✨ The Containment Era is here. Secure AI workloads before they breach. →The Containment Era is here. →The Containment Era is here. →Explore ✨
The Microsoft Agent Control Specification now has multicloud network enforcement.
The Microsoft Agent Control Specification (ACS) gives enterprises a single policy file for governing any agent — regardless of framework or cloud. But declaration without network enforcement is a policy document, not a security control. Aviatrix is the first multicloud network enforcement substrate for ACS-governed agents. No SDK. No code changes. Enforcement at the wire.
What's included
- Validated Containment Architecture blueprint
- DCF policy pack for ACS-governed agents
- Terraform reference module
- Deployment walkthrough with your Aviatrix SE
Get notified when the ACS VCA ships
The ACS VCA ships Jun 10. Sign up and we'll be in touch — whether you want the deployment guide, a walkthrough, or just to be notified when it's live.
No spam. One email when it ships.
The spec is open. The enforcement gap is real.
The Microsoft Agent Control Specification declares what agents are allowed to do. But declaration without enforcement is a policy document, not a security control. Three structural gaps that no in-process SDK closes.
The runtime can be deceived
A jailbroken prompt, a poisoned dependency, or a hallucinated tool call can all produce traffic that looks legitimate to the SDK. The network cannot be deceived the same way — it sees the actual destination, not what the agent believes it's doing.
Enforcement can't wait for detection
Most credential-based intrusions produce no anomalous signal — the traffic looks legitimate because valid credentials are being used. A network enforcement layer that depends on detecting a compromise first inherits every blind spot of in-process monitoring. Enforcement must hold before the alert fires.
The spec runs on every cloud
The Microsoft Agent Control Specification is not Azure-only. Agents built on it run on AWS, GCP, on-premises Kubernetes, and anywhere else enterprises deploy them. In-process SDK controls are scoped to the framework. The network is not.
Two enforcement planes. One source of truth.
The same policy file governs both the agent runtime and the network layer. When the SDK cannot see a call — because the agent has been jailbroken or a dependency has been poisoned — the network still stops it.
Author your policy file
.guardrails.yaml against it — declaring the agent's allowed tool surface, model constraints, and policy boundaries. Same model as OpenAPI: the spec is centrally authored, your policy file is yours. Works across every conformant agent framework.Compile to network policy
Enforce at the wire
"We built Microsoft Agent Control Specification because customers should not have to negotiate a different security model for every agent platform they adopt. The ecosystem is what makes that vision real, and Aviatrix is exactly the kind of partner we hoped would step up. Its Cloud Native Security Fabric enforces Agent Control Specification at the network layer with the pervasive, cross-platform reach no single product can match. That is how an open control plane becomes a defensible enterprise standard."
Two paths. One architecture.
Existing Aviatrix customers
Already running the Controller
If you're already running Aviatrix for multicloud security, the ACS VCA extends your existing policy plane to cover every AI agent workload — no new infrastructure, no additional spend. Your SE will enable the feature flag and walk through deployment. Typically 1–2 weeks from conversation to enforcement.
Net-new to Aviatrix
ACS enforcement is the entry point
If you're evaluating agent governance and want to see the enforcement story before committing to the platform, start with the 30-day Enterprise free trial on AWS or Azure Marketplace. The ACS VCA is included. Sign up above and an SE will walk you through it.
Microsoft authors the standard.
Aviatrix enforces it everywhere.
The Microsoft Agent Control Specification is an open standard designed for ecosystem implementation, not an Azure-only feature. The enforcement ecosystem is what gives it enterprise reach.
Microsoft
Authors the standard
The ACS publishes the schema. Your team writes your own policy file against it. Open source, MIT-licensed, designed to work across every vendor, cloud, and agent framework — not Azure-only.
- Open specification — framework and cloud agnostic
- Policy expressed in Rego, CEL, or Cedar — plugs into standards you already use
- Agent Governance Toolkit — open source, released April 2026
- Works alongside Foundry, Bedrock, Vertex, and any conformant runtime
Aviatrix
Enforces it at the network layer
The Cloud Native Security Fabric carries the same policy into live network enforcement across every cloud — including where Microsoft Foundry does not operate.
- Destination, protocol, and workload identity enforced at the wire
- Default-deny: agents reach only what policy explicitly permits
- Multicloud — AWS, Azure, GCP, and any Aviatrix-connected cloud
- CoPilot FlowIQ — every connection logged with full attribution
Browse the full VCA catalogue.
The ACS VCA is one of eight lab-tested, policy-included containment architectures shipping through June 2026. AWS Bedrock AgentCore, Azure AI Foundry, Enterprise MCP, GitHub Pipelines, LibreChat, and more — each with insertion pattern, SmartGroup model, and baseline DCF policy pack. New architecture every Wednesday through Jun 24.
8 architectures · Weekly releases through Jun 24
500+ enterprises
Including 10% of the Fortune 500
SOC 2 Type II
Independently audited
Zero data-plane access
Aviatrix never touches your traffic
No code changes
Security team deploys — no developer required