Microsoft's new ACS standard lets devs control AI agents with unified policies

Microsoft is tackling the growing challenge of ensuring AI agents behave correctly across diverse environments with its new open source standard, Agent Control Specification (ACS). As enterprises deploy agents into real-world workflows, fragmented ad hoc controls—scattered across system prompts, custom code, and classifiers—create audit headaches and make reuse impossible. ACS solves this by defining a unified governance layer where policies are written as single files. These policies can specify allowed actions, prohibited actions, human approval requirements, and logging rules. They are checked at multiple interception points: before input, before a tool call, after a tool returns, and before final response.

The specification supports sophisticated mechanisms: developers can insert classifiers for input/output categorization, use LLMs as "judges" for policy decisions, and add logic for tool selection and response accuracy. Policies can allow, block, redact, or escalate to a human for approval. Because policies are single files, they can be bundled with agents, letting security rules follow the agent across LangChain, OpenAI Agents SDK, Anthropic Agents SDK, AutoGen, CrewAI, Semantic Kernel, Microsoft.Extensions.AI, and MCP tools. This replaces the current hodgepodge of system prompts, custom checks, and classifiers with a consistent, auditable, reusable control layer—critical as agent misuse and cascading failures become top enterprise concerns.