Enterprises are deploying AI agents faster than their governance tools are maturing. The problem is no longer whether a few agents can run tasks, but whether anyone can track which systems they access, which tools they call and what data leaves the organization.
On June 2, Microsoft open-sourced Agent Control Specification, a portable policy layer for agent behavior. Instead of hard-coding rules into one framework, ACS lets development, compliance and security teams define what an agent may do, what it must never do, which actions need human approval and what must be audited.
ACS inserts controls before input is accepted, before tools are called, after tool results return and before an answer reaches the user. It supports allow, block, redact, human approval, classifiers and model-based checks across LangChain, AutoGen, CrewAI, Semantic Kernel, Microsoft.Extensions.AI, MCP tools, OpenAI Agents SDK and Anthropic Agents SDK.
Noma approaches the same issue from security operations. Its Agent Access Control discovers agents and MCP servers, assigns identities, manages allow-pending-block states and monitors sessions for prompt injection, data leakage and unauthorized actions. Together, the two launches show that enterprise AI is moving from "what can agents do" to "who controls them, audits them and stops them when they go wrong."
Sources:CocoLoop、Microsoft offers devs a better way to control AI agent behavior (TechCrunch); Noma Launches Agentic Access Control to Govern AI Agents and MCP Servers Across the Enterprise (PR Newswire)