--- title: Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development source: newsletter source_url: https://thehackernews.com/2026/05/microsoft-open-sources-rampart-and.html sha256: 1b586a87b32a created: 2026-05-22 updated: 2026-05-22 tags: [security,microsoft,ai,red-team] --- # Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development Published Time: Thu, 21 May 2026 14:17:09 GMT Markdown Content: Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development #1 Trusted Cybersecurity News Platform Followed by 5.70+ million______ (blob:http://localhost/5c34172ae87fab3ecb77bf8cfaf83e48) __) __ __ Get the Latest News Home Newsletter Webinars Home Threat Intelligence Vulnerabilities Cyber Attacks Webinars Expert Insights Awards __) __ __) Resources Webinars Awards Free eBooks About Site About THN Jobs Advertise with us Contact/Tip Us __ Reach out to get featured—contact us to send your exclusive story idea, research, hacks, or ask us a question or leave a comment/feedback! Follow Us On Social Media __________ __ RSS Feeds__ Email Alerts (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhyqUz0-ifa8jE9rCzud3wzxmhcuzTp1VOWFEvGMoZXDYfaB_4459fPyvyQw7wvAnzjzDL09PkyJM83QGheO69fC3esg1WA7WnJ89i_t_q3K8DxYmgV__QujU8RWRnCK4MpbKqu8nwuMFfLaiRVHy_ov7IZ16hoKI3rIu-5BcISmqXPjlQU7N0sa4lWI-n-/s728-e100/wiz-d.png) Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development __ Ravie Lakshmanan __ May 20, 2026 Artificial Intelligence / Security Testing (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheh8SBZDUM83ug6w9EopUahk6CPc27TOD5qpmZWVC8hDMYM-8wdgTLXt1KHv_66Q061_5gm3crZszZf-UvSWWZKb6Aax7BxJ5gzPEyfQTp9JPEcNUmLZnEBD3YuFHoqCU4stvSdSVON7hFJq4ZYb4Rdq1vyOK0VUURDjUpCcEP9_SN5xkQckqwaFS_-dQz/s1700-e365/mss.jpg) Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk Assessment and Measurement Platform for Agentic Red Teaming, functions as a Pytest-native safety and security testing framework for writing and running safety and security tests for AI agents, covering both adversarial and benign issues, as well as various harm categories. Users can write test cases to attack or probe an AI agent to explore possible safety violations like cross-prompt injections, where untrusted data reaches an AI system indirectly via a data source (e.g., email, file, or a web page) processed by it, or unintended behavioral regressions and data exfiltration. Video 3 RAMPART then evaluates the outcome of those tests and reports the results. All it needs is an adapter that connects an agent to the test suite. The tool builds on PyRIT (short for Python Risk Identification Tool), which Microsoft released more than two years ago as a way to test AI systems. Clarity, on the other hand, has been described by the tech giant as a "structured sounding board" to help