What is an Agentic Control Plane?

An Agentic Control Plane is a governance layer that sits between AI coding agents and their tools. It logs every tool call, enforces permissions and policies, and provides audit trails — giving teams visibility and control over what their AI agents are doing.

How does ACP work with Claude Code?

ACP installs a PreToolUse hook in Claude Code that fires before every tool call (Bash, Read, Write, Edit, WebFetch). The hook sends the tool name and input to ACP's governance API for policy evaluation and audit logging. Round-trip is approximately 200ms.

How do I install ACP?

Run one command: curl -sf https://agenticcontrolplane.com/install.sh | bash. This auto-detects Claude Code and OpenClaw, installs the appropriate hooks, and opens your browser to set up your workspace.

AI Governance Blog

Seven agent frameworks, one backend, governance diverges on 9 of 48 tests

architecture governance benchmark agentgovbench sequence-diagrams

Seven frameworks, one backend, 48 governance scenarios. Scores ranged 37-46. Variance is architectural: where a framework lets you observe tool calls.

April 21, 2026

What our benchmark told us about our own product — six fixes we're shipping

roadmap governance agentgovbench accountability

Benchmarking seven frameworks against ACP broke three things. Two get SDK fixes in two weeks; the third is a structural MCP limit no SDK fix can close.

April 20, 2026

Reproduce AgentGovBench on your stack — full setup guide

tutorial benchmark reproducibility agentgovbench

Step-by-step guide to running the AgentGovBench scorecard against your own ACP deployment: required env, Firebase setup, common issues, reading results.

April 20, 2026

Recommended governance deployment patterns — pick the one that scores highest for your stack

governance deployment recommendation agentgovbench architecture

AgentGovBench scores across seven frameworks, translated into a customer-facing recommendation for deploying governed AI agents by stack, score, and reach.

April 20, 2026

OpenAI Agents SDK scores 13/48 on AgentGovBench. With ACP, 45/48.

openai openai-agents-sdk benchmark governance proxy agentgovbench

Fourth framework, first proxy-pattern integration. OpenAI Agents SDK scores 45/48 with ACP — closest to pure ACP because the proxy sees the full payload.

April 20, 2026

LangGraph's StateGraph checkpoints don't replay through governance

langgraph governance stategraph checkpoint agentgovbench

LangGraph checkpoint replays skip the governance pipeline — policy changes between original run and replay are silently ignored. The failure mode and fix.

April 20, 2026

LangGraph scores 13/48 on AgentGovBench. With ACP, 40/48.

langchain langgraph benchmark governance agentgovbench

LangChain/LangGraph run through 48 governance scenarios, twice. Same as CrewAI: vanilla floor, jumps once wrapped in @governed. Per-category breakdown.

April 20, 2026

How we think about testing AI agent governance

testing benchmark governance

AgentGovBench is an open, NIST-mapped benchmark for AI agent governance. We ran it against ACP. What broke, what shipped, how to run it on your deployment.

April 20, 2026

Governed OpenAI Agents SDK in 3 Minutes

openai openai-agents-sdk proxy

OpenAI Agents SDK is built for multi-agent systems. Point the client at ACP's proxy — every LLM and tool call is audited and policy-checked in four lines.

April 20, 2026

Governed Cursor in 3 Minutes

cursor mcp ide

Cursor writes a lot of AI-assisted code, with zero visibility into what its agents did. Route Cursor through ACP so every MCP tool call is audited.

April 20, 2026

Governed Codex CLI in 3 Minutes

codex openai cli

OpenAI Codex CLI's auto-approve mode keeps ACP's governance hook firing in unattended runs. 60-second install, what it buys you that Claude Code doesn't.

April 20, 2026

Full scorecard: seven frameworks, 48 scenarios, one open benchmark

benchmark governance scorecard agentgovbench comparison

Seven frameworks benchmarked: CrewAI, LangGraph, Claude Code, OpenAI Agents SDK, Anthropic Agent SDK, Cursor, Codex CLI. Native vs ACP. Three score tiers.

April 20, 2026

Decorator, proxy, hook — three patterns for agent governance, three different scorecards

governance architecture decorator proxy hook agentgovbench

Why CrewAI + ACP scores 40/48 but Claude Code + ACP scores 43/48 on the same backend. Three integration patterns, three scorecards — where each wins.

