Mar 11, 2026
Announcing Agent Control: The Open Source Control Plane for AI Agents
Last month, an agent at a Fortune 500 company autonomously dropped a production table. The team's guardrail didn’t catch it. They used an if-statement to check for "DROP TABLE" in the SQL output, but the agent operated the database via a different tool call instead. Then PagerDuty went off at 3am. On a Saturday morning. There was no playbook for mitigating unwanted behavior in the agents. The SREs had to pull the plug.
This is the state of agent governance today. Hardcoded checks are scattered across codebases. Safety logic must be bespoke-engineered for each agent. And when something goes wrong, the only remedy is to take the agent offline, patch the code, and redeploy.
That's not governance. That's playing roulette with your production Agents. We must do better.
The Real Problem: Adhoc, Hard-coded Controls
Teams are defining their own logic-based checks or guardrails today. But they are just in the wrong place.
Gateway solutions: These API proxies filter traffic in and out of your agent. They can catch a toxic input or block PII in the final response. But they're blind to everything that happens in between. Which tool the agent selected, what arguments it passed, and what the database returned. You can’t govern, let alone steer, at this level.
Framework-level guardrails: Are natively built into LangChain, CrewAI, or the OpenAI Agents SDK. These operate at the right depth, but they're deeply embedded into the code. Updating a guardrail means changing the agent's source code, testing it, and redeploying. When you have fifty agents built across many different teams, a single policy update becomes fifty engineering tickets. Unsustainable.
We need a governance layer that combines necessary depth with centralized control: step-level enforcement, managed from a single control plane, updatable in real-time without touching agent code. Forrester calls this an Agent Control Plane. As of today, you have one.
Enter Agent Control
To solve this, Galileo is proud to contribute Agent Control to the open-source community. Agent Control is a control plane that establishes a new standard for governing agent behavior. Released under the Apache 2.0 license and featuring contributions from some of the largest infrastructure companies in the world, it provides three capabilities we couldn’t find anywhere else.
1. One Decorator For Every Decision Boundary: Integration Made Easy
To make any function in your agent governable, developers just add a single line:
@control() async def query_database(sql: str) -> Results: return await db.execute(sql)
That's the entire integration. The @control() decorator turns any function into a governed decision point. No custom API wiring. No payload construction. No fuss.
Unlike gateway approaches that can only see what enters and exits the agent, @control() hooks can be placed at every meaningful step. An agent that chains together six internal functions can have six independently governed control points, each with its own policies.
2. Policies Decoupled from Code: Unlocks Centralized Runtime Enforcement
When a decorated function executes, the decorator calls the Agent Control server (or local cache, when configured). The system evaluates the input or output against the active policy and returns a decision: deny, steer, warn, log, or allow. If the decision is denied, the SDK raises a ControlViolationError before the unsafe action can proceed.
The critical design decision: what gets evaluated, how, and what action to take is defined remotely—not in the agent's code. Developers own where to place control hooks. Policy teams decide what those hooks enforce. This separation means a compliance team can update a PII detection policy across every agent with a single change. No code updates. No redeployment. No agent restarts. The next request automatically uses the new business logic.
3. Any Guardrail, One Control Plane
Agent Control's evaluator architecture is pluggable. You aren't locked into a single vendor's detection models. A single policy can combine Galileo's Luna for toxicity detection, NVIDIA NeMo for topic guardrailing, AWS Bedrock for compliance checks, simple regex for PII patterns, and your own custom evaluator for domain-specific business logic. All running through the same control plane, managed from the same dashboard.
This is the "best-of-breed" approach to agent governance: assemble the strongest possible detection stack from the tools that work best for each use case, without adopting any single vendor's entire platform.
A centralized Control Store enables easy enforcement of key controls across your entire fleet.
A single-pane-of-glass view greatly enhances governance across all your agents in production.
