# 微軟發布了 AI 代理的開源標準,讓開發者和安全團隊能定義代理應遵循的政策。 *genai · news · 2026-06-02 · TechCrunch* ## Key points - 微軟推出 Agent Control Specification (ACS),一個用於控制 AI 代理行為的開源標準。 - ACS 讓團隊能定義細緻的政策,控制代理行為、人類批准及證據記錄。 - 政策在代理工作流程的多個攔截點強制執行,而非僅在輸入或輸出時。 - ACS 政策檔案可隨代理跨框架傳遞,確保在不同環境中治理一致。 - ACS SDK 包含 LangChain、OpenAI Agents SDK、Anthropic Agents SDK 及其他熱門框架的外掛。 As AI agents grow ever more capable, enterprises racing to put them to work across applications, workflows, and products face a new challenge: ensuring an agent does what it’s supposed to do when it’s deployed across different environments. Microsoft is trying to solve this problem with a new open-source standard called Agent Control Specification, or ACS, that aims to give developers a more consistent and granular way to control what AI agents are allowed to do. The specification essentially lets developer, compliance, and security teams define their own policies for agents to follow. The rules can define what the agent may do, what it must not do, when a human should approve an action, and what evidence should be logged for later review. These policy files are checked at several “interception points” when the agent is off performing a task to make sure it stays within the guardrails. The spec comes as developers are improvising ways to control what their AI sees and does, especially with conversations focusing on AI workflows going wrong due to tool misuse, or unintended actions that result in cascading failures. Today, developers might specify instructions in a system prompt, add custom checks in the application code, or use classifiers to catch problematic inputs and outputs. Those approaches work, but they often leave companies with fragmented controls that are hard to audit and harder to reuse across different frameworks, interfaces, and systems. ACS aims to integrate those controls into a common governance layer. Microsoft says the specification can be used to check whether an agent is sticking to guardrails at multiple points in its workflow — before it receives input, before it calls a tool, after a tool returns a result, and before the final response is sent to the user. A policy may allow an action, block it, redact sensitive information, or even ask a person to approve it. Developers can also insert classifiers for inputs and outputs to categorize information, predict outcomes, or determine how an agent should respond; add LLMs with prompts to act as a “judge” for policies; and logic for checking tool calls, tool selection, input accuracy, output usage, and responses. And because these policies can be written as single files, they can be bundled with agents, allowing a security policy to follow an agent across different frameworks and environments. ACS is shipping as an SDK with plugins for LangChain, the OpenAI Agents SDK, the Anthropic Agents SDK, AutoGen, CrewAI, Semantic Kernel, Microsoft.Extensions.AI, MCP tools, and more. **Companies:** Microsoft **Countries:** United States [Read the full story on TechCrunch](https://techcrunch.com/2026/06/02/microsoft-offers-devs-a-better-way-to-control-ai-agent-behavior/) --- Canonical: https://newsio.io/zh-TW/n/c91af677-f1f0-456b-9298-5012b736061b/ai Summarized by Newsio from TechCrunch. https://newsio.io/how-it-works