Anthropic Launches Omnigent: Open-Source Meta-Harness with Contextual Policy Controls for AI Agents
Key Takeaways
- ▸Omnigent is an open-source meta-harness that unifies governance across AI agents from different frameworks (Claude Code, Codex, OpenAI Agents SDK, custom agents, etc.) through a single policy layer
- ▸Contextual policies track session state to dynamically decide what agents can do, enabling security rules that are both flexible and secure
- ▸Policies can implement sophisticated controls including tracking resource usage, preventing prompt injection attacks, enforcing per-session budgets, and detecting anomalous behavior
Summary
Anthropic has launched Omnigent, an open-source meta-harness designed to unify governance across AI agents built with multiple frameworks including Claude Code, Codex, and custom agents. The platform introduces contextual policies—a novel security and cost management system that tracks session state (such as resources accessed, tools used, and spending) to dynamically decide what actions agents should be allowed to perform. This solves a critical gap in current agent governance: traditional controls are binary (allow/deny/ask), but contextual policies enable nuanced, history-aware rules that adapt based on an agent's behavior within a session.
Contextual policies address real enterprise security and usability challenges. For example, they can prevent prompt injection attacks by tracking whether an agent has read untrusted content; if it has, policies can restrict access to sensitive operations even if those operations would normally be permitted. Similarly, policies can implement per-session budgets, detect anomalous behavior patterns (like a sales agent sending thousands of emails), and enforce least-privilege security models. Rather than blocking powerful actions entirely, contextual policies allow organizations to balance security with usability—eliminating both the restriction of useful capabilities and the user fatigue that comes from constant approval prompts.
Because Omnigent is a meta-harness, its contextual policies apply uniformly across any supported agent framework, including OpenAI's Agents SDK and custom implementations. This unified approach allows enterprises to deploy sophisticated agent governance without rearchitecting their existing systems, addressing what security researchers like Simon Willison and Meta have termed the "Lethal Trifecta"—preventing agents from simultaneously reading untrusted content, accessing sensitive data, and communicating externally.
- The approach solves the "Lethal Trifecta" problem by allowing nuanced restrictions based on session history rather than blanket allow/deny rules
Editorial Opinion
Contextual policies represent a meaningful step forward in making AI agents both safe and practical for enterprise use. By enabling history-aware governance, Omnigent eliminates the false choice between overly restrictive controls and approval fatigue. If this vision of unified policy enforcement across heterogeneous agent frameworks proves durable and widely adopted, it could become a standard layer in enterprise AI deployments, much like how modern browsers standardize security policies.


