The Agent Control Standard (ACS) today announced the launch of a vendor-agnostic, open framework designed specifically for the runtime governance of AI agents. While protocols like MCP and A2A have standardized how agents communicate and call tools, there has been no common standard for controlling what agents actually do once they start acting inside enterprise environments.
This new framework aims to change that by introducing standardized middleware hooks, policy enforcement points, and observability mechanisms that can be implemented across different agent platforms and frameworks. The initiative is particularly timely as organizations scale from experimental pilots to production deployments of autonomous and multi-agent systems.
The announcement was made during the AI Agent Security Summit in San Francisco, where security leaders, researchers, and AI infrastructure providers are gathering amid growing concerns about governance, observability, and real-time control of agentic systems.
“The industry has standardized how agents communicate, but not the control layer. ACS is intended to help establish a common framework for runtime enforcement, intervention and policy governance across agent ecosystems.”
Michael Bargury
Co-creator of ACS and Co-founder & CTO of Zenity
The standard defines hooks at key execution points — when an agent receives input, calls a tool, transitions between planning and execution, stores memory, or invokes sub-agents — allowing policy decisions (allow, deny, or modify) to be made inline before actions reach production systems.
Key Terms
Agent Control Standard (ACS): A new open, vendor-neutral framework focused on runtime governance, policy enforcement, and observability for autonomous AI agents.
Runtime Governance: The ability to monitor, enforce policies, and intervene in agent behavior while the agent is actively operating, rather than only during pre-deployment checks.
Policy Enforcement Points (PEPs): Standardized hooks in the agent execution lifecycle where policies can be evaluated and enforced in real time (e.g., before tool calls, memory writes, or sub-agent invocations).
Middleware Hooks: Technical integration points that allow governance logic to be inserted into agent workflows without modifying the core agent code.
Observability Layer: Continuous logging and monitoring capabilities that provide visibility into agent decisions, tool usage, and state transitions.
These terms represent the emerging infrastructure layer needed to bring real control and accountability to agentic AI systems.
Conditions Driving This Change
Organizations are rapidly scaling from experimental AI agents to production multi-agent systems, creating an urgent need for standardized runtime controls that go beyond basic communication protocols like MCP and A2A.
Current agent frameworks offer excellent tool-calling and reasoning capabilities but lack consistent, interoperable mechanisms for policy enforcement, real-time intervention, and auditability across different platforms and vendors.
Security and governance teams are increasingly concerned about agent sprawl, unauthorized tool usage, data exfiltration risks, and the difficulty of maintaining meaningful human oversight as agents become more autonomous.
The absence of a common standard for runtime governance has led to fragmented, custom-built solutions that are difficult to audit, maintain, or scale across enterprise environments.
Regulatory expectations around AI accountability and transparency are rising, requiring organizations to demonstrate clear controls over what agents can do once deployed.
Enterprise buyers are demanding better visibility and enforcement capabilities before approving large-scale agent deployments, especially in regulated industries such as finance, healthcare, and government.
The success of communication standards like MCP has highlighted the next logical gap: while agents can now easily talk to tools, there is still no shared language for governing and controlling those interactions safely.
Leading voices in the agent ecosystem recognize that without standardized runtime governance, the industry risks repeating past mistakes of rapid adoption without adequate controls, potentially leading to major security incidents and loss of trust.
What AI Security Looked Like Before
Prior to standardized runtime governance frameworks like the Agent Control Standard, AI agent security was largely fragmented and reactive. Most organizations relied on basic prompt engineering, custom guardrails, or simple API-level access controls to manage agent behavior. There was no consistent way to enforce policies at key execution moments — such as before an agent called a tool, updated memory, or delegated to another agent.
Security teams often had limited visibility into what agents were actually doing in real time. Logging was inconsistent across different frameworks, making it difficult to reconstruct actions or detect anomalies. Many teams resorted to either heavily restricting agent capabilities (which reduced business value) or accepting elevated risk by allowing agents to operate with minimal oversight.
This approach created dangerous blind spots. Unauthorized tool usage, prompt injections, data exfiltration, and unintended multi-agent behaviors frequently went undetected until after an incident occurred. The lack of standardized enforcement points meant that governance was mostly static and pre-deployment focused, leaving a significant gap once agents were live in production environments.
What AI Security Looks Like Now
With the Agent Control Standard (ACS), organizations now have a structured, open framework for enforcing security controls at runtime. The standard introduces consistent middleware hooks at critical points in the agent lifecycle — input processing, tool invocation, memory operations, and sub-agent delegation — where policies can be evaluated and enforced in real time.
This enables security teams to move from reactive, after-the-fact monitoring to proactive, inline control. Policies can be defined centrally and applied uniformly across different agent platforms and vendors. The framework supports allow, deny, or modify decisions before risky actions occur, while providing much stronger observability and audit trails.
Enterprises can now implement least-privilege principles more effectively, detect anomalous agent behavior as it happens, and maintain clearer accountability even in complex multi-agent setups. The open nature of ACS also promotes better interoperability and reduces reliance on proprietary, fragmented security implementations. Overall, this represents a shift toward more architectural and continuous agent security rather than relying primarily on model-level safeguards or manual reviews.
Our Take
AI Security Take
The launch of the Agent Control Standard (ACS) is a significant development in the push toward more mature agentic AI security. By creating an open, standardized layer for runtime policy enforcement and observability, ACS directly addresses one of the biggest current weaknesses in agent deployments: the gap between how agents communicate and how they are actually controlled.
For too long, security has been an afterthought — added through fragile prompt guardrails or custom code that doesn’t scale. This new standard moves the industry closer to treating runtime governance as a foundational architectural requirement rather than a bolt-on feature. The ability to insert consistent enforcement points at critical moments (tool calls, memory writes, sub-agent delegation) gives security and governance teams much-needed leverage.
That said, standards are only as good as their adoption. The real test will be whether major agent platforms, frameworks, and enterprises implement these hooks meaningfully and maintain them as agents grow more sophisticated.
