Microsoft open-sources RAMPART and Clarity

Microsoft on May 20 released two open-source tools aimed at developers building AI agents that can read email, browse the web, handle files and take actions across connected systems. The tools, called RAMPART and Clarity, are designed to move safety checks earlier in the software process rather than leaving them to one-off reviews at the end. Microsoft said the release is meant to help teams convert adversarial findings, red-team results and incident lessons into repeatable engineering tests. The announcement came through the company’s security blog and was echoed in follow-up coverage from security and enterprise IT outlets. ### Why did Microsoft release two tools instead of one? Microsoft said the two projects address different stages of agent development. RAMPART is the testing framework: it lets teams encode both adversarial and benign scenarios as tests that can run in continuous integration pipelines, according to the company’s May 20 post. Clarity is the earlier-stage tool: Microsoft described it as a structured sounding board for deciding whether a team is building the right agentic system before code is written. (microsoft.com) The company framed that split around the growing reach of AI agents. Microsoft said today’s agents can access inboxes, CRM records, code execution environments and business workflows, which raises the cost of design mistakes as well as the cost of security failures. ### What does RAMPART actually test? RAMPART, according to Microsoft and The Hacker News, is built to test indirect attack paths and operational failure modes that show up once agents are connected to real systems. (microsoft.com) Those tests include prompt injection delivered through emails, files and web pages, along with behavioral regressions, data-exfiltration risks and scenario coverage across expected use cases. The Hacker News described it as “pytest-native,” meaning teams can write and run tests inside familiar Python testing workflows. Microsoft said the goal is to turn red-team findings and AI incidents into lasting regression coverage. In practice, that means a failure found once can be preserved as a test and rerun as the agent, its prompts or its connected tools change over time. ### What is Clarity supposed to do before coding starts? Clarity, in Microsoft’s description, is meant to pressure-test assumptions before a team commits to an agent design. (microsoft.com) The company said it helps developers examine whether an agent should exist at all, what level of autonomy it should have and which alignment choices fit the task. Redmondmag said the tool is intended to validate design assumptions before implementation begins. Petri said Microsoft presented the release as a response to the risks created by AI systems that can take real-world actions. That framing puts Clarity on the planning side of the problem and RAMPART on the verification side. ### Why does this matter to buyers of AI products, not just developers? Microsoft’s release is aimed at engineers, but the practical questions extend to procurement and vendor review. A vendor agent that can place orders, summarize contracts, answer support tickets or retrieve internal documents creates operational exposure if it is misled by an email, a file attachment or a malicious webpage. (microsoft.com) Microsoft’s own examples of indirect attacks and data-exfiltration testing point to the kinds of controls buyers may want to ask about in product evaluations. (petri.com) Procurement teams evaluating agent-based tools can ask whether vendors run repeatable adversarial tests, whether failures become regression tests, what data the agent can access and what incident playbooks exist if the system takes an unsafe action. Those questions follow directly from the testing categories Microsoft highlighted in its release. (microsoft.com) ### Where can developers find the tools now? Microsoft published the announcement on May 20 through its security blog and said both projects are open source. The company’s post links developers to the RAMPART and Clarity repositories for immediate use and contribution. Follow-up coverage on May 20 and May 21 described the tools as available now for teams that want to add agent-safety checks into development workflows. (microsoft.com)