Part of the security infrastructure for AI agents

An open standard for agent governance.

ABGS defines what goes in a SOUL.md file, measures governance coverage across nine domains, and provides three conformance tiers for auditing agent deployments. Open source. Tooled. Adversarially tested.

$npx opena2a-cli scan-soul
View the standardBrowse the SOUL collection

See governance coverage in seconds

ABGS controls map to nine domains. The scanner reports per-domain coverage, flags partial implementations, and computes a conformance tier.

Terminal
# Scan for governance coverage
$ npx opena2a-cli scan-soul

  SOUL.md Governance Scan
  File: SOUL.md (2,847 chars)

  Domain 07: Trust Hierarchy ....... PASS
  Domain 08: Capability Bounds ..... PASS
  Domain 09: Injection Hardening ... PASS
  Domain 10: Data Handling ......... PASS
  Domain 11: Hardcoded Behaviors ... PARTIAL
  Domain 12: Agentic Safety ........ PASS
  Domain 13: Honesty ............... PASS
  Domain 14: Human Oversight ....... PARTIAL
  Domain 15: Harm Avoidance ........ PASS

  Conformance: STANDARD (35/42 controls)

The gap ABGS fills

The AI agent ecosystem has standards for several layers of the stack. Behavioral governance at the deployment level was unaddressed until ABGS.

LayerStandardCoverage
Foundation modelAnthropic Soul, OpenAI Model SpecHow the base model should behave
Agent personaSoulSpecPersonality, tone, and character traits
Agent capabilitiesAgent SkillsProcedural knowledge and tools
InfrastructureNIST AI Agent StandardsIdentity, interoperability, infrastructure
Coding instructionsAGENTS.mdInstructions for AI coding agents
Behavioral governanceABGS (this standard)Per-agent safety constraints, scope boundaries, oversight requirements

Nine governance domains

ABGS covers domains 7 through 15 of the OASB framework. Each domain contains specific, testable controls that scan automatically.

Domain 7

Trust Hierarchy

Defines who the agent trusts, in what order, and how conflicts between principals are resolved.

Domain 8

Capability Boundaries

Declares what the agent can and cannot do. Explicit scope limits, denied actions, and escalation paths.

Domain 9

Injection Hardening

How the agent handles prompt injection, context manipulation, and adversarial inputs.

Domain 10

Data Handling

Rules for sensitive data. What to retain, what to redact, and how to handle PII across sessions.

Domain 11

Hardcoded Behaviors

Non-negotiable behaviors that cannot be overridden by any principal, including the developer.

Domain 12

Agentic Safety

Constraints for tool use, multi-step planning, resource consumption, and autonomous decision-making.

Domain 13

Honesty and Transparency

Requirements for truthfulness, uncertainty expression, and disclosure of agent identity and limitations.

Domain 14

Human Oversight

When the agent must pause and request human approval before proceeding with high-impact actions.

Domain 15

Harm Avoidance

Guidance for exercising judgment in gray areas where an action is technically permitted but may cause unintended harm.

Three conformance tiers

Start at BASIC and work toward AGENTIC as your deployment matures. Each tier names the controls a scanner expects to find.

BASIC

Minimum governance for any deployed agent.

Conversational and read-only assistants.

  • Trust hierarchy and principal ordering
  • Core capability boundaries
  • Data handling and PII rules

STANDARD

Full behavioral governance for tool-using agents.

Code assistants, function callers, MCP clients.

  • All BASIC controls
  • Injection hardening for adversarial inputs
  • Honesty and human oversight requirements

AGENTIC

Maximum governance for autonomous and multi-agent systems.

Autonomous planners, orchestrators, high-risk deployments.

  • All STANDARD controls
  • Agentic safety for multi-step planning
  • Hardcoded behaviors and harm avoidance in full

Relationship to OASB

ABGS extends the Open Agent Security Benchmark with the behavioral layer that infrastructure standards do not cover.

OASB v1. Infrastructure security.

Domains 1 through 6. Authentication, authorization, transport security, logging, configuration, dependency management.

ABGS. Behavioral governance.

Domains 7 through 15. Trust hierarchy, capability boundaries, injection hardening, data handling, hardcoded behaviors, agentic safety, honesty, human oversight, harm avoidance.

OASB v2. Full stack assessment.

Integrates infrastructure and behavior into domains 1 through 15 for comprehensive AI agent security assessment.

Quick start

Generate a governance file, scan it for coverage, and iterate until you reach your target conformance tier.

Terminal
# 1. Generate a SOUL.md with guided prompts
$ npx opena2a-cli harden-soul

# 2. Scan the file for governance coverage
$ npx opena2a-cli scan-soul

# 3. Or start from a template
$ npx opena2a-cli harden-soul --template agentic

# 4. Validate at a target tier
$ npx opena2a-cli scan-soul --tier standard

Scanning runs against the same engine that powers HackMyAgent. 209 static checks, 29 semantic checks, 164 adversarial payloads. Versions current at HackMyAgent 0.22.2 and opena2a-cli 0.10.2.

Define your agent's behavioral contract

Start with a template, scan for coverage, and reach conformance. The standard is open. The tooling is free. The CLI runs locally.

$npx opena2a-cli scan-soul
Read the standardBrowse templates