The acquisition of Promptfoo, which counts more than 125,000 developers and more than 30 Fortune 500 companies among its users, is OpenAI’s most direct move yet toward AI application security. Its technology will be incorporated into Frontier, the company’s enterprise agent platform launched just a month ago.
When Ian Webster was leading the LLM engineering team at Discord and shipping AI products to 200 million users, he noticed something the security industry hadn’t yet caught up to: the tools his team relied on to keep those products secure were designed for a different era. Traditional vulnerability scanners couldn’t reason about rapid injection. Static analysis had nothing to say about a model that promised the user something it had no authority to deliver. He concluded that the testing infrastructure for AI applications simply did not exist.
So he built it himself, nights and weekends, as an open source project. That project became Promptfoo. On Monday, OpenAI announced its acquisition of the company.
The deal, terms of which were not disclosed, will integrate Promptfoo’s technology into OpenAI Frontier, the enterprise agent management platform that OpenAI launched in early February. in a publish in XOpenAI said the acquisition “Strengthen agent security testing and assessment capabilities” within Frontier, and promised that Promptfoo would remain open source under its current license, with continued support for existing customers.
The 💜 of EU technology
The latest rumors from the EU tech scene, a story from our wise founder Boris and some questionable AI art. It’s free, every week, in your inbox. Register now!
Promptfoo, which Webster co-founded with Michael D’Angelo, former vice president of engineering and head of artificial intelligence at identity verification company Smile Identity, launched commercially in 2024 with $5 million in seed funding from Andreessen Horowitz. The seed round attracted backing from a notable list of angels, including Shopify CEO Tobi Lütke, Discord CTO Stanislav Vishnevskiy, and Okta co-founder Frederic Kerrest. As of July 2025, the company had raised an $18.4 million Series A led by Insight Partners, with participation again from a16z. Total financing prior to the acquisition was approximately $23.4 million.
At the time of the Series A, Promptfoo said it had more than 125,000 developers using its open source framework and more than 30 Fortune 500 companies running its enterprise platform in production. Clients span retail, telecommunications, financial services and media, sectors highly exposed to regulatory and reputational risks from AI failures.
The product works by acting as an automated adversary. Instead of relying on manual penetration testing, Promptfoo’s platform talks directly to a customer’s AI application, through its chat interface or API, using specialized models and agents that behave like users, or specifically attackers. When an attack is successful, the platform records it, analyzes why it worked, and iterates through a cycle of agent reasoning to refine the test and expose deeper vulnerabilities. The risks targeted by the platform include rapid injection, data leaks, jailbreaks, and what Webster has called “application-level” failures: AI systems that promise users things they can’t deliver, or that reveal database contents to a customer service query, or that veer toward political opinion in a homework tutor.
It is precisely those application-level risks that make the acquisition of Promptfoo a strategic choice for OpenAI’s current direction. border, that OpenAI has described as an attempt to create “AI coworkers” for the enterprise, is designed to give AI agents access to production systems, CRM platforms, data warehouses, internal ticketing tools, and to execute workflows with real-world consequences. Agents operating at that access level create a correspondingly expanded attack surface. Early customers named by OpenAI for Frontier include Uber, State Farm, Intuit, and Thermo Fisher Scientific—organizations for whom a misbehaving agent is not an inconvenience but a liability.
OpenAI has been building Frontier at great speed. Since the platform’s launch on February 5, the company has announced Frontier Alliances with Accenture, Boston Consulting Group, Capgemini and McKinsey, recruiting consulting firms to drive enterprise implementation. Separately, the company has been rolling out Codex Security, an AI-powered application security agent for software repositories, previously known internally as Aardvark, which became widely available on the same day as the Promptfoo acquisition announcement.
Promptfoo is not the only AI security product that will be available this month. anthropic launched Claude Code Security in February, targeting similar vulnerability scanning use cases. The convergence suggests that as AI agents enter production at scale, the question of who secures them and how is quickly becoming one of the defining commercial battlegrounds for enterprise AI.
For the Promptfoo open source community, OpenAI’s commitment to keeping the project open source under its current license will be the line to watch. The project has more than 248 contributors, and its adoption by developers at companies across the AI industry (including, according to Promptfoo’s own website, teams at Anthropic and Google) was based on the premise that the tool belonged to the developer community and not a single vendor. That promise is now accompanied by a commercial integration into one of the most powerful enterprise AI platforms on the market.
