AI joins DevOps as a 'trust layer'

AI agents are being folded into DevOps less as replacements for engineers than as a control plane that checks what autonomous systems are allowed to do. (opensource.microsoft.com) In software delivery, DevOps is the machinery that moves code from a laptop to production. For AI agents, the new problem is not only whether a model answers correctly, but whether an agent can call tools, touch data, or trigger deployments without breaking policy. (martinfowler.com) (techcommunity.microsoft.com) Microsoft put that idea into a product on April 2, when it released the Agent Governance Toolkit under the MIT license. The company said the software applies operating-system controls, service-mesh identity, and site reliability engineering patterns to autonomous agents. (opensource.microsoft.com) (techcommunity.microsoft.com) Microsoft said the toolkit intercepts every agent action before execution with under 0.1 millisecond p99 latency and supports YAML, Open Policy Agent Rego, and Cedar rules. It also assigns agents cryptographic identities and trust scores on a 0-to-1000 scale. (opensource.microsoft.com) Amazon has been moving in the same direction. AWS said on March 31 that Bedrock AgentCore Evaluations became generally available, after policy controls had reached general availability on March 3. (aws.amazon.com) AWS said AgentCore’s software development kit was downloaded more than 2 million times in its first five months. The company framed the new controls as a way to set boundaries on agent actions, monitor quality continuously, and keep audit trails as agents move into customer-facing work. (aws.amazon.com) A smaller vendor pushed the same thesis on Tuesday. Virtue AI announced PolicyGuard on April 28, saying enterprises can turn policy documents into runtime controls across models, agents, and applications, including workflows that make application programming interface calls. (prnewswire.com) The backdrop is a new security vocabulary for agentic systems. OWASP published its Top 10 for Agentic Applications in December 2025, listing risks such as goal hijacking, tool misuse, identity abuse, memory poisoning, cascading failures, and rogue agents. (genai.owasp.org 1) (genai.owasp.org 2) That list is starting to shape the infrastructure vendors are shipping. Microsoft said its toolkit addresses all 10 OWASP categories, and OWASP says the framework was developed with contributions from more than 100 experts, researchers, and practitioners. (opensource.microsoft.com) (genai.owasp.org) Regulation is adding a deadline. Microsoft said the European Union AI Act’s high-risk obligations take effect in August 2026, while the Colorado AI Act becomes enforceable in June 2026. (opensource.microsoft.com) The practical outcome is a new layer in the delivery stack: tests for code, scans for containers, and now policy checks for agent behavior before and during runtime. The pitch from vendors and practitioners is that AI can move faster in production only if another system is watching it just as closely. (martinfowler.com) (aws.amazon.com) (techcommunity.microsoft.com)