{"id":4117,"date":"2026-05-21T09:06:16","date_gmt":"2026-05-21T09:06:16","guid":{"rendered":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/05\/21\/microsoft-open-sources-rampart-and-clarity-to-bring-agent-safety-into-the-dev-workflow\/"},"modified":"2026-05-21T09:06:16","modified_gmt":"2026-05-21T09:06:16","slug":"microsoft-open-sources-rampart-and-clarity-to-bring-agent-safety-into-the-dev-workflow","status":"publish","type":"post","link":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/2026\/05\/21\/microsoft-open-sources-rampart-and-clarity-to-bring-agent-safety-into-the-dev-workflow\/","title":{"rendered":"Microsoft Open-Sources RAMPART and Clarity to Bring Agent Safety Into the Dev Workflow"},"content":{"rendered":"
\"AI<\/div>\n

\"AI<\/p>\n

AI agents have come a long way from chatbots that answer questions. Today\u2019s agents access email, pull records from CRMs, execute code, and take actions across dozens of connected systems. That shift from generating text to doing things in the world creates a very different set of risks \u2014 and most development teams aren\u2019t fully equipped to address them.<\/span><\/p>\n

Microsoft is taking a direct run at that problem. The company has open-sourced two new tools \u2014 RAMPART and Clarity \u2014 designed to make AI safety a continuous engineering practice rather than a one-time checkpoint. Both are available now on GitHub.<\/span><\/p>\n

Testing Agents Like You Test Code<\/span><\/h3>\n

RAMPART is a testing framework that brings red teaming techniques directly into the development workflow. It\u2019s built on top of PyRIT, Microsoft\u2019s existing automation framework for red teaming generative AI systems.<\/span><\/p>\n

Where PyRIT is optimized for black-box discovery by security researchers after the system is built, RAMPART is built for engineers as the system is being built.<\/span><\/p>\n

The experience will feel familiar to anyone who has written integration tests. Teams write standard pytest tests that describe scenarios pulled from their threat model. Each test connects to the agent through a lightweight adapter, orchestrates an interaction, and evaluates observable outcomes \u2014 passing or failing like any other test in a CI pipeline. When a new tool or data source is added to the agent, the corresponding safety test can be added in the same pull request.<\/span><\/p>\n

One of RAMPART\u2019s stronger features is its focus on cross-prompt injection attacks \u2014 scenarios in which an agent retrieves or processes content from documents, emails, tickets, or other data sources that indirectly manipulate its behavior. It\u2019s one of the more persistent attack surfaces in agentic AI, and RAMPART is designed to catch it early.<\/span><\/p>\n

Because LLM behavior is probabilistic, RAMPART also supports statistical trials. The same test can be run multiple times with policies such as \u201cthis action must be safe in at least 80 percent of runs.\u201d That\u2019s a more realistic model of how agents actually behave in production than a single-shot pass\/fail approach.<\/span><\/p>\n

The incident response angle is worth noting, too. If something goes wrong in production, the responding team needs to reproduce the incident and verify that the fix they ship holds up against variants of the original attack. RAMPART is designed to support exactly that workflow \u2014 turning red team findings and AI incidents into repeatable regression coverage.<\/span><\/p>\n

Asking Better Questions Before Writing a Line of Code<\/span><\/h3>\n

Clarity takes a different approach. It\u2019s not a testing tool \u2014 it\u2019s a structured thinking tool. Microsoft describes it as a sounding board for development teams to pressure-test their assumptions before they start building.<\/span><\/p>\n

The most expensive safety failures almost always trace back to design mistakes that nobody questioned early enough \u2014 when a product team decided their agent should have access to a tool, or handle a particular user flow, without fully working through what could go wrong. By the time a red team engagement surfaces the issue, the system is largely built.<\/span><\/p>\n

Clarity tries to catch those mistakes before the architecture is locked in. It guides teams through structured conversations covering problem clarification, solution exploration, failure analysis, and decision tracking. Multiple AI \u201cthinkers\u201d independently examine the system from different angles \u2014 security, human factors, adversarial scenarios, and operational concerns.<\/span><\/p>\n

The output from those conversations gets written to a <\/span>.clarity-protocol\/<\/span> directory in the repo as plain markdown files. They\u2019re committed, reviewed in pull requests, and diffed just like source code. Clarity also tracks staleness across these documents \u2014 when a problem statement changes, Clarity knows that the solution description and failure analysis might need revisiting and nudges the team accordingly. Clarity runs as a desktop app, a web UI, or embedded directly in a coding agent.<\/span><\/p>\n

From Audit to Engineering Discipline<\/span><\/h3>\n

What Microsoft is really arguing here is that AI safety needs to follow the same trajectory that security did over the past decade \u2014 from periodic audits to something embedded at every stage of the development lifecycle.<\/span><\/p>\n

Mitch Ashley, VP and practice lead for software lifecycle engineering and AI-Native Software Engineering at The Futurum Group<\/a>, sees this as a pivotal shift. \u201cOpen-sourcing RAMPART and Clarity demonstrates that AI safety is moving from post-deployment audit into the developer\u2019s inner loop,\u201d he said. \u201cCross-prompt injection and design intent become tracked artifacts alongside agent code, governed by the review and regression security adopted a decade ago. Platform teams that treat agent safety as a separate red-team engagement accumulate verification debt with every new tool connection. As agents scale, buyers will demand evidence of in-pipeline testing and statistical pass thresholds before procurement clears.\u201d<\/span><\/p>\n

That last point is significant. Procurement pressure has historically been one of the strongest forcing functions in enterprise software. If buyers start requiring evidence of in-pipeline safety testing, the teams that have already embedded RAMPART into their CI workflow will have a clear advantage.<\/span><\/p>\n

RAMPART and Clarity are part of a broader movement toward spec-driven, engineering-native AI safety. Clarity helps teams clarify design intent and capture assumptions; RAMPART gives teams the building blocks to write concrete agent safety tests and keep them running as agents evolve. Together, they\u2019re designed to move AI safety from a one-time review into a set of living artifacts that developers use throughout the lifecycle.<\/span><\/p>\n

Both tools are open source and available on GitHub today. Microsoft is also inviting feedback and enterprise deployment partnerships.<\/a><\/span><\/p>\n

For DevOps and platform engineering teams already wrestling with how to govern agentic AI, RAMPART and Clarity offer a practical starting point \u2014 one that fits into existing workflows rather than requiring a separate process.<\/span><\/p>\n

Read More<\/a><\/p>\n

\u200b<\/p>","protected":false},"excerpt":{"rendered":"

AI agents have come a long way from chatbots that answer questions. Today\u2019s agents access email, pull records from CRMs, […]<\/p>\n","protected":false},"author":1,"featured_media":4118,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[5],"tags":[],"class_list":["post-4117","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-devops"],"_links":{"self":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/4117","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/comments?post=4117"}],"version-history":[{"count":0,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/posts\/4117\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media\/4118"}],"wp:attachment":[{"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/media?parent=4117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/categories?post=4117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rssfeedtelegrambot.bnaya.co.il\/index.php\/wp-json\/wp\/v2\/tags?post=4117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}