"When you hear a lot of talk about AI safety and security, it seems to be a lot of philosophical debates," Ram Shankar Siva Kumar told CyberScoop. "You’ll see frameworks, you’ll see white papers, and I think we’re really past that time, now. We really need to start thinking of AI safety as an engineering discipline and trying to bring security where the developers are."
Rampart: continuous, engineering‑focused red teaming for cross‑prompt injection
On Wednesday Microsoft released Rampart, a red‑teaming tool designed not just to scan finished systems but to run continuously during development. Built on top of PyRIT — an existing open automation framework Microsoft developed for red teaming generative AI systems — Rampart encodes both adversarial and benign testing scenarios into the software development pipeline to flag exploitable bugs and insecure dependencies as code is written.
Microsoft says Rampart was created with a particular emphasis on cross‑prompt injection attacks, where “an agent retrieves or processes potentially poisoned content from documents, emails, tickets, and other data sources that manipulate behavior indirectly.” Unlike tools that perform “single shot validation,” Rampart is intended to confirm that fixes or exploits work as intended through multiple rounds of testing, making verification part of the development lifecycle rather than an afterthought.
Clarity: a real‑time security adviser embedded at project start
Microsoft also released Clarity, a companion tool that can run as a desktop app, a web interface, or be embedded directly into a coding agent. Clarity provides real‑time security engineering guidance to developers at the outset of a project, prompting teams to consider risk tradeoffs before designs are committed to code.
According to Microsoft, Clarity can categorize and track different business objectives tied to the code, highlight downstream security implications, and propose “more secure by design” alternatives. The tool is presented as proactive — designed to ask developers whether certain risky capabilities should be built in the first place and to surface safer options early.
PyRIT, the Microsoft AI red team, and incident response
Rampart inherits PyRIT’s lineage but shifts the emphasis from post‑build scanning to continuous, integrated testing. Ram Shankar Siva Kumar, who founded Microsoft’s AI red team in 2019, said the company has seen internal security benefits from using Rampart and Clarity. He told CyberScoop that Rampart’s utility extends into active incident response: Microsoft has used Rampart when investigating reported vulnerabilities in its own products.
Siva Kumar described a concrete operational gain: Rampart helped condense what had been “a week’s worth of manual work — replicating the vulnerability, identifying different variants of the same bug, then patching and re‑testing those variants to ensure they’re no longer exploitable — into hours.” The tool can be run to speed up or automate red‑teaming tasks associated with hot fixes, patching and remediation during active incidents.
What this means for developers, incident responders, and external contributors
- Developers: Rampart and Clarity aim to embed security into the day‑to‑day engineering workflow — flagging exploitable inputs, surfacing downstream risks, and offering more secure design alternatives earlier in a project.
- Incident responders: Rampart can be applied during active incidents to automate replication, variant discovery, patching and re‑testing, potentially reducing multi‑day manual processes to hours.
- External contributors and the wider community: Siva Kumar said growth for Rampart and Clarity depends on contributions from other developers outside the Microsoft ecosystem, indicating Microsoft sees community adoption and input as a determinant of the tools’ broader utility.
Adoption prospects and the challenge of fast‑moving AI practices
Microsoft positions both tools as responses to a rapidly evolving development environment. The company framed that environment as one in which “vibe coding, rogue AI agents and a steady churn of new model releases create fresh security implications nearly every week,” a context Siva Kumar used to argue for an engineering approach to AI safety.
Clarity is explicitly described as a tool that asks whether certain risky capabilities — for example, agents or servers that pull content from the internet — should be built at all. Siva Kumar put it plainly: “You’re going to be able to create apps, create MCP servers to pull things out from the internet. The question is should you be doing it? and Clarity is a step in that direction. It is asking ‘hey, should you be doing this in the first place?’”
Microsoft’s release ties a technical approach — continuous pipeline testing and embedded guidance — to a wider organizational posture: move beyond frameworks and white papers, and treat AI safety as an engineering discipline. Whether Rampart and Clarity achieve that shift will, Microsoft acknowledges, depend in part on broader developer contributions and on adoption by those who build and respond to agentic systems.
Source: CyberScoop — Meet Rampart and Clarity, Microsoft’s new red team combo AI agents