developers arrive at the right approach even before writing a single line of code. It's an "AI thinking partner that pushes back," guiding them through problem clarification, solution exploration, failure analysis, and decision tracking. (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnNON5UeWywT7OcPNw7V4L7QNWnCnm7Xl_99Y9ek8dL-gRwx-bWxQM1TKqt8deqqrdpUyKMuuijAWyyPQVB0s0qf8ntQ6ldFAJLru-QUWhddKTopc7SeNbBBnd-TsfFyRPP-AAyDuclLlL6XHK4_LXqDC_7eyaz9pzToYr7U543MhrJ7qcK-89sVWHTQUZ/s728-e100/zz-2-d.jpg) In publicly releasing these tools, Microsoft said the idea is to address why certain decisions are incorporated at an early stage of software development so that any potential issue - for example, an agent's access to a tool - is addressed well before the system is built. "We wanted to give product managers and engineers a way to pressure-test their assumptions at the start of a project, when changing course is cheap and the right conversation can save months of rework," Ram Shankar Siva Kumar, a Data Cowboy and founder of Microsoft's AI Red Team, said in a blog shared with The Hacker News. Microsoft noted that a secondary motivation behind investing in these tools is to make incidents reproducible and mitigations verifiable and scale the learnings from red teaming exercises by turning them into runnable engineering assets. "Where PyRIT is optimized for black-box discovery by security researchers after the system is built, RAMPART is built for engineers as the system is being built," Siva Kumar added. "Clarity helps teams clarify design intent and capture assumptions. Together, these approaches move AI safety from a one-time review to a set of living artifacts that developers can use throughout the lifecycle." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE________) __ Tweet __ Share __ Share __ Share __)__ Share on Facebook__ Share on Twitter__ Share on Linkedin__ Share on Reddit__ Share on Hacker News__ Share on Email__ Share on WhatsApp(blob:http://localhost/4790c518974848fb287f0be1d99a37a0)Share on Facebook Messenger__ Share on Telegram SHARE __) AI Agent, artificial intelligence, cybersecurity, Microsoft, Open Source, Prompt Injection, Red Teaming, Security Testing ⚡ Top Stories This Week (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj92eUjjTTMJPizvUJGwq7Ych7nrXHwGRNt3hS9yjNGRJk5d3pdIKjeZhQDVuFp0DnKjP4qoieGWFjswm7nHDLBaxWC3DxFIfLfRjMSEXd0Ta04vcTrbCpS9PEXebUUbMBxBt0VOb-PKVk-7Cq0FjuMXl4VtKneb5a3ujCo872goPN22GBFFhReJtWsQJLK/w72-h72-c-rw-e365/oll.jpg) Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgz_tK9S8jS_n5CK694-FLGjQP5_Mmpg7z9ZRiBayWsJLsuFRIm-8j1hTlhH90779FvnvhpiFKeGP9CzI5RCPsxQEnOzAIQsPzUsAJhUWtNm9iwf9C1W9DbDmqoQ_jjHhM7huYDV210OB9o1L9NPoJ0IL6R9Xc-V4JQ91Kn-b47_2ravRJ6-qlZOVrqsuAz/w72-h72-c-rw-e365/openclaw.png) Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEirN79ZRjEd5wnVbOTlJJsWjQ54cwSj2bM5NDzBSgAFO8f_9LrlIwQRI0ZogQX42iejmhgc1n2YcA91pFrVqtqNKKyAIXblcQ1Yx9LTs1TeNDbNN6JMUBXCKDK1W0IwnwvYl1dhQmcyTPHwakckKT_Kc9fAUDAJRj94g2pENrjy4UyTCCniOXI2rO-q66PC/w72-h72-c-rw-e365/Microsoft-Exchange.png) On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9rok1ToP_K0gWug0GnICltZkvx6bMRyhHfTJG1AcSfrGpM_fOVc61O3Fpyen_IW-wpb4s6Hl3qZcU5nEs77SMWSpKNDR4rrlY2syVVSNEBrpHx8RkWmYaN9MZORNICc8LNhuNjXqqhxmy7JN-y389oyQnAAFoBMJC1NoQSQFaOZ2MnrpKQRfv_eYXIoWI/w72-h72-c-rw-e365/cisco-exploit.jpg) Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjImYNT-qC7frGzEXeok3KDX_JNMKote6V1FVXIpkAoSEER2z1YyT8dpFq5RtRhBQ0cweEPbBIuioDWFf5rw_Mf-0V6rXR2ZrMh2ISDa7X7NlV9zIGsoLSAnyd_86eVkrR4wU24yxbuCYaAmyGFwlF77YCjvgU3n43P-yFT-pzjsmQ35Oaut1klg62bs_-i/w72-h72-c-rw-e365/threatsday-2.jpg) ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXt7ooDl2PwJY4nazAKdW9rmILsmosve2FZaO9usxTk_rkksEEvsLgY-uc_MErXvjvusuWjN7PWRM9KaRXB1OkL75gio7tcqpMsPZxaFNE9XDpYmARH3Dw_gGgddwWXHSt5VUJ-lb56F9bCVzTYghEo7qELWVv8K_W8V1BrWgssgqWkzPJxW6I31i_GyYf/w72-h72-c-rw-e365/windowss.jpg) Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZEVPJhl5rAx5o22-s1GQ6E1KKHMlOsazAfObgwK72r5EGxr52OkNRHHQXJdHt39DQop0SAhxE_t9nMKgXxHNgYv1zyB-ZR1IqCIKUK2feTpx1swr4dZzKLpZ5uldjrOAX6qH-wYnUfRWieA2xQWPbAUB1JpXhkBGq4AA0Ft07F7MFqZSHCS9SMR6uXjoC/w72-h72-c-rw-e365/linux-2.jpg) New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhCvxtNv7UYYMCITB2HLsBgkN83LdRXcw0wmP9gMAfXeNpmJoOJKNIaQb55b-GLDeQHx-dUBkASGDYgstnvYAE5eFuwyzMSxY804fn56OaTsGlESOab9y-kFHJ-iV5iUlWrc5j27WLduUDhW6nRSjkv5tFMKZjDbbmDdk7_NMZ3y7sipHKy7t4XuMQ9YfG/w72-h72-c-rw-e365/nn.gif) 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg1Iq16GS3jdGiIU24GHBkwg6unk05ctdgYwXO5df8zRu1qko95_XhszCjq6jlEIRozLsrtZHgi5GqDZnS1Sw_KDzUzsagwP0If3VswmYHsnuYwVseU2lapxQiPpItTdAiv-CCdTFR87ZVOu65buyvmvzmdWuJPKHuPA4DSo58HQIMAV__2ymsmRe2g3UVe/w72-h72-c-rw-e365/windows-ai.jpg) Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday How Modern Attack Paths Cross Code, Pipelines, and Cloud [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud](https://thehackernews.com/2026/05/webinar-why-your-appsec-tools-miss.html) (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjk3m3CoTiKH2QVXSFAOVKKnTl-Ybt1FDE4M7BGK_ujskSYNQ8pOlcvZfyNv8CW2EJIVdMQaORcCE0H-_ufTvD6hR-LOOZ64GZPS_9bH7YrE4i0r4LrGCn7vXmG0GjpFk8aNlRR_4_GjrM-jhXBS1NzIbYiRydcmiNSXIV2eUczvgjGmp34_gNz3M5kt-Jf/w72-h72-c-rw-e365/windows-patch-update.jpg) Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrSn3emm_NbwXDi3elR0wo5ErHhg-gPT4-u4zk7MHZg4u0ruMmj2_KGgPF8fz06Riv6Gu5NXMN3eBP8H5bVf6dmvOz-lvb-qrvhLlssLUzl97ZVmIWoIOmMPOGrupv864dt0d4V_dxgaaxYYNuy2z9rbZMWIOcjlwZaiifq4-ktRqlEBCJ6a_m3MFiwq65/w72-h72-c-rw-e365/exim.jpg) New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXIhs2kZt0YGdDcd-Io67mq1GIN_iI_71LYhuin4qqmlgUgCuZ3fGUvglg_5nh5DK8kfPP8RHki86yMyqh4rTE27PGgPBh4RQjkh91-QGoB8cav5NUsYAwcV3ZJ7aEf-uEoH3pLGQ2eWuCh8lZSWAlTIa2U5I6eeB3HZmYMn4q-YoV7Ytmkpr1tN0lC2rG/w72-h72-c-rw-e365/mistral.jpg) Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI and More Packages (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgInpdPoL0Kf1i9D6daAAGB1QPCR3E0d_ArELz-ks1Y6cJ_low0jdZYqamKMKMxC12OC-XMwUrDIWdh_xK_d7zLLQfH-rDl0-Vi_VSsFswAuJL0mEtQg-FW66c_1it8d59p2An-T3_oQJ_Q_yHLiX0PHtEq2OdLcGXwxniVKGJGLusWdjJfP7M-H9ADm8cK/w72-h72-c-rw-e365/cpcp.jpg) cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiD4a3gzeAEAv4Bs5FqWbHG1cRyNqIOjygeSxxpNoChwyyMUWlbZHzkG0n8ysGpoAYuKqklfMtTKRct0OeYktaKLhdXpRH5pKH94tVaMX7iPeNDf7vZjFky3myBkFPJPl1xIdsWDlIYP30IeR7IZGhQZ5p82yHRdRO1OGkpAtTWgZcQSG3zXqh9tLbSSrgP/w72-h72-c-rw-e365/cyber-recap.jpg) ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgF329-zAoI4gwIW3h3gRYiDJjcRSyWPM4DLHFQwNNGfLTVaROqIfQZ0QB1FwWGmvMGuyNAF9Q6QBYcwLsqMsCka5Lqu82CzUbrBULnUDQwtY_4z6KiOEKSETes6as77XfUCaJVBUOCovZz8jajp6vBp9AAjHiS7BEviANEH0FxmzZwdrTapD3R-gPQWKJ1/w72-h72-c-rw-e365/ai-hacker.jpg) Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation ⭐ Featured Resources [(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9jsZB0c_iNwfRZXf0vf1qU4cPU4jI7yxEHT6aupC6pecMnNLhg2Z5r2FhdsweHJVXyVx3GH3QQDvSOTqqyHF4pOgAn45j-IGE5cKSUrtz6T855Qav0sINF1sXgJsv14sYxo9E-lhRnhyphenhyphenDeEg4U06-jygX9NPbWQBEhni_09xXm6WZ16sh9iC1vdW0kHi7/s72-e365/webi.jpg) [Webinar] Learn How to Handle Critical SOC Alerts With AI Support](https://thehackernews.uk/cirosec-radiant-soc) (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhAKJ9s4P_DZr0GBTgogU4yFfinEDC3M2SaWc4DCXdhNiMZJgH9XdazL4vJrtCapE4hgmMWvMOs2EVFXPKPLHjMv0LQQujjskX05igHJwf8ItlhXv201XD3Nxg7Tz2rPsB2ZVH3eWu6P7sRTpBIixRia3NVddfLIkEm2cL09T-utNRfpl9tZOv8PinpVGOo/s72-e365/bitd.jpg) Identify Internal Attack Surfaces More Efficiently With a Free Assessment [(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmw8x4SO834-BAPFGufRNc9LFa8q3LnvbbD0-PRi1nIfEHBZLxfznw73UFbHE5uvrFGp5FZ4NPOtZng10v0iOTb0VIiEG0mVIhypDTgJRhALVJ7GgoZ11fj-JxXPDYyB6plXTbWpikWqVkj5RF8twJRfpBJFSD_izzQ7EAqUEmEJ6vQNvZE8DKshlxm34Z/s72-e365/pbook.jpg) [eBook] Get the 3-Number SOC Diagnostic to Reduce Queue Risk](https://thehackernews.uk/prophet-queue-breach) [(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEixhFqL7l7pMerWjpstFQ_PnSDkP6VSQL0OaOqUa_XOXPa7l9wWV2LF4i49RZhks5QP-5bcRSjxB0oX3LJSrIFQLDOVOmPzH6DZXes2rvEwFzk75u_sqR-hK5RwGH7dm6h0WnvAaCnUeCDQskkSakOvmsgceOguijcigeeOFML29877NFarp3MyRdYUFKQE/s72-e365/phishings.jpg) [Guide] Stop Email Fraud Before It Turns Into Ransomware Damage](https://thehackernews.uk/kaseya-phishing-ransomware) Cybersecurity Webinars With HD Moore (Creator of Metasploit) ### Learn