Agent Factory: Creating a blueprint for safe and secure AI agents

Azure AI Foundry brings unneurotic security, safety, and governance successful a layered process enterprises tin travel to physique spot successful their agents.

This blog station is the sixth retired of a six-part blog bid called Agent Factory which shares champion practices, plan patterns, and tools to assistance usher you done adopting and gathering agentic AI.

Trust arsenic the adjacent frontier

Trust is rapidly becoming the defining situation for endeavor AI. If observability is astir seeing, past information is astir steering. As agents determination from clever prototypes to halfway concern systems, enterprises are asking a harder question: however bash we support agents safe, secure, and nether power arsenic they scale?

The reply is not a patchwork of constituent fixes. It is simply a blueprint. A layered attack that puts spot archetypal by combining identity, guardrails, evaluations, adversarial testing, information protection, monitoring, and governance.

Why enterprises request to make their blueprint now

Across industries, we perceive the aforesaid concerns:

• CISOs interest astir cause sprawl and unclear ownership.
• Security teams request guardrails that link to their existing workflows.
• Developers privation information built successful from time one, not added astatine the end.

These pressures are driving the shift near phenomenon. Security, safety, and governance responsibilities are moving earlier into the developer workflow. Teams cannot hold until deployment to unafraid agents. They request built-in protections, evaluations, and argumentation integration from the start.

Data leakage, punctual injection, and regulatory uncertainty stay the apical blockers to AI adoption. For enterprises, spot is present a cardinal deciding origin successful whether agents determination from aviator to production.

What harmless and unafraid agents look like

From endeavor adoption, 5 qualities basal out:

• Unique identity: Every cause is known and tracked crossed its lifecycle.
• Data extortion by design: Sensitive accusation is classified and governed to trim oversharing.
• Built-in controls: Harm and hazard filters, menace mitigations, and groundedness checks trim unsafe outcomes.
• Evaluated against threats: Agents are tested with automated information evaluations and adversarial prompts earlier deployment and passim production.
• Continuous oversight: Telemetry connects to endeavor information and compliance tools for probe and response.

These qualities bash not warrant implicit safety, but they are indispensable for gathering trustworthy agents that conscionable endeavor standards. Baking these into our products reflects Microsoft’s attack to trustworthy AI. Protections are layered crossed the model, system, policy, and idiosyncratic acquisition levels, continuously improved arsenic agents evolve.

How Azure AI Foundry supports this blueprint

Azure AI Foundry brings unneurotic security, safety, and governance capabilities successful a layered process enterprises tin travel to physique spot successful their agents.

• Entra Agent ID
  Coming soon, each cause created successful Foundry volition beryllium assigned a unsocial Entra Agent ID, giving organizations visibility into each progressive agents crossed a tenant and helping to trim shadiness agents.
• Agent controls
  Foundry offers manufacture archetypal agent controls that are some broad and built in. It is the lone AI level with a cross-prompt injection classifier that scans not conscionable punctual documents but besides instrumentality responses, email triggers, and different untrusted sources to flag, block, and neutralize malicious instructions. Foundry besides provides controls to forestall misaligned instrumentality calls, precocious hazard actions, and delicate information loss, on with harm and hazard filters, groundedness checks, and protected worldly detection.

• Risk and information evaluations
  Evaluations supply a feedback loop crossed the lifecycle. Teams tin tally harm and hazard checks, groundedness scoring, and protected worldly scans some earlier deployment and successful production. The Azure AI Red Teaming Agent and PyRIT toolkit simulate adversarial prompts astatine standard to probe behavior, aboveground vulnerabilities, and fortify resilience earlier incidents scope production.
• Data power with your ain resources
  Standard cause setup successful Azure AI Foundry Agent Service allows enterprises to bring their ain Azure resources. This includes record storage, search, and speech past storage. With this setup, information processed by Foundry agents remains wrong the tenant’s bound nether the organization’s ain security, compliance, and governance controls.
• Network isolation
  Foundry Agent Service supports backstage web isolation with customized virtual networks and subnet delegation. This configuration ensures that agents run wrong a tightly scoped web bound and interact securely with delicate lawsuit information nether endeavor terms.
• Microsoft Purview
  Microsoft Purview helps widen information information and compliance to AI workloads. Agents successful Foundry tin grant Purview sensitivity labels and DLP policies, truthful protections applied to information transportation done into cause outputs. Compliance teams tin besides usage Purview Compliance Manager and related tools to measure alignment with frameworks similar the EU AI Act and NIST AI RMF, and securely interact with your delicate lawsuit information nether your terms.
• Microsoft Defender
  Foundry surfaces alerts and recommendations from Microsoft Defender straight successful the cause environment, giving developers and administrators visibility into issues specified arsenic punctual injection attempts, risky instrumentality calls, oregon antithetic behavior. This aforesaid telemetry besides streams into Microsoft Defender XDR, wherever information operations halfway teams tin analyse incidents alongside different endeavor alerts utilizing their established workflows.
• Governance collaborators
  Foundry connects with governance collaborators specified arsenic Credo AI and Saidot. These integrations let organizations to representation valuation results to frameworks including the EU AI Act and the NIST AI Risk Management Framework, making it easier to show liable AI practices and regulatory alignment.

Blueprint successful action

From endeavor adoption, these practices basal out:

1. Start with identity. Assign Entra Agent IDs to found visibility and forestall sprawl.
2. Built-in controls. Use Prompt Shields, harm and hazard filters, groundedness checks, and protected worldly detection.
3. Continuously evaluate. Run harm and hazard checks, groundedness scoring, protected worldly scans, and adversarial investigating with the Red Teaming Agent and PyRIT earlier deployment and passim production.
4. Protect delicate data. Apply Purview labels and DLP truthful protections are honored successful cause outputs.
5. Monitor with endeavor tools. Stream telemetry into Defender XDR and usage Foundry observability for oversight.
6. Connect governance to regulation. Use governance collaborators to representation valuation information to frameworks similar the EU AI Act and NIST AI RMF.

Proof points from our customers

Enterprises are already creating information blueprints with Azure AI Foundry:

• EY uses Azure AI Foundry’s leaderboards and evaluations to comparison models by quality, cost, and safety, helping standard solutions with greater confidence.
• Accenture is investigating the Microsoft AI Red Teaming Agent to simulate adversarial prompts astatine scale. This allows their teams to validate not conscionable idiosyncratic responses, but afloat multi-agent workflows nether onslaught conditions earlier going live.

Learn more

• Create with Azure AI Foundry.
• Join america astatine Microsoft Secure connected September 30 to larn astir our newest capabilities and however Azure AI Foundry integrates with Microsoft Security to assistance you physique harmless and unafraid agents, with speakers including Vasu Jakkal, Sarah Bird, and Herain Oberoi.
• Implement a responsible generative AI solution successful Azure AI Foundry.

Did you miss these posts successful the Agent Factory series?

• The caller epoch of agentic AI—common usage cases and plan patterns
• Building your archetypal AI cause with the tools to present real-world outcomes
• Top 5 cause observability champion practices for reliable AI
• From prototype to production—developer tools and accelerated cause development
• Connecting agents, apps, and information with caller unfastened standards similar MCP and A2A