Agent Governance Foundation

Blog

Writing

Thinking on agent governance, open standards, and the infrastructure we need to build. No announcements, no marketing — just the technical work.

CISO Brief: The Actual Attack Surface of Deployed Agents

'What if the AI does something bad' is too vague to build a security program around. Here are the four attack patterns that actually show up in agent deployments, and the controls that address each one.

Read post
ciso-briefsecurityattack-surfacerevocationexecutive

CISO Brief: Mapping Agent Governance to NIST, ISO 42001, and the EU AI Act

Auditors don't ask about your model's benchmark scores. They ask who did what, when, under what authority, and whether you can prove it. Here's how AGF's audit artifacts map to the three frameworks compliance teams are actually being asked about.

Read post
ciso-briefcomplianceauditnistiso42001eu-ai-actexecutive

CISO Brief: What 'Securing AI Agents' Actually Means

Most 'AI security' conversations are still about model safety — jailbreaks, hallucinations, prompt injection. That's not the same problem as securing what an agent is authorized to do once it's deployed. Here's the distinction, and the control surface that matters.

Read post
ciso-briefsecurityauthorizationidentityexecutive

MCP Needs an Authorization Layer, Too

The Model Context Protocol standardizes how agents discover and call tools. It doesn't standardize whether they should be allowed to. Here's how we think about applying agent authorization to MCP — and where we are today.

Read post
mcpauthorizationarchitectureroadmap

Authorizing Tool Calls in AutoGen Multi-Agent Systems

AutoGen's function_map has no authorization concept — any registered function is one tool call away from execution. Here's how to gate it with the AGF Python SDK, no framework-specific adapter required.

Read post
autogenauthorizationpythonintegrationmulti-agent

Adding Authorization Gates to CrewAI Crews

CrewAI's Agent/Task/Crew model has no built-in concept of policy enforcement — every tool call an agent makes is implicitly trusted. Here's how to gate CrewAI tool calls with AGF in a few lines.

Read post
crewaiauthorizationpythonintegration

Introducing agf-sdk: the AGF Python SDK Is on PyPI

The Python SDK for the AGF Authorization Service is now published on PyPI. One package, three ways to call it: a synchronous facade, an async client, and framework adapters for LangChain and CrewAI.

Read post
sdkpythonreleaseannouncement

The Delegation Problem: When Agents Spawn Other Agents

Multi-agent systems inherit a centuries-old problem: how do you ensure that what the subordinate does is what the principal actually authorized? This isn't a technical problem — it's a governance one.

Read post
delegationmulti-agentauthorizationarchitecture

How to Add Authorization Gates to LangChain Agents

LangChain makes it easy to build capable agents. But capability without authorization is a liability. Here's how to add policy enforcement to your LangChain agents in under 10 minutes.

Read post
langchainauthorizationpythonintegration

What Is AI Agent Governance? A Practical Introduction

Everyone is talking about AI governance. But agent governance is a specific discipline within that — one most organizations aren't ready for yet. Here's what it actually means and why it's different.

Read post
governanceintroductioncomplianceidentity

The Audit Problem: Why Agent Actions Are Hard to Trace

Most organizations deploying AI agents today cannot answer a simple question: what did the agent do, and why? This post explains why that's the case and what a real audit trail looks like.

Read post
auditcomplianceobservability