“We built these tools because we believe that AI safety has to become a continuous engineering discipline rather than a periodic checkpoint, and we think the best way to make that happen is to put practical, open tools in the hands of the people doing the building,” Microsoft’s AI red team founder Ram Shankar Siva Kumar said in a security blog post.
The announcement comes as AI agents evolve from chatbot-style assistants into systems with real operational privileges. According to Microsoft, these newer agents introduce risks that traditional application security workflows were not designed to handle, including prompt injection, unsafe tool use, privilege escalation, and unintended autonomous actions.
Both Rampart and Clarity are now available as open-source projects from Microsoft.
Rampart for repeated AI red teaming
Microsoft has positioned Rampart as the more operational of the two tools. The framework is designed to help developers transform red-team findings into repeatable tests that can run continuously during development and deployment pipelines.
