AI Security
Microsoft Proposes an Open Trust Stack for AI Agents
Published June 04, 2026 by Dillip Chowdary
Microsoft is framing agent trust around interoperable identity, permissions, provenance, policy, and communication standards rather than app-specific controls.
What Changed
- Agent identity: The trust stack centers on proving who an agent is, what user or service it represents, and which capabilities it may invoke.
- Policy portability: Shared specifications reduce the chance that every tool builds a different permission model for autonomous actions.
- Security baseline: Enterprises should expect stronger demand for signed tool manifests, attestable actions, and auditable delegation chains.
Architecture Impact
For engineering teams, the important shift is that agent infrastructure is becoming a managed platform layer. Identity, memory, tool invocation, evaluation, telemetry, and publishing are no longer optional wrappers around a model call. They are now part of how production teams control reliability, cost, and blast radius.
The practical design question is where state lives and who can act on it. Agents that read documents, query operational data, call tools, or publish work need typed interfaces, permission boundaries, and observable handoffs. Without those controls, faster agent development can create a wider operational risk surface.
Rollout Checklist
Start with one contained workflow, define the approved tools, log every action, and require human review for writes into production systems. Add regression evaluations for prompts, tool schemas, and retrieval sources before expanding the agent to more users.
Start modeling agent permissions as delegated identity and capability grants, not as generic API keys buried in prompts.