microsoft/agent-governance-toolkit

The Agent Governance Toolkit is a strategic move by Microsoft to define the standard for enterprise AI agent infrastructure. With 864 stars in just 38 days, it has achieved massive initial velocity. The defensibility stems from its systemic approach: rather than just being a 'prompt firewall,' it integrates deep infrastructure primitives like Spiffe/Spire for identity and OPA for policy, creating a moat through complexity and architectural gravity. It targets the 'OWASP Agentic Top 10,' which positions it as the de facto compliance tool for risk-averse enterprises. However, the platform domination risk is high—Microsoft is likely using this open-source project as a reference implementation to drive adoption of Azure AI Foundry's governance features. It competes with specialized AI security startups (e.g., Lakera, HiddenLayer, WhyLabs) by moving the security layer from the application level down to the infrastructure level. The primary risk is that frontier labs like OpenAI or Anthropic could bake similar 'agentic safety' features directly into their model-as-a-service APIs, potentially rendering third-party governance layers redundant for simpler use cases.