RSA Conference 2026 Edition
We scanned 21 of the most popular AI agent frameworks, ML libraries, and AI SDKs. Here is how they score on structural governance.
| # | Repository ↕ | Category ↕ | Score ↓ | Grade ↕ | EU AI Act | Scan |
|---|---|---|---|---|---|---|
| 1 | vllm-project/vllm | ML Libraries | 78/100 | B | On track | Scan |
| 2 | BerriAI/litellm | Local AI / Inference | 72/100 | B | On track | Scan |
| 3 | Significant-Gravitas/AutoGPT | AI Agent Frameworks | 68/100 | B | Gaps identified | Scan |
| 4 | fastapi/fastapi | Web Frameworks | 62/100 | B | Gaps identified | Scan |
| 5 | langchain-ai/langchain | AI Agent Frameworks | 61/100 | B | Gaps identified | Scan |
| 6 | pydantic/pydantic | Web Frameworks | 59/100 | C | Gaps identified | Scan |
| 7 | run-llama/llama_index | AI SDKs | 58/100 | C | Gaps identified | Scan |
| 8 | geekan/MetaGPT | AI Agent Frameworks | 57/100 | C | Gaps identified | Scan |
| 9 | stanfordnlp/dspy | AI SDKs | 56/100 | C | Gaps identified | Scan |
| 10 | anthropics/anthropic-sdk-python | AI SDKs | 55/100 | C | Gaps identified | Scan |
| 11 | scikit-learn/scikit-learn | ML Libraries | 54/100 | C | Gaps identified | Scan |
| 12 | huggingface/transformers | ML Libraries | 54/100 | C | Gaps identified | Scan |
| 13 | django/django | Web Frameworks | 54/100 | C | Gaps identified | Scan |
| 14 | openai/openai-python | AI SDKs | 53/100 | C | Gaps identified | Scan |
| 15 | mudler/LocalAI | Local AI / Inference | 52/100 | C | Gaps identified | Scan |
| 16 | crewAIInc/crewAI | AI Agent Frameworks | 50/100 | C | Gaps identified | Scan |
| 17 | All-Hands-AI/OpenHands | AI Agent Frameworks | 50/100 | C | Gaps identified | Scan |
| 18 | TransformerOptimus/SuperAGI | AI Agent Frameworks | 41/100 | C | Gaps identified | Scan |
| 19 | ollama/ollama | Local AI / Inference | 36/100 | D | Not ready | Scan |
| 20 | microsoft/autogen | AI Agent Frameworks | 30/100 | D | Not ready | Scan |
| 21 | yoheinakajima/babyagi | AI Agent Frameworks | 17/100 | F | Not ready | Scan |
Last scanned: March 16, 2026. Scores are point-in-time snapshots.
All scans were run on March 16, 2026 using the Walseth AI Governance Scanner. Scores are point-in-time snapshots of the default branch.
The scanner analyzes 6 dimensions (100 points total): Enforcement (30), CI/CD (15), Security (20), Testing (10), Governance (15), and Hygiene (10). It checks for structural governance signals -- prevent-by-construction patterns like hooks, tests, and templates -- in the file tree via the GitHub API.
Grades: A (80+), B (60-79), C (40-59), D (20-39), F (below 20). EU AI Act readiness: On track (70+), Gaps identified (40-69), Not ready (below 40).
Beyond open-source frameworks, enterprise vendors are building AI agent governance platforms. These are not scored by our repo scanner (they are closed-source enterprise products) but are relevant to the governance landscape.
| Vendor | Focus Area | Governance Layer | Status | Compare |
|---|---|---|---|---|
| Okta for AI Agents | Identity & Access Management | Identity (who agents are, what they access) | GA April 2026 | Compare |
| Zenity | AI Security Posture | Detection (runtime monitoring) | GA | Compare |
| Straiker | AI App Security | Detection (runtime guardrails) | GA | Compare |
| WitnessAI | AI DLP & Visibility | Detection (runtime DLP) | GA | Compare |
| Walseth AI | Structural Enforcement | Behavioral (what agents do, how they comply) | GA | Try Free |
Vendor information sourced from public announcements and company websites as of March 2026. Enterprise vendors are not scored by the governance scanner as they are closed-source platforms.
Run the same scanner used for this leaderboard on any public GitHub repository. Free, instant, no signup required.
Read the full analysis: AI Governance Leaderboard: We Scanned 21 Top Repos Before RSA 2026