Promptfoo is an AI security and testing platform that provides open-source tools for evaluating, testing, and securing large language model (LLM) applications. The company was founded in 2024 by Ian Webster and Michael D'Angelo with the mission to provide a systematic framework for developing reliable AI applications. On March 9, 2026, OpenAI announced its acquisition of Promptfoo to integrate its security and evaluation technology into OpenAI's platforms. ^{[1] [2]}

History

Promptfoo was co-founded in 2024 by Ian Webster, who serves as CEO, and Michael D'Angelo, who is the CTO. The company's initial mission was to create an easy-to-use platform for developers to systematically test their AI applications. The founders soon identified that adversarial testing for security and safety was a major challenge for the enterprise adoption of AI, which led to a strategic pivot to focus on this area. The company's official mission became "Ship agents, not vulnerabilities." ^{[2] [3]}

In July 2025, Promptfoo completed a Series A funding round, raising $18.4 million. The round was led by Insight Partners, with participation from Andreessen Horowitz (a16z). Key partners involved in the investment were Ganesh Bell from Insight Partners and Zane Lackey from a16z. This round brought Promptfoo's total capital raised to $22.68 million and established a post-money valuation of $85.5 million, according to Pitchbook data. The company was also backed by a number of undisclosed angel investors. ^{[4] [2]}

By the time of its acquisition, Promptfoo's tools had gained significant traction in the market. The platform had been used by over 350,000 developers, with 130,000 monthly active users. Its open-source tools were adopted by teams at more than 25% of Fortune 500 companies. ^{[2] [5]}

Acquisition by OpenAI

On March 9, 2026, OpenAI announced that it had entered into an agreement to acquire Promptfoo, subject to customary closing conditions. The financial terms of the deal were not publicly disclosed. At the time of the announcement, Promptfoo had a team of 23 employees, all of whom were set to join OpenAI. ^{[5] [4] [2]}​

The acquisition was a strategic move by OpenAI to bolster the safety and security of its AI agent technologies, particularly for enterprise clients. Promptfoo's CEO, Ian Webster, stated that the goal of joining OpenAI was to bring "stronger security, safety, and governance capabilities to the teams building real-world AI systems." The integration of Promptfoo's technology is intended to provide systematic risk detection and compliance for advanced AI systems. ^{[4] [5]}​

Promptfoo's technology and team are slated for integration into "OpenAI Frontier," the company's enterprise platform for developing and deploying AI agents, sometimes referred to as "AI coworkers." The integration plans to make automated security testing, safety evaluations, and red teaming native features within the OpenAI Frontier platform. This aims to embed security evaluation deep into the developer workflow, allowing for the early identification and remediation of risks. The combined tools will also provide reporting and traceability features to help organizations document AI testing and meet Governance, Risk, and Compliance (GRC) standards. ^{[1] [5]}​

In the acquisition announcement, OpenAI and the Promptfoo team affirmed their commitment to continue developing and maintaining Promptfoo's open-source offerings. Promptfoo also stated that it would continue to serve its existing users and enterprise customers and maintain support for a diverse ecosystem of AI providers and models beyond those offered by OpenAI. ^{[2] [4]}​

Technology and Products

Promptfoo is designed around the philosophy of "test-driven LLM development," which provides a structured and data-driven alternative to the trial-and-error methods often used in building AI applications. The core of its technology is an open-source command-line interface (CLI) and library, written in TypeScript and distributed under an MIT License. The tool is developer-centric and operates locally to ensure that proprietary prompts, test data, and API keys remain private on the user's machine. It uses a declarative YAML configuration file (promptfoo.yaml) to define prompts, models, and test cases, which allows testing suites to be version-controlled and integrated into development workflows. ^{[6] [7]}

Product Suite

Promptfoo offers a suite of products designed to integrate security throughout the AI development lifecycle. ^[3]

• Evaluations: An open-source component for testing and evaluating the performance, quality, and accuracy of prompts, models, and Retrieval-Augmented Generation (RAG) systems. It allows users to build custom benchmarks and compare results side-by-side. ^[7]
• Red Teaming: A proactive security tool that simulates adversarial user behavior to identify and remediate application-specific vulnerabilities before deployment. It automatically generates custom attacks to test for risks such as direct and indirect prompt injections, jailbreaks, data leakage, Personally Identifiable Information (PII) exposure, and business logic violations. ^{[3] [1]}
• Guardrails: A feature that provides real-time protection for AI applications in production. It is designed to defend against jailbreaks, prompt injections, and other adversarial attacks at runtime. ^[2]
• Model Security: A service for comprehensive security testing and ongoing monitoring of AI models. It helps ensure that models remain secure against a range of threats over time. ^[3]
• Code Scanning: An integrated tool that finds LLM-related security vulnerabilities directly within a developer's Integrated Development Environment (IDE) and as part of a Continuous Integration/Continuous Deployment (CI/CD) pipeline. ^[3]
• MCP Proxy: A specialized, secure proxy designed to protect communications that use the Model Context Protocol (MCP). ^[3]

Key Features

• Comparative Evaluation: A core feature is the ability to run prompts against multiple models (e.g., GPT-4, Claude, Gemini), different prompts, or different system settings simultaneously. Results are displayed in a side-by-side matrix view for direct comparison. ^[6]
• Assertions and Scoring: Users can define specific criteria, or assertions, to automatically score the quality and safety of LLM responses. This can include checking for valid JSON format, flagging specific keywords, or using another LLM as a "judge" to evaluate subjective qualities. ^[1]
• CI/CD Integration: The tool is designed to be run within CI/CD pipelines to automatically enforce quality gates and security checks before deploying changes to LLM-powered features. ^[6]
• Provider Agnosticism: The platform is provider-agnostic and supports models from a wide range of providers, including OpenAI, Anthropic, Google, Azure, Amazon Bedrock, and HuggingFace. It can also be used with open-source models hosted locally via Ollama or Llama, and it supports custom API endpoints for proprietary models. ^[7]
• Privacy-First Architecture: By default, all evaluations are processed on the user's local machine. The tool communicates directly with model provider APIs, which prevents sensitive data like prompts and model outputs from being exposed to third parties. ^[6]

Adoption and Use Cases

Prior to its acquisition, Promptfoo's tools were reportedly used in production applications serving over 10 million users. The platform is used by 127 of the Fortune 500 companies, including top global retailers, major U.S. wireless carriers, and prominent healthcare organizations. Teams at other AI labs, such as Anthropic, also use the platform, and its open-source project has received contributions from developers at Google, Microsoft, and Amazon. ^{[6] [3]}

Industry-Specific Solutions

Promptfoo provides tailored security and compliance solutions for several regulated industries: ^[3]

• Healthcare: Security solutions designed to be compliant with the Health Insurance Portability and Accountability Act (HIPAA) for medical AI.
• Financial Services: Security testing aligned with Financial Industry Regulatory Authority (FINRA) regulations.
• Insurance: Tools for the protection of Protected Health Information (PHI) and ensuring compliance.
• Telecommunications: Security for voice and text-based AI agents.
• Real Estate: Compliance testing to help adhere to Fair Housing regulations.