Execlave vs Microsoft Agent Governance Toolkit: honest deltas

We have written this page from scratch against the Microsoft open-source announcement, the architecture deep dive on Microsoft Tech Community, and the code in github.com/microsoft/agent-governance-toolkit. Being a vendor that gets competitor facts wrong is not acceptable to us, and we owe you the corrected version.

What Microsoft actually shipped

The 2 April 2026 announcement describes the Agent Governance Toolkit as “an open-source project released under the Microsoft organization and MIT license that brings runtime security governance to autonomous AI agents.” It is not a managed SaaS. It is not bundled with Microsoft 365 or Azure AI Foundry capacity as a licensing line-item. It is a library stack you install and operate yourself. The Azure integration story is “deploy the toolkit on Azure for the fastest path to production,” not “this is an Azure-only product.”

Inside the monorepo are nine independently installable packages (architecture deep dive): Agent OS (stateless policy kernel with YAML / OPA Rego / Cedar and a semantic intent classifier, claimed sub-0.1ms p99), Agent Mesh (decentralized identifiers with Ed25519 plus an Inter-Agent Trust Protocol and 0–1000 trust-score decay), Agent Hypervisor (four execution rings gated by trust plus saga orchestration for compensating actions), Agent Runtime (kill switches and lifecycle), Agent SRE (SLOs, error budgets, circuit breakers, chaos templates), Agent Compliance (grading against EU AI Act, NIST AI RMF, HIPAA, SOC 2, and OWASP Agentic Top 10), Agent Marketplace (Ed25519-signed plugin manifests with SBOMs), Agent Lightning (RL training governance), and a 20+-framework integrations catalogue covering LangChain, CrewAI, AutoGen, Semantic Kernel, Google ADK, Microsoft Agent Framework, OpenAI Agents SDK, Haystack, LangGraph, PydanticAI, LlamaIndex, and Dify.

That is a serious piece of engineering. If you have the platform and SRE bandwidth to run it, it will do a lot of what governance of autonomous agents needs.

What Execlave is, in one paragraph

Execlave is a managed runtime governance platform. A hosted dashboard in an EU or US region (or a self-hosted distribution via Docker Compose or Kubernetes), Clerk-backed auth with PostgreSQL Row Level Security per organisation, 12 policy types and 4 enforcement modes (monitor, warn, require_approval, block), a three-tier prompt-injection pipeline (heuristics → Redis cache → local LLM), a Slack-native approval UX, webhook alerts, real-time Socket.IO streams, hash-chained audit logs, and an on-demand signed-compliance-export endpoint that produces RSA-SHA256-PSS signed packages that an external auditor can verify offline with a published public key. The SDKs are execlave-sdk on PyPI and @execlave/sdk on npm, with first-party LangChain, OpenAI Agents SDK, and CrewAI integrations.

Where the two actually differ

Strip away the marketing adjectives and four real deltas remain.

1. Delivery model. Microsoft AGT is a library stack; you operate it yourself and build your own operator UI. Execlave is a managed SaaS with a hosted dashboard; self-hosting is an option, not the only option.
2. Human-in-the-loop UX. Microsoft AGT exposes Policy.require_approval with configurable quorum and timeout inside the policy language, and leaves it to you to wire that into an approver surface. Execlave ships Slack-native Approve / Deny with identity and timestamp persisted against the decision, plus a hosted approval queue in the dashboard.
3. Compliance artefacts. Microsoft AGT produces compliance grading and evidence mapping inside your own environment against EU AI Act, NIST AI RMF, HIPAA, SOC 2, and the OWASP Agentic Top 10. Execlave emits RSA-SHA256-PSS signed report packages that you hand to an external regulator or customer who can verify them offline with a published public key. Different shape of output for a different step in the auditor conversation.
4. Polyglot reach. Microsoft AGT is available as Python, TypeScript, Rust, Go, and .NET packages. Execlave’s SDKs are Python and TypeScript / JavaScript today. If your stack is Rust or Go or you are deep in .NET agent code, Microsoft’s language coverage is a genuine advantage right now.