April 20, 2026

Cursor scores 13/48 on AgentGovBench. With ACP MCP server, 37/48 — and that gap is structural.

cursor mcp benchmark governance ide agentgovbench

Seventh framework. Cursor's MCP integration only governs MCP-exposed tools — internal Edit/Read/Bash bypass entirely. A structural 37/48 ceiling.

April 20, 2026

CrewAI's task handoffs lose the audit trail — here's the gap and the fix

crewai governance audit agent-delegation agentgovbench

CrewAI's Hierarchical Process delegates manager-to-worker without carrying the chain. Even with @governed, audit logs show worker as top-level. The fix.

April 20, 2026

CrewAI scores 13/48 on AgentGovBench. With ACP, 40/48.

crewai benchmark governance agentgovbench

CrewAI run through 48 governance scenarios, twice. Vanilla: floor. Wrapped in @governed: 40/48. Where the gap sits and what it means in production.

April 20, 2026

Codex CLI scores 13/48 on AgentGovBench. With ACP, 43/48 — same as Claude Code.

openai codex codex-cli benchmark governance hook agentgovbench

Sixth framework. OpenAI's Codex CLI shares Claude Code's hook protocol, scores 43/48 with ACP. Differentiator: auto mode keeps hooks firing.

April 20, 2026

Claude Code scores 13/48 on AgentGovBench. With ACP, 43/48.

claude-code anthropic benchmark governance agentgovbench

Third framework. Claude Code sits at the vanilla floor with no PreToolUse hook; with ACP installed, every Bash, Edit, and MCP call is governed.

April 20, 2026

Claude Code's --dangerously-skip-permissions disables every governance hook

claude-code anthropic governance security agentgovbench

Claude Code's --dangerously-skip-permissions silently disables every PreToolUse and PostToolUse hook, including ACP's. How to detect it server-side.

April 20, 2026

Anthropic Agent SDK scores 13/48 on AgentGovBench. With ACP, 46/48 — best of any framework.

anthropic anthropic-agent-sdk benchmark governance agentgovbench

Fifth framework, highest ACP-paired score yet. Anthropic Agent SDK's TypeScript governHandlers wrapper hits 46/48 — above proxy and decorator patterns.

April 20, 2026

How AgentGovBench's 48 scenarios map to NIST AI RMF 1.0

nist ai-rmf governance compliance agentgovbench methodology

AgentGovBench scenarios cite specific NIST AI RMF 1.0 controls — MAP, MEASURE, MANAGE, GOVERN. The full mapping for procurement teams citing controls.

April 20, 2026

What 28,000 agent tool calls look like

observability replay governance agents

28,256 agent tool calls across ChatGPT, Claude Code, Claude Desktop, Codex, Cursor, Lovable — 70 days of data. What we found, why Session Replay shipped.

April 17, 2026

How to Rate-Limit an MCP Server (Per-User, Per-Tool, Per-Agent)

mcp rate-limiting runaway-agents per-user governance

MCP servers are rate-limit-blind — they see the LLM runtime's service account, not the user. How to add per-user, per-tool, per-agent limits in MCP.

April 16, 2026

Introducing ADCS — an open spec for agent-to-agent delegation chains

spec delegation-chain a2a governance standards

ADCS v0.1: an open JSON spec for agent delegation chains — scope intersection, budget propagation, cycle prevention, identity, audit. Ref impl shipping.

April 16, 2026

EU AI Act Article 14 and AI Agents: Mapping Human Oversight to Delegation Chains

eu-ai-act article-14 compliance delegation-chain adcs human-oversight governance

EU AI Act Article 14 requires demonstrable human oversight from Aug 2, 2026. How ADCS delegation chains map to 14(4)(a)-(e) with auditor-ready artifacts.

April 16, 2026

Governing CrewAI A2A Delegation: a production setup guide

crewai a2a delegation governance tutorial

CrewAI shipped a first-class A2A delegation primitive. Full walkthrough: install, configure, govern, audit CrewAI A2A crews with scope and budget caps.

April 16, 2026

How to Add Per-User Authentication to a LangGraph Agent

langgraph authentication auth oauth per-user governance

LangGraph agents run on a shared API key by default — every tool call looks the same. Add per-user auth, identity-attributed audit, and rate limits.

April 16, 2026

Governed CrewAI in 3 Minutes

crewai a2a delegation

CrewAI is multi-agent by design, where governance gets hard. Route a crew through ACP so every tool call, across every agent, is scoped and budget-capped.

