Geordie Extends Microsoft Partnership to Support Agent Control Specification
Helping customers keep agent controls consistent as their infrastructure evolves.
AI agents are moving into production across enterprise environments, working across tools, workflows, data, and internal systems. Security and AI teams now need controls that work while agents are operating, not only before deployment or at the input and output layer.
Geordie AI is extending our partnership with Microsoft to support and help shape the Agent Control Specification, previously known as Agent Shield. With ACS, Microsoft is creating a common way for teams to apply runtime controls to agents as they act.
At Geordie, our contribution is grounded in the work we do with customers every day: helping teams understand agent behavior, govern tool use, and apply controls in production across cloud, code, endpoint, SaaS, and internal systems.
For customers, this partnership is about flexibility. As agent environments become more complex, policies need to work across different platforms, frameworks, and deployment models. ACS helps create a shared approach for how policy decisions are made and enforced during agent execution.
Why this matters for customers
Security and AI teams are already governing agents that carry context, call tools, interact with enterprise data, and make decisions during execution. Design-time guardrails and input-output checks remain useful, but they do not cover the full way agents behave once they are running.
Shared runtime standards help customers avoid fragmented control models as the ecosystem develops. Agent platforms, frameworks, and deployment patterns will continue to change. Customers should not have to rebuild governance every time their agent stack changes.
Geordie is extending our Microsoft partnership to include ACS because practical interoperability matters. Beam remains the primary way Geordie customers define, manage, and apply controls across agent behavior. ACS support gives customers another path for extending Geordie-authored policies into compatible agent environments.
What Beam remediation now supports
Beam now supports policy import and export aligned with Microsoft Agent Control Specification formats.
Teams can author, test, and manage policies in Geordie, then enforce them through Beam or export them into ACS-compatible environments when that is the right fit. Beam already supports open policy formats, including Cedar, and ACS support extends that coverage into Microsoft’s runtime governance ecosystem, including Rego-based implementations where relevant.
Policies can be imported or exported directly from the Beam policy editor without manual translation between formats.
A practical example: controlling MCP access
A common scenario is an agent with access to an MCP server that sits outside approved policy.
A developer may have built an agent that can access a specific MCP server, giving it the ability to query logs, metrics, and infrastructure data. The organisation may decide that this MCP is out of scope for that agent, or that access requires additional controls.
In Beam, a security or platform team can author a policy that restricts the agent’s access to that MCP. The policy is written around agent behavior: which tools the agent can invoke, under what conditions, and with what constraints.
From there, the team can choose the enforcement path that fits their environment. They can enforce the policy directly through Beam, or export it in an ACS-compatible format.
If Beam is enforcing the policy, the attempted tool invocation is evaluated at runtime and blocked before the MCP server is called. The agent receives a structured refusal, and the prohibited action does not execute.
If the policy is exported into an ACS-compatible runtime, the same governance intent can be enforced through that environment using the ACS enforcement model.
Building runtime governance customers can trust
Our work with Microsoft on ACS is a natural extension of our existing partnership and the expertise we bring from securing agent behavior in production. We are contributing that perspective into shared runtime governance patterns, while continuing to build the Geordie platform customers use to understand and control agents today.
As agents become embedded in enterprise operations, customers need controls that work across environments and implementation paths. Portable policy formats and shared runtime standards make agent governance easier to adopt and harder to fragment.
Geordie will continue working with Microsoft across our existing integration footprint, initiatives like ACS, and the wider ecosystem to help customers govern agent behavior as these systems continue to evolve.
