Microsoft unveils new controls for AI agent behavior
▼ Summary
– Microsoft released an open source standard, Agent Control Specification (ACS), to give developers granular control over AI agent actions across different environments.
– ACS lets teams define policies specifying what an agent may or must not do, when human approval is needed, and what evidence to log.
– The specification checks agent behavior at multiple interception points, such as before input, tool calls, and final responses.
– ACS aims to replace fragmented controls like system prompts and custom code with a common governance layer that is easier to audit and reuse.
– The standard ships as an SDK with plug-ins for multiple frameworks, including LangChain, OpenAI Agents SDK, and Anthropic Agents SDK.
As AI agents become more powerful, enterprises racing to deploy them across applications, workflows, and products face a growing dilemma: how to ensure these agents behave predictably when operating in diverse environments. Microsoft aims to address this head-on with a new open source standard called the Agent Control Specification (ACS), designed to give developers a more consistent and granular way to define what AI agents are allowed to do.
The specification enables developer, compliance, and security teams to craft their own policies that agents must follow. These rules can spell out permissible actions, prohibited behaviors, when human approval is required, and what evidence must be logged for later auditing. The policy files are evaluated at several interception points during an agent’s task execution, ensuring it stays within the guardrails.
This release comes as developers scramble to invent ad-hoc methods for controlling what their AI sees and does, especially as conversations increasingly focus on AI workflows that go awry due to tool misuse or unintended actions causing cascading failures. Currently, developers might embed instructions in a system prompt, add custom checks in application code, or use classifiers to catch problematic inputs and outputs. While these approaches work, they often result in fragmented controls that are difficult to audit and even harder to reuse across different frameworks, interfaces, and systems.
ACS aims to unify those controls into a common governance layer. According to Microsoft, the specification can check whether an agent adheres to guardrails at multiple workflow points: before receiving input, before calling a tool, after a tool returns a result, and before sending the final response to the user. A policy might allow an action, block it, redact sensitive information, or even ask a person to approve it.
Developers can also insert classifiers for inputs and outputs to categorize information, predict outcomes, or determine how an agent should respond. They can add LLMs with prompts to act as a “judge” for policies, along with logic for checking tool calls, tool selection, input accuracy, output usage, and responses. Because these policies can be written as single files, they can be bundled with agents, allowing a security policy to follow an agent across different frameworks and environments.
ACS is shipping as an SDK with plug-ins for LangChain, the OpenAI Agents SDK, the Anthropic Agents SDK, AutoGen, CrewAI, Semantic Kernel, Microsoft. Extensions. AI, MCP tools, and more.
(Source: TechCrunch)