OpenAI said it plans to acquire Promptfoo, a San Francisco startup focused on testing and securing large language model applications, as the company tries to strengthen safeguards around its rapidly expanding ecosystem of enterprise AI agents.
The announcement, made on March 9, 2026, signals a shift in how AI companies are thinking about security. Over the past two years, generative AI tools have become far more capable at producing code, automating workflows, and interacting with external systems. But those same capabilities introduce new vulnerabilities that traditional software security tools are not designed to handle.
Promptfoo has built a set of developer tools that help organizations systematically test AI systems for failures, manipulation attempts, and unsafe behavior before deploying them in production environments. OpenAI plans to integrate these capabilities into its Frontier platform, which allows companies to build and manage AI “coworkers” capable of carrying out tasks across business systems.
Financial details of the acquisition were not disclosed. Promptfoo was previously valued at around $86 million after raising roughly $23 million in funding. Its testing tools are already used by more than a quarter of Fortune 500 companies, making it one of the most widely adopted platforms for evaluating the behavior and security of AI applications.
Promptfoo was founded in 2024 by Ian Webster and Michael D’Angelo, both of whom recognized early that enterprises lacked reliable ways to test AI systems before deploying them in real business workflows.
Traditional software testing frameworks are designed to check deterministic code, where the same inputs always produce the same outputs. Large language models behave very differently. Their responses can vary based on context, phrasing, or subtle changes in prompts. That unpredictability makes it difficult to identify vulnerabilities through conventional testing methods.
Promptfoo’s platform attempts to solve that problem by allowing developers to simulate adversarial scenarios against AI applications. Teams can run automated tests that attempt to trick models into leaking information, ignoring safety instructions, or performing unintended actions.
The company provides both open-source tools and enterprise software. Developers often begin with Promptfoo’s command-line interface and evaluation library, which allow teams to benchmark prompts, run automated tests, and monitor outputs at scale. Larger organizations typically adopt its enterprise dashboard for continuous testing, compliance reporting, and detailed traceability across AI systems deployed in production.
This combination of open-source tooling and enterprise monitoring helped Promptfoo gain traction quickly among organizations experimenting with AI-powered software.
OpenAI’s decision to acquire Promptfoo reflects a growing concern within the industry: the rise of autonomous AI agents dramatically expands the potential attack surface of AI systems.
Earlier generations of generative AI tools mainly produced text or images. Today’s models increasingly interact with software systems, APIs, and internal databases. Companies are beginning to deploy agents that can complete complex workflows such as booking travel, processing payments, generating reports, or updating internal systems.
Those capabilities create new security risks.
Attackers may attempt to manipulate AI agents through prompt injection, a technique that embeds malicious instructions into user input. In other cases, adversaries may attempt to extract sensitive data, trigger unauthorized actions, or exploit gaps in how AI systems interact with external tools.
Enterprises deploying AI agents are especially concerned about these risks because mistakes could expose confidential data, create financial liabilities, or violate regulatory requirements.
Promptfoo’s testing framework was designed specifically to address these challenges by allowing developers to simulate real-world attack scenarios before releasing AI systems to customers or employees.
OpenAI said Promptfoo’s technology will be integrated into Frontier, its platform designed to help enterprises build and manage AI agents that can operate across business workflows.
Frontier enables companies to create AI systems that act more like digital coworkers than simple chatbots. These agents can interact with multiple tools, execute tasks, and make decisions based on instructions provided by users.
With the addition of Promptfoo’s technology, Frontier customers will be able to perform more rigorous security evaluations before deploying these agents.
The integration will allow developers to run automated red-teaming exercises against AI workflows. These tests simulate adversarial inputs and unexpected scenarios that might cause an AI system to behave incorrectly.
The platform will also provide security evaluations that analyze prompts, data flows, and external integrations to identify vulnerabilities before agents are deployed. Compliance monitoring will help organizations generate reports and maintain traceability for regulatory audits.
