OPAQUE has appointed Imran Siddique as Chief Platform Officer. He joins from Microsoft, where he created the Agent Governance Toolkit.
He will lead OPAQUE's engineering organisation and platform strategy, working with co-founder and Chief Technology Officer Rishabh Poddar, who will continue to oversee the company's research and cryptographic platform direction.
The appointment brings together Siddique's work on agent governance with OPAQUE's focus on confidential computing for artificial intelligence systems. The company said this combination is intended to address business concerns about deploying AI agents in sensitive environments.
Companies are increasingly giving AI agents access to email, customer relationship management systems, databases and transaction processes. That broader access has raised questions about how organisations can limit what those agents do, particularly when systems behave unpredictably or are exposed to malicious prompts hidden in routine content such as documents, support tickets or emails.
OPAQUE argues that many existing approaches focus on screening inputs and outputs at the content layer rather than setting clear rules for agent behaviour and enforcing them at a lower level. Businesses in regulated sectors have been reluctant to use agents near critical systems because those controls do not fully eliminate the risk of data leakage or unauthorised actions, it said.
Siddique spent 18 years at Microsoft in engineering roles across Azure Core, Azure for Industries in sovereign deployments, Azure DevOps and SQL Azure. During that time, he created the Agent Governance Toolkit, an open-source framework designed to govern AI agents at runtime.
OPAQUE described AGT as the only toolkit with documented mitigation for all 10 risks identified by the OWASP Agentic AI Security Initiative. It added that its own platform provides hardware-based enforcement designed to restrict what an agent can access and produce evidence that policies were applied.
Security focus
OPAQUE is positioning the hire within a broader debate over governance in AI systems. Businesses in financial services, healthcare and other regulated or sovereign settings face particular pressure because an agent's error can trigger a reportable incident and create compliance consequences.
That has made governance a central issue for suppliers trying to persuade large organisations to give AI agents more autonomy. OPAQUE's approach combines policy controls with hardware-backed enforcement rather than relying only on filters designed to detect harmful content or instructions.
Aaron Fulkerson, Chief Executive Officer of OPAQUE, said: "The prize here is enormous - AI agents working directly on a company's most sensitive data and systems, where the real competitive advantage lives. But most teams are connecting agents to that on 'probably' - guardrails that probably catch the bad behavior, that probably stop the leak. You don't run a regulated business on 'probably.' It takes three layers: guardrails on the content, policy on what an agent is allowed to do, and hardware that enforces both and proves it held. Imran built the policy layer that the industry relies on. Together, we're turning 'probably' into proof."
Microsoft background
Siddique's profile in the sector extends beyond AGT. OPAQUE said he also founded and open-sourced Agent OS, Agent Mesh and Agent SRE, projects focused on runtime governance, zero-trust networking, audit and multi-agent orchestration.
His arrival adds a senior engineering leader with experience across Microsoft's cloud and software platforms at a time when AI infrastructure companies are competing to define the control layers around autonomous systems. The market is paying growing attention to how to prove that AI actions comply with internal rules and external regulation, particularly where models are connected to live business systems.
His remit will include bridging governance policy with hardware enforcement inside OPAQUE's platform. That suggests the company is seeking to tie software-based rule-setting more directly to confidential computing methods that isolate data and processing from unauthorised access.
Siddique said existing screening methods do not go far enough. "Screening what goes in and out of an agent was never going to be enough. You need a layer that decides what it's allowed to do, and a layer that enforces and proves it in hardware. I built the first at Microsoft - AGT, the only framework that addresses all 10 OWASP Agentic AI risks by design. OPAQUE is the second."