Microsoft unveiled a specification that gives developers a concrete way to dictate AI agent behavior.
The spec defines a portable policy file format that can be bundled with an agent at build time or injected at runtime. Teams can write rules—such as data‑handling limits, access controls, or profanity filters—and the agent must obey them or refuse to act. The format is open, language‑agnostic, and intended to work across Azure, OpenAI, and on‑premise setups.
For organizations, the change means policy enforcement moves from a post‑hoc review to the code‑level contract. Security auditors can verify compliance without digging into model internals, and developers gain a predictable guardrail against unwanted outputs. It also sidesteps the need for each vendor to ship its own proprietary controls.
The move mirrors earlier attempts to standardize AI safety, but Microsoft’s open‑file approach may finally give enterprises a reusable tool rather than a collection of ad‑hoc scripts.