Why Open Source Matters
Every centralized solution on the market today is proprietary and locked to a specific cloud ecosystem. In the past twelve months alone, three of the leading open-source guardrails projects have been acquired by larger platforms — narrowing the options for organizations that don't want to bet their governance infrastructure on a single vendor.
Agent Control is open source because runtime governance for AI agents should be infrastructure, not a product moat. Apache 2.0 means full transparency into how controls are evaluated, no vendor lock-in, and the ability for the community to contribute evaluators, framework integrations, and policy templates.
Galileo + Agent Control
With Galileo’s end-to-end evaluation and observability platform, enterprise teams are building their Eval Engineering practices to ensure accurate and reliable agents in production.
Agent Control is the natural next step for our customers to double down on deploying a centralized, end-to-end governance stack for all their agents, without any vendor-lock-in.
Stay tuned for how Galileo leverages Agent Control to leverage its industry leading evaluation and guardrails capabilities to ensure state-of-the-art centralized runtime governance in the Enterprise.
Quotes from our Launch Partners:
Cisco AI Defense
“Runtime guardrails are increasingly critical for AI agents in production. We’re pleased to partner with Galileo’s Agent Control project to make Cisco AI Defense’s guardrails available to developers leveraging this open source agent control plane. This is a huge step forward for centralized governance of AI Agents and we look forward to helping shape the security and governance stack with this partnership.”
— DJ Sampath, SVP, AI Software and Platform, Cisco
CrewAI
“I've talked to hundreds of enterprise teams trying to deploy agents. The blocker is never 'can it do the task.' It's mostly 'how do we know it won't do the wrong thing.' Agent Control is a great answer to that question and works natively with CrewAI.”
– Joao Moura, Founder & CEO at CrewAI
Crew AI Launch Blog coming soon
Strands Agents SDK
"The hardest part of production agents isn't blocking bad output, it's getting the agent to learn from mistakes and deliver great results for customers. That's what Strands Steering does, and Agent Control makes it policy-driven so developers can manage safety rules across all their agents without redeploying. We are very excited about our launch partnership and the open-source Agent Control project."
– Ryan Coleman, Principal PM at AWS, Strands Agents SDK
Glean
“As AI agents take on more responsibility across enterprise systems, organizations need stronger oversight of how they access sensitive data and take action. At Glean, permission awareness and governance are built into how agents operate from the start. Collaborating with Galileo on Agent Control helps extend those protections with centralized guardrails for managing agent behavior at scale."
– Sunil Agrawal, CISO at Glean
Rubrik
"The number one blocker for enterprise agents is no longer the models – those are getting better every day. To graduate agents to production, the industry needs transparent, community-driven guardrails. Open-source projects like Agent Control are exactly the kind of open-standards the industry needs to make autonomous agents safe for the enterprise."
– Dev Rishi, GM of AI at Rubrik
ServiceNow
"Enterprises are accelerating their adoption of agentic AI, but trust, reliability, and governance remain the defining barriers to scale. We’re excited to partner with Galileo to bring deep observability and control to AI agents, and we see strong potential for Galileo’s Agent Control capabilities to seamlessly integrate with ServiceNow’s AI Control Tower - enabling customers to centrally manage, secure, and govern AI with confidence.”
– Ofer Vaisler, VP of AI Product Management at ServiceNow
Get Involved
Agent Control is the beginning of a broader movement to bring principled governance to AI agents. We're actively looking for contributors and partners to build this ecosystem.
Developers: Star the repo, try the quick-start, and contribute custom evaluators or framework integrations. The repo is live today.
Partners: If you sell agents or agent platforms, Agent Control unlocks centralized governance out of the box — reducing trust objections and accelerating deal velocity. Work with us to add @control() hooks support to your framework and give your customers governance over third-party agents in their fleet as well.
Enterprises: Deploy Agent Control internally to establish centralized governance across your agent swarm. Start with one agent, one policy, one decorator. Everything scales from there..
Learn More
It's time to claw back control and turn pilots into live, production-ready agents.
Visit AgentControl on GitHub to get started.
