OpenAI acquires Promptfoo, integrates AI security into Frontier

OpenAI announced it is acquiring Promptfoo and plans to fold the startup’s AI security tooling into OpenAI Frontier, the company’s platform for building and operating AI coworkers. The move is pitched as a step to tighten defenses around agentic systems that increasingly connect models to real data and enterprise services.

“We’re acquiring Promptfoo, an AI security platform that helps enterprises identify and remediate vulnerabilities in AI systems during development,” OpenAI wrote in its March 9 company post. The post added, “Once the acquisition is finalized we will integrate Promptfoo’s technology directly into OpenAI Frontier, our platform for building and operating AI coworkers.” OpenAI also cautioned that “the closing of the acquisition is subject to customary closing conditions.”

Promptfoo describes itself in developer materials as a suite for automated red teaming and security testing. Its marketing copy touts “Automated red teaming for agents & RAGs” and promises to “simulate real users to uncover application-specific vulnerabilities.” The documentation includes a command-line example, npx promptfoo@latest redteam setup, