Microsoft's Ecosystem of Tools for Securing AI Agents

Microsoft's strategy for AI agent security is built around the concept of "security as a continuous engineering process." To support this, the company develops and releases open-source tools designed to enhance the security of AI agents at every stage of their lifecycle.

🔷 Last year, Microsoft released the framework PyRIT for testing and identifying vulnerabilities in AI systems.

🔷 Last month, Microsoft introduced a toolkit for enforcing security policies, managing AI agent operation rules, and implementing safeguards aligned with OWASP recommendations — Agent Governance Toolkit.

🔷 Last week, two new tools were released — RAMPART and Clarity.

📍 RAMPART is a framework for writing security tests in pytest format. It enables automated execution of both malicious and benign interaction scenarios with AI agents. It's built on top of PyRIT.

While PyRIT focuses on testing and discovering vulnerabilities in already deployed AI systems, RAMPART is aimed at developers and ML engineers, allowing them to integrate security testing directly into daily coding workflows (CI/CD).

📍 Clarity is designed to review and analyze the underlying design assumptions behind AI agents — their behavior, privilege levels, interaction with external services, and defined trust boundaries.

💬 Discuss