April 15, 2026

Governed LangGraph in 3 Minutes

langgraph a2a delegation

LangGraph's supervisor pattern is a delegation chain waiting for governance. Route a supervisor-and-workers graph through ACP so every hop is auditable.

April 12, 2026

Governing the Anthropic Agent SDK

anthropic agent-sdk a2a delegation

Anthropic's Agent SDK makes multi-skill agents easy to ship. Route them through ACP so every skill, tool call, and sub-agent hop is scoped and auditable.

April 10, 2026

Governance for Claude Code in 60 seconds

claude-code governance tutorial hooks

One command installs a governance hook on every Claude Code tool call. Bash, Read, Write, Edit, WebFetch — logged, policy-enforced, dashboard-visible.

April 6, 2026

Your AI agents need a control plane, not another gateway

architecture governance control-plane mcp

API gateways proxy traffic. LLM gateways proxy prompts. Neither governs what an autonomous agent does with your tools. Why the control plane is different.

April 6, 2026

4 Security Vulnerabilities Hiding in Your MCP Server's Tool Schema

security-research mcp schemas cve

Real CVEs trace back to unconstrained tool schemas. From 8,216 MCP servers: the JSON patterns behind path traversal, SSRF, injection, and how to fix each.

April 2, 2026

MCP Gateway Comparison: ACP vs Composio vs Self-Hosted

architecture mcp

An honest comparison of MCP gateway options. When to use ACP Cloud, Composio, or build your own with open-source tools.

April 1, 2026

MCP Servers Proxy Paid APIs With No Rate Limits. I Calculated the Blast Radius.

security-research mcp

180 MCP servers proxy calls to paid APIs like OpenAI and Stripe. 85% document no rate limits. An agent retry loop can cost $1,080/hour.

March 31, 2026

Can You Prove What Your AI Agent Did? I Checked 8,216 MCP Servers.

security-research compliance mcp

74.9% of MCP servers have no mention of audit logging. The MCP spec defines zero audit primitives. Here's why that's a compliance problem.

March 30, 2026

4,500 MCP Servers, 7,840 Tools, Zero Input Validation. Here's the Attack Surface.

security-research mcp supply-chain

Analysis of 8,216 MCP servers: 2,432 expose high-risk inputs — SQL, file paths, shell commands — with zero validation constraints in the tool schema.

March 29, 2026

I Classified 8,000+ MCP Servers by Auth Appropriateness. Most Get It Wrong.

security-research identity mcp

A static analysis of 8,216 MCP servers across 4 registries. 50.6% have no auth. But the real question is: do they have the right auth for what they do?

March 28, 2026

Why Not Just Use OPA and a Service Mesh?

architecture identity

Do OPA, Istio, API gateways, and IAM already solve AI agent governance? Where existing infrastructure fits, where it breaks, and what's still missing.

March 25, 2026

I Audited 7,522 AI Agent Skills. Here's What I Found.

supply-chain mcp

A first-hand static analysis of every skill on ClawHub — the real numbers on credential leaks, prompt injection, and what registry moderation actually catches.

March 25, 2026

How an Agentic Control Plane Addresses Every OWASP Agentic Top 10 Risk

standards compliance

A risk-by-risk mapping of OWASP's Agentic Top 10 to specific control plane capabilities — from the governance layer, not the model or app layer.

March 25, 2026

How to Trigger a Governed AI Agent from n8n, Zapier, or Any Webhook

agent-triggers

Step-by-step guide to invoking AI agents via HTTP from workflow automation tools. Every tool call is identity-verified, rate-limited, and audit-logged.

March 24, 2026

CSA Defines the Agentic Control Plane. Here's What We Built.

standards architecture

Cloud Security Alliance just published the Agentic Control Plane framework. We've been building the infrastructure. What's real vs. still theoretical.

March 23, 2026

The MCP Security Checklist for Enterprise Teams

security-research mcp compliance

A 10-point security checklist for teams deploying MCP servers in production. Covers identity, auth, PII, rate limits, audit trails, and more.

March 22, 2026

How to Connect Salesforce to Claude Desktop in 5 Minutes

mcp architecture

Step-by-step guide to connecting Salesforce CRM data to Claude Desktop using ACP's MCP gateway. Query contacts, deals, and reports from your AI assistant.

March 21, 2026

Runtime Authorization for AI Agents: Why Static Policies Break

authorization

Traditional authorization was built for humans clicking buttons. AI agents make thousands of decisions a minute. Runtime authz for autonomous callers.

