5 posts
Microsoft's Agent Governance Toolkit shipped the cleanest validation of deterministic policy enforcement in agent security: 26.67% violations under prompt-only safety, 0% under AGT. AGT governs one runtime. The harder problem is governance across many.
Oracle has named the category: runtime governance for agentic AI. Their framework is right; their architectural assumption is wrong for most teams. PolicyLayer enforces the same five pillars at the MCP boundary.
Anthropic published the production playbook for MCP: 300M SDK downloads, thin tools over 2,500 endpoints, OAuth vaults. The playbook stops at the tool call. Argument-level policy is what comes next.
Cloudflare's enterprise MCP launch solves discovery, access, and shadow-MCP prevention. That's the baseline. The harder question — what agents are allowed to do once they're inside — needs a different primitive.
Microsoft's open-source toolkit: nine packages for agent policy, identity, and compliance. Review of what works — and the MCP-shaped hole teams must bridge themselves.