Existing multi-agent AI systems lack governance architectures that are both provably secure and quantum-resistant, hindering reliable enforcement of communication policies and behavioral accountability. This work proposes the first multi-agent governance framework integrating provably secure, post-quantum cryptographic mechanisms. By leveraging post-quantum cryptographic primitives, a universally composable (UC) security model, policy budgeting, and message attribution techniques, the framework enables fine-grained access control, global policy management for one-to-many sessions, and session-based policy enforcement. Under controlled computational and communication overhead, it achieves—unlike prior approaches such as SAGA—the first formally verified quantum-resistant governance and accountability capabilities for multi-agent systems.

Our computing ecosystem is being transformed by two emerging paradigms: the increased deployment of agentic AI systems and advancements in quantum computing. With respect to agentic AI systems, one of the most critical problems is creating secure governing architectures that ensure agents follow their owners' communication and interaction policies and can be held accountable for the messages they exchange with other agents. With respect to quantum computing, existing systems must be retrofitted and new cryptographic mechanisms must be designed to ensure long-term security and quantum resistance. In fact, NIST recommends that standard public-key cryptographic algorithms, including RSA, Diffie-Hellman (DH), and elliptic-curve constructions (ECC), be deprecated starting in 2030 and disallowed after 2035. In this paper, we present MAGIQ, a framework for policy definition and enforcement in multi-agent AI systems using novel, highly efficient, quantum-resistant cryptographic protocols with proven security guarantees. MAGIQ (i) allows users to define rich communication and access-control policy budgets for agent-to-agent sessions and tasks, including global budgets for one-to-many agent sessions; (ii) enforces such policies using post-quantum cryptographic primitives; (iii) supports session-based enforcement of policies for agent-to-agent and one-to-many agent sessions; and (iv) provides accountability of agents to their users through message attribution. We formally model and prove the correctness and security of the system using the Universal Composability (UC) framework. We evaluate the computation and communication overhead of our framework and compare it with the state-of-the-art agentic AI framework SAGA. MAGIQ is a first step toward post-quantum-secure solutions for agentic AI systems.