Learn about best practices at agentcontrol.dev.
Join our Slack community.
Last month, an agent at a Fortune 500 company autonomously dropped a production table. The team's guardrail didn’t catch it. They used an if-statement to check for "DROP TABLE" in the SQL output, but the agent operated the database via a different tool call instead. Then PagerDuty went off at 3am. On a Saturday morning. There was no playbook for mitigating unwanted behavior in the agents. The SREs had to pull the plug.
This is the state of agent governance today. Hardcoded checks are scattered across codebases. Safety logic must be bespoke-engineered for each agent. And when something goes wrong, the only remedy is to take the agent offline, patch the code, and redeploy.
That's not governance. That's playing roulette with your production Agents. We must do better.
The Real Problem: Adhoc, Hard-coded Controls
Teams are defining their own logic-based checks or guardrails today. But they are just in the wrong place.
Gateway solutions: These API proxies filter traffic in and out of your agent. They can catch a toxic input or block PII in the final response. But they're blind to everything that happens in between. Which tool the agent selected, what arguments it passed, and what the database returned. You can’t govern, let alone steer, at this level.
Framework-level guardrails: Are natively built into LangChain, CrewAI, or the OpenAI Agents SDK. These operate at the right depth, but they're deeply embedded into the code. Updating a guardrail means changing the agent's source code, testing it, and redeploying. When you have fifty agents built across many different teams, a single policy update becomes fifty engineering tickets. Unsustainable.
We need a governance layer that combines necessary depth with centralized control: step-level enforcement, managed from a single control plane, updatable in real-time without touching agent code. Forrester calls this an Agent Control Plane. As of today, you have one.
Enter Agent Control
To solve this, Galileo is proud to contribute Agent Control to the open-source community. Agent Control is a control plane that establishes a new standard for governing agent behavior. Released under the Apache 2.0 license and featuring contributions from some of the largest infrastructure companies in the world, it provides three capabilities we couldn’t find anywhere else.
1. One Decorator For Every Decision Boundary: Integration Made Easy
To make any function in your agent governable, developers just add a single line:
@control() async def query_database(sql: str) -> Results: return await db.execute(sql)
That's the entire integration. The @control() decorator turns any function into a governed decision point. No custom API wiring. No payload construction. No fuss.
Unlike gateway approaches that can only see what enters and exits the agent, @control() hooks can be placed at every meaningful step. An agent that chains together six internal functions can have six independently governed control points, each with its own policies.
2. Policies Decoupled from Code: Unlocks Centralized Runtime Enforcement
When a decorated function executes, the decorator calls the Agent Control server (or local cache, when configured). The system evaluates the input or output against the active policy and returns a decision: deny, steer, warn, log, or allow. If the decision is denied, the SDK raises a ControlViolationError before the unsafe action can proceed.
The critical design decision: what gets evaluated, how, and what action to take is defined remotely—not in the agent's code. Developers own where to place control hooks. Policy teams decide what those hooks enforce. This separation means a compliance team can update a PII detection policy across every agent with a single change. No code updates. No redeployment. No agent restarts. The next request automatically uses the new business logic.
3. Any Guardrail, One Control Plane
Agent Control's evaluator architecture is pluggable. You aren't locked into a single vendor's detection models. A single policy can combine Galileo's Luna for toxicity detection, NVIDIA NeMo for topic guardrailing, AWS Bedrock for compliance checks, simple regex for PII patterns, and your own custom evaluator for domain-specific business logic. All running through the same control plane, managed from the same dashboard.
This is the "best-of-breed" approach to agent governance: assemble the strongest possible detection stack from the tools that work best for each use case, without adopting any single vendor's entire platform.
A centralized Control Store enables easy enforcement of key controls across your entire fleet.
A single-pane-of-glass view greatly enhances governance across all your agents in production.
Why Open Source Matters
Every centralized solution on the market today is proprietary and locked to a specific cloud ecosystem. In the past twelve months alone, three of the leading open-source guardrails projects have been acquired by larger platforms — narrowing the options for organizations that don't want to bet their governance infrastructure on a single vendor.
