Microsoft Agent Control Specification: Why Agent Approvals Are Becoming Enterprise AI Infrastructure

Agent governance is moving from prompts to policy, approvals, and audit.

Buda Team
Back to Blog
Microsoft Agent Control Specification: Why Agent Approvals Are Becoming Enterprise AI Infrastructure

Microsoft introduced the Agent Control Specification, an open, vendor-neutral standard for applying runtime governance across the AI agent lifecycle. TechCrunch also reported on the launch as a way for developers, security teams, and compliance teams to control agent behavior more consistently.

The important point is not that agents need another configuration file.

It is that enterprise AI is moving into a phase where agents can retrieve data, call tools, execute workflows, and act across systems. Once software starts acting on behalf of people, the central question changes from “what can the model do?” to “what is the agent allowed to do, and who approves it?”

Agent control loop

ACS makes governance part of the runtime

Many organizations still manage agent behavior with prompts, application code, framework callbacks, and scattered checks. That works for experiments. It becomes fragile in production.

Microsoft describes ACS as a controls layer, not an agent framework. It defines a portable manifest for where, when, and how policies are evaluated across the agent lifecycle, independent of the agent framework, runtime, or policy engine.

In practice, ACS gives teams a shared contract for agent control:

  • inspect user input before the model sees it;
  • inspect context before a model call;
  • inspect model output before the runtime acts;
  • inspect tool calls before execution;
  • inspect tool results before they re-enter context;
  • inspect the final response before it leaves the agent;
  • evaluate startup and shutdown conditions for configuration, logging, and audit.

At each point, policy can allow, warn, deny, or escalate an action.

That is a major shift. Guardrails are no longer only advice written inside a prompt. They become runtime decisions attached to agent behavior.

The new enterprise question is approval

The more useful an agent becomes, the more often it will touch real business systems: email, tickets, CRM, code repositories, customer data, finance workflows, internal documents, and deployment tools.

Traditional access control can answer whether a credential can call a resource. It is weaker at answering a richer agent question: given everything this agent has seen, the tool it is about to call, the data labels involved, and the current approval state, is this action still safe?

That is why approval becomes infrastructure.

Not old-style approval theater. Not adding five human signatures to every step. The useful version is precise:

  • which actions can run automatically;
  • which actions require human approval;
  • which sensitive data should be masked;
  • which tool calls should be blocked;
  • which evidence must be recorded for audit;
  • which failures should fail closed.

Managed agent workforce

Agent management is becoming a product layer

ACS also shows why agent management cannot be reduced to model selection.

A stronger model may reason better, but it does not automatically create policy, audit, escalation, evidence collection, or human handoff. Those are system responsibilities.

For enterprises, the durable value will come from the layer around agents: identity, permissions, workspace context, tool boundaries, logs, review gates, and improvement loops. Agents will need to be managed more like digital workers than plugins.

How this connects to Buda

Buda is built around the same premise: agents should work inside a human-led system.

A Buda Space defines the organizational boundary. Agents work with files, sessions, terminals, browsers, channels, artifacts, and tasks inside that boundary. Humans can review work, adjust instructions, approve sensitive actions, and take over when needed.

ACS points in the same direction for the broader ecosystem. As agents become more capable, companies will need explicit control surfaces: approval, policy, audit, escalation, and human oversight.

The future of enterprise AI is not just more autonomous agents.

It is better-managed agents.

You can start building human-led agent workflows at buda.im, or read the Buda Agent Workspace docs.