VYPR
researchPublished May 20, 2026· Updated May 21, 2026· 4 sources

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

Microsoft has open-sourced two new tools, RAMPART and Clarity, to help developers test and debug the security of AI agents during development.

Microsoft has released two new open-source tools, RAMPART and Clarity, designed to help developers identify and fix security vulnerabilities in AI agents during the development process. The tools address a growing need as organizations increasingly deploy autonomous AI agents that can interact with systems and data, creating new attack surfaces.

RAMPART, which stands for Risk Assessment and Measurement Platform for Agentic Red Teaming, is a Pytest-native framework for writing and running safety and security tests on AI agents. It allows developers to simulate adversarial scenarios and measure how agents respond, helping to uncover issues such as prompt injection, unauthorized data access, or unintended actions before deployment.

Clarity complements RAMPART by providing observability and debugging capabilities for agent behavior. It enables developers to trace agent decision-making, monitor tool usage, and inspect the inputs and outputs of each step. This visibility is critical for understanding why an agent behaved in a certain way and for diagnosing security-relevant anomalies.

Both tools are designed to integrate into existing development workflows, making it easier for teams to adopt security testing without major process changes. By open-sourcing them, Microsoft aims to encourage community contributions and broader adoption across the industry.

The release comes as AI agents become more prevalent in enterprise environments, handling tasks from code generation to cloud remediation. Security experts have warned that these agents introduce new risks, including the potential for privilege escalation, data leakage, and abuse by malicious actors.

Microsoft's move reflects a broader industry push to embed security into the AI development lifecycle, rather than treating it as an afterthought. Similar initiatives include 1Password's partnership with OpenAI to prevent credential leaks from coding agents and Snyk's integration of Claude for AI-native application security.

Developers can access RAMPART and Clarity on GitHub, where Microsoft has provided documentation and examples to help teams get started. The company encourages feedback and contributions to evolve the tools as the threat landscape changes.

The article adds that Rampart can also be used during active incident response to speed up red teaming for hot fixes and patching, and that Microsoft has used it internally to condense a week's worth of manual vulnerability replication and patching into hours. Clarity, meanwhile, can be embedded directly into coding agents to provide real-time security guidance, prompting developers to consider whether a design decision should be made at all. Ram Shankar Siva Kumar, founder of Microsoft's AI red team, emphasized that the tools aim to treat AI safety as an engineering discipline rather than a philosophical debate.

The article provides additional technical depth on RAMPART's integration with PyRIT and its pytest-based test framework, emphasizing that tests can be gated in CI alongside standard integration tests. It also elaborates on Clarity's role in pressure-testing design assumptions before coding begins, highlighting the tools' aim to make AI safety a continuous engineering discipline rather than a periodic checkpoint.

The article provides additional technical detail on how RAMPART integrates with CI pipelines using pytest, allowing teams to add safety tests in the same pull request as new agent tools or data sources. It also elaborates on Clarity's role in pressure-testing design assumptions before coding begins, emphasizing that the most expensive safety failures often trace back to early design mistakes. The tools are built on PyRIT and are now available as open-source releases.

The Register's report adds new technical depth and a direct interview with Microsoft AI red team founder Ram Shankar Siva Kumar, who revealed that RAMPART was used internally to find nearly 100 variants of a single security researcher's discovered vector and to validate mitigations across 300 test runs. Kumar emphasized that the tools mark a shift from treating AI safety as a philosophy to an engineering discipline, with Clarity acting as a structured sounding board that helps developers identify design and safety issues before writing code. Both tools are now available on GitHub.

Synthesized by Vypr AI