Microsoft open-sourced two AI security tools for building and maintaining safer AI agents. RAMPART, built on the PyRIT toolkit, is a pytest framework that embeds automated agentic red-team tests into CI/CD pipelines. It simulates real-world attack scenarios such as prompt injection and verifies that agents remain within approved tool use, actions, and behavioral boundaries. It supports statistical trials so teams can set safety policies based on probabilistic outcomes, such as requiring safety in at least 80% of runs. It also enables reproducible security findings for incident responders and red teams. Microsoft reported internal use where a researcher’s issue was tested across an application and expanded into many variants across multi-turn conversations, supporting mitigation validation.
"The first is called RAMPART, which stands for Risk Assessment and Measurement Platform for Agentic Red Teaming. It's a pytest framework for agentic AI applications built on Microsoft's open‑source PyRIT toolkit that embeds automated red‑team tests into CI/CD pipelines. This allows developers to simulate real‑world attack scenarios - like prompt injection - and verify that agents stay within approved tool use, actions, and behavioral boundaries."
"It also supports statistical trials, meaning that teams can set policies such as "this action must be safe in at least 80 percent of runs," to account for models' probabilistic behavior. Plus, it allows red teams and incident responders to reproduce any AI security findings to ensure agents behave as intended - and that security mitigations work as they should."
""RAMPART was able to take that one particular vector and find close to 100 different variants of that vector," Kumar said. "And then we were able to use RAMPART to essentially go through this asset and see is this working, not just one time, not two times, but close to 300 times. We were also able to do in the context of multi-turn conversations.""
Read at theregister
Unable to calculate read time
Collection
[
|
...
]