IT Get in touch

Open Intelligence, Secure Governance: why AI agents need governance

In the era of autonomous agents and multi-agent orchestration, governance is not a layer to bolt on afterwards but a by-design property. The Open Source opening of Admina is concrete proof of the OISG thesis.

AIGovernanceOpen SourceCybersecurityCompliancenoze
AIGovernanceOpen SourceCybersecurityCompliancenoze Open SourceAIAgenticAI GovernanceMCPA2AEU AI ActCybersecurityComplianceOISGAdmina
Artificial Intelligence

Artificial Intelligence

EU AI Act consulting: system classification, policies, AI governance, training.

Discover →

The agentic declination of a positioning

When we chose Open Intelligence, Secure Governance as our payoff, we did so to give a name to an approach that was already mature. This piece does not repeat that editorial: it extends the thesis to the ground where the hardest battle is now being fought — autonomous AI agents and multi-agent orchestration. The question is no longer whether an organization will adopt agents, but with what governance. And here the gap between adoption and control is still wide: according to 2026 industry surveys, only about one enterprise in five reports mature governance for agentic AI.

The point we want to argue is simple: in a system of agents, governance is not a layer to bolt on afterwards. It is a property of the infrastructure, or it is not there at all.

Why agents change the problem

A model answering a prompt has a bounded risk surface. An agent that plans, invokes tools, reads and writes data, and delegates to other agents has a surface that multiplies at every step. The risks are not hypothetical:

  • Prompt injection — hostile instructions hidden in the context or in the data the agent retrieves.
  • Privilege escalation from over-permissioning — agents granted broader permissions than needed, for integration convenience.
  • Poor traceability — chains of actions where, after the fact, it is hard to reconstruct who decided what and with which data.
  • Tool poisoning — tools or their descriptions manipulated to induce unintended agent behavior.

Adding controls after the orchestration is designed means chasing each of these surfaces. Designing them by design means that every interaction — request and response, agent-to-model and agent-to-tool — passes through a policy enforcement point.

Agent-to-tool interaction becomes central

The technical context pushes in the same direction. The two protocols that now structure the agentic ecosystem — MCP (Model Context Protocol) and A2A (Agent-to-Agent) — are now under Linux Foundation governance: MCP as a founding project of the Agentic AI Foundation, A2A as a Linux Foundation project.

The consequence is clear. If the interaction between agents and tools standardizes onto shared protocols, then the governance of that interaction becomes the layer where the security of the whole system is decided. Standardizing how agents call tools makes it even more urgent to govern what they can call, with which data, and with what traceability.

Admina: concrete proof of the thesis

The recent Open Source opening of Admina — the AI governance framework created by Stefano Noferi and sponsored by noze, released in late May under the Apache 2.0 license — is the operational demonstration of this principle. We reported on it in the article dedicated to the Open Source opening of Admina.

The architecture is designed so that governance sits wherever the agent operates: an in-process Python SDK to intercept calls directly in code, a transparent Rust network proxy for any client with no changes, plus CLI, dashboard and a plugin system. Policies are bidirectional and apply four actions — ALLOW, BLOCK, REDACT, CIRCUIT BREAK — on both request and response. The four governance domains — Data Sovereignty, AI Infrastructure, Agent Security, Compliance — cover exactly the surfaces described above, from anti-injection to forensic traceability. And they do so with overhead in the order of microseconds: governance stops being a cost to negotiate and becomes the default.

This closes the OISG loop — Open, Intelligent, Secure, Governed: an open, inspectable framework makes the agents’ decision chain verifiable, not in words but in code. The OISG paradigm describes the why; Admina is its implementation.

What it means in practice

For anyone designing agent workflows — from a coding assistant with human review to the orchestration of internal pipelines — the operational message is one: decide from the start where policy enforcement lives. If the answer is “we will add it later”, the system is born with a debt that grows with every agent and every connected tool.

On the regulatory front the horizon is shifting but not vanishing. The Commission’s enforcement powers over GPAI models under the EU AI Act take effect from August 2026, while the obligations on high-risk systems have been repositioned onto a longer horizon — evolving, not imminent. In both cases, the runtime auditability of a governed infrastructure is worth more than any checklist filled in after the fact. Governing agents by design today is the cheapest way to be compliant tomorrow.

Links: Admina · OISG

Need support? Under attack? Service Status
Need support? Under attack? Service Status