AgentAz Compliance Scanner — score any AI agent's governance — AgentKits<br>Skip to content<br>System prompt or agentaz.jsonScan nowLoad sample ▾

Scored against Microsoft's published agent-governance guidance, with the AgentAz™ companion mapping. Deterministic — same input, same result. Your prompt is processed on our edge to produce the result and is never stored, logged, or sent to any model.

Disclaimer<br>The AgentKits Compliance Scanner is a free, informational tool that performs automated heuristic screening of AI-agent system prompts for common governance gaps. It is not a security audit, penetration test, legal or regulatory compliance certification, or a substitute for qualified human review. Results are provided “as is”, without warranties of any kind, express or implied, and must not be relied upon as the sole basis for deploying, approving, or assessing any AI agent. Heuristic analysis can produce false positives and false negatives and may miss contextual nuance; a system-prompt scan assesses only the design layer and cannot evaluate platform-, runtime-, or infrastructure-level controls. Always consult qualified security, privacy, and legal professionals before deploying AI agents in regulated or high-risk contexts. To the maximum extent permitted by law, AgentKits and its authors disclaim all liability for any loss or damage arising from use of this tool.<br>Trademarks & affiliation. AgentKits is not affiliated with, endorsed by, sponsored by, or certified by Microsoft (or OWASP, NIST, or any other organization). “Microsoft” and related names and marks are trademarks of Microsoft Corporation; other product and company names are trademarks of their respective owners. This tool references publicly published governance guidance for informational and educational purposes only, and such references do not imply any relationship with or approval by the trademark owners. “AgentAz” is a trademark of AgentKits.<br>What it scores against<br>The scanner maps your agent to the design-layer controls in Microsoft's published guidance for AI agents — the Cloud Adoption Framework's governance and security recommendations, the Responsible AI principles, and the agentic maturity model. Each Microsoft control is shown with its AgentAz™ companion : the spec field that satisfies it at the prompt layer.<br>What it can't see (on purpose)<br>A system-prompt scan only assesses the design layer. Microsoft's platform-enforced controls — Entra ID identity, Purview data-loss prevention, runtime threat detection — are marked platform, out of scope rather than guessed at. This complements those controls; it doesn't replace them.<br>Why deterministic, not an LLM<br>A governance check you can't reproduce isn't a check. The default scan uses fixed rules and the same risky-tool vocabulary the runnable run.py demos enforce, so the same input always produces the same verdict. It never auto-executes or contacts a model.