18 years at Microsoft building core infrastructure: SQL Azure, Azure DevOps Code Search, Azure for Industries, Microsoft Learn, and founding the Agent Governance Toolkit. In June 2026, I joined Opaque Systems as Chief Platform Officer. AGT is being donated to the Agentic AI Foundation as the policy-layer standard for enterprise autonomous systems.
My approach: Scale by Subtraction. The most resilient systems are built by removing unnecessary complexity, not adding layers on top of it.
Enterprises are giving AI agents real reach: email, CRMs, databases, financial systems. Most of the industry has tried to solve this at the content layer -- guardrails that screen what goes in and what comes out.
Guardrails help, but they leak. No filter reliably predicts a non-deterministic system. A single piece of untrusted content -- an email, a document, a support ticket -- can contain hidden instructions that redirect an agent into quietly exfiltrating internal data.
You don't run a regulated business on probably.
Three-layer trust architecture for the agentic AI era:
| Layer | What it does |
|---|---|
| Behavioral policy | What an agent is allowed to do -- the policy engine I built in AGT |
| Confidential computing | Hardware-attested execution where data cannot leak even if the software is compromised |
| Cryptographic proof | Every agent action governed by policy, enforced in silicon, and auditor-ready |
Not guardrails that probably hold. Proof that they did.
The open-source governance layer for production AI agents. Now at the Agentic AI Foundation.
pip install ai-agent-governance[full]
+------------------------------------------------------------------+
| AGENT GOVERNANCE STACK |
+------------------------------------------------------------------+
| AGENT HYPERVISOR | Runtime supervisor, Execution Rings (0-3) |
| (Runtime) | Joint Liability, Saga Orchestration |
+--------------------+---------------------------------------------+
| AGENT SRE | SLOs, chaos testing, canary deploys |
| (Reliability) | Incident response, runbook automation |
+--------------------+---------------------------------------------+
| AGENTMESH | Zero-trust identity, DID/SPIFFE, mTLS |
| (Trust) | A2A + MCP governance, behavioral scoring |
+--------------------+---------------------------------------------+
| AGENT OS | Policy enforcement kernel, <0.1ms p99 |
| (Kernel) | Capability-based access, Merkle audit logs |
+------------------------------------------------------------------+
10 formal specifications | 992 conformance tests | 25 ADRs | Python SDK + .NET SDK + Rust core | 2,800+ stars | 300K+ monthly downloads
| Capability | How it works |
|---|---|
| Execution Rings | CPU ring-inspired privilege isolation (Ring 0-3) for agent actions |
| VADP | Cryptographic delegation chains where each step narrows scope, never widens |
| AgentMesh Identity | DID/SPIFFE-based durable cryptographic identity, not ephemeral session tokens |
| Decision BOM | Reverse-traceable decision provenance via Merkle chains |
| GovernanceEventSink | Pluggable observability backend, no vendor coupling |
| Trust Score Decay | Configurable half-life: a trust score at deployment time is meaningless 6 months later |
| Project | Contribution |
|---|---|
| Google ADK | AgentGovernancePlugin: governance lifecycle hooks for the ADK agent runtime |
| Oracle Agent Spec | ToolPolicy, ExecutionGuard, PolicyViolation tracing additions |
| AAIF / LF AI & Data | Agent identity standards and governance interoperability |
| CoSAI WS4 | Agent governance working group |
| OWASP ASI | Agentic security integration (Top 10 for Agentic Applications) |
| OpenSSF | Scorecard improvements, supply chain security patterns |
