Agentic AI adoption has revealed problems caused by non-deterministic behavior and high query volume from autonomous agents. Agents generate far more API requests than human users, which can flood services, block calls and responses, and reduce availability. A fundamental API redesign is difficult to deliver quickly due to budget and capacity constraints. A practical approach is to treat agents as a new class of user and manage their API access through lifecycle policies. Using Model Context Protocol (MCP) as a standard wrapper provides a common environment for implementing governance controls. Microsoft’s Agent Governance Toolkit applies policy-based enforcement at runtime, evaluating calls before they are made, and is positioned as safer than relying on prompt rules.
"The rapid uptake of agentic AI has exposed a range of issues with our non-deterministic helpers. That's mainly because AI agents are not people and don't behave like people, even though they generally use the same APIs as humans. For one thing, they make many more queries than a human would, as they build the necessary context to deliver a response."
"Anecdotal data from companies that have worked with agents or who have users who access services through agents indicate that this can mean massive increases in API usage, which have affected availability. This increase is the result of automated requests flooding in and blocking calls and responses from APIs that worked perfectly well a year or so ago but now are struggling to cope with the load."
"What's needed, then, is a way to manage agent interactions with APIs, treating agents as a new class of user, providing and enforcing the policies that are needed to manage agent life cycles. The use of Model Context Protocol (MCP) as a standard wrapper for agent access to APIs helps here, as it gives us a common environment where we can implement the governance layer needed to keep agents under control."
"Microsoft recently launched a public preview of its open-source Agent Governance Toolkit (AGT), which is intended to wrap policy-based enforcement around agents, ensuring that calls are evaluated before they're made. You can think of the toolkit as a way to manage agent actions, rather than controlling the inputs and outputs of the large language models (LLMs) your agents use."
#agent-governance #runtime-policy-enforcement #api-usage-and-availability #model-context-protocol-mcp #owasp-agent-risks
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]