HomeIntelligenceBrief
BREACH BRIEF⚪ Informational Advisory

Microsoft Open‑Sources RAMPART & Clarity to Enable Automated Security Testing of AI Agents

Microsoft unveiled RAMPART and Clarity, two open‑source frameworks that let developers and third‑party risk teams automatically test AI agents for safety and security flaws before deployment, reducing supply‑chain exposure.

LiveThreat™ Intelligence · 📅 May 20, 2026· 📰 thehackernews.com
Severity
Informational
AD
Type
Advisory
🎯
Confidence
High
🏢
Affected
3 sector(s)
Actions
3 recommended
📰
Source
thehackernews.com

Microsoft Releases Open‑Source RAMPART & Clarity Frameworks to Test AI Agent Security

What Happened — Microsoft announced two open‑source projects, RAMPART and Clarity, designed to help developers assess and harden the safety and security of AI agents during the development lifecycle. Both tools integrate with the Pytest ecosystem and provide automated red‑team style testing and observability for prompt‑based models.

Why It Matters for TPRM

  • AI‑driven services are increasingly procured from third‑party vendors; insecure agents can expose data, create compliance gaps, or be weaponized.
  • Early‑stage testing reduces downstream risk and limits the need for costly remediation after deployment.
  • Open‑source tooling offers transparency, enabling third‑party risk teams to audit the testing methodology themselves.

Who Is Affected — Technology SaaS providers, cloud AI platform vendors, enterprises integrating AI agents, and any organization that outsources AI model development or deployment.

Recommended Actions

  • Review current AI‑related contracts for clauses requiring security testing of agentic behavior.
  • Incorporate RAMPART and Clarity into your vendor‑managed CI/CD pipelines to validate AI agent safety.
  • Request evidence from suppliers that they have run these frameworks against their models before production.

Technical Notes — RAMPART is a Pytest‑native framework that lets security engineers author “red‑team” test cases for AI agents, simulating adversarial prompts, data poisoning, and jailbreak attempts. Clarity provides runtime observability, logging prompt‑response flows, token usage, and policy violations. No CVEs are disclosed; the tools target proactive risk assessment rather than remediation of known vulnerabilities. Source: The Hacker News

📰 Original Source
https://thehackernews.com/2026/05/microsoft-open-sources-rampart-and.html

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · SOC 2 Readiness

Could you prove your access controls held up here?

Credential and access failures map directly to SOC 2 access-control criteria. The Verisq AI Trust Operations platform shows where your evidence is thin before an auditor — or an attacker — finds out.

Explore the Verisq AI Trust Operations platform →