Microsoft open-sources RAMPART and Clarity

Microsoft has open-sourced two new tools aimed at a problem many companies are only starting to confront: how to test AI agents the way software teams already test code. In a May 20 post on the Microsoft Security Blog, the company said RAMPART and Clarity are designed to move safety work out of one-off reviews and into the normal development cycle. (microsoft.com) Microsoft described RAMPART as a framework for encoding adversarial and benign scenarios as repeatable tests that can run in continuous integration, while Clarity is meant to challenge assumptions before a team writes code. (github.com) That release matters because agent systems now do more than answer questions. Microsoft said the newer class of enterprise agents can access email, retrieve records, write and execute code, and take actions across connected systems, which changes the risk profile from text generation to operational behavior. (microsoft.com) ### What exactly did Microsoft release? Microsoft said it open-sourced RAMPART and Clarity on May 20 as separate but connected tools in the agent development workflow. The company’s blog said RAMPART is an “agent test framework” for turning red-team findings and AI incidents into regression coverage, while Clarity is a “structured sounding board” for deciding whether a team is building the right thing before implementation starts. (microsoft.com) GitHub descriptions add more detail. The RAMPART repository calls itself a “pytest-native safety and security testing framework for agentic AI applications,” and says it covers adversarial attacks, benign failures and multiple harm categories with evaluation-driven assertions. (microsoft.com) The Clarity Agent repository describes Clarity as “an AI thinking partner that pushes back.” ### How does RAMPART fit into a normal engineering pipeline? RAMPART is designed to look familiar to Python developers already using pytest. Microsoft said each test connects to an agent through a thin adapter, orchestrates an interaction, evaluates observable outcomes and returns a pass-or-fail signal that can be gated in CI like an integration test. (microsoft.com) The GitHub documentation says developers write tests that probe for safety violations such as injection attacks, behavioral regressions and data exfiltration, while the framework handles execution strategies, evaluation logic and reporting. Microsoft also published a separate examples repository with self-contained demos, including a helpdesk-bot walkthrough focused on indirect prompt injection through a poisoned support ticket. (github.com) ### What is Clarity supposed to do before code exists? Clarity is aimed at the stage where teams are still defining requirements and failure modes. Microsoft said the tool was built because many costly safety failures begin with design choices that were never challenged early enough, such as what tools an agent should access or which user flows it should handle. (microsoft.com) The Clarity repository says the software asks the kinds of questions an architect, product manager or safety engineer would ask, then writes the answers into a `.clarity-protocol/` directory inside the repository. Those files are human-readable markdown documents covering the problem, solution, failure analysis and decisions, and the repo says they can be reviewed by teams, exported or reused by agents later. (github.com) ### Why is Microsoft tying this to agent safety rather than model safety? Microsoft said the shift from systems that “generate text” to systems that “do things in the world” changes the safety equation. In the company’s framing, the risk is no longer only whether a model produces harmful content, but whether an agent selects the wrong tool, accepts poisoned context, mishandles data or executes an unintended action. (microsoft.com) The company said RAMPART is built on top of PyRIT, Microsoft’s existing automation framework for red teaming generative AI systems, so that adversarial testing techniques can be reused in a developer workflow rather than reserved for separate security exercises. (github.com) ### Where can teams get it now? Microsoft said both tools are available now through its May 20 security blog post and public GitHub repositories. The RAMPART repository lists an MIT license and a latest release tagged v0.1.0, while the Clarity Agent repository offers desktop installers for macOS and Windows as well as a script-based install that adds the CLI and embeds Clarity into git repositories. Microsoft has also published the rampart-examples repository for red-to-green walkthroughs teams can run immediately. (microsoft.com) (github.com)