Microsoft released an open-source specification on Wednesday aimed at giving developers a more structured way to control what AI agents can do across different environments. The Agent Control Specification (ACS) provides a standard format for defining policies that govern agent behavior, replacing the ad-hoc methods many teams currently use.
ACS allows developers, compliance officers, and security teams to write rules that specify permitted actions, prohibited actions, human-approval requirements, and logging criteria. These policy files are checked at multiple interception points during an agent’s workflow: before it receives input, before it calls a tool, after a tool returns a result, and before the final response is sent to the user.
Also read: SpaceX IPO Filing Reveals xAI Lost $6.4 Billion in 2025 — and the Spending Is Just Getting Started
According to Microsoft, the specification supports several enforcement outcomes. A policy may allow an action, block it, redact sensitive information, or request human approval. Developers can also insert classifiers for inputs and outputs, add LLM prompts that act as a ‘judge’ for policy compliance, and include logic for validating tool calls, tool selection, input accuracy, and output usage.
Why a governance layer matters for AI agents
Enterprises deploying AI agents across applications, workflows, and products have faced a growing challenge: ensuring an agent behaves as intended when it moves between different frameworks and environments. Current approaches often involve mixing instructions in system prompts, adding custom checks in application code, or using classifiers to catch problematic inputs and outputs. Microsoft argues these methods leave companies with fragmented controls that are hard to audit and difficult to reuse.
Also read: Jensen Huang says Nvidia's new Vera CPU opens a $200 billion market for agentic AI
ACS aims to integrate those controls into a common governance layer. Because policies can be written as single files, they can be bundled with agents, allowing a security policy to follow an agent across different systems.
The specification ships as an SDK with plugins for LangChain, the OpenAI Agents SDK, the Anthropic Agents SDK, AutoGen, CrewAI, Semantic Kernel, Microsoft.Extensions.AI, and MCP tools, among others.
Industry context
The release comes as the AI industry focuses on agent safety and reliability. Conversations about AI workflows going wrong due to tool misuse or unintended actions that cascade into failures have become more frequent. Microsoft’s approach provides a standardized method for enforcing guardrails, which could help enterprises adopt AI agents more confidently, particularly in regulated industries where auditability and compliance are critical.
The specification is available now through Microsoft’s open-source channels.
Be the first to comment