惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

GbyAI
GbyAI
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
S
Secure Thoughts
Attack and Defense Labs
Attack and Defense Labs
人人都是产品经理
人人都是产品经理
Stack Overflow Blog
Stack Overflow Blog
W
WeLiveSecurity
O
OpenAI News
SecWiki News
SecWiki News
博客园 - Franky
NISL@THU
NISL@THU
Microsoft Azure Blog
Microsoft Azure Blog
T
Tor Project blog
Microsoft Security Blog
Microsoft Security Blog
aimingoo的专栏
aimingoo的专栏
Security Latest
Security Latest
H
Hacker News: Front Page
Google Online Security Blog
Google Online Security Blog
P
Privacy & Cybersecurity Law Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
D
Darknet – Hacking Tools, Hacker News & Cyber Security
月光博客
月光博客
李成银的技术随笔
Spread Privacy
Spread Privacy
F
Full Disclosure
F
Fortinet All Blogs
T
The Exploit Database - CXSecurity.com
Vercel News
Vercel News
AWS News Blog
AWS News Blog
WordPress大学
WordPress大学
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
V
Visual Studio Blog
J
Java Code Geeks
博客园 - 三生石上(FineUI控件)
G
Google Developers Blog
云风的 BLOG
云风的 BLOG
博客园 - 司徒正美
Engineering at Meta
Engineering at Meta
Last Week in AI
Last Week in AI
P
Palo Alto Networks Blog
宝玉的分享
宝玉的分享
T
True Tiger Recordings
N
News and Events Feed by Topic
酷 壳 – CoolShell
酷 壳 – CoolShell
Cisco Talos Blog
Cisco Talos Blog
N
News | PayPal Newsroom
S
SegmentFault 最新的问题
Jina AI
Jina AI

Swift for Visual Studio Code comes to Open VSX Registry | InfoWorld

AI at scale: What engineering teams are confronting Angular Signal Forms: From event pipelines to signal-driven state Google to unify AI coding tools under Antigravity GitHub admits major source code leak after 3,800 internal repositories breached Google launches Gemini 3.5 Flash to push AI agents deeper into enterprise workflows 9 application security startups combating AI risks Why I trust Claude Code First look: Mojo 1.0 mixes Python and Rust AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks GitHub scales back bug bounties, reminds users security is their responsibility too Anthropic acquires Stainless to strengthen Claude’s developer tooling Context graphs and decision traces to the rescue An AI data center in your home? What can you do with quantum computing today? Contexts graphs, AI memory, and enterprise knowledge: Are decision traces enough? Informatica and Salesforce move data platforms into the decision layer The new AI lock-in AWS boosts CloudWatch Logs query limits by 10x to ease debugging for developers, SREs 21 LLMs tuned for special domains AWS adds Advanced Prompt Optimization tool to Bedrock Capacity markets could reshape cloud computing Four cutting-edge tools for spec-driven development 4 cutting-edge tools for spec-driven development Anthropic puts Claude agents on a meter across its subscriptions Notion courts developers with a platform for AI agents and workflow automation Using continuous purple teaming to protect fast-paced enterprise environments A better way to work with SQL Server Evidence-driven workflows: Rethinking enterprise process design AWS debuts Graviton-powered Redshift RG instances to cut analytics costs SAP’s AI promises last year? Most are still rolling out First look: Lemonade serves up local AI with limitations AI is ready to take over Python programming, but not much else Mistral AI SDK, TanStack Router hit in npm software supply chain attack GitLab CEO sees developer tool bill increasing 100-fold Red Hat adds support for agentic AI development What’s new and exciting in JDK 26 Kill the loading spinner with local-first data and reactive SQL A networking revolution at AWS Tokenmaxxing is super dumb Hands-on with React, Supabase, and PowerSync Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads How to add AI to an existing product (without annoying users) Your AI doesn’t need another database What happens when engineering teams reorganize around AI agents Python isn’t always easy When cloud giants meddle in markets 12 model-level deep cuts to slash AI training costs 13 new critical holes in JavaScript sandbox allow execution of arbitrary code The best new features in Python 3.15 Teradata launches platform for enterprise AI agents moving beyond pilots Three skills that matter when AI handles the coding MongoDB targets AI’s retrieval problem Building AI apps and agents with Microsoft Foundry Designing front-end systems for cloud failure No, AI won’t destroy software development jobs Supply-chain attacks take aim at your AI coding agents Oracle will patch more often to counter AI cybersecurity threat AI finds 20-year-old bugs in PostgreSQL and MariaDB Diskless databases: What happens when storage isn’t the bottleneck Vibe coding or spec-driven development? The agentic AI distraction Vibe coding or spec-driven development? How to choose Cloud providers are blinded by agentic AI SAP to acquire data lakehouse vendor Dremio Small language models: Rethinking enterprise AI architecture Making AI work through eval hygiene Improving AI agents through better evaluations Spotlight report: Transforming software development with AI AI in the cloud is easy but expensive Running AI in the cloud is easy – and expensive Are we ready to give AI agents the keys to the cloud? Cloudflare thinks so SAP npm package attack highlights risks in developer tools and CI/CD pipelines Making AI work for databases Harness teams of agentic coders with Squad Harness teams of coding agents with Squad Critical GitHub RCE bug exposed millions of repositories Oracle NetSuite announces AI coding skills for SuiteCloud developers Why it’s so hard to create stand-alone Python apps A new challenge for software product managers The hidden cost of front-end complexity More fake extensions linked to GlassWorm found in Open VSX code marketplace GitHub shifts Copilot to usage-based billing, signaling a new cost model for enterprise AI tools Xiaomi releases MIT‑licensed MiMo models for long‑running AI agents OpenAI’s Symphony spec pushes coding agents from prompts to orchestration The front-end architecture trilemma: Reactivity vs. hypermedia vs. local-first apps Enterprise AI is missing the business core The best JavaScript certifications for getting hired Google begins putting the guardrails on agentic AI Meta's compute grab continues with agreement to deploy tens of millions of AWS Graviton cores Germany's sovereign AI hope changes hands Former OpenAI research scientist launches new AI model for Tencent Why world models are AI’s next frontier Where to begin a cloud career The agentic AI frenzy increases as more vendors stake their claims Google pitches Agentic Data Cloud to help enterprises turn data into context for AI agents Offer customers passkeys by default, UK’s NCSC tells enterprises Microsoft taps Anthropic’s Mythos to strengthen secure software development How open source ideals must expand for AI Is your Node.js project really secure? How I doubled my GPU efficiency without buying a single new card
Microsoft releases open-source tools to operationalize AI agent safety
2026-05-21 · via Swift for Visual Studio Code comes to Open VSX Registry | InfoWorld

