Microsoft ships Rampart and Clarity

Microsoft on May 20 released two open-source AI safety tools, RAMPART and Clarity, as the company pushed for more testing and governance around agentic systems. Microsoft said the tools are meant for AI systems that now do more than answer prompts, including accessing email, retrieving CRM records, writing code and taking actions across connected systems. (microsoft.com) The announcement came in a post on Microsoft’s Security Blog by Ram Shankar Siva Kumar of the company’s AI Red Team. ### What exactly did Microsoft ship? (microsoft.com) Microsoft said RAMPART is an “agent test framework” that lets engineers encode adversarial and benign scenarios as repeatable tests that can run in continuous integration pipelines. The company said the goal is to turn red-team findings and past AI incidents into regression coverage that stays in place as systems change. (github.com) GitHub documentation describes RAMPART as a pytest-native safety and security testing framework for agentic AI applications. Microsoft said developers can use it to probe for issues including injection attacks, behavioral regressions and data exfiltration, with evaluation logic and reporting built into the framework. (microsoft.com) ### What is Clarity supposed to do before code gets written? Microsoft said Clarity is a “structured sounding board” intended to help teams examine whether they are building the right system before they start implementation. In the May 20 post, the company said costly safety failures often begin with early design decisions, such as giving an agent access to a tool or user flow without working through what could go wrong. (microsoft.com) The GitHub repository for Clarity Agent describes the project as a tool to “distill intent,” “surface failure modes,” and “keep the plan current.” A project summary in that repository says the tool is meant to help users clarify what they are building, what could fail and why they are making particular decisions. (github.com) ### Why is Microsoft tying this to agentic AI now? Microsoft said enterprise AI systems have changed materially in the past two years because they are moving from text generation into taking actions in software and business systems. The company said that shift changes the safety equation because agents that can act can also act in unintended ways. (microsoft.com) A separate Microsoft Security Blog post published May 14 said autonomous AI agents introduce threat classes including agent hijacking, intent breaking, sensitive data leakage, supply-chain compromise and inappropriate reliance. That post said human oversight, identity controls and application-layer design are central to defending such systems. (github.com) ### How do the two tools fit together? Microsoft said the pair are part of what it called a move toward “spec-driven, engineering-native AI safety.” In the company’s framing, Clarity is used early to pressure-test assumptions and design intent, while RAMPART is used later to encode concrete tests and keep running them as part of engineering workflows. (microsoft.com) The company said it built the tools because AI safety should become “a continuous engineering discipline rather than a periodic checkpoint.” That description places the tools inside standard software development processes rather than separate audit exercises at the end of a build cycle. (microsoft.com) ### Where can developers find them, and what comes next? Microsoft’s May 20 post said both tools are available now as open-source projects. The company’s GitHub repositories show active development on both RAMPART and Clarity Agent, with recent commits and documentation updates around the public launch. (microsoft.com) Microsoft’s next step is likely to be measured in adoption and updates rather than a separate product launch. The repositories for RAMPART and Clarity Agent are live now, and Microsoft’s published documentation points developers to examples, contributor guides and release processes already in place. (github.com) (microsoft.com)