New Standard Launched to Govern Unruly World of AI Agents

SAN FRANCISCO, CA – May 27, 2026 – As artificial intelligence evolves from passive assistants into autonomous agents capable of executing tasks, a critical question has loomed over the industry: Who is in control? A new initiative announced today at the AI Agent Security Summit aims to provide the answer.

The Agent Control Standard (ACS) has been unveiled as a vendor-agnostic, open-source framework designed to govern AI agents at runtime. While protocols have emerged to standardize how agents communicate, ACS addresses the far more complex challenge of controlling what they do once active within sensitive enterprise environments. This initiative marks a significant step toward building the guardrails necessary for the safe and responsible deployment of increasingly powerful autonomous systems.

The Governance Gap in Autonomous AI

The rapid proliferation of AI agents has created a significant governance gap. These agents, which can perform actions like booking travel, managing calendars, or even executing code, operate with a level of autonomy that presents novel risks. Without a control layer, enterprises are left to rely on what one expert calls “soft guardrails or wishful system prompts,” a precarious position when dealing with systems that have access to critical data and infrastructure.

“The industry has standardized how agents communicate, but not the control layer,” said Michael Bargury, co-creator of ACS and co-founder and CTO of AI security firm Zenity. “ACS is intended to help establish a common framework for runtime enforcement, intervention and policy governance across agent ecosystems.”

This lack of control is a primary obstacle to wider enterprise adoption. Concerns about security, reliability, and compliance have left many organizations hesitant to fully embrace agentic AI. The ACS framework directly targets this challenge by proposing a universal language for agent oversight, moving beyond framework-specific solutions to create a baseline for safety and interoperability.

How the Agent Control Standard Works

At its core, ACS provides a technical blueprint for real-time policy enforcement. It is not a single product but a specification built on three distinct layers designed to integrate with existing enterprise tools.

1. Instrument: This foundational layer defines standardized “middleware hooks.” When an agent performs a critical action—such as receiving input, calling an external tool, executing code, or storing a memory—a hook is triggered. This allows a policy enforcement point, called a Guardian Agent, to run inline. This guardian evaluates the proposed action against a set of rules and returns a verdict of allow, deny, or modify before the action can proceed. This provides a real-time kill switch or modification capability that is essential for managing autonomous systems.

2. Trace: To ensure visibility, the second layer extends well-established observability standards, including OpenTelemetry and the Open Cybersecurity Schema Framework (OCSF). By adding agent-specific semantic conventions, ACS enables organizations to monitor, trace, and audit agent activities using the same tools they use for other IT systems, providing a unified view of system behavior.

3. Inspect: The third layer focuses on transparency by extending software supply chain standards like CycloneDX, SPDX, and SWID. This creates a dynamic “Agent Bill of Materials” (AgBOM), a real-time inventory of the agents, their components, and their dependencies. This is crucial for understanding what agents are active in an environment and assessing their potential risk.

Bridging the Gap Between Regulation and Reality

The launch of ACS is timely, as global regulators turn their attention to AI. The EU AI Act, for instance, mandates “demonstrable human oversight” and the ability to intervene in high-risk AI systems in real time. Similarly, the NIST AI Risk Management Framework in the U.S. calls for continuous monitoring and the ability to disengage systems operating outside acceptable parameters. While these regulations define what is needed, they often lack specifics on how to achieve it.

ACS aims to be that missing implementation layer, translating abstract regulatory requirements into concrete technical controls. Its real-time intervention capabilities directly address the mandates for human oversight and disengagement, providing an auditable trail of how policies are enforced.

“How to move ahead with agent security and governance is one of the top strategic concerns for organizations deploying agents,” said Fernando Montenegro, vice president and practice lead at Futurum Group. “The Agent Control Standard framework provides direction on how organizations should be instrumenting their agentic workflows and environments to achieve better security and governance outcomes.”

An Open Standard to Build Industry Trust

Crucially, the ACS initiative is being released as an open-source project under the permissive MIT license. Coordinated by contributors including Bargury and Rock Lambros, director of AI standards and governance at Zenity, the standard is intended to be community-driven and vendor-neutral, ensuring no single company controls its development. This approach is designed to foster broad adoption and build a foundation of trust across the industry.

While other proprietary solutions and open-source toolkits exist, the focus of ACS is on creating a universal standard that promotes interoperability. The project is actively seeking participation from agent platform developers, security teams, and researchers to expand its capabilities. Current workstreams are already underway to define standards for agent identity, just-in-time access controls, and governance for specialized coding agents used in software development.

The complete specification, architecture documentation, and community resources are now publicly available, inviting the broader AI and cybersecurity communities to help build a more secure and governable future for autonomous systems.