Security

Microsoft RAMPART and Clarity Open-Sourced

3 min read

Summary

Microsoft has open-sourced RAMPART and Clarity, two tools aimed at improving safety in agentic AI development. RAMPART brings repeatable adversarial and regression testing into CI pipelines, while Clarity helps teams challenge design assumptions early before code is written.

Need help with Security?Talk to an Expert

Introduction

Microsoft has introduced two new open-source tools designed to improve safety in agentic AI development: RAMPART and Clarity. As enterprise AI systems move beyond answering questions and begin taking actions across email, CRM, code, and business systems, the risks increase significantly. These tools aim to make AI safety a continuous engineering practice rather than a one-time review.

What’s new

RAMPART for continuous agent safety testing

RAMPART is an open-source testing framework built to help engineering teams turn AI red-team findings and incident learnings into repeatable tests.

Key capabilities include:

  • Writing safety tests as standard pytest scenarios
  • Running tests in CI pipelines like traditional integration tests
  • Focusing on cross-prompt injection and related adversarial scenarios
  • Supporting statistical trials for probabilistic LLM behavior
  • Reproducing production incidents and validating mitigations over time
  • Using composable evaluators to inspect tool use, side effects, and policy boundaries

Microsoft says RAMPART is built on top of PyRIT, its open automation framework for red teaming generative AI systems.

Clarity for early design validation

Clarity is designed to help teams question assumptions before implementation begins. Instead of accelerating coding, it helps teams confirm they are solving the right problem.

Clarity supports:

  • Structured conversations around problem definition
  • Solution exploration and failure analysis
  • Decision tracking for architecture and product choices
  • Output stored as human-readable Markdown in a .clarity-protocol/ repo directory
  • Use through a desktop app, web UI, or embedded coding agent

This creates a documented decision trail that can be reviewed in pull requests alongside source code.

Why this matters for IT and security teams

For security leaders, developers, and platform teams building AI agents, these tools address two common gaps:

  • Design mistakes early in the lifecycle that later become expensive security issues
  • Difficulty reproducing AI incidents and verifying that fixes truly hold up

RAMPART helps operationalize AI safety testing in the development workflow, while Clarity helps reduce risky architecture decisions before deployment. Together, they support a more disciplined approach to shipping enterprise AI systems.

Next steps

  • Review whether internal AI or agent projects need repeatable safety testing in CI
  • Evaluate RAMPART for prompt injection and regression testing scenarios
  • Consider using Clarity during architecture and product planning phases
  • Incorporate design reviews and incident learnings into ongoing AI governance practices

Microsoft has made both tools available now as open-source projects, giving engineering and security teams practical options for safer agent development.

Need help with Security?

Our experts can help you implement and optimize your Microsoft solutions.

Talk to an Expert

Stay updated on Microsoft technologies

AI securityagentic AIRAMPARTClarityprompt injection

Related Posts

Security

Microsoft CSP Security: New Partner Ecosystem Protections

Microsoft outlined how it is strengthening security across its Cloud Solution Provider ecosystem to reduce partner-led attacks on customer environments. The update focuses on tighter partner vetting, mandatory tenant security requirements, least-privilege access through GDAP, and stronger monitoring and response capabilities.

Security

Microsoft Frost Radar 2026: Cloud Runtime Security

Microsoft has been named a leader in Frost & Sullivan’s 2026 Frost Radar for Cloud/Application Runtime Security, highlighting its unified approach to cloud and application risk reduction. The recognition matters to security teams because it reflects a broader market shift toward prioritizing exploitable attack paths across code, cloud, runtime, identity, and SOC workflows.

Security

Quantum-Safe Security: Microsoft Targets 2029

Microsoft is accelerating its quantum-safe security roadmap and now aims to transition critical products and services to post-quantum cryptography by 2029. The update matters because IT teams need to start cryptographic inventory, crypto-agility planning, and TLS 1.3 modernization sooner as the risk timeline for quantum attacks moves closer.

Security

Securing AI Agents: MCP Tool Poisoning Risks

Microsoft Incident Response warns that as AI agents move from reading content to taking actions, poisoned Model Context Protocol (MCP) tool metadata can silently redirect agent behavior and expose sensitive data. The guidance outlines how to detect, contain, and prevent this emerging supply chain risk using controls across Copilot Studio, Entra, Purview, Defender, and Sentinel.

Security

Microsoft Security June 2026: Key Updates for IT

Microsoft’s June 2026 security updates introduce new protections for AI agents, stronger identity recovery in Entra, expanded multicloud coverage in Defender for Cloud, and more flexible reporting in Purview. These changes matter for IT and security teams because they improve visibility, speed remediation, and help protect identities, data, endpoints, and cloud workloads across hybrid environments.

Security

Malicious Chromium Extension Hijacks Search via AI Branding

Microsoft Threat Intelligence uncovered a malicious Chromium extension that spoofed Perplexity AI branding to intercept browser searches and search suggestions through attacker-controlled infrastructure. The finding matters because it shows how threat actors are using trusted AI brands and browser extension permissions to capture user input, redirect traffic, and increase privacy and security risk in enterprise environments.