Agent Control is open source because runtime governance for AI agents should be infrastructure, not a product moat. Apache 2.0 means full transparency into how controls are evaluated, no vendor lock-in, and the ability for the community to contribute evaluators, framework integrations, and policy templates.
Galileo + Agent Control
With Galileo’s end-to-end evaluation and observability platform, enterprise teams are building their Eval Engineering practices to ensure accurate and reliable agents in production.
Agent Control is the natural next step for our customers to double down on deploying a centralized, end-to-end governance stack for all their agents, without any vendor-lock-in.
Stay tuned for how Galileo leverages Agent Control to leverage its industry leading evaluation and guardrails capabilities to ensure state-of-the-art centralized runtime governance in the Enterprise.
Quotes from our Launch Partners:
Cisco AI Defense
“Runtime guardrails are increasingly critical for AI agents in production. We’re pleased to partner with Galileo’s Agent Control project to make Cisco AI Defense’s guardrails available to developers leveraging this open source agent control plane. This is a huge step forward for centralized governance of AI Agents and we look forward to helping shape the security and governance stack with this partnership.”
— DJ Sampath, SVP, AI Software and Platform, Cisco
CrewAI
“I've talked to hundreds of enterprise teams trying to deploy agents. The blocker is never 'can it do the task.' It's mostly 'how do we know it won't do the wrong thing.' Agent Control is a great answer to that question and works natively with CrewAI.”
– Joao Moura, Founder & CEO at CrewAI
Crew AI Launch Blog coming soon
Strands Agents SDK
"The hardest part of production agents isn't blocking bad output, it's getting the agent to learn from mistakes and deliver great results for customers. That's what Strands Steering does, and Agent Control makes it policy-driven so developers can manage safety rules across all their agents without redeploying. We are very excited about our launch partnership and the open-source Agent Control project."
– Ryan Coleman, Principal PM at AWS, Strands Agents SDK
Glean
“As AI agents take on more responsibility across enterprise systems, organizations need stronger oversight of how they access sensitive data and take action. At Glean, permission awareness and governance are built into how agents operate from the start. Collaborating with Galileo on Agent Control helps extend those protections with centralized guardrails for managing agent behavior at scale."
– Sunil Agrawal, CISO at Glean
Rubrik
"The number one blocker for enterprise agents is no longer the models – those are getting better every day. To graduate agents to production, the industry needs transparent, community-driven guardrails. Open-source projects like Agent Control are exactly the kind of open-standards the industry needs to make autonomous agents safe for the enterprise."
– Dev Rishi, GM of AI at Rubrik
ServiceNow
"Enterprises are accelerating their adoption of agentic AI, but trust, reliability, and governance remain the defining barriers to scale. We’re excited to partner with Galileo to bring deep observability and control to AI agents, and we see strong potential for Galileo’s Agent Control capabilities to seamlessly integrate with ServiceNow’s AI Control Tower - enabling customers to centrally manage, secure, and govern AI with confidence.”
– Ofer Vaisler, VP of AI Product Management at ServiceNow
Get Involved
Agent Control is the beginning of a broader movement to bring principled governance to AI agents. We're actively looking for contributors and partners to build this ecosystem.
Developers: Star the repo, try the quick-start, and contribute custom evaluators or framework integrations. The repo is live today.
Partners: If you sell agents or agent platforms, Agent Control unlocks centralized governance out of the box — reducing trust objections and accelerating deal velocity. Work with us to add @control() hooks support to your framework and give your customers governance over third-party agents in their fleet as well.
Enterprises: Deploy Agent Control internally to establish centralized governance across your agent swarm. Start with one agent, one policy, one decorator. Everything scales from there..
Learn More
It's time to claw back control and turn pilots into live, production-ready agents.
Visit AgentControl on GitHub to get started.
Learn about best practices at agentcontrol.dev.
