Aviatrix Extends Microsoft Agent Control Specification to the Network Layer, Closing the One Path AI Agents Cannot Evade
The Aviatrix Cloud Native Security Fabric is among the first cross-cloud, multi-framework enforcement substrates for the Microsoft Agent Control Specification, carrying a single policy file across popular enterprise clouds and bounding the Blast Radius of every AI agent in production.
San Jose, CA, June 04, 2026 (GLOBE NEWSWIRE) -- Aviatrix today announced integration of its Cloud Native Security Fabric with Microsoft Agent Control Specification, one of the first network-layer implementations of an open control plane for AI agents. Unveiled at Microsoft Build 2026, the integration extends a single Agent Control Specification policy file from the agent runtime into live network enforcement across AWS, Azure, Google Cloud, and on-premises Kubernetes. The integration is available to all Aviatrix customers at no additional cost through Aviatrix’s Early Access program.
"Agents do not ask for permission, they do not respect platform boundaries, and they do not stop at the perimeter," said Chris McHenry, chief product officer at Aviatrix. "After running Microsoft Agent Control Specification in private preview, what became clear is that a shared standard is only as strong as the layer that enforces it everywhere the agent operates. The Aviatrix Cloud Native Security Fabric delivers that enforcement at the one layer the agent does not control."
The Aviatrix Cloud Native Security Fabric is now one of the first network-layer enforcement substrates that allows enterprises to govern every AI agent with one policy file, regardless of which agent framework was used to build it, which cloud it runs in, or which Kubernetes runtime hosts it.
The agentic AI problem at enterprise scale
When prevention fails, and detection is too slow, containment decides whether the incident becomes a breach. AI agents make that question structural. They are the AI workload bullseye: ephemeral enough to defeat agent-based defense, privileged enough to concentrate non-human identity risk, and shipped fast enough to outrun security review. They acquire credentials, call tools, and reach outbound destinations at machine speed without asking permission. They run on Strands, LangChain, AutoGen, and frameworks that do not yet exist. They deploy across every cloud and every Kubernetes runtime an enterprise adopts. They can also be lied to by their own runtime.
Existing controls solve only fragments of that problem. SDK guardrails are agent-dependent, enforcing only what runs in the process they instrument. Posture and observability tools surface risk without enforcing policy on live traffic. Identity systems govern the user, not the agent's tool surface. None survives a poisoned dependency, a jailbroken prompt, or a hallucinated tool call that the in-process runtime believes is legitimate.
The architectural reality security teams now confront is straightforward. The agent runtime can be deceived. The network cannot. Wherever the packet has to travel, that is where enforcement holds.
One policy file, enforced everywhere the agent operates
Microsoft Agent Control Specification is an open-source control plane for AI agents. Its underlying open spec, the Agent Control Specification (ACS), provides the industry with a single shared file format (.guardrails.yaml) for declaring an agent’s allowed tool surface, model choice, and policy boundaries, which is published openly on GitHub. Microsoft authored the specification to be implemented across vendors and clouds, not as an Azure-only feature. That is what makes it a genuine industry standard.
The division of labor is clean. The developer authors the standard. The ecosystem implements the in-process side across any SDK in any language. Aviatrix carries the same policy at the wire across every cloud an enterprise uses, including AWS and Google Cloud. One policy file, two enforcement planes, three cloud providers, every Kubernetes runtime, governed by the same source of truth.
In practice, the integration is one file in Git and two GitHub Actions running in parallel. The first deploys the agent to AKS, EKS, GKE, or on-premises Kubernetes. The second compiles the Agent Control Specification into an Aviatrix Distributed Cloud Firewall custom resource definition, which the Aviatrix controller reconciles into live policy across the customer's entire cloud estate within minutes.
The result is two enforcement planes governed by the same source of truth. In-process, the Microsoft Agent Control SDK enforces tool-name and argument-level controls inside the agent's runtime. At the wire, the Aviatrix Cloud Native Security Fabric enforces destination, protocol, identity, and policy on every outbound connection the agent attempts. Enforcement is path-complete, identity-aware at Layer 7, and detection-independent: it holds before, during, and after a compromise, on every path the agent can take. When the SDK cannot see a call because the agent has been jailbroken or a dependency has been poisoned, the network still holds.
Through the integration, the Blast Radius of any compromised agent is bounded by the architecture itself, before any human is alerted and independent of whether the in-process control failed.
The long arc for agentic AI security
Containment is the architectural answer to a threat model in which prevention fails, and detection arrives too late. The math has already decided: 82% of intrusions in 2026 ride valid credentials through legitimate channels, producing no anomalous signal, and the gap between vulnerability disclosure and exploitation now runs at 6.5 times the enterprise patching cadence. Detection cannot reach the credential vector. Patching cannot close it. Only architecture can.
Agentic AI is the most demanding test faced by enterprises. By 2027, many enterprises are projected to run more agent instances than human employees. Each one is a workload with credentials, a network identity, and outbound reach. Each one will, at some point, be wrong, compromised, or turned against the organization that deployed it.
The defenders who lead the next decade will treat agents as workloads, govern them at the network, and measure security posture by Blast Radius rather than by mean time to detect. A specification at the agent layer is necessary. It is not sufficient. The shared standard is only as strong as the layer enforcing it along every path the agent can take. That layer is the network, and the architecture that runs there is Containment.
Sarah Bird, Chief Product Officer, Responsible AI, Microsoft said: “We built Microsoft Agent Control Specification because customers should not have to negotiate a different security model for every agent platform they adopt. The ecosystem is what makes that vision real, and Aviatrix is exactly the kind of partner we hoped would step up. Its Cloud Native Security Fabric enforces Agent Control Specification at the network layer with the pervasive, cross-platform reach no single product can match. That is how an open control plane becomes a defensible enterprise standard.”
Availability
The Aviatrix/Agent Control Specification integration is now available to all customers running the Aviatrix Cloud Native Security Fabric through its early access program. Aviatrix validated the integration end-to-end on Amazon EKS first, as deliberate proof that the Microsoft Agent Control Specification carries over to the clouds Microsoft Foundry does not operate in. Supported runtimes include AKS, EKS, GKE, and on-premises Kubernetes. Supported frameworks include Strands, LangChain, AutoGen, and any conformant agent runtime built to the Microsoft Agent Control Specification. The integration is included in existing Aviatrix subscriptions at no additional cost.
Resources
A reference implementation, including all GitHub Actions and demonstration configuration files, will be publicly available June 10, 2026, at Aviatrix Containment for Agents. Developers will be enabled to clone the repository and run the end-to-end integration locally in 15 minutes.
Security architects and CISOs looking to evaluate multicloud enforcement for ACS-governed agents can schedule a technical conversation with the Aviatrix team via our contact page.
About Aviatrix
Aviatrix is pioneering the Cloud Native Security Fabric, the architecture the Containment Era requires. The Cloud Native Security Fabric governs every workload communication path across every cloud, every VPC, every Kubernetes cluster, and every serverless function from a single policy plane. One rule. Universal propagation. Enforced at the workload, not at a chokepoint. Trusted by more than 500 of the world's leading enterprises. For more information, visit aviatrix.ai.
Aviatrix 888-311-8328 corpcomms@aviatrix.com
Legal Disclaimer:
EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
