// Trust & Security Report
Microsoft
Semantic Kernel SDK
Certifications held
7
Maturity
Enterprise
Trains on your data
No
Trust center
Yes
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on learn.microsoft.com“Currently, both Azure Public and Azure Germany are audited once a year for ISO/IEC 27001 compliance by a third-party accredited certification body, providing independent validation that security controls are in place and operating effectively. Microsoft 365 - ISO 27001:2022 Certificate (2024-2027).”
Verify on learn.microsoft.com“The Azure SOC 2 Type 2 attestation report shows Microsoft online services in scope: Azure, Azure DevOps, Microsoft Dynamics 365, Microsoft Defender XDR, Office 365, Power Apps, Power Automate, Power BI, Copilot Studios, and others.”
Verify on learn.microsoft.com“Microsoft Azure and Microsoft Azure Government received a Provisional Authority to Operate from the FedRAMP Joint Authorization Board.”
Verify on learn.microsoft.com“Microsoft offers its covered entity and business associate customers a Business Associate Agreement that covers in-scope Microsoft services. The Microsoft HIPAA Business Associate Agreement is available through the Microsoft Online Services Data Protection Addendum by default.”
Verify on learn.microsoft.com“Office 365 - ISO 27001, 27017, 27018, 27701 Statement of Applicability (2024) is available via the Service Trust Portal.”
Verify on learn.microsoft.com“Microsoft Azure maintains the CSA STAR Certification and CSA STAR Attestation.”
Verify on microsoft.com“Microsoft published the updated Products and Services Data Protection Addendum (May 2026). Prompts, completions, embeddings, and training data are not used to train any generative AI foundation models without customer permission or instruction.”
> Show 1 unconfirmed / not-held certifications
source: github.comSemantic Kernel is an open-source MIT-licensed SDK package. As a client-side library, it is not itself a cloud service and therefore does not independently carry SOC 2 certification. Applicable certs are held by Microsoft Azure, which the SDK may connect to.
// Privacy & AI training
Trains on customer data
No
Data processing agreement
Offered
Data region
Configurable. The SDK is self-hosted; when connected to Azure services, customers can specify data region and benefit from the EU Data Boundary commitments.
Microsoft's Data Protection Addendum (updated May 2026) explicitly commits that prompts, completions, embeddings, and training data submitted through Azure AI services are not used to train foundation LLMs without customer permission. The Semantic Kernel SDK itself does not independently collect or process data - it is a client-side orchestration library. Data handling depends on which backend AI service the developer connects (e.g., Azure OpenAI, OpenAI API direct, Hugging Face). When connected to Azure OpenAI, Microsoft's no-training commitment applies.
// Security controls
Vulnerability Disclosure Policy
Coordinated Vulnerability Disclosure (CVD). Vulnerabilities must be reported to the Microsoft Security Response Center (MSRC) at https://msrc.microsoft.com/create-report, not via public GitHub issues. 24-hour response SLA stated.
learn.microsoft.comBug Bounty Program
Microsoft MSRC Bug Bounty (own portal, not HackerOne or Bugcrowd). Awards range from $750 to $15,000 USD. Semantic Kernel is NOT listed as in-scope for Microsoft's Open Source Bounty Program specifically, but security reports are accepted at the MSRC portal and may qualify under general Microsoft bounty guidelines.
microsoft.comPenetration Testing
Microsoft conducts annual third-party audits (SOC 2, ISO 27001) of its Azure cloud services. The SDK itself, as open-source, is subject to community and Microsoft internal security review. A critical RCE vulnerability in the Python SDK was discovered and patched in version 1.39.4 (May 2026), demonstrating active security response.
microsoft.comSecurity Architecture
SDK provides hooks and filters for responsible AI, telemetry support, and observability. Documentation emphasizes Zero Trust principles and enterprise-grade security via the Secure Future Initiative.
learn.microsoft.comOpen Source License
MIT License - fully open source. Source code auditable at https://github.com/microsoft/semantic-kernel.
github.com// Products & data scope
data: SDK runs in developer's own environment. No data is transmitted to Microsoft unless Azure AI services are configured as backend. When using Azure OpenAI backend: Azure's SOC2, ISO27001, HIPAA, FedRAMP, and DPA apply. When using OpenAI API direct: OpenAI's terms apply. The SDK itself is stateless with respect to user data.
Primary implementation. Available as NuGet package. Used by Fortune 500 companies per Microsoft docs.
data: Same as C# variant. Available via PyPI. A critical RCE vulnerability (prompt injection to host-level RCE) was found and patched in v1.39.4 (May 2026). Ensure updated version is deployed.
Python variant had a critical security patch in May 2026. Enterprise users must verify they are on v1.39.4 or later.
data: Same as C# variant. Available via Maven.
Java implementation; generally lags C#/Python in feature releases.
// What to watch
- CRITICAL: A remote code execution vulnerability (prompt injection to host-level RCE) was discovered in the Python SDK and patched in v1.39.4 (May 2026). Enterprise users should verify Python SDK version is 1.39.4 or later.
- ARCHITECTURE NOTE: Semantic Kernel is an open-source SDK, not a SaaS service. Compliance certifications listed (SOC2, ISO27001, etc.) are held by Microsoft for its Azure cloud services and apply when the SDK is connected to Azure backends. They do not independently certify the SDK package itself.
- Semantic Kernel is excluded from the Microsoft Open Source Bug Bounty Program scope page; security researchers must use MSRC directly.
- Data compliance depends on which AI backend is configured by the developer. Using non-Azure backends (e.g., OpenAI API direct) brings that provider's terms into scope instead of Microsoft's.
// At a glance
Pricing model
Free and open source (MIT license). Costs arise only from connected AI backend services (e.g., Azure OpenAI API calls, OpenAI credits).
Self-hostable
Yes
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Microsoft's own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-06-27. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
microsoft.com