Microsoft released the Agent Governance Toolkit (AGT) on April 2, 2026. I built Asqav, an open source Python SDK for the same problem space. Both have evolved since launch so here is an updated honest comparison.
What they share
Both tools exist because AI agents are being deployed without governance. Both cover all 10 OWASP Top 10 for Agentic Applications risks. Both are MIT licensed and open source.
Architecture
Microsoft AGT is a multi-package runtime governance platform. It includes a policy engine (agent-os-kernel), trust mesh (agentmesh-platform), runtime supervisor, SRE toolkit, compliance attestation, and a plugin marketplace. Available in Python, TypeScript, .NET, Rust, and Go.
Asqav is a thin Python SDK plus an MCP server. You pip install it, add a few lines of code, and every agent action gets a quantum-safe signature chained to the previous one. Simpler scope, narrower focus.
Identity and signing
Microsoft AGT uses Ed25519 cryptographic credentials with SPIFFE/SVID support and trust scoring on a 0-1000 scale. SHA-256 tamper detection of governance modules at startup.
Asqav uses ML-DSA-65 (FIPS 204), a quantum-safe signature algorithm designed to remain secure against quantum computing attacks. Every action is individually signed and hash-chained. RFC 3161 timestamps on each signature.
Key difference: Ed25519 will be broken by quantum computers. ML-DSA-65 will not. For audit trails that need to remain verifiable for 10+ years (EU AI Act retention requirements), quantum-safe signing matters.
Enforcement
Asqav provides three explicit tiers:
- Strong: MCP server acts as a non-bypassable tool proxy
- Bounded: pre-execution gates with signed proof
- Detectable: hash-chained audit trail
Plus bilateral receipts that bind authorization decisions to execution results, and hidden tool policies that remove tools from agent discovery entirely.
Microsoft AGT provides policy enforcement via agent-os-kernel, execution sandboxing with 5 permission levels, and circuit breakers. More comprehensive runtime controls but without the explicit enforcement tier classification.
Scope
Microsoft AGT is broader: multi-language SDKs, plugin marketplace, SRE toolkit, RL training governance, A2A/MCP/IATP protocol bridges, 9,500+ tests. It is a full governance platform.
Asqav is narrower: Python SDK, MCP server, CI scanner. Focused on cryptographic proof and enforcement. Fewer moving parts.
When to use which
Use Microsoft AGT if you need a comprehensive governance platform across multiple languages with execution sandboxing, trust mesh, and plugin lifecycle management.
Use Asqav if you need quantum-safe cryptographic proof of agent actions, three-tier enforcement with bilateral receipts, and a simple Python integration.
They are complementary. You could run AGT for runtime governance and Asqav for the quantum-safe signing layer.
Top comments (0)