Microsoft has open-sourced two new tools aimed at bringing AI safety checks much earlier into the agent development lifecycle.

The tools, called Rampart and Clarity, were announced this week as part of Microsoft’s broader push to operationalize safety engineering for agentic AI.

“We built these tools because we believe that AI safety has to become a continuous engineering discipline rather than a periodic checkpoint, and we think the best way to make that happen is to put practical, open tools in the hands of the people doing the building,” Microsoft’s AI red team founder Ram Shankar Siva Kumar said in a security blog post.

The announcement comes as AI agents evolve from chatbot-style assistants into systems with real operational privileges. According to Microsoft, these newer agents introduce risks that traditional application security workflows were not designed to handle, including prompt injection, unsafe tool use, privilege escalation, and unintended autonomous actions.

Both Rampart and Clarity are now available as open-source projects from Microsoft.

Rampart for repeated AI red teaming

Microsoft has positioned Rampart as the more operational of the two tools. The framework is designed to help developers transform red-team findings into repeatable tests that can run continuously during development and deployment pipelines.

Built on top of PyRIT, Microsoft’s open automation framework for red teaming generative AI systems, Rampart aims to allow teams to execute both adversarial and benign test scenarios against AI agents in a structured and automated way.

The idea is to move beyond one-off safety reviews and instead include continuous checks directly into CI/CD workflows. “Where PyRIT is optimized for black-box discovery by security researchers after the system is built, Rampart is built for engineers as the system is being built,” Kumar explained.

The framework promises the ability to surface issues relating to cross-prompt injection, unsafe data handling, insecure tool execution, and other agent-specific attack paths before applications reach production. Additionally, Rampart is programmed to let organizations convert AI red-team findings into repeatable automated tests, helping engineers continuously check for regressions as agents evolve.

Clarity to focus on assumptions in AI agents

While Rampart focuses on testing systems being built, Clarity is aimed earlier in the workflow before code starts getting written.

Microsoft’s description of Clarity is that of a tool meant to examine and validate the assumptions behind AI agent design decisions. That would presumably include evaluating how agents are expected to behave, what permissions they should have, how they interact with tools and external systems, and where trust boundaries exist.

“Clarity runs as a desktop app, a web UI, or embedded directly in a coding agent,” Kumar said. “It guides engineers through structured conversations covering problem clarification, solution exploration, failure analysis, and decision tracking.”

These conversations are written to the “.clarity-protocol/” directory in the repository as markdown files, which can be committed, reviewed in pull requests, and diffed like source code, he added. Microsoft has been building an open-source “agent governance” and safety stack over the past few months, making Rampart and Clarity part of a broader strategy rather than a standalone release. Last month, the company introduced the Agent Governance Toolkit, focused on routine controls, policy enforcement, and OWASP-aligned protections for AI agents.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。