How to Detect Threats Beyond Zero Day Attacks Learn practical strategies to detect and defend against cyber threats beyond zero-day vulnerabilities. RegisterTired of False Positives? ### Validate Automated Pentesting Results Before Acting Learn how to validate automated pentesting results for accurate security decisions. Register ⚡ Latest News Cybersecurity Resources (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5xgqKks0CPzyD6bHqgTYhh_d5HJlneRWMXCcczjkKRpGlWsno5rgAPkYtT8Essum3hhW57wq9Ww2wrW9ZwApaL1LMFd0JYKIj0ap5t5zlqUvVkdMPF1VQAPlsB4rULnH6o43hGVQ2FC6YgsOvCETUw6byw5ISxCIEFgVQlx5LateUUf66qQsSyJdi1-JZ/s728-e100/sans.jpg) AI Is Reshaping Every Attack Surface. Train for What's Next SANSFIRE 2026 in D.C. brings 50+ courses, AI-focused sessions, and NetWars. July 13–18. Save $500.(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjCyK3mSumMJPUnI4kYAEcB0kS-ZSB7ZtBTA0xs3tlLhDSQ54FWotA2Ub_e7XLbtTCOqM9k1cAnk6t0Wu7-01W0seVE56jCVFacwmWMu2S5K8EN3MLqE4un8a8_0mWm7fXyXDQO3fSq28M40u2dSATlucFhuKxWUF56thZHx6hRXXVX7d73RzdD6Wc1kQlp/s728-e100/zz-2.jpg) Your VPN is Helping Attackers Move as Fast as AI AI collapsed human response window and turned remote access into fastest path to breach.(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUas4KOce8ComJG5TW2uigorerrcCPf4cjsao7P2In6sgYdLwVMmRFB7bqZ6v0LJXrWDN6LIdgvwvK-kpnISCL7wzLDsSYAVs-XXs-qgcP41i1lj-H3ZYgpXz9Utd_6aCQBoyLo9feismppmickqgr_jwBGQuBazVrSqYDc8pWyFU2x6hkbi7GD1m9NXYc/s728-e300/gg.png) Earn a Master's in Cybersecurity Risk Management Lead the future of cybersecurity risk management with an online Master’s from Georgetown.​ Expert Insights ArticlesVideos (https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgx5aXA_dqrL_o6tE5Tyax4NyGOE4-U3wOmwdDIAbM52rMy20vPRAFMkb3A4clw95D8lUt6b-oATU2tzjxORLueW1eeK-tSVGxd39ocGk3GvhR295T2W2xLjharvIZgecXgJ3fSHvzYS7hycx5BfH5SYXrJLSU2IfSX6GVJR6Yg2ntL04HILj1jiGatQCcV/s728-e300/git-unit.jpg) ## Time-to-Revoke: The Metric CISOs Need in the AI Exploit Era __ May 18, 2026 Read ➝(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7bzViRBZPcdhDfFEcbssWgmEICEFNQElLMsACP7RiG6pXiCKNElMNiZJPgqr8vGgN6uzWWfL1TKQiRB44MvCRGhTMlfYp4W3DXYdWDC9VuCbyI4N7yDluCjGS_8ouNGfaIVrr0CoUVHbt_VLURGpizFT1BZk1B3FwGuNC4-BPYLy1Eq6DM6Dtim6v9WoJ/s728-e300/checkpoint-unit.jpg) ## Agentic Attacks Arrived Over a Year Ago. Your Remediation Hasn't Caught Up. __ May 18, 2026 Read ➝(https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1AhWsjHriIk06MMcIvTv4WPtNL2sICBs9YQxb-D0fdjZ1EQ9fWW2BteIiyXHW-2W50Xx9wZSZJVaZ8gZDEtuux0SP4tKxN8mM3LIW9DWtz8K0w0F08cPNOShWNxfcTVAuuJAqfHM_unzRxtwqQ0ntJslXT7UXMQR7ydImKVIxIe1PL9iSMOte6DUgsMNM/s728-e300/ironscales-unit.jpg --- 原文存档:[[raw/articles/microsoft-open-sources-rampart-clarity|Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development]]