Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development
Microsoft has open-sourced two new tools, RAMPART and Clarity, to help developers test and debug the security of AI agents during development.
Microsoft has released two new open-source tools, RAMPART and Clarity, designed to help developers identify and fix security vulnerabilities in AI agents during the development process. The tools address a growing need as organizations increasingly deploy autonomous AI agents that can interact with systems and data, creating new attack surfaces.
RAMPART, which stands for Risk Assessment and Measurement Platform for Agentic Red Teaming, is a Pytest-native framework for writing and running safety and security tests on AI agents. It allows developers to simulate adversarial scenarios and measure how agents respond, helping to uncover issues such as prompt injection, unauthorized data access, or unintended actions before deployment.
Clarity complements RAMPART by providing observability and debugging capabilities for agent behavior. It enables developers to trace agent decision-making, monitor tool usage, and inspect the inputs and outputs of each step. This visibility is critical for understanding why an agent behaved in a certain way and for diagnosing security-relevant anomalies.
Both tools are designed to integrate into existing development workflows, making it easier for teams to adopt security testing without major process changes. By open-sourcing them, Microsoft aims to encourage community contributions and broader adoption across the industry.
The release comes as AI agents become more prevalent in enterprise environments, handling tasks from code generation to cloud remediation. Security experts have warned that these agents introduce new risks, including the potential for privilege escalation, data leakage, and abuse by malicious actors.
Microsoft's move reflects a broader industry push to embed security into the AI development lifecycle, rather than treating it as an afterthought. Similar initiatives include 1Password's partnership with OpenAI to prevent credential leaks from coding agents and Snyk's integration of Claude for AI-native application security.
Developers can access RAMPART and Clarity on GitHub, where Microsoft has provided documentation and examples to help teams get started. The company encourages feedback and contributions to evolve the tools as the threat landscape changes.
The article adds that Rampart can also be used during active incident response to speed up red teaming for hot fixes and patching, and that Microsoft has used it internally to condense a week's worth of manual vulnerability replication and patching into hours. Clarity, meanwhile, can be embedded directly into coding agents to provide real-time security guidance, prompting developers to consider whether a design decision should be made at all. Ram Shankar Siva Kumar, founder of Microsoft's AI red team, emphasized that the tools aim to treat AI safety as an engineering discipline rather than a philosophical debate.