Agentic AI introduces security and reliability issues because autonomous agents behave differently from people while using similar APIs. Agents often generate far more queries to build context, which can cause large increases in API usage and lead to availability problems when services cannot handle the added load. A redesign of APIs may be required, but it is difficult to deliver quickly due to budgets and capacity. Managing agent interactions with APIs as a distinct user class enables lifecycle policies and runtime enforcement. Using Model Context Protocol as a standard wrapper provides a common environment for a governance layer. Microsoft’s Agent Governance Toolkit applies policy-based enforcement so calls are evaluated before execution, focusing on agent actions rather than LLM inputs and outputs.
"The rapid uptake of agentic AI has exposed a range of issues with our non-deterministic helpers. That's mainly because AI agents are not people and don't behave like people, even though they generally use the same APIs as humans. For one thing, they make many more queries than a human would, as they build the necessary context to deliver a response."
"Anecdotal data from companies that have worked with agents or who have users who access services through agents indicate that this can mean massive increases in API usage, which have affected availability. This increase is the result of automated requests flooding in and blocking calls and responses from APIs that worked perfectly well a year or so ago but now are struggling to cope with the load."
"What's needed, then, is a way to manage agent interactions with APIs, treating agents as a new class of user, providing and enforcing the policies that are needed to manage agent life cycles. The use of Model Context Protocol (MCP) as a standard wrapper for agent access to APIs helps here, as it gives us a common environment where we can implement the governance layer needed to keep agents under control."
"Microsoft recently launched a public preview of its open-source Agent Governance Toolkit (AGT), which is intended to wrap policy-based enforcement around agents, ensuring that calls are evaluated before they're made. You can think of the toolkit as a way to manage agent actions, rather than controlling the inputs and outputs of the large language models (LLMs) your agents use."
#agent-governance #runtime-policy-enforcement #api-security #model-context-protocol-mcp #owasp-agent-risks
Read at InfoWorld
Unable to calculate read time
Collection
[
|
...
]