The Agent Control Standard (ACS) launched today as a vendor-agnostic, open standard for governing autonomous AI agents at runtime. The announcement was made at the AI Agent Security Summit in San Francisco on May 27, organized by Zenity at the Commonwealth Club.
ACS addresses a specific problem: enterprises deploying agents across Claude Code, OpenClaw, LangChain, CrewAI, AutoGen, and other frameworks currently have no common mechanism for enforcing safety, compliance, or audit requirements at runtime. Each platform handles governance differently, or not at all.
Three Layers
According to the announcement, ACS is structured around three layers:
Instrument defines runtime hooks and the Guardian Agent pattern for inline policy enforcement. When an agent receives input, sends output, calls a tool, selects which tools to use, transitions from planning to execution, stores a memory, executes code, or invokes a sub-agent, ACS fires a hook. A Guardian Agent intercepts the action, evaluates it against policy, and returns a verdict: allow, deny, or modify. These are deterministic controls enforced inline, before actions reach production systems.
Trace extends OpenTelemetry and OCSF with agent-specific semantic conventions for observability.
Inspect extends CycloneDX and SPDX for agent bill-of-materials and composition analysis.
Who Built It
The ACS initiative is being coordinated by Rock Lambros, director of AI standards and governance at Zenity, and Michael Bargury, co-creator of ACS and co-founder and CTO of Zenity, according to BusinessWire. Zenity, which was selected earlier this month for AWS Security Hub Extended, has positioned itself at the center of the agent security space through its summit series and governance tooling.
The standard builds on existing specifications including OWASP, ASVS, AIVSS, OpenTelemetry, CycloneDX, SPDX, MCP, and A2A. A reference implementation of the hook-based middleware layer and Guardian Agent SDK is available on GitHub.
The Governance Gap
The timing is pointed. BeSafe-Bench, published this week, tested 13 production AI agents in real environments and found none could complete 40% of tasks while respecting all safety constraints. The EU has delayed its high-risk AI Act deadline from August 2026 to December 2027, giving enterprises more runway but no more clarity on how to govern agent behavior in the interim.
The ACS framework, according to its creators, “provides direction on how organizations should be instrumenting their agentic workflows and environments to achieve better security and governance outcomes,” per the BusinessWire announcement.
The Standards Race
ACS enters an increasingly crowded standards landscape. AGENTS.md, now governed by the Agentic AI Foundation under the Linux Foundation, is reported across 60,000+ repositories for project-level agent context. Agent Skills provides portable capability definitions across 30+ tools. DESIGN.md from Google Labs handles visual identity for UI-generating agents. Microsoft released its Agent Governance Toolkit this week covering OWASP Agentic Top 10. NVIDIA’s Verified Agent Skills framework addresses capability governance.
ACS targets a different layer: not what agents know or can do, but what they are permitted to do in real time. The question is whether enterprise teams will adopt yet another standard or wait for platform vendors to build proprietary equivalents. The ACS site acknowledges this directly: “The window for an open standard to define this layer is narrow. Proprietary alternatives are emerging.”