// Trust & Security Report

    Microsoft Corporation logo

    Microsoft Corporation

    AutoGen: an open-source (MIT-licensed) multi-agent AI programming framework from Microsoft Research, distributed via GitHub/PyPI. Sub-components: AutoGen Core (event-driven multi-agent runtime), AgentChat (higher-level conversational agent API), Extensions (community/first-party integrations such as MCP workbench, Docker code executor, OpenAI Assistant API), and AutoGen Studio (a local no-code web UI for prototyping). It is not a hosted SaaS product; it is self-hosted software that orchestrates calls to whichever LLM backend the user configures (OpenAI, Azure OpenAI, local models, etc.). AutoGen is officially in maintenance mode; Microsoft's actively developed successor is "Microsoft Agent Framework" (MAF).

    Certifications held

    0

    Maturity

    Unknown

    Trains on your data

    No

    Trust center

    No

    // Certification ledger

    Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.

    > Show 7 unconfirmed / not-held certifications
    SOC 2 (Type 1/2)
    NOT CONFIRMED

    No public evidence. AutoGen is distributed as open-source code (MIT license) that users install and run themselves; it is not a hosted service, so it has no SOC 2 audit report of its own. No trust center or audit report was found on microsoft.github.io/autogen or github.com/microsoft/autogen.

    source: github.com
    ISO 27001
    NOT CONFIRMED

    No public evidence for AutoGen itself. Not found on the project's docs site, GitHub repo, README, or SECURITY.md.

    source: github.com
    GDPR
    NOT CONFIRMED

    No AutoGen-specific GDPR posture page exists. The docs site footer links only to Microsoft's generic corporate Privacy Statement ("Privacy Policy | Consumer Health Privacy"), which governs Microsoft's websites generally, not data processed by the AutoGen framework (the framework itself does not collect or process end-user personal data; that responsibility falls on whatever LLM backend the user configures).

    source: microsoft.github.io
    HIPAA
    NOT CONFIRMED

    No public evidence. No BAA or HIPAA statement exists for AutoGen; the only health-related link in the footer ("Consumer Health Privacy") is Microsoft's standard boilerplate site-footer link (points to go.microsoft.com/fwlink/?linkid=2259814, Microsoft's generic Washington My Health My Data Act notice used across Microsoft docs sites), not an AutoGen-specific HIPAA claim.

    source: microsoft.github.io
    ISO/IEC 42001 (AI management system)
    NOT CONFIRMED

    No public evidence that AutoGen itself (as distinct from Microsoft's broader Responsible AI program) holds ISO 42001 certification.

    source: github.com
    CSA STAR
    NOT CONFIRMED

    No public evidence found for AutoGen.

    source: github.com
    FedRAMP
    NOT CONFIRMED

    Not applicable / no public evidence. FedRAMP authorizations apply to hosted cloud services (e.g., Azure Government), not to a self-hosted open-source code library.

    source: github.com

    // Privacy & AI training

    Trains on customer data

    No

    Data processing agreement

    Not offered

    Data region

    Not applicable - no data residency commitment exists for the framework itself; residency is determined by the user's self-hosted deployment and chosen model backend.

    AutoGen is orchestration code, not a hosted model or data platform. The framework does not itself collect, store, or train on user data; example code in the official docs shows agents calling a user-supplied model client (e.g. `OpenAIChatCompletionClient(model="gpt-4o")`), meaning data handling and any model-training exposure is governed entirely by whichever LLM provider (OpenAI, Azure OpenAI, a locally hosted model, etc.) the adopter chooses to wire in, not by Microsoft or the AutoGen project.

    // Security controls

    Vulnerability disclosure

    Do not report security vulnerabilities through public GitHub issues; report via the Microsoft Security Response Center (MSRC) at https://msrc.microsoft.com/create-report or secure@microsoft.com. Microsoft follows the principle of Coordinated Vulnerability Disclosure and commits to responding within 24 hours.

    github.com

    Code execution sandboxing

    Ships a DockerCommandLineCodeExecutor extension so model-generated code can be run inside an isolated Docker container instead of directly on the host.

    microsoft.github.io

    MCP server trust warning

    Docs explicitly warn: connect only to trusted MCP servers, since they may execute commands in the local environment or expose sensitive information.

    microsoft.github.io

    Hosting model

    Self-hosted / bring-your-own-infrastructure. AutoGen has no first-party hosted runtime, so there is no vendor-operated production environment to certify; encryption in transit/at rest, network isolation, and access control are entirely a function of the infrastructure and model backend the adopter chooses.

    microsoft.github.io

    // Products & data scope

    AutoGen CoreEvent-driven multi-agent orchestration runtime

    data: No data held by the framework; passes messages between agents and to whichever model client the developer configures.

    For building scalable, distributed multi-agent systems (deterministic and dynamic workflows, distributed agents across languages).

    AgentChatHigh-level conversational single/multi-agent Python API (built on Core, requires Python 3.10+)

    data: Same as Core; data exposure depends on the model client (e.g. OpenAI, Azure OpenAI) wired into the agent.

    Recommended starting point for prototyping agents in Python.

    ExtensionsIntegrations with external services/libraries (e.g. MCP workbench, OpenAI Assistant API client, Docker code executor, gRPC distributed runtime)

    data: Varies per extension; each integration inherits the security posture of the external service it talks to.

    Community and first-party extensions; adopters should vet each integration independently.

    AutoGen StudioLocal, no-code web UI for prototyping agents (`pip install autogenstudio`)

    data: Runs as a local web server on the developer's machine; not designed as a hardened multi-tenant service.

    Intended for prototyping only, not production deployment.

    // What to watch

    • Identity-conflation risk: Microsoft Corporation holds SOC 2, ISO 27001, HIPAA and GDPR-related attestations for its hosted cloud platforms (Azure, Microsoft 365, Azure OpenAI Service). None of those certifications belong to AutoGen, which is unaudited, self-hosted, open-source framework code with no trust center of its own. AIFOXX must not display Microsoft's corporate/Azure certifications as if they cover AutoGen.
    • AutoGen is officially in maintenance mode as of 2026; Microsoft's Learn documentation and blog posts state it 'will not receive new features or enhancements and is community managed going forward,' with Microsoft Agent Framework (MAF) as the recommended, actively developed successor. The listing should surface this so users understand new investment is not going into AutoGen.
    • Standard SaaS compliance questions (SOC2/ISO/HIPAA/GDPR/data residency) map poorly onto a self-hosted OSS library; grading them all held=false is accurate but a human reviewer should confirm this framework belongs in a compliance-oriented directory the same way hosted SaaS tools do.

    // At a glance

    Pricing model

    Free and open source (MIT license for code, CC-BY-4.0 for documentation); no paid tier or managed offering from Microsoft for AutoGen itself.

    Self-hostable

    Yes

    // How we verified this

    Every certification marked HELD is confirmed against a verbatim quote on Microsoft Corporation's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.

    Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.

    go.microsoft.com

    > Browse all vendor trust reports