Microsoft Agent Governance Toolkit: Secure AI Agents

Autonomous agents are doing real work now — refunding customers, opening pull requests, deploying infra. That power cuts both ways. A poisoned tool description, a hijacked goal, or a single rogue subagent can move money or wipe data before you notice. Microsoft just open-sourced the Agent Governance Toolkit (April 2026, MIT license) — the first kit to address all 10 OWASP agentic AI risks with sub-millisecond deterministic policy enforcement.

By the end of this guide you'll have a working policy engine that intercepts every tool call your agent makes, blocks unsafe actions in under 0.1 ms, and produces audit evidence you can hand to compliance. We'll wire it into a plain Python agent — no framework lock-in.