Microsoft open-sourced two tools for AI agent safety: RAMPART and Clarity.
Both target the same problem we keep seeing in AI product teams. Safety conversations happen at the start, get filed in a doc, and the next sprint quietly reintroduces the same risk.
What RAMPART does
RAMPART stands for Risk Assessment and Measurement Platform for Agentic Red Teaming. It is a Pytest-native framework built on Microsoft's earlier PyRIT project.
Engineers write test cases that probe an agent for cross-prompt injection, data exfiltration, behavioral regression, and other harm categories. RAMPART runs the cases, scores the outcomes, and reports back.
The only integration work is an adapter that lets the test suite talk to the agent.
The interesting design choice is who owns the tests. Ram Shankar Siva Kumar, founder of Microsoft's AI Red Team, put it plainly: "Engineers write the tests, engineers run them."
That flips the usual model where a separate safety team finds issues, writes a report, and hands it to engineering to remediate.
Under RAMPART, safety findings become part of the same CI pipeline that runs unit tests and lints. A regression on prompt injection breaks the build the same way a regression on a payment flow would.
What Clarity does
Clarity sits earlier in the lifecycle. It is a structured sounding board for the phase before any code gets written.
Teams use it to clarify problem definition, explore solution options, surface failure modes, and track the decisions they actually make. It runs as a desktop app, a web interface, or inside a coding agent.
The bet is that most agent failures trace back to assumptions nobody pressure-tested at design time.
What data should the agent be allowed to read? What tools can it invoke without a human in the loop? What happens when a downstream system returns garbage?
Clarity forces those questions before they become production incidents.
The gap in most AI product teams
Most AI products in market were built fast. The pressure to ship ahead of the next funding round or competitor wins out over slow safety conversations.
That works until it doesn't. A support agent leaks customer data through a crafted user message. An internal copilot runs any tool a user names. By then the company is doing incident response, not product development.
RAMPART and Clarity push the conversation earlier. Clarity asks the design questions before engineering decisions calcify. RAMPART catches the regressions before they ship.
Safety as engineering practice
The shift is from safety as a one-time review to safety as an ongoing engineering practice. The same shift happened a decade ago with testing and security in mainstream software development.
A team using both tools runs something like this. Before building, Clarity walks through what the agent should and should not be able to do. Decisions get recorded. Assumptions get challenged.
During development, every safety concern gets translated into a RAMPART test. The test runs on every commit. A new feature that breaks a previous safety guarantee fails the build.
When something slips through, the incident becomes a permanent test. The team gets stronger as the agent evolves.
If you are building an AI agent, or having one built, the announcement raises a simple question. Are your safety guarantees enforced by tests that run on every change, or are they just words in a doc somewhere?
The tooling to do this well is now free and open source. The question is whether teams treat it as the new baseline or as another nice-to-have that gets cut when the deadline tightens.