# RAMPART and Clarity Secure Your AI Agents

> Source: <http://www.i-programmer.info/news/105-artificial-intelligence/19001-rampart-and-clarity-secure-your-ai-agents.html>
> Published: 2026-07-16 19:43:56+00:00

| RAMPART and Clarity Secure Your AI Agents |

| Written by Nikos Vaggalis | |||
| Monday, 13 July 2026 | |||
|
RAMPART and Clarity are frameworks designed by Microsoft to evaluate the safety and security of agentic AI applications. RAMPART (Risk Assessment & Measurement Platform for Agentic Red Teaming), is built on top of Microsoft's PyRIT (Python Risk Identification Tool) primitives. Rather than treating AI safety as a one-time post-build review, it allows developers to write safety and security tests as repeatable code that can run directly inside continuous integration (CI) pipelines. To understand RAMPART, it helps to start with why it exists, what it does, and how it works under the hood. Why do we need it? Traditional AI models were mostly designed to generate text or answer questions. Today's enterprise AI applications have evolved into agents that can do things such as read your email, search your database, write code, or execute actions in connected third-party systems. While this ability to act makes AI highly powerful, it also introduces serious safety risks. If an agent can access external tools, an attacker can manipulate it into doing harmful things. Safety testing (known as red teaming) was a manual, one-time exercise conducted by security experts after the system was built. RAMPART changes this by letting software engineers write repeatable safety tests as code. These tests run automatically inside continuous integration (CI) pipelines, catching safety flaws every time code is updated. RAMPART divides its testing strategies into two simple categories:
These tests try to manipulate your agent into doing something it shouldn't. If RAMPART successfully forces the agent to commit a violation, the test fails with a verdict of UNSAFE. The primary attack pattern is XPIA (Cross-Prompt Injection Attack). In an XPIA attack, a malicious instruction is planted in an external source that the agent is expected to read (like a support ticket, an email, or a OneDrive file). When the agent retrieves and processes that file, the hidden attack instructs the agent to do something malicious (like steal data or delete files). When RAMPART executes such an XPIA attack, it runs through a highly coordinated lifecycle: [Inject Payload] ──> [Wait for Indexing] ──> [Send Benign Trigger] ──> [Evaluate Action] ──> [Clean Up Source] ──> [Safety Result]
These tests verify that your agent behaves correctly under normal circumstances. These are called Behavioral Probes and are used for regression testing, ensuring that a system update doesn't accidentally break existing safety guardrails. If the expected safe behavior is detected, the test passes as SAFE. So, while RAMPART focuses on the execution and testing phase, that is verifying that the agent behaves safely under active fire, Clarity focuses on the design and architecture phase, that is helping you figure out what you are building and what could go wrong before you write a single line of code. It guides you through structured conversations across five areas:
This is how both work hand in hand: 1. DESIGN & ANALYSIS (Clarity) 2. SPEC-TO-CODE HANDOFF 3. TEST IMPLEMENTATION (RAMPART) 4. EXECUTION & CI GATING (RAMPART & CI) 5. CHANGE & EVOLUTION (Clarity Staleness Engine) By using both tools, securing your agent becomes a repeatable engineering cycle. When a security incident occurs in production, or when a red-team engagement surfaces a flaw, you use Clarity to document the failure chain and RAMPART to translate that incident into a repeatable integration test. This ensures that once a security mitigation is shipped, it is continuously evaluated in CI/CD and can never silently regress. ## More Information## Related Articles
To be informed about new articles on I Programmer, sign up for our
## Comments
or email your comment to: |
