On March 9, OpenAI announced that it would acquire the artificial intelligence security platform Promptfoo and plans to fully integrate the company's technology into OpenAI's enterprise-level agent platform OpenAI Frontier after the transaction is completed. Promptfoo is mainly aimed at enterprise users and helps identify and fix various security vulnerabilities during the development stage of AI systems. Its tools have been adopted by more than a quarter of Fortune 500 companies and support the evaluation and red team testing of large language model applications through open source CLI and libraries.
OpenAI said that as enterprises truly deploy "AI coworkers" into business processes, assessment, security and compliance have become basic requirements. Enterprises not only need a systematic approach to test agent behavior and identify risks before going online, but they also need to keep clear records during long-term operation and maintenance to meet supervision, governance and accountability needs. While OpenAI plans to continue the Promptfoo open source project, it will deeply integrate its capabilities into Frontier to provide enterprise users with more complete integrated solutions.
The Promptfoo team, led by co-founders Ian Webster and Michael D’Angelo, has built a mature and powerful set of tools for assessment and attack simulation (red-teaming) to help companies identify potential risks when applying large models at scale. OpenAI stated that Promptfoo has deep engineering accumulation in enterprise-level AI system evaluation, security and testing. Its work helps enterprises deploy safer and more reliable AI applications. Incorporating these capabilities directly into Frontier will significantly improve the overall security level of the platform.
According to information released by OpenAI, companies that build agents on the Frontier platform in the future will be enhanced in several core capabilities. First, safety and security testing will be embedded as native capabilities of the platform: automated security testing and red team attack capabilities will help enterprises identify and mitigate risks such as prompt injection, jailbreaking, data leakage, tool misuse, and agent behavior outside of policy. Secondly, security and assessment capabilities will be more closely integrated into the development workflow, allowing teams to identify, troubleshoot, and repair agent risks at an earlier stage, making security one of the core aspects of enterprise-level AI system development and operation. Third, the platform will strengthen oversight and accountability capabilities by integrating reporting and traceability tools to help organizations record testing processes, monitor risk profiles over time, and meet increasingly stringent governance, risk and compliance requirements.
Ian Webster, co-founder and CEO of Promptfoo, said that the original intention of Promptfoo was to provide developers with a practical and feasible solution to ensure the security of AI systems. As AI agents become more and more closely connected to real data and key systems, the difficulty and importance of their security protection and systematic verification are rapidly increasing. He said that joining OpenAI will enable Promptfoo to accelerate investment in this direction and bring stronger security, reliability and governance capabilities to teams that are building real-world AI systems.
OpenAI said it is excited to join the Promptfoo team and will continue to build relevant tools to help enterprises deploy AI applications and agent systems safely and reliably. Completion of the acquisition remains subject to the satisfaction of customary closing conditions.