Microsoft Releases Open Source AI Safety Tools for Agent Development
Microsoft has released RAMPART and Clarity as open source projects intended to help developers test AI agents earlier in the software lifecycle and turn red-team findings into repeatable engineering checks. The company introduced the two open source tools to help developers build safer AI agents, marking its latest effort to bring security and safety controls closer to the application development process.
The tools, called RAMPART and Clarity, are designed to address different parts of the agent development workflow. RAMPART is a test framework for running adversarial and benign safety scenarios as repeatable tests, while Clarity is meant to help engineering teams examine design assumptions before code is written.
The announcement comes as AI agents move beyond text generation and begin taking actions across enterprise systems, including retrieving records, accessing e-mail, writing code, and using connected tools. That shift raises new security concerns for organizations adopting agentic AI, particularly around prompt injection, unintended tool use, and difficult-to-reproduce production failures.
"We built these tools because we believe that AI safety has to become a continuous engineering discipline rather than a periodic checkpoint," Microsoft said in the announcement.
RAMPART is built on PyRIT, Microsoft's open automation framework for red-teaming generative AI systems. While PyRIT is aimed more at black-box discovery by security researchers after an AI system is built, RAMPART is intended for engineers working on the system during development.
The framework uses standard pytest tests, allowing teams to describe scenarios based on their threat models, connect to an agent through a thin adapter, and evaluate observable outcomes. The tests can return pass-or-fail results and run in continuous integration pipelines like other integration tests.
That approach is meant to let developers add safety checks when they add new tools, data sources, or workflows to an agent. Microsoft said RAMPART's most mature coverage currently focuses on cross-prompt injection attacks, where an agent processes poisoned content from documents, e-mails, tickets, or other data sources that indirectly manipulate its behavior.
RAMPART also supports statistical trials, reflecting the probabilistic nature of large language model behavior. Instead of relying on a single test run, teams can set policies such as requiring an action to remain safe in a certain percentage of runs.
The framework is also intended to help teams preserve lessons from red-team exercises and real-world incidents. Findings can be converted into RAMPART tests, allowing them to run against future changes and reduce the risk of regressions.
"The ownership model is intentionally flipped from the traditional approach: Engineers write the tests, engineers run them," Microsoft said.
Clarity addresses an earlier phase of software development. The tool is designed to guide engineers through structured conversations about problem definition, solution options, failure analysis and decision tracking. Microsoft described it as a way to help teams determine whether they are building the right thing before implementation begins.
Clarity can run as a desktop app, a web interface, or inside a coding agent. As teams work through its prompts, the tool writes the results to a .clarity-protocol directory in the repository as markdown files. Those files can then be committed, reviewed in pull requests, and diffed like source code.
The tool also includes failure analysis capabilities that use multiple AI "thinkers" to examine a system from different perspectives, including security, human factors, adversarial scenarios, and operational concerns. Microsoft said Clarity can also track staleness across those documents, nudging teams to revisit assumptions when related decisions or problem statements change.
The release fits into Microsoft's broader push around AI security and agentic security operations. Earlier this month, Microsoft said it was named an Overall Leader and Market Leader in KuppingerCole Analysts' 2026 Emerging AI Security Operations Center report. In that announcement, Microsoft said, "Security operations are entering a new phase."