AGF

Reference Architecture

A composable governance
framework for agentic systems

AGF is a reference architecture and operating model for governing agentic systems — synthesizing NIST, OWASP, CSA, ISO, EU AI Act, OpenTelemetry, and academic research into a coherent, composable playbook.

Built to make agent behavior observable, traceable, auditable, and agent-operable — so the systems shipping today can be governed without rebuilding them tomorrow.

Read the frameworkStart with your role

We did not invent these patterns. We sorted the pieces and showed how they fit together.

Integrates & maps to

NIST AI RMFOWASP ASI Top 10OWASP MCP Top 10CSA MAESTROEU AI ActISO/IEC 42001MITRE ATLASOpenTelemetrySingapore IMDANIST 800-53

What AGF is — and what it isn't

AGF is

  • — A reference architecture for agentic systems
  • — An operating model synthesizing existing frameworks
  • — A vocabulary of primitives, rings, gates, and invariants
  • — A crosswalk between NIST, OWASP, CSA, ISO, EU AI Act
  • — Openly licensed (CC BY 4.0 docs; Apache-2.0 / MIT code)

AGF is not

  • — A new control catalog (use NIST 800-53, CSA AICM, ISO 27001)
  • — A new threat taxonomy (use OWASP, MITRE ATLAS, MAESTRO)
  • — A platform, product, or vendor solution
  • — A compliance certification or a replacement for one
  • — A claim that AGF invented these patterns
The Rings Model — Governed Agentic Systems: Ring 0 (Execution) through Ring 3 (Learning) with cross-cutting fabric

The Rings Model — four concentric rings, one fabric, one substrate. Learn more

v1.0 Positioning

AGF synthesizes the governance landscape — see how it fits.

NIST, OWASP, CSA AICM/ATF/MAESTRO, ISO 42001, EU AI Act, Microsoft AGT, FAIR — each authoritative, none sufficient alone. AGF is the architectural substrate that makes the frameworks you already use work together for agentic systems.

Read the seven-layer stack
The Agentic Governance Landscape — seven-layer stack with AGF as architectural substrate (Layer 0) and unifying frame around OWASP (L1), MAESTRO (L2), AICM/ISO/NIST catalogs (L3), CSA ATF (L4), Microsoft AGT (L5), with FAIR as orthogonal Layer 6

Start with your role

Five domain profiles, each with the depth your function needs.

Security & Threat ModelingCISOs, security architects, red teamsThree-level security model, OWASP mappings, incident responseRead profilePlatform & InfrastructurePlatform engineers, DevOps/MLOpsDeployment modes, MCP integration, cost of governanceRead profileGovernance, Risk & ComplianceCompliance officers, auditors, DPOsEU AI Act mapping, control crosswalks, evidence guidesRead profileAI EngineeringAI/ML engineers, agent developers19 primitives, composition patterns, implementation priorityRead profileObservability & OperationsSREs, SOC analysts, detection engineersEvent architecture, correlation engine, operational playbooksRead profile

Core concepts

The architectural foundations of the framework.

The Rings Model

Four concentric rings — Execution, Verification, Governance, Learning — plus cross-cutting fabric.

Learn more

19 Primitives

Named patterns for governed agentic systems. Not invented — connected from established practice.

Learn more

Trust Ladders

Agents earn autonomy through demonstrated performance. Start expensive, get cheaper.

Learn more

Composition Patterns

From Minimum Viable Control to Full Governed System — each phase independently valuable.

Learn more

Humility before authority

We synthesize, we don't decree. Every pattern is credited to the communities that developed it.

Rigor before opinion

Every claim grounded in evidence or clearly marked as an informed proposal. Confidence levels throughout: · · .

Community over credit

If this framework helps one organization build a safer agentic system, it has served its purpose.