New open standard introduces runtime control architecture designed to help enterprises govern autonomous AI systems across platforms and frameworks
The Agent Control Standard (ACS) announced a vendor-agnostic, open standard for governing AI agents at runtime. While the industry has protocols for how agents communicate, no shared framework has existed for controlling what they do once they begin acting inside enterprise environments.
Also Read: CIO Influence Interview with Kyle Wickert, Field CTO at AlgoSec
“The industry has standardized how agents communicate, but not the control layer. ACS is intended to help establish a common framework for runtime enforcement, intervention and policy governance across agent ecosystems.” – Michael Bargury, Zenity
The announcement is being made during the AI Agent Security Summit in San Francisco, where security leaders, researchers and AI infrastructure providers are gathering this week amid growing industry focus on governance, observability and runtime control of autonomous AI systems.
“Governance cannot rely on soft guardrails or wishful system prompts,” said Michael Bargury, co-creator of ACS and co-founder and CTO of Zenity. “The industry has standardized how agents communicate, but not the control layer. ACS is intended to help establish a common framework for runtime enforcement, intervention and policy governance across agent ecosystems.”
How ACS Works
ACS defines standardized middleware hooks that allow agent platforms to expose runtime control points across agent execution workflows. When an agent receives input, calls a tool, transitions from planning to execution, stores a memory, executes code or invokes a sub-agent, ACS fires a hook. Policy enforcement runs inline, evaluating the action and returning a verdict of allow, deny or modify before the action reaches production systems.
ACS is structured around three layers: Instrument defines runtime hooks and the Guardian Agent pattern for inline policy enforcement; Trace extends OpenTelemetry and OCSF with agent-specific semantic conventions; Inspect extends CycloneDX, SPDX, and SWID to produce dynamic Agent Bills of Materials.
Regulatory Context
The EU AI Act requires demonstrable human oversight of high-risk AI systems, including the ability to intervene in real time. The NIST AI Risk Management Framework calls for continuous monitoring and the capacity to disengage autonomous systems operating outside acceptable parameters. Enterprise compliance mandates are proliferating faster than the tooling to satisfy them.
Every governance framework agrees on what is needed: runtime visibility, intervention capability and auditable controls. None of them specifies the implementation. ACS provides that implementation layer, translating regulatory requirements into concrete technical controls that platforms can expose, developers can configure and security teams can verify.
“How to move ahead with agent security and governance is one of the top strategic concerns for organizations deploying agents,” said Fernando Montenegro, vice president and practice lead at Futurum Group. “The Agent Control Standard framework provides direction on how organizations should be instrumenting their agentic workflows and environments to achieve better security and governance outcomes.”
Current ACS workstreams include runtime middleware and Guardian Agent enforcement architecture; OpenTelemetry semantic conventions for AI agent tracing; Agent Bill of Materials (AgBOM) extensions for real-time agent inventories; and MCP and A2A protocol integrations.
Additional workstreams are underway. An identity workstream is defining how enterprises authenticate AI agents as non-human actors, including agent identity, ephemeral credentials, and just-in-time access controls. A coding agent workstream is extending ACS to cover IDE-based agents like those used for software development, where the same runtime hooks apply to code generation, file edits, and command execution.
The ACS initiative is currently being coordinated by contributors including Rock Lambros, director of AI standards and governance at Zenity, and Michael Bargury, co-creator of ACS and co-founder and CTO of Zenity.
ACS is actively seeking participation from AI agent platform developers, enterprise security and governance teams, researchers, standards contributors and members of the broader AI and cybersecurity community.
Catch more CIO Insights: The CIO as a Value Creator: Moving Beyond Cost Centers to Revenue Drivers
[To share your insights with us, please write to psen@itechseries.com ]
