Microsoft open-sources Rampart and Clarity

Microsoft on May 20 open-sourced two tools called Rampart and Clarity as it pushes developers to treat AI agent safety as an engineering task rather than a final policy review. The company said the tools are meant for teams building agents that can access email, customer records, code and connected business systems. Microsoft described Rampart as a test framework for encoding both adversarial and benign scenarios into repeatable checks that run in continuous integration. It said Clarity is designed to help teams examine whether an agent design fits a workflow before code is written. ### What exactly did Microsoft release? Microsoft’s Security Blog said Rampart is an “agent test framework” and Clarity is a “structured sounding board” for early design decisions. The company said the pair is intended for agentic systems that now do more than answer questions and can take actions across multiple connected systems. Ram Shankar Siva Kumar, identified in the post as “Data Cowboy, AI Red Team,” wrote that Microsoft built the tools because “AI safety has to become a continuous engineering discipline rather than a periodic checkpoint.” (microsoft.com) InfoWorld reported on May 21 that Microsoft is positioning the tools as a way to secure the agent development lifecycle. The publication said the release fits a broader push by Microsoft to operationalize safety for software teams building autonomous or semi-autonomous AI systems. ### How is Rampart supposed to work in practice? Microsoft said Rampart lets teams encode adversarial and benign scenarios as repeatable tests that can run in CI pipelines. (microsoft.com) The company said that approach is meant to make it easier to convert red-team findings and AI incidents into regression coverage, so a failure discovered once can be checked again as the system changes. (infoworld.com) The Microsoft post said the framework gives teams building blocks for writing concrete safety tests and keeping them running as agents evolve. That framing ties safety checks to standard software delivery practices, rather than leaving them as one-time evaluations before launch. ### What problem is Clarity trying to solve before deployment? (microsoft.com) Microsoft said Clarity is meant to help teams “figure out whether they are building the right thing before they write a single line of code.” The company said the tool helps clarify design intent and capture assumptions, aiming to surface whether an agent is appropriate for a given workflow and where its boundaries should be set. (microsoft.com) The Microsoft blog presented Clarity as part of a spec-driven approach to AI safety. In that account, teams are expected to reason through system design choices earlier, instead of relying only on downstream controls after an agent is already integrated into production workflows. ### How does this fit into Microsoft’s broader agent security push? (microsoft.com) Microsoft in April released an open-source Agent Governance Toolkit that it said addressed runtime security risks for autonomous AI agents. In a separate May 14 blog post, the company also argued that defense in depth for autonomous agents should center on application-layer design, identity and human oversight. The Rampart and Clarity release extends that message into testing and design review. (microsoft.com) InfoWorld said Microsoft’s latest move is aimed at making safety controls continuous and measurable. That description matches Microsoft’s own call for teams to turn incident findings into durable test coverage and engineering controls. ### Where can developers find the tools now? Microsoft said on May 20 that Rampart and Clarity are available now as open-source tools. (opensource.microsoft.com) The company published the announcement through its Microsoft Security Blog and linked the release to its broader security and agent-development work. InfoWorld’s May 21 report said the release was already being presented as part of Microsoft’s current agent safety tooling lineup. (infoworld.com) Microsoft’s blog post remains the primary source for the tools’ description, intended use and immediate availability. (microsoft.com)