Security

Microsoft RAMPART and Clarity Open-Sourced

3 min read

Summary

Microsoft has open-sourced RAMPART and Clarity, two tools aimed at improving safety in agentic AI development. RAMPART brings repeatable adversarial and regression testing into CI pipelines, while Clarity helps teams challenge design assumptions early before code is written.

Need help with Security?Talk to an Expert

Introduction

Microsoft has introduced two new open-source tools designed to improve safety in agentic AI development: RAMPART and Clarity. As enterprise AI systems move beyond answering questions and begin taking actions across email, CRM, code, and business systems, the risks increase significantly. These tools aim to make AI safety a continuous engineering practice rather than a one-time review.

What’s new

RAMPART for continuous agent safety testing

RAMPART is an open-source testing framework built to help engineering teams turn AI red-team findings and incident learnings into repeatable tests.

Key capabilities include:

  • Writing safety tests as standard pytest scenarios
  • Running tests in CI pipelines like traditional integration tests
  • Focusing on cross-prompt injection and related adversarial scenarios
  • Supporting statistical trials for probabilistic LLM behavior
  • Reproducing production incidents and validating mitigations over time
  • Using composable evaluators to inspect tool use, side effects, and policy boundaries

Microsoft says RAMPART is built on top of PyRIT, its open automation framework for red teaming generative AI systems.

Clarity for early design validation

Clarity is designed to help teams question assumptions before implementation begins. Instead of accelerating coding, it helps teams confirm they are solving the right problem.

Clarity supports:

  • Structured conversations around problem definition
  • Solution exploration and failure analysis
  • Decision tracking for architecture and product choices
  • Output stored as human-readable Markdown in a .clarity-protocol/ repo directory
  • Use through a desktop app, web UI, or embedded coding agent

This creates a documented decision trail that can be reviewed in pull requests alongside source code.

Why this matters for IT and security teams

For security leaders, developers, and platform teams building AI agents, these tools address two common gaps:

  • Design mistakes early in the lifecycle that later become expensive security issues
  • Difficulty reproducing AI incidents and verifying that fixes truly hold up

RAMPART helps operationalize AI safety testing in the development workflow, while Clarity helps reduce risky architecture decisions before deployment. Together, they support a more disciplined approach to shipping enterprise AI systems.

Next steps

  • Review whether internal AI or agent projects need repeatable safety testing in CI
  • Evaluate RAMPART for prompt injection and regression testing scenarios
  • Consider using Clarity during architecture and product planning phases
  • Incorporate design reviews and incident learnings into ongoing AI governance practices

Microsoft has made both tools available now as open-source projects, giving engineering and security teams practical options for safer agent development.

Need help with Security?

Our experts can help you implement and optimize your Microsoft solutions.

Talk to an Expert

Stay updated on Microsoft technologies

Read the original article by Ram Shankar Siva Kumar
AI securityagentic AIRAMPARTClarityprompt injection

Related Posts

Security

@antv npm Attack Hits CI/CD Secrets and Tokens

Microsoft has disclosed an active supply chain attack involving compromised @antv npm packages that used malicious preinstall scripts to steal credentials from GitHub Actions and other CI/CD environments. The campaign matters because it spread through popular downstream dependencies, putting developer pipelines, cloud secrets, and software supply chains at risk.

Security

Microsoft Gaming Security: Key Risks and Defenses

Microsoft’s latest Deputy CISO post explains why securing gaming requires a different approach than traditional enterprise IT. The company outlines the distinct risks across gaming platforms, studios, and shared central teams, and highlights how Entra ID, Purview, Defender for Cloud, and Sentinel help balance security with player experience and developer agility.

Security

Fox Tempest Malware Signing Service Disrupted

Microsoft has disrupted Fox Tempest, a malware-signing-as-a-service operation that helped cybercriminals make ransomware and other malware appear legitimately signed. The takedown matters because the group abused Microsoft Artifact Signing, created more than 1,000 fraudulent certificates, and enabled attacks that could bypass security controls more easily.

Security

Storm-2949 Cloud Breach: Entra ID to Azure Attack

Microsoft detailed how Storm-2949 turned a socially engineered Microsoft Entra ID compromise into broad data theft across Microsoft 365 and Azure. The case highlights how identity attacks can escalate quickly through legitimate cloud management features, making stronger MFA controls, monitoring, and cross-platform detections critical for defenders.

Security

Microsoft Security for SMBs in an AI-Powered World

Microsoft is urging small and medium businesses to treat cybersecurity as a core business risk as AI makes phishing, malware, and identity attacks faster and more effective. The company highlights Microsoft 365 Business Premium and integrated security controls as a practical way for growing businesses to protect users, devices, email, and cloud apps without adding major complexity.

Security

Autonomous AI Agents: Microsoft Defense-in-Depth

Microsoft outlines a defense-in-depth approach for securing autonomous AI agents as they move from assisting users to taking actions across systems. The guidance emphasizes that the application layer—not just the model—is the most important control point for limiting permissions, enforcing human review, and reducing blast radius in production.