Microsoft Open-Sources RAMPART and Clarity for AI Agent Security
AI relevance: Microsoft released two open-source tools that bring adversarial safety testing directly into the AI agent development workflow, shifting red-teaming from post-build reviews to engineering-time guardrails.
Ram Shankar Siva Kumar, founder of Microsoft's AI Red Team, announced the release of RAMPART (Risk Assessment and Measurement Platform for Agentic Red Teaming) and Clarity on May 20, 2026.
RAMPART is a Pytest-native safety and security testing framework for AI agents. It covers both adversarial and benign issues, testing for cross-prompt injections (indirect attacks via email, files, or web pages), unintended behavioral regressions, and data exfiltration. The tool requires only an adapter connecting an agent to the test suite, then evaluates outcomes and reports results. It builds on Microsoft's PyRIT (Python Risk Identification Tool), released in 2024, but shifts the paradigm: where PyRIT targets black-box discovery by security researchers after the system is built, RAMPART targets engineers as the system is being built.
Clarity acts as a "structured sounding board" — an AI thinking partner that pushes back on design assumptions. It guides developers through problem clarification, solution exploration, failure analysis, and decision tracking before any code is written.
Why it matters
- Most AI agent security testing happens post-build, when architectural changes are expensive and risk acceptance is driven by shipping deadlines
- Cross-prompt injection testing at development time catches indirect injection vectors before they reach production
- Turning red team findings into runnable Pytest assets makes them reproducible and verifiable — a shift from advisory memos to engineering artifacts
- Clarity captures design intent and security assumptions early, creating an auditable trail for compliance and incident review
What to do
- Evaluate RAMPART for any AI agent project with access to tools, files, or external APIs — write tests for your specific trust boundaries
- Use Clarity during architecture design phases to surface and document security assumptions about agent capabilities and access levels
- Integrate RAMPART into CI pipelines alongside standard test suites so safety regressions fail builds the same way functional bugs do
- Map existing PyRIT test libraries to RAMPART adapters for projects already using Microsoft's red-teaming tooling