Microsoft Releases Open-Source Frameworks to Bring Safety to Agent Development Workflows

• By Chris Paoli
• May 26, 2026

Microsoft is expanding its push into AI safety engineering with the release of two open-source projects designed to help development teams evaluate AI agents before they reach production. The tools, RAMPART and Clarity, focus on integrating security testing and design validation directly into the software development lifecycle, rather than treating AI safety as a post-deployment exercise.

RAMPART is a test framework for running adversarial and benign safety scenarios as repeatable tests, while Clarity is meant to help engineering teams examine design assumptions before code is written.

The move reflects growing concern across enterprise IT over how autonomous AI systems interact with sensitive business data, connected applications, and internal workflows. As AI agents increasingly handle tasks such as email access, code generation, and enterprise system actions, organizations are looking for ways to detect prompt injection risks, unsafe tool behavior, and design flaws earlier in development. Microsoft said the new projects are intended to help teams convert red-team findings into repeatable engineering controls and document architectural assumptions before implementation begins.
"We built these tools because we believe that AI safety has to become a continuous engineering discipline rather than a periodic checkpoint," Microsoft said in the announcement.

RAMPART is built on PyRIT, Microsoft's open automation framework for red-teaming generative AI systems. While PyRIT is aimed more at black-box discovery by security researchers after an AI system is built, RAMPART is intended for engineers working on the system during development.

The framework uses standard pytest tests, allowing teams to describe scenarios based on their threat models, connect to an agent through a thin adapter and evaluate observable outcomes. The tests can return pass-or-fail results and run in continuous integration pipelines like other integration tests.

RAMPART also supports statistical trials, reflecting the probabilistic nature of large language model behavior. Instead of relying on a single test run, teams can set policies such as requiring an action to remain safe in a certain percentage of runs.

The framework is also intended to help teams preserve lessons from red-team exercises and real-world incidents. Findings can be converted into RAMPART tests, allowing them to run against future changes and reduce the risk of regressions. "The ownership model is intentionally flipped from the traditional approach: engineers write the tests, engineers run them," Microsoft said.

Clarity addresses an earlier phase of software development. The tool is designed to guide engineers through structured conversations about problem definition, solution options, failure analysis and decision tracking. Microsoft described it as a way to help teams determine whether they are building the right thing before implementation begins.

Clarity can run as a desktop app, a web interface or inside a coding agent. As teams work through its prompts, the tool writes the results to a .clarity-protocol directory in the repository as markdown files. Those files can then be committed, reviewed in pull requests and diffed like source code.

The tool also includes failure analysis capabilities that use multiple AI "thinkers" to examine a system from different perspectives, including security, human factors, adversarial scenarios and operational concerns. Microsoft said Clarity can also track staleness across those documents, nudging teams to revisit assumptions when related decisions or problem statements change.

Both RAMPART and Clarity are available now as open-source projects from Microsoft.