In brief: Microsoft released two open-source tools: RAMPART for security testing of AI agents during development and Clarity as an AI thinking partner for early design decisions. Together, they aim to shift AI security from one-time review to continuous processes.
Microsoft introduced two new open-source tools called RAMPART and Clarity to help developers comprehensively test the security of AI agents. These tools are designed to uncover and mitigate security risks during the development phase.
Microsoft introduced two innovative open-source tools designed to help developers more effectively test the security of AI agents. RAMPART (Risk Assessment and Measurement Platform for Agentic Red Teaming) functions as a Pytest-native security and testing framework that allows developers to write and execute security tests for AI agents. The tool covers both adversarial and benign issues as well as various harm categories.
With RAMPART, developers can create test cases to attack or test an AI agent and explore potential security breaches. This includes cross-prompt injection, where untrusted data reaches an AI system indirectly through data sources such as emails, files, or web pages, as well as unintended behavior changes and data loss. RAMPART evaluates the test results and generates a report. The tool builds on PyRIT (Python Risk Identification Tool), which Microsoft released over two years ago.
Clarity is described by Microsoft as a “structured sparring partner” and helps developers find the right approach before writing a single line of code. The AI tool acts as a “thinking partner with a critical voice” and guides developers through problem clarification, solution exploration, failure analysis, and decision tracking.
With the public release of these tools, Microsoft aims to ensure that important decisions are made early in software development so that potential issues – such as an agent’s access permissions – are resolved before system development begins. Ram Shankar Siva Kumar, head of the AI Red Team at Microsoft, emphasizes: “We wanted to give product managers and engineers a way to test their assumptions when course corrections are still inexpensive and the right conversations can save months of rework.”
Microsoft emphasizes that these tools should also help make incidents reproducible and solutions verifiable, as well as transform insights from red-teaming exercises into usable technical resources. While PyRIT is optimized for black-box testing by security researchers after system development, RAMPART was designed for engineers during system development. Clarity helps clarify design intentions and document assumptions. Together, these tools shift AI security from a one-time review to living documents that developers can use throughout the entire lifecycle.