AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents

infonews

securitypolicy

Source: CSO OnlineApril 8, 2026

Summary

Microsoft released the Agent Governance Toolkit, an open-source project that adds a runtime security layer (protective software running during execution) to monitor and control AI agents as they perform complex tasks in production environments. The toolkit addresses ten major security risks identified by OWASP (Open Worldwide Application Security Project, an organization that tracks security threats) for AI agents, including prompt injection (tricking an AI by hiding instructions in its input), goal hijacking, and code execution vulnerabilities. It provides seven modular components across multiple programming languages and integrates with existing AI frameworks without requiring developers to rewrite their code.

Solution / Mitigation

The Agent Governance Toolkit itself serves as the mitigation. It includes specific components: Agent OS (a policy enforcement layer), Agent Mesh (a secure communication and identity framework), Agent Runtime (an execution control environment), Agent SRE, Agent Compliance, and Agent Lightning (covering reliability, compliance, marketplace governance, and reinforcement learning oversight). The toolkit is framework-agnostic and hooks into native extension points of existing frameworks like LangChain, CrewAI, and Google ADK, allowing developers to "introduce governance controls into production systems without disrupting existing workflows." It is available under MIT license and currently in public preview across Python, TypeScript, Rust, Go, and .NET.