Why Microsoft is opening security tools right now

AI systems that companies are deploying into production today are fundamentally different from the chatbots of 2024. They no longer just answer questions — they access corporate data, read emails, edit documents, and perform actions across dozens of interconnected systems. This transition from "generate text" to "do things in the world" changes the entire security equation.

Ram Shankar Siva Kumar from Microsoft's AI Red Team explains the specific reasons on the official Microsoft Security blog: the most expensive security failures almost always stem from design flaws that no one questioned early enough. In the era of "vibe coding," when actual programming is easier than ever, he argues it's critical to ask "why" before asking "how."

RAMPART: Security testing for agents as part of the CI/CD pipeline

RAMPART (Risk Assessment & Measurement Platform for Agentic Red Teaming) is a testing framework built on pytest technology that lets developers write security tests for AI agents as naturally as they write integration tests. Each test connects to an agent through a thin adapter, performs an interaction, and evaluates the result — pass or fail.

RAMPART is built on the foundations of PyRIT — Microsoft's open-source automation framework for red teaming generative AI. While PyRIT is optimized for "black-box" vulnerability discovery by security researchers after the system is built, RAMPART targets developers during development.

Three key features of RAMPART

1. Native support for prompt injection attacks. The most advanced coverage today focuses on cross-prompt injection — scenarios where the agent processes potentially "poisoned" content from documents, emails, or other data sources that indirectly manipulate its behavior. New threat categories can be added incrementally.

2. Respecting the probabilistic nature of LLMs. The behavior of large language models is not deterministic — the same input can lead to different outputs. RAMPART therefore supports statistical testing: the same test runs multiple times, and a security policy might be, for example, "this action must be safe in at least 80% of cases." This reflects production reality much more accurately than one-time validation.

3. Reproducibility of incidents and red team findings. When a security team discovers a vulnerability, a developer can encode it as a RAMPART test. From that moment on, the issue is permanently covered, runs on every code change, and never silently regresses. Test ownership is deliberately inverted compared to the traditional approach: developers write the tests, developers run them, and developers handle failures like any other bug.

RAMPART is written in Python, published on PyPI as the RAMPART package, and licensed under the MIT license. Source code is available on GitHub.

Clarity: A thinking partner that isn't afraid to challenge

While most AI tools help teams develop faster, Clarity helps figure out whether they're building the right thing at all. It's a structured conversational partner that asks the kinds of questions an experienced architect, product manager, or security engineer would ask — the ones a team excited about a new project easily skips.

Imagine you want to add real-time collaboration to a document editor. Instead of jumping straight into implementation, Clarity asks: "What happens when two people edit the same paragraph simultaneously? Do you need true real-time sync with cursors and presence indicators, or is the actual requirement just that no one loses their work?" These two answers lead to radically different architectures with different failure risks.

How Clarity works in practice

Clarity runs as a desktop application (macOS, Windows), a web interface, or as a built-in tool directly inside a coding agent (Claude Code, Cursor, and others). It supports connecting to models from Anthropic (Claude), OpenAI (GPT), Azure AI, GitHub Copilot, and Google Gemini.

During a conversation, it guides the team through structured phases:

• Problem clarification — what exactly are we solving, who are the stakeholders, what does success look like
• Solution exploration — what approaches exist, what are the trade-offs
• Failure analysis — several independent AI "thinkers" examine the system from different angles (security, human factors, attacks, operational risks)
• Decision tracking — important decisions are recorded including criteria, alternatives, and rationale

The result is a .clarity-protocol/ directory in the repository containing readable markdown files — problem description, solution architecture, failure analysis, and decision log. Everything is versioned, reviewed in pull requests, and diffed like regular source code.

Clarity also tracks document staleness using a dependency graph. When the problem definition changes, Clarity knows that the solution description and failure analysis may need revision — and alerts the team.

What this means for Czech developers and companies

Both tools are open-source under the MIT license, meaning anyone — including Czech startups, software companies, and enterprise customers — can use, modify, and integrate them into their workflows completely free of charge.

For Czech companies that are increasingly experimenting with AI agents (whether for automating customer support, internal processes, or development workflows), RAMPART and Clarity represent a practical answer to the question that every CTO sooner or later asks: "How do we make sure our AI agent doesn't do something we don't want?"

The tools don't require Czech localization — they are developer tools in English that run within CI/CD pipelines or as a desktop application. What's important is that they are designed to fit into existing developer workflows: RAMPART uses pytest (a standard Python testing framework), Clarity generates markdown files versioned in Git.

The key shift that Microsoft signals by open-sourcing these tools is the transition from AI security as a "one-time check" to a continuous engineering discipline. At a time when the European AI Act introduces regulatory requirements for AI system safety, tools like these can help companies demonstrate that they take security seriously — and not just on paper, but directly in the code.

How to get started

Install RAMPART via pip:

pip install RAMPART

Clarity is available as a desktop application for download from GitHub Releases, or via the install script:

curl -fsSL https://raw.githubusercontent.com/microsoft/clarity-agent/main/scripts/install.sh | bash

Both projects are actively developed — RAMPART has 45 commits, Clarity has 158 — and Microsoft welcomes community contributions. For feedback and enterprise deployment partnerships, email aisafetytools@microsoft.com is available.