Microsoft Open-Sources RAMPART and Clarity for AI Agent Security Testing

Microsoft has unveiled two new open-source security tools—RAMPART and Clarity—to help developers identify and mitigate vulnerabilities in AI agents during the development lifecycle. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, is a Pytest-native safety and security testing framework designed specifically for creating and executing safety tests against AI agents. The tool enables developers to write test cases that probe AI systems for potential safety violations, including cross-prompt injections where untrusted data reaches an AI system indirectly through processed sources like emails, files, or web pages. Developers can also use RAMPART to detect behavioral regressions and data exfiltration risks, with the framework evaluating test outcomes and generating comprehensive security reports. RAMPART builds upon Microsoft's PyRIT (Python Risk Identification Tool), which was released over two years ago as a foundation for testing AI systems. All that is required to integrate RAMPART is an adapter connecting an agent to the test suite, making adoption relatively straightforward for development teams.

Clarity serves as what Microsoft describes as a "structured sounding board" for development teams, functioning as an AI thinking partner that helps developers refine their approach before writing any code. The tool guides teams through problem clarification, solution exploration, failure analysis, and decision tracking—essentially pushing back on assumptions to ensure security considerations are addressed early in the design phase. Ram Shankar Siva Kumar, a Data Cowboy and founder of Microsoft's AI Red Team, emphasized that the goal is to give product managers and engineers a way to pressure-test their assumptions when changing course is inexpensive, potentially saving months of costly rework. This approach ensures that potential security issues, such as an agent's access to sensitive tools, are addressed before the system is fully constructed. To verify if your organization's data has been compromised in related breaches, you can use our email breach checker tool.

Microsoft's motivation for releasing these tools extends beyond individual project security—they aim to make security incidents reproducible, verifiable in their mitigations, and scalable across organizations. The company noted that while PyRIT is optimized for black-box discovery by security researchers after a system is built, RAMPART is specifically designed for engineers during the construction phase. Clarity helps teams clarify design intent and capture underlying assumptions. Together, these approaches transform AI safety from a one-time review into living artifacts that developers can leverage throughout the entire system lifecycle. Organizations looking to assess their current security posture can utilize our privacy checkup tool to identify potential exposure points.