March 20, 2026

WebMCP Ships Without Agent Identity. Here's Why That Matters.

standards mcp identity

W3C WebMCP gives browsers a native API for AI agents to call site tools — but ships with no agent identity, scoped permissions, or delegation context.

March 19, 2026

Continuous Trust Validation for AI Agents

compliance authorization

Point-in-time audits break when agents make 10,000 decisions an hour. Continuous trust means verifying identity, policy, and behavior on every action.

March 18, 2026

MCP Is the Data Plane. You Still Need a Control Plane.

architecture mcp

MCP defines how agents call tools — the data plane. It doesn't define who can call what, when, or with what audit trail. That's the control plane.

March 17, 2026

MCP Re-Auth: What ChatGPT Actually Needs When Tokens Expire

architecture mcp oauth

ChatGPT won't re-trigger OAuth on HTTP 401 or JSON-RPC errors — it needs a JSON-RPC success envelope with _meta. The signal, and how a gateway emits it.

March 16, 2026

NIST Just Defined Identity for AI Agents. Here's What Changes.

standards identity

NIST's AI Agent Standards Initiative is the first federal move on identity and authorization for autonomous agents. The architectural asks are clear.

March 15, 2026

Your API Keys Already Give Agents Production Access

identity supply-chain

Every API key in your env vars lets an agent act with full access and no user identity. Most teams don't notice until something breaks in production.

March 14, 2026

Authentication Is Broken in AI Systems

identity mcp

AI agents call your backend APIs on behalf of users. Your backend has no idea who's asking. This isn't a bug — it's how every major agent framework works today.

March 10, 2026

AI Agent Identity: The Problem No One Has Solved Yet

identity

Your IAM stack handles human identity. AI agent identity — proving who an agent acts for across every tool call — requires a fundamentally different layer.

March 4, 2026

AI Agent Audit Trails: What CISOs Actually Need to Know

compliance

AI agent audit trails need identity-attributed logging — not generic API logs. Here's what CISOs actually need to know for compliance-ready governance.

March 1, 2026

What Is an MCP Control Plane?

architecture mcp

An MCP control plane adds identity verification, policy enforcement, and audit logging to Model Context Protocol servers — the missing governance layer.

February 26, 2026

Agentic Data Plane vs Agentic Control Plane

architecture mcp

Agentic data plane vs agentic control plane — what each layer does, why you need both, and how they work together to govern AI agents in production.

February 23, 2026

The Governance Controls Existed

authorization

Microsoft 365 Copilot bypassed its own DLP policies because every governance control lived inside the same vendor pipeline that failed.

February 20, 2026

Your AI Agents Are Acting on Behalf of Your Users

identity

AI agent identity is broken: agents call your backend on behalf of users, but your systems can't verify who initiated the request. Here's the real risk.

February 18, 2026

What Tools Is Your OpenClaw Agent Using?

supply-chain mcp

Your OpenClaw agent can read .env files and bypass permission skills. Here's what an MCP server security audit revealed — and how to lock it down.

February 15, 2026

OpenAI Frontier Proves AI Governance Can't Live Inside the Model Provider

architecture

Frontier names the real bottleneck: agent identity, permissions, audit. But baking governance into the model provider creates a problem it can't solve.

February 12, 2026

Compliance-Ready AI Governance

compliance

AI agents are accessing protected data on behalf of users — but HIPAA, SOC 2, and GDPR weren't built for this. Compliance-ready AI governance starts here.

January 22, 2026

The Cost of Running Agents Without Budget Controls

authorization

One runaway agent loop can burn through your entire monthly LLM budget in minutes. Here's how to prevent it.

January 2, 2026

Why API Gateways Don't Solve AI Governance

architecture

Traditional gateways handle routing and rate limits. But AI needs identity binding, PII detection, and policy enforcement they were never built for.

December 10, 2025

PII in Prompts: What You're Probably Leaking

compliance

Users paste PII into your AI app. It goes straight to the LLM. That's a compliance problem.

November 19, 2025

Identity in the Three-Party Trust Model

identity

The core problem in AI governance isn't authorization or audit — it's identity. If you can't identify who a request is for, nothing else works.

November 5, 2025

Why Agentic Control Planes Will Matter

architecture

AI is moving from chatbots to agents that take real actions. Without a governance layer, every tool call is a liability.

October 15, 2025