A basic redesign of our APIs is important, however budgets, resourcing, and capability make this tough to ship in a single day. What’s wanted, then, is a strategy to handle agent interactions with APIs, treating brokers as a brand new class of person, offering and imposing the insurance policies which are wanted to handle agent life cycles. The usage of Mannequin Context Protocol (MCP) as a regular wrapper for agent entry to APIs helps right here, because it provides us a typical atmosphere the place we are able to implement the governance layer wanted to maintain brokers below management.
Microsoft just lately launched a public preview of its open-source Agent Governance Toolkit (AGT), which is meant to wrap policy-based enforcement round brokers, making certain that calls are evaluated earlier than they’re made. You possibly can consider the toolkit as a strategy to handle agent actions, somewhat than controlling the inputs and outputs of the big language fashions (LLMs) your brokers use. Figures from Microsoft recommend that this methodology of securing brokers is way safer than counting on guidelines in prompts. Nevertheless, in observe it’s a good suggestion to run a functionality device like Agent Governance Toolkit alongside conventional filters to entice person errors and prompt-based assaults.
AGT is a set of tools designed to cowl OWASP’s checklist of agentic dangers, constructing on Microsoft’s expertise securing its personal brokers and AI platforms, with greater than 13,000 exams constructed into the toolkit. It really works by evaluating actions earlier than they’re run, checking them in opposition to your insurance policies, earlier than permitting or denying the motion and logging the outcomes. Microsoft expects coverage analysis to take lower than 0.1ms per operation, conserving overheads to a minimal.
Insurance policies for brokers
OWASP’s top 10 agent risks lists probably the most important points that may disrupt agent operations ensuing from person prompts and unhealthy software design. These dangers embody agent aim hijacking, uncontrolled code execution, insecure output dealing with, and brokers going rogue. Options within the toolkit are designed to guard agentic purposes from these and different points, utilizing isolation and sandboxing, in addition to validating outputs utilizing content material insurance policies.