Microsoft open-sources RAMPART and Clarity for agent testing

Microsoft released two open-source tools, RAMPART and Clarity, to help developers test the safety and security of AI agents during development. The company published code and documentation so teams can adopt the tools as part of early design and continuous testing.

RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, is a Pytest-native framework for writing and running safety and security tests. Engineers can create test cases that probe agents for adversarial and benign issues across multiple harm categories. The tests can simulate cross-prompt injection attacks, where untrusted data reaches an agent indirectly through email, files or web pages, and can check for behavioral regressions or data exfiltration. RAMPART evaluates results and generates reports. Developers connect their agents to the framework using an adapter.

RAMPART builds on PyRIT, Microsoft’s Python Risk Identification Tool released more than two years ago. Microsoft says PyRIT focused on black-box discovery by security researchers after systems were built, while RAMPART is designed for engineers to use while systems are being built.

Clarity is intended for earlier stages of development. Microsoft describes it as an AI “thinking partner that pushes back.” Clarity guides product managers and engineers through problem definition, exploration of solutions, analysis of potential failures, and recording of decisions and assumptions before code is written. The tool is meant to surface the reasons behind design choices, such as an agent’s access to external tools, so teams can resolve those questions while changes are still inexpensive.

Microsoft said the tools aim to extend red teaming beyond one-off reviews by turning findings into runnable engineering assets that teams can apply repeatedly. Ram Shankar Siva Kumar, founder of Microsoft’s AI Red Team, wrote that the goal was to give product managers and engineers a way to pressure-test assumptions early in a project to avoid months of rework. He wrote further that combining RAMPART and Clarity moves AI safety from a single review to a set of living artifacts that developers can use throughout a product’s lifecycle.

Developers can write tests in familiar Pytest formats and run them as part of engineering workflows to automate safety checks. Microsoft expects the open-source releases to help teams reproduce incidents, verify mitigations and scale lessons from red teaming exercises across projects.