Microsoft releases RAMPART and Clarity open-source tools to harden agent safety

Microsoft on May 20 released two open-source tools, RAMPART and Clarity, to help developers test and constrain AI agents before those systems are deployed inside enterprise workflows. The company said the tools are meant for agents that now do more than answer questions, including reading email, retrieving CRM records, writing and executing code, and taking actions across connected systems. (microsoft.com) Microsoft framed the release as part of a push to make AI safety a routine engineering task rather than a periodic review. ### What exactly did Microsoft ship? RAMPART is an open-source testing framework that brings red-teaming techniques into the agent development workflow, according to Microsoft’s Security Blog. The company said it is built on top of PyRIT, Microsoft’s open automation framework for red teaming generative AI systems, so developers can run adversarial tests as part of normal build and evaluation cycles. (microsoft.com) Clarity is a separate open-source tool that Microsoft described as helping teams check software-engineering assumptions. In the company’s description, the tool is aimed at surfacing whether an agent behaves as expected once it is connected to tools, permissions and workflow logic. (microsoft.com) ### Why is Microsoft focusing on agent safety now? Microsoft said the AI systems now shipping inside enterprises are “fundamentally different” from those built even two years ago because they can access business systems and act on a user’s behalf. The company listed email, CRM records, code execution and actions across dozens of connected systems as examples of the new risk surface. (microsoft.com) The Hacker News, in its May 20 coverage, said the two tools are aimed at securing AI agents during development, with a focus on security testing issues such as prompt injection. That report described the release as part of a broader effort to help developers test agent behavior before production use. ### What problems are these tools supposed to catch? (microsoft.com) Prompt injection is one of the clearest targets in the outside coverage. The Hacker News said Microsoft’s release centers on helping developers test whether agents can be manipulated through hostile instructions or unsafe tool use during development. Microsoft’s own description points to a wider class of failures. By emphasizing agents that can read messages, pull records and execute code, the company is directing the tools at systems where bad outputs can become real actions rather than just wrong text. (microsoft.com) ### How does this fit with Microsoft’s broader enterprise pitch? Snorkel AI, in a Microsoft Bay Area blog post published the same day, said enterprises need ways to move agents from proofs of concept to systems that reach expert-level accuracy in high-stakes workflows. (thehackernews.com) The post said demos often fail when data does not match real usage and when pilots cannot show value quickly. That pairing matters because Microsoft released the safety tools alongside examples of how enterprises are trying to make agents reliable enough for production work. (thehackernews.com) The two messages together tie agent deployment to testing, evaluation and data quality rather than model capability alone. ### Where do developers get them next? (microsoft.com) Microsoft said on May 20 that RAMPART and Clarity are available now as open-source tools. The company published the announcement through its Security Blog, where it also linked the release to its wider work on securing agentic AI. (microsoft.com) (blogs.microsoft.com)