OpenAI said Promptfoo’s developer tools will remain accessible, allowing engineers to build custom testing pipelines using command-line interfaces and libraries.
Importantly, the company also indicated that Promptfoo’s open-source tools will continue to be maintained, even as new enterprise capabilities are developed inside OpenAI’s platform.
The acquisition highlights how quickly the conversation around AI has shifted from pure capability to operational safety.
Early excitement around generative AI focused largely on productivity gains. Tools capable of writing code, analyzing documents, and automating repetitive work promised to transform how companies operate.
But as those systems become embedded deeper into business infrastructure, security concerns have grown more urgent.
AI agents that interact with financial systems, customer databases, or internal workflows must operate reliably under a wide range of conditions. Even subtle errors or manipulated inputs can cause unintended actions.
Prompt injection attacks, for example, allow malicious users to override instructions embedded within a system prompt. In some cases, attackers have used these techniques to bypass safeguards or extract sensitive data.
Testing frameworks such as Promptfoo attempt to address these risks by introducing systematic adversarial testing, similar to how cybersecurity teams conduct penetration tests on software systems.
The goal is not simply to verify that an AI system works under normal conditions, but to identify how it behaves when confronted with malicious or unexpected inputs.
OpenAI’s move also reflects a broader competition among major AI companies to develop security and safety tools around their platforms.
Anthropic recently introduced a security-focused system designed to analyze large codebases for vulnerabilities generated by AI-assisted development tools. Google has expanded safety controls within its Vertex AI platform, providing developers with configurable safeguards and evaluation tools. Microsoft has been developing moderation and safety infrastructure within its Azure AI ecosystem.
These efforts all address the same underlying challenge: enterprises are unlikely to adopt AI systems widely without strong assurances around safety, governance, and reliability.
Promptfoo’s popularity among large organizations made it an attractive target for acquisition. By integrating the startup’s testing technology directly into Frontier, OpenAI can offer enterprise customers more comprehensive security capabilities as part of its platform.
Promptfoo’s founders built the company around the idea that evaluating AI systems requires a fundamentally different approach than traditional software testing.
Ian Webster previously worked on machine learning research and developer tooling, while Michael D’Angelo brought experience in security engineering. Together they focused on building tools that allowed developers to systematically test the behavior of AI models before deployment.
Their approach emphasized transparency and developer usability. Instead of relying entirely on proprietary systems, Promptfoo provided open-source tools that allowed engineers to run their own tests locally or integrate evaluation pipelines into existing development workflows.
That approach helped the platform spread quickly within developer communities experimenting with large language models.
As AI adoption expanded across industries, the need for structured evaluation tools grew alongside it.
OpenAI’s acquisition of Promptfoo underscores how central security has become in the next phase of AI development.
Companies are increasingly experimenting with autonomous AI agents capable of carrying out real tasks across business systems. These systems promise significant productivity improvements, but they also introduce new technical and operational risks.
Enterprises deploying AI agents must demonstrate that those systems behave predictably, respect security boundaries, and comply with regulatory standards.
Tools like Promptfoo provide a way to measure those qualities before AI systems are trusted with critical workflows.
Industry analysts say the deal reflects a broader recognition that AI infrastructure must include not only models and developer tools, but also evaluation frameworks capable of identifying risks early in the development process.
For OpenAI, integrating Promptfoo’s technology into its Frontier platform could make the difference between experimental AI adoption and large-scale enterprise deployment.
As organizations move from chatbots toward fully autonomous AI coworkers, the ability to test and secure those systems may become just as important as the models that power them.
Do your emails often get ignored and end up unopened in crowded inboxe...
Homework used to take time. You had to go through books, notes, and di...
There is a very specific kind of confidence that comes from generating...
If AI could understand vibes, we wouldn’t be writing essays as prompts...
Hospitals are beginning to see measurable reductions in waiting times...
Artificial intelligence has quickly become part of everyday learning....
Discussion