Join our Slack community.
Last month, an agent at a Fortune 500 company autonomously dropped a production table. The team's guardrail didn’t catch it. They used an if-statement to check for "DROP TABLE" in the SQL output, but the agent operated the database via a different tool call instead. Then PagerDuty went off at 3am. On a Saturday morning. There was no playbook for mitigating unwanted behavior in the agents. The SREs had to pull the plug.
This is the state of agent governance today. Hardcoded checks are scattered across codebases. Safety logic must be bespoke-engineered for each agent. And when something goes wrong, the only remedy is to take the agent offline, patch the code, and redeploy.
That's not governance. That's playing roulette with your production Agents. We must do better.
The Real Problem: Adhoc, Hard-coded Controls
Teams are defining their own logic-based checks or guardrails today. But they are just in the wrong place.
Gateway solutions: These API proxies filter traffic in and out of your agent. They can catch a toxic input or block PII in the final response. But they're blind to everything that happens in between. Which tool the agent selected, what arguments it passed, and what the database returned. You can’t govern, let alone steer, at this level.
Framework-level guardrails: Are natively built into LangChain, CrewAI, or the OpenAI Agents SDK. These operate at the right depth, but they're deeply embedded into the code. Updating a guardrail means changing the agent's source code, testing it, and redeploying. When you have fifty agents built across many different teams, a single policy update becomes fifty engineering tickets. Unsustainable.
We need a governance layer that combines necessary depth with centralized control: step-level enforcement, managed from a single control plane, updatable in real-time without touching agent code. Forrester calls this an Agent Control Plane. As of today, you have one.
Enter Agent Control
To solve this, Galileo is proud to contribute Agent Control to the open-source community. Agent Control is a control plane that establishes a new standard for governing agent behavior. Released under the Apache 2.0 license and featuring contributions from some of the largest infrastructure companies in the world, it provides three capabilities we couldn’t find anywhere else.
1. One Decorator For Every Decision Boundary: Integration Made Easy
To make any function in your agent governable, developers just add a single line:
@control() async def query_database(sql: str) -> Results: return await db.execute(sql)
That's the entire integration. The @control() decorator turns any function into a governed decision point. No custom API wiring. No payload construction. No fuss.
Unlike gateway approaches that can only see what enters and exits the agent, @control() hooks can be placed at every meaningful step. An agent that chains together six internal functions can have six independently governed control points, each with its own policies.
2. Policies Decoupled from Code: Unlocks Centralized Runtime Enforcement
When a decorated function executes, the decorator calls the Agent Control server (or local cache, when configured). The system evaluates the input or output against the active policy and returns a decision: deny, steer, warn, log, or allow. If the decision is denied, the SDK raises a ControlViolationError before the unsafe action can proceed.
The critical design decision: what gets evaluated, how, and what action to take is defined remotely—not in the agent's code. Developers own where to place control hooks. Policy teams decide what those hooks enforce. This separation means a compliance team can update a PII detection policy across every agent with a single change. No code updates. No redeployment. No agent restarts. The next request automatically uses the new business logic.
3. Any Guardrail, One Control Plane
Agent Control's evaluator architecture is pluggable. You aren't locked into a single vendor's detection models. A single policy can combine Galileo's Luna for toxicity detection, NVIDIA NeMo for topic guardrailing, AWS Bedrock for compliance checks, simple regex for PII patterns, and your own custom evaluator for domain-specific business logic. All running through the same control plane, managed from the same dashboard.
This is the "best-of-breed" approach to agent governance: assemble the strongest possible detection stack from the tools that work best for each use case, without adopting any single vendor's entire platform.
A centralized Control Store enables easy enforcement of key controls across your entire fleet.
A single-pane-of-glass view greatly enhances governance across all your agents in production.
Why Open Source Matters
Every centralized solution on the market today is proprietary and locked to a specific cloud ecosystem. In the past twelve months alone, three of the leading open-source guardrails projects have been acquired by larger platforms — narrowing the options for organizations that don't want to bet their governance infrastructure on a single vendor.
Agent Control is open source because runtime governance for AI agents should be infrastructure, not a product moat. Apache 2.0 means full transparency into how controls are evaluated, no vendor lock-in, and the ability for the community to contribute evaluators, framework integrations, and policy templates.
Galileo + Agent Control
With Galileo’s end-to-end evaluation and observability platform, enterprise teams are building their Eval Engineering practices to ensure accurate and reliable agents in production.
Agent Control is the natural next step for our customers to double down on deploying a centralized, end-to-end governance stack for all their agents, without any vendor-lock-in.
Stay tuned for how Galileo leverages Agent Control to leverage its industry leading evaluation and guardrails capabilities to ensure state-of-the-art centralized runtime governance in the Enterprise.
Quotes from our Launch Partners:
Cisco AI Defense
“Runtime guardrails are increasingly critical for AI agents in production. We’re pleased to partner with Galileo’s Agent Control project to make Cisco AI Defense’s guardrails available to developers leveraging this open source agent control plane. This is a huge step forward for centralized governance of AI Agents and we look forward to helping shape the security and governance stack with this partnership.”
— DJ Sampath, SVP, AI Software and Platform, Cisco
CrewAI
“I've talked to hundreds of enterprise teams trying to deploy agents. The blocker is never 'can it do the task.' It's mostly 'how do we know it won't do the wrong thing.' Agent Control is a great answer to that question and works natively with CrewAI.”
– Joao Moura, Founder & CEO at CrewAI
Crew AI Launch Blog coming soon
Strands Agents SDK
"The hardest part of production agents isn't blocking bad output, it's getting the agent to learn from mistakes and deliver great results for customers. That's what Strands Steering does, and Agent Control makes it policy-driven so developers can manage safety rules across all their agents without redeploying. We are very excited about our launch partnership and the open-source Agent Control project."
– Ryan Coleman, Principal PM at AWS, Strands Agents SDK
Glean
“As AI agents take on more responsibility across enterprise systems, organizations need stronger oversight of how they access sensitive data and take action. At Glean, permission awareness and governance are built into how agents operate from the start. Collaborating with Galileo on Agent Control helps extend those protections with centralized guardrails for managing agent behavior at scale."
– Sunil Agrawal, CISO at Glean
Rubrik
"The number one blocker for enterprise agents is no longer the models – those are getting better every day. To graduate agents to production, the industry needs transparent, community-driven guardrails. Open-source projects like Agent Control are exactly the kind of open-standards the industry needs to make autonomous agents safe for the enterprise."
– Dev Rishi, GM of AI at Rubrik
ServiceNow
"Enterprises are accelerating their adoption of agentic AI, but trust, reliability, and governance remain the defining barriers to scale. We’re excited to partner with Galileo to bring deep observability and control to AI agents, and we see strong potential for Galileo’s Agent Control capabilities to seamlessly integrate with ServiceNow’s AI Control Tower - enabling customers to centrally manage, secure, and govern AI with confidence.”
– Ofer Vaisler, VP of AI Product Management at ServiceNow
Get Involved
Agent Control is the beginning of a broader movement to bring principled governance to AI agents. We're actively looking for contributors and partners to build this ecosystem.
Developers: Star the repo, try the quick-start, and contribute custom evaluators or framework integrations. The repo is live today.
Partners: If you sell agents or agent platforms, Agent Control unlocks centralized governance out of the box — reducing trust objections and accelerating deal velocity. Work with us to add @control() hooks support to your framework and give your customers governance over third-party agents in their fleet as well.
Enterprises: Deploy Agent Control internally to establish centralized governance across your agent swarm. Start with one agent, one policy, one decorator. Everything scales from there..
Learn More
It's time to claw back control and turn pilots into live, production-ready agents.
Visit AgentControl on GitHub to get started.
Learn about best practices at agentcontrol.dev.
Join our Slack community.
