaos resilience.
The toolkit ships with native integrations for the major AI agent frameworks: LangChain, LangGraph, CrewAI, Google ADK, OpenAI Agents SDK, Haystack, PydanticAI, and LlamaIndex. Teams working in regulated industries will find the automated compliance grading module particularly useful — it scores deployments against EU AI Act, HIPAA, and SOC2 requirements without custom instrumentation. A plugin lifecycle manager and reinforcement learning training governance component round out the suite.
Until now, production-safe agentic governance required teams to build these controls from scratch for every framework they used. The Agent Governance Toolkit changes that calculus significantly, giving engineering teams a shared foundation that normalizes security and compliance across heterogeneous agent stacks. With agentic AI moving from experimentation to production at enterprise scale, the timing of this release couldn't be better.