[Digital Today reporter Chi-gyu Hwang (황치규)] Microsoft has released an open-source standard called the Agent Control Spec that can consistently manage which AI agent actions are allowed or prohibited.

TechCrunch reported on June 2 that the Agent Control Spec helps developers and security and compliance organisations set agent behaviour rules in policy files.

Policies can specify what an agent can and cannot do, when human approval is required and the scope of records to keep for later review. The policy file is applied at multiple checkpoints during an agent’s task execution process.

Checkpoints include before receiving input, before calling a tool, after a tool produces results and before sending a final response to a user. Microsoft explained it designed the approach to verify throughout a workflow whether an agent stays within defined control boundaries.

Companies have controlled AI agents by putting instructions in system prompts, adding separate checking logic to application code and using classifiers to filter problematic inputs and outputs. Those methods have had limits because control measures are scattered across frameworks, interfaces and systems, making auditing and reuse difficult.

The Agent Control Spec, by contrast, allows those control measures to be combined into a common governance layer. Policies can go beyond simply allowing or blocking specific actions, and can also work by masking sensitive information or requesting human approval.

The Agent Control Spec is provided as an SDK and supports plugins for LangChain, the OpenAI Agents SDK, the Anthropic Agents SDK, AutoGen, CrewAI, Semantic Kernel, Microsoft.Extensions.AI and MCP tools.