Microsoft Open‑Sources Agentic AI Safety Tools RAMPART and Clarity

Regulatory action → What it requires → Compliance timeline

Regulatory action – The European Union’s AI Act (Annex III) and the U.S. National Institute of Standards and Technology (NIST) AI Risk Management Framework now expect organisations that deploy agentic AI systems to demonstrate continuous risk assessment, transparent testing, and documented design‑review processes. Both regulations stress that safety testing must be repeatable, auditable, and integrated into the software delivery lifecycle.

What it requires – Microsoft’s two releases directly address those obligations:

1. RAMPART (Risk Assessment and Measurement Platform for Agentic Red Teaming)

   • A pytest extension built on the open‑source PyRIT toolkit.
   • Provides automated red‑team test suites that can be added to any CI/CD pipeline (GitHub Actions, Azure DevOps, Jenkins, etc.).
   • Supports statistical safety policies – e.g., “the ‘file‑delete’ action must be blocked in at least 80 % of trial runs.” This satisfies the AI Act’s requirement for probabilistic risk quantification.
   • Generates deterministic artefacts (test logs, reproducible attack vectors, mitigation verification reports) that satisfy NIST’s audit‑trail expectations.
   • Enables multi‑turn conversation testing, ensuring that safety checks persist across dialogue histories, a scenario highlighted in the AI Act’s “high‑risk” agentic use‑case annex.

2. Clarity – an interactive, structured‑questioning agent designed to act as a pre‑coding safety sounding board.

   • Teams describe a proposed feature (e.g., real‑time collaborative editing).
   • Clarity responds with a checklist of architectural, privacy, and safety considerations that a senior architect, product manager, or safety engineer would raise.
   • The output can be exported as a design‑review artifact (Markdown, JSON) and attached to the project’s compliance repository.
   • By surfacing “what‑if” scenarios early, Clarity helps organisations meet the AI Act’s “design‑time risk assessment” clause and reduces the likelihood of post‑deployment remediation.

Compliance timeline – Organizations should adopt the tools according to the following schedule, aligned with the AI Act’s phased implementation (effective 1 January 2027) and NIST’s upcoming AI RMF revision (expected Q4 2026):

Phase	Deadline	Action	Rationale
Initial integration	30 June 2026	Add RAMPART test suites to all new agentic AI repositories.	Demonstrates proactive risk assessment before the AI Act’s first compliance window.
Design‑review adoption	31 July 2026	Deploy Clarity for all feature‑proposal tickets in the backlog.	Generates required design‑time documentation for NIST AI RMF submissions.
Statistical policy definition	31 August 2026	Define quantitative safety thresholds (e.g., 80 % safe execution) in the CI configuration.	Aligns with Annex III’s requirement for measurable risk metrics.
Audit‑ready reporting	30 September 2026	Configure CI pipelines to archive RAMPART logs and Clarity design artefacts in a tamper‑evident store (e.g., Azure Blob with immutable policy).	Satisfies both EU and US audit‑trail expectations.
Full compliance verification	31 December 2026	Conduct a mock audit using the generated artefacts; address any gaps before the AI Act’s enforcement date (1 January 2027).	Ensures readiness for regulatory inspection.

How the tools work in practice

RAMPART workflow

1. Define attack vectors – Using PyRIT syntax, security engineers write prompt‑injection, tool‑misuse, and data‑exfiltration scenarios.
2. Embed in pytest – Each vector becomes a test case (test_prompt_injection.py). When the CI runner executes, RAMPART records success/failure rates.
3. Statistical evaluation – A helper script (rampart_policy.py) reads the results and asserts that the defined safety threshold is met.
4. Remediation loop – If a test fails, developers patch the agent, re‑run the suite, and RAMPART automatically validates the fix across all variant vectors.
5. Report generation – At the end of each pipeline run, RAMPART emits a JSON report (rampart_report_2026-05-21.json) that can be ingested by compliance dashboards.

Clarity workflow

1. Create a design ticket – The developer adds a brief description of the intended capability.
2. Invoke Clarity – Via a GitHub comment (/clarity review) or a VS Code extension, Clarity asks clarifying questions (e.g., data residency, concurrency handling, failure modes).
3. Capture answers – The conversation is saved as design_review.md in the repository’s docs/compliance/ folder.
4. Peer sign‑off – Senior engineers review the artefact, add a digital signature, and the CI pipeline marks the design as “Compliance‑Ready.”

Why this matters for compliance officers

• Evidence‑first approach – Both tools produce artefacts that can be presented to regulators without additional manual documentation.
• Continuous testing – By running RAMPART on every pull request, organisations maintain an up‑to‑date risk profile, satisfying the AI Act’s continuous monitoring requirement.
• Early risk identification – Clarity’s pre‑coding questioning reduces the chance of costly redesigns after a model is deployed, aligning with the principle of risk mitigation at the earliest stage.
• Open‑source transparency – The source code is publicly available on GitHub, allowing auditors to verify that the tooling itself does not introduce hidden back‑doors.

Getting started

• RAMPART repository: https://github.com/microsoft/rampart
• Clarity repository: https://github.com/microsoft/clarity-agent
• PyRIT toolkit (dependency): https://github.com/microsoft/pyrt
• Microsoft blog post with usage examples: https://devblogs.microsoft.com/ai/agentic-safety-tools

Compliance teams should schedule a kickoff meeting before the end of June 2026 to map existing agentic AI projects to the RAMPART/Clarity workflow, assign owners, and configure the CI pipelines. Early adoption will not only meet regulatory deadlines but also raise the overall security posture of the organisation’s AI portfolio.