// Trust & Security Report
Microsoft Corporation
AutoGen: an open-source (MIT-licensed) multi-agent AI programming framework from Microsoft Research, distributed via GitHub/PyPI. Sub-components: AutoGen Core (event-driven multi-agent runtime), AgentChat (higher-level conversational agent API), Extensions (community/first-party integrations such as MCP workbench, Docker code executor, OpenAI Assistant API), and AutoGen Studio (a local no-code web UI for prototyping). It is not a hosted SaaS product; it is self-hosted software that orchestrates calls to whichever LLM backend the user configures (OpenAI, Azure OpenAI, local models, etc.). AutoGen is officially in maintenance mode; Microsoft's actively developed successor is "Microsoft Agent Framework" (MAF).
Certifications held
0
Maturity
Unknown
Trains on your data
No
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
> Show 7 unconfirmed / not-held certifications
source: github.comNo public evidence. AutoGen is distributed as open-source code (MIT license) that users install and run themselves; it is not a hosted service, so it has no SOC 2 audit report of its own. No trust center or audit report was found on microsoft.github.io/autogen or github.com/microsoft/autogen.
source: github.comNo public evidence for AutoGen itself. Not found on the project's docs site, GitHub repo, README, or SECURITY.md.
source: microsoft.github.ioNo AutoGen-specific GDPR posture page exists. The docs site footer links only to Microsoft's generic corporate Privacy Statement ("Privacy Policy | Consumer Health Privacy"), which governs Microsoft's websites generally, not data processed by the AutoGen framework (the framework itself does not collect or process end-user personal data; that responsibility falls on whatever LLM backend the user configures).
source: microsoft.github.ioNo public evidence. No BAA or HIPAA statement exists for AutoGen; the only health-related link in the footer ("Consumer Health Privacy") is Microsoft's standard boilerplate site-footer link (points to go.microsoft.com/fwlink/?linkid=2259814, Microsoft's generic Washington My Health My Data Act notice used across Microsoft docs sites), not an AutoGen-specific HIPAA claim.
source: github.comNo public evidence that AutoGen itself (as distinct from Microsoft's broader Responsible AI program) holds ISO 42001 certification.
source: github.comNot applicable / no public evidence. FedRAMP authorizations apply to hosted cloud services (e.g., Azure Government), not to a self-hosted open-source code library.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Not offered
Data region
Not applicable - no data residency commitment exists for the framework itself; residency is determined by the user's self-hosted deployment and chosen model backend.
AutoGen is orchestration code, not a hosted model or data platform. The framework does not itself collect, store, or train on user data; example code in the official docs shows agents calling a user-supplied model client (e.g. `OpenAIChatCompletionClient(model="gpt-4o")`), meaning data handling and any model-training exposure is governed entirely by whichever LLM provider (OpenAI, Azure OpenAI, a locally hosted model, etc.) the adopter chooses to wire in, not by Microsoft or the AutoGen project.
// Security controls
Vulnerability disclosure
Do not report security vulnerabilities through public GitHub issues; report via the Microsoft Security Response Center (MSRC) at https://msrc.microsoft.com/create-report or secure@microsoft.com. Microsoft follows the principle of Coordinated Vulnerability Disclosure and commits to responding within 24 hours.
github.comCode execution sandboxing
Ships a DockerCommandLineCodeExecutor extension so model-generated code can be run inside an isolated Docker container instead of directly on the host.
microsoft.github.ioMCP server trust warning
Docs explicitly warn: connect only to trusted MCP servers, since they may execute commands in the local environment or expose sensitive information.
microsoft.github.ioHosting model
Self-hosted / bring-your-own-infrastructure. AutoGen has no first-party hosted runtime, so there is no vendor-operated production environment to certify; encryption in transit/at rest, network isolation, and access control are entirely a function of the infrastructure and model backend the adopter chooses.
microsoft.github.io// Products & data scope
data: No data held by the framework; passes messages between agents and to whichever model client the developer configures.
For building scalable, distributed multi-agent systems (deterministic and dynamic workflows, distributed agents across languages).
data: Same as Core; data exposure depends on the model client (e.g. OpenAI, Azure OpenAI) wired into the agent.
Recommended starting point for prototyping agents in Python.
data: Varies per extension; each integration inherits the security posture of the external service it talks to.
Community and first-party extensions; adopters should vet each integration independently.
data: Runs as a local web server on the developer's machine; not designed as a hardened multi-tenant service.
Intended for prototyping only, not production deployment.
// What to watch
- Identity-conflation risk: Microsoft Corporation holds SOC 2, ISO 27001, HIPAA and GDPR-related attestations for its hosted cloud platforms (Azure, Microsoft 365, Azure OpenAI Service). None of those certifications belong to AutoGen, which is unaudited, self-hosted, open-source framework code with no trust center of its own. AIFOXX must not display Microsoft's corporate/Azure certifications as if they cover AutoGen.
- AutoGen is officially in maintenance mode as of 2026; Microsoft's Learn documentation and blog posts state it 'will not receive new features or enhancements and is community managed going forward,' with Microsoft Agent Framework (MAF) as the recommended, actively developed successor. The listing should surface this so users understand new investment is not going into AutoGen.
- Standard SaaS compliance questions (SOC2/ISO/HIPAA/GDPR/data residency) map poorly onto a self-hosted OSS library; grading them all held=false is accurate but a human reviewer should confirm this framework belongs in a compliance-oriented directory the same way hosted SaaS tools do.
// At a glance
Pricing model
Free and open source (MIT license for code, CC-BY-4.0 for documentation); no paid tier or managed offering from Microsoft for AutoGen itself.
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Microsoft Corporation's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
go.microsoft.com