{"id":8226,"date":"2026-05-21T10:28:06","date_gmt":"2026-05-21T10:28:06","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=8226"},"modified":"2026-05-21T10:28:06","modified_gmt":"2026-05-21T10:28:06","slug":"microsoft-releases-open-source-tools-to-operationalize-ai-agent-safety","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=8226","title":{"rendered":"Microsoft releases open-source tools to operationalize AI agent safety"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>Microsoft has open-sourced two new tools aimed at bringing AI safety checks much earlier into the agent development lifecycle.<\/p>\n<p>The tools, called Rampart and Clarity, were announced this week as part of Microsoft\u2019s broader push to operationalize safety engineering for agentic AI.<\/p>\n<p>\u201cWe built these tools because we believe that AI safety has to become a continuous engineering discipline rather than a periodic checkpoint, and we think the best way to make that happen is to put practical, open tools in the hands of the people doing the building,\u201d Microsoft\u2019s AI red team founder Ram Shankar Siva Kumar said in a security\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2026\/05\/20\/introducing-rampart-and-clarity-open-source-tools-to-bring-safety-into-agent-development-workflow\/\" target=\"_blank\" rel=\"noopener\">blog post.<\/a><\/p>\n<p>The announcement comes as AI agents evolve from chatbot-style assistants into systems\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/4145127\/runtime-the-new-frontier-of-ai-agent-security.html\">with real\u00a0<\/a>operational privileges. According to Microsoft, these newer agents introduce risks that traditional application security workflows were not designed to handle, including prompt injection, unsafe tool use, privilege escalation, and unintended autonomous actions.<\/p>\n<p>Both\u00a0<a href=\"https:\/\/github.com\/microsoft\/RAMPART\" target=\"_blank\" rel=\"noopener\">Rampart<\/a>\u00a0and\u00a0<a href=\"https:\/\/github.com\/microsoft\/clarity-agent\/\" target=\"_blank\" rel=\"noopener\">Clarity<\/a>\u00a0are now available as open-source projects from Microsoft.<\/p>\n<h2 class=\"wp-block-heading\">Rampart for repeated AI red teaming<\/h2>\n<p>Microsoft has positioned Rampart as the more operational of the two tools. The framework is designed to help developers transform red-team findings into repeatable tests that can run continuously during development and deployment pipelines.<\/p>\n<p>Built on top of\u00a0<a href=\"https:\/\/github.com\/microsoft\/PyRIT\">PyRIT<\/a>, Microsoft\u2019s open automation framework for red teaming generative AI systems, Rampart aims to allow teams to execute both adversarial and benign test scenarios against AI agents in a structured and automated way.<\/p>\n<p>The idea is to move beyond one-off safety reviews and instead include continuous checks directly into CI\/CD workflows. \u201cWhere PyRIT is optimized for black-box discovery by security researchers after the system is built, Rampart is built for engineers as the system is being built,\u201d Kumar explained.<\/p>\n<p>The framework promises the ability to surface issues relating to cross-prompt injection, unsafe data handling, insecure tool execution, and other agent-specific attack paths before applications reach production. Additionally, Rampart is programmed to let organizations convert AI red-team findings into repeatable automated tests, helping engineers continuously check for regressions as agents evolve.<\/p>\n<h2 class=\"wp-block-heading\"><a><\/a>Clarity to focus on assumptions in AI agents<\/h2>\n<p>While Rampart focuses on testing systems being built, Clarity is aimed earlier in the workflow before code starts getting written.<\/p>\n<p>Microsoft describes Clarity as a tool that is meant to examine and validate the assumptions behind AI agent design decisions. That would presumably include evaluating how agents are expected to behave, what permissions they should have, how they interact with tools and external systems, and where trust boundaries exist.<\/p>\n<p>\u201cClarity runs as a desktop app, a web UI, or embedded directly in a coding agent,\u201d Kumar said. \u201cIt guides engineers through structured conversations covering problem clarification, solution exploration, failure analysis, and decision tracking.\u201d<\/p>\n<p>These conversations are written to the \u201c.clarity-protocol\/\u201d directory in the repository as markdown files, which can be committed, reviewed in pull requests, and diffed like source code, he added. Microsoft has been building an open-source \u201cagent governance\u201d and safety stack over the past few months, making Rampart and Clarity part of a broader strategy rather than a standalone release. Last month, the company\u00a0<a href=\"https:\/\/www.csoonline.com\/article\/4155594\/microsofts-new-agent-governance-toolkit-targets-top-owasp-risks-for-ai-agents-2.html\">introduced<\/a>\u00a0the Agent Governance Toolkit, focused on routine controls, policy enforcement, and OWASP-aligned protections for AI agents.<\/p>\n<p><em>The article originally appeared on <a href=\"https:\/\/www.infoworld.com\/article\/4175582\/microsoft-releases-open-source-tools-to-operationalize-ai-agent-safety.html\">InfoWorld<\/a>.<\/em><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Microsoft has open-sourced two new tools aimed at bringing AI safety checks much earlier into the agent development lifecycle. The tools, called Rampart and Clarity, were announced this week as part of Microsoft\u2019s broader push to operationalize safety engineering for agentic AI. \u201cWe built these tools because we believe that AI safety has to become [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":8227,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-8226","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8226"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8226"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8226\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/8227"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}