Everything else — framework-agnostic integrations, sub-millisecond policy decisions, OpenTelemetry, OWASP Agentic Top 10 coverage, EU AI Act mapping — is on both sides. Claiming a delta where none exists would mislead you.

Where Microsoft is stronger than Execlave today

• Cryptographic agent identity. Decentralized identifiers with Ed25519, behavioural trust scoring, and scope-narrowing delegation chains are first-class primitives in Agent Mesh. Execlave uses per-agent API keys and organisation-scoped identity; we do not have a DID / IATP equivalent today.
• Execution rings. Four trust-scored privilege rings with per-ring resource limits, modelled on CPU kernel architectures, are a differentiated control.
• Reliability engineering primitives. Saga orchestration for compensating multi-step actions, nine chaos-engineering fault templates, and SLO burn-rate driven capability restriction are production-grade.
• Policy language variety. YAML plus OPA Rego plus Cedar is a superset of what Execlave currently accepts.
• Polyglot packages. Rust, Go, and .NET coverage matters if your agents are not Python or TypeScript.

Where Execlave is stronger than Microsoft today

• Zero-platform-bandwidth adoption. Execlave is a Clerk sign-up, an API key, and three lines of SDK code away. No Helm chart, no cluster, no operator team, no dashboard you build yourself.
• Slack-native approvals. The Approve / Deny UX your compliance, security, or operations team will actually use during an incident at 2am.
• Offline-verifiable signed compliance reports. An RSA-SHA256-PSS signed package that a regulator or customer opens independently of Execlave. Useful when the question is “prove this to someone outside your company,” not “show us a grade in your own tenant.”
• Hash-chained audit log. Append-only with SHA-256 content chaining enforced at the database level, surfaced through the same API your application is already calling.
• Commercial vendor relationship. A support SLA, a single throat to choke, and contractual liability. Important for many enterprise procurement teams.

How we would actually pick between them

For platform teams with SRE bandwidth shipping Python / Rust / Go / .NET agents into an Azure-heavy environment — and who are happy to operate a governance stack inside their own cluster and build their own approver surface — Microsoft AGT is a strong default. Take the MIT-licensed source, read it, deploy it, own it. That is a perfectly rational choice and we will not try to talk you out of it.

For teams that want governance as a service — a hosted dashboard, Slack-native approvals for a compliance team that lives in Slack, EU-region data residency without standing up infrastructure, and externally verifiable signed compliance reports they can hand to regulators and enterprise customers — Execlave is a better fit.

And for a lot of teams, the honest answer is both. They are not mutually exclusive. You can put Microsoft Agent OS as a sidecar next to a Python agent on AKS for sub-0.1ms kernel-level enforcement and OWASP Agentic Top 10 defence in depth, fan its telemetry into Execlave over OpenTelemetry, use Execlave as the approver UX and audit surface, and generate a signed compliance report that references both. The two overlap conceptually but solve different layers of the problem in practice.

A small note on Microsoft Purview

This post is about the Microsoft Agent Governance Toolkit, which is a runtime-governance toolkit. If you are looking at Microsoft Purview for AI agents, that is a different product — the admin-plane SaaS for sensitivity labels, DLP, and eDiscovery across Copilot, Copilot Studio, and Foundry. Purview and Execlave are complementary, not substitutes. The comparison in this post is with the toolkit, not Purview.

Sources

• Introducing the Agent Governance Toolkit — Microsoft Open Source Blog, 2 April 2026
• Agent Governance Toolkit architecture deep dive — Microsoft Tech Community
• github.com/microsoft/agent-governance-toolkit
• Microsoft Learn — Microsoft Purview data security and compliance protections for AI agents
• Microsoft Learn — Security & governance in Microsoft Copilot Studio

If you spot anything in this post we have still got wrong, please email hello@execlave.com and we will fix it.