Microsoft open-sources RAMPART and Clarity

Microsoft on May 20 released two open-source tools aimed at bringing safety checks into the normal workflow for building AI agents. The company said the projects, called RAMPART and Clarity, are meant to help developers test agent behavior continuously rather than rely on one-time reviews before launch. Microsoft published the announcement on its Security Blog and released both projects through public GitHub repositories. The release lands as software companies push AI systems beyond chat interfaces and into tools that can read email, retrieve records, write code and take actions across connected systems. In the Microsoft blog post, Ram Shankar Siva Kumar, a Microsoft security executive who goes by “Data Cowboy,” said the company built the tools because “AI safety has to become a continuous engineering discipline rather than a periodic checkpoint.” (microsoft.com) ### What exactly did Microsoft publish? RAMPART is a testing framework for agentic AI applications that plugs into pytest, the Python testing tool widely used in software development. Microsoft’s GitHub documentation says it lets teams write tests for adversarial attacks, benign failures and other harm categories, then evaluate and report the results inside existing development pipelines. Clarity is a separate tool focused on design review rather than runtime attack testing. (microsoft.com) Microsoft’s GitHub page describes it as an “AI thinking partner” that pushes back on product and engineering assumptions by surfacing questions that architects, product managers and safety engineers would ask before a system ships. ### Why did Microsoft say these tools were needed now? Microsoft said the current generation of AI agents can do more than answer prompts, which raises the stakes for design mistakes and unsafe behavior. (github.com) In its May 20 post, the company said modern agents are already being used to access enterprise systems, execute code and act on a user’s behalf, making safety checks a development concern rather than a final-stage review item. (github.com) The Register reported that RAMPART stands for Risk Assessment and Measurement Platform for Agentic Red Teaming and is intended to help engineers and incident responders validate fixes against multiple attack variations. Campus Technology and InfoWorld said Microsoft framed the release as a way to turn red-team findings into repeatable engineering checks that can be rerun as agents change. (microsoft.com) ### How does RAMPART fit into an existing engineering workflow? Pytest is the key detail in RAMPART’s design. Microsoft’s documentation says developers write tests that look like regular pytest cases, while RAMPART handles the execution strategy, evaluation logic and reporting around attacks such as prompt injection, behavioral regression and data exfiltration attempts. (theregister.com) That means teams can run agent-safety checks the same way they run unit tests or regression suites in continuous integration systems. Microsoft said RAMPART is built on top of PyRIT, its existing open automation framework for red teaming generative AI systems, so the new project inherits a library of adversarial testing methods out of the box. (github.com) ### What is Clarity supposed to do that testing frameworks do not? Clarity is aimed at the stage before teams start hardening behavior with test cases. Microsoft’s materials describe it as a way to examine whether a team is building the right system in the first place, including the assumptions behind a product requirement, architecture choice or safety control. Inc reported that Microsoft presented Clarity as a tool to help engineers and founders “bake security into their AI agents during—not after—development.” That framing matches the company’s own description of Clarity as a system for surfacing blind spots earlier, before they become incidents or expensive redesigns. (microsoft.com) (github.com) ### Where do these tools sit in Microsoft’s broader AI security push? Microsoft has been expanding its agent-security work in recent months. In April, the company released the Agent Governance Toolkit as another open-source project for runtime controls and policy enforcement, and in March it outlined broader security products for observing and governing agents at enterprise scale. (inc.com) The next step is public use. Microsoft said RAMPART and Clarity are available now through its Security Blog announcement and GitHub repositories, where developers can inspect the code, read the documentation and start integrating the tools into existing agent-development workflows. (microsoft.com) (opensource.microsoft.com)