Meet Rampart and Clarity, Microsoft’s new red team combo AI agents
Meet Rampart and Clarity, Microsoft’s new red team combo AI agents
https://cyberscoop.com/microsoft-rampart-clarity-agentic-ai-security-red-teaming-tools/
Publish Date: 2026-05-20 16:28:00
Source Domain: cyberscoop.com
On Wednesday, Microsoft released two new red teaming tools — Rampart and Clarity — meant to help developers design more secure agentic software and assist incident responders in the face of ongoing breaches.
Rampart is built on top of PyRIT, an existing open automation framework Microsoft developed for red teaming generative AI systems. But while PyRIT scans already-built systems for security flaws, Rampart is made to continuously test code for vulnerabilities during the development process, encoding both adversarial and benign testing scenarios into the software development pipeline to flag exploitable bugs and dependencies.
Microsoft said Rampart was built to focus on cross-prompt injection attacks, where “an agent retrieves or processes potentially poisoned content from documents, emails, tickets, and other data sources that manipulate behavior indirectly.” It also confirms fixes or exploits work as intended through multiple rounds of testing, as opposed to tools that perform “single shot validation.”
The second tool, Clarity, can be run as a desktop app, a web interface or directly embedded into a coding agent to provide real time security engineering guidance to developers at the outset of a project. It can categorize and track different business objectives related to the code and highlight downstream security implications along with more secure by design alternatives.
Ram Shankar Siva Kumar, who founded Microsoft’s AI red team in 2019, told CyberScoop that the company has seen internal security benefits from using the tools, but believesRampart and Clarity’s growth depends on contributions from other developers outside the Microsoft ecosystem.
In the fast-moving world of AI, where vibe coding, rogue AI agents and a steady churn of new model releases create fresh security implications nearly every week, Siva Kumar said it was important to begin building foundational, AI-centric security processes into the software…