Last month, an agent at a Fortune 500 company autonomously dropped a production table. The team's guardrail didn’t catch it. They used an if-statement to check for "DROP TABLE" in the SQL output, but the agent operated the database via a different tool call instead. Then PagerDuty went off at 3am. On a Saturday morning. There was no playbook for mitigating unwanted behavior in the agents. The SREs had to pull the plug.
This is the state of agent governance today. Hardcoded checks are scattered across codebases. Safety logic must be bespoke-engineered for each agent. And when something goes wrong, the only remedy is to take the agent offline, patch the code, and redeploy.
That's not governance. That's playing roulette with your production Agents. We must do better.
The Real Problem: Adhoc, Hard-coded Controls
Teams are defining their own logic-based checks or guardrails today. But they are just in the wrong place.
Gateway solutions: These API proxies filter traffic in and out of your agent. They can catch a toxic input or block PII in the final response. But they're blind to everything that happens in between. Which tool the agent selected, what arguments it passed, and what the database returned. You can’t govern, let alone steer, at this level.
Framework-level guardrails: Are natively built into LangChain, CrewAI, or the OpenAI Agents SDK. These operate at the right depth, but they're deeply embedded into the code. Updating a guardrail means changing the agent's source code, testing it, and redeploying. When you have fifty agents built across many different teams, a single policy update becomes fifty engineering tickets. Unsustainable.
We need a governance layer that combines necessary depth with centralized control: step-level enforcement, managed from a single control plane, updatable in real-time without touching agent code. Forrester calls this an Agent Control Plane. As of today, you have one.
Enter Agent Control
To solve this, Galileo is proud to contribute Agent Control to the open-source community. Agent Control is a control plane that establishes a new standard for governing agent behavior. Released under the Apache 2.0 license and featuring contributions from some of the largest infrastructure companies in the world, it provides three capabilities we couldn’t find anywhere else.
1. One Decorator For Every Decision Boundary: Integration Made Easy
To make any function in your agent governable, developers just add a single line:
@control() async def query_database(sql: str) -> Results: return await db.execute(sql)
That's the entire integration. The @control() decorator turns any function into a governed decision point. No custom API wiring. No payload construction. No fuss.
Unlike gateway approaches that can only see what enters and exits the agent, @control() hooks can be placed at every meaningful step. An agent that chains together six internal functions can have six independently governed control points, each with its own policies.
2. Policies Decoupled from Code: Unlocks Centralized Runtime Enforcement
When a decorated function executes, the decorator calls the Agent Control server (or local cache, when configured). The system evaluates the input or output against the active policy and returns a decision: deny, steer, warn, log, or allow. If the decision is denied, the SDK raises a ControlViolationError before the unsafe action can proceed.
The critical design decision: what gets evaluated, how, and what action to take is defined remotely—not in the agent's code. Developers own where to place control hooks. Policy teams decide what those hooks enforce. This separation means a compliance team can update a PII detection policy across every agent with a single change. No code updates. No redeployment. No agent restarts. The next request automatically uses the new business logic.
3. Any Guardrail, One Control Plane
Agent Control's evaluator architecture is pluggable. You aren't locked into a single vendor's detection models. A single policy can combine Galileo's Luna for toxicity detection, NVIDIA NeMo for topic guardrailing, AWS Bedrock for compliance checks, simple regex for PII patterns, and your own custom evaluator for domain-specific business logic. All running through the same control plane, managed from the same dashboard.
This is the "best-of-breed" approach to agent governance: assemble the strongest possible detection stack from the tools that work best for each use case, without adopting any single vendor's entire platform.
A centralized Control Store enables easy enforcement of key controls across your entire fleet.
A single-pane-of-glass view greatly enhances governance across all your agents in production.
Why Open Source Matters
Every centralized solution on the market today is proprietary and locked to a specific cloud ecosystem. In the past twelve months alone, three of the leading open-source guardrails projects have been acquired by larger platforms — narrowing the options for organizations that don't want to bet their governance infrastructure on a single vendor.
Agent Control is open source because runtime governance for AI agents should be infrastructure, not a product moat. Apache 2.0 means full transparency into how controls are evaluated, no vendor lock-in, and the ability for the community to contribute evaluators, framework integrations, and policy templates.
Galileo + Agent Control
With Galileo’s end-to-end evaluation and observability platform, enterprise teams are building their Eval Engineering practices to ensure accurate and reliable agents in production.
Agent Control is the natural next step for our customers to double down on deploying a centralized, end-to-end governance stack for all their agents, without any vendor-lock-in.
Stay tuned for how Galileo leverages Agent Control to leverage its industry leading evaluation and guardrails capabilities to ensure state-of-the-art centralized runtime governance in the Enterprise.
Quotes from our Launch Partners:
Cisco AI Defense
“Runtime guardrails are increasingly critical for AI agents in production. We’re pleased to partner with Galileo’s Agent Control project to make Cisco AI Defense’s guardrails available to developers leveraging this open source agent control plane. This is a huge step forward for centralized governance of AI Agents and we look forward to helping shape the security and governance stack with this partnership.”
— DJ Sampath, SVP, AI Software and Platform, Cisco
CrewAI
“I've talked to hundreds of enterprise teams trying to deploy agents. The blocker is never 'can it do the task.' It's mostly 'how do we know it won't do the wrong thing.' Agent Control is a great answer to that question and works natively with CrewAI.”
– Joao Moura, Founder & CEO at CrewAI
Crew AI Launch Blog coming soon
Strands Agents SDK
"The hardest part of production agents isn't blocking bad output, it's getting the agent to learn from mistakes and deliver great results for customers. That's what Strands Steering does, and Agent Control makes it policy-driven so developers can manage safety rules across all their agents without redeploying. We are very excited about our launch partnership and the open-source Agent Control project."
– Ryan Coleman, Principal PM at AWS, Strands Agents SDK
Glean
“As AI agents take on more responsibility across enterprise systems, organizations need stronger oversight of how they access sensitive data and take action. At Glean, permission awareness and governance are built into how agents operate from the start. Collaborating with Galileo on Agent Control helps extend those protections with centralized guardrails for managing agent behavior at scale."
– Sunil Agrawal, CISO at Glean
Rubrik
"The number one blocker for enterprise agents is no longer the models – those are getting better every day. To graduate agents to production, the industry needs transparent, community-driven guardrails. Open-source projects like Agent Control are exactly the kind of open-standards the industry needs to make autonomous agents safe for the enterprise."
– Dev Rishi, GM of AI at Rubrik
ServiceNow
"Enterprises are accelerating their adoption of agentic AI, but trust, reliability, and governance remain the defining barriers to scale. We’re excited to partner with Galileo to bring deep observability and control to AI agents, and we see strong potential for Galileo’s Agent Control capabilities to seamlessly integrate with ServiceNow’s AI Control Tower - enabling customers to centrally manage, secure, and govern AI with confidence.”
– Ofer Vaisler, VP of AI Product Management at ServiceNow
Get Involved
Agent Control is the beginning of a broader movement to bring principled governance to AI agents. We're actively looking for contributors and partners to build this ecosystem.
Developers: Star the repo, try the quick-start, and contribute custom evaluators or framework integrations. The repo is live today.
Partners: If you sell agents or agent platforms, Agent Control unlocks centralized governance out of the box — reducing trust objections and accelerating deal velocity. Work with us to add @control() hooks support to your framework and give your customers governance over third-party agents in their fleet as well.
Enterprises: Deploy Agent Control internally to establish centralized governance across your agent swarm. Start with one agent, one policy, one decorator. Everything scales from there..
Learn More
It's time to claw back control and turn pilots into live, production-ready agents.
Visit AgentControl on GitHub to get started.
Learn about best practices at agentcontrol.dev.
Join our Slack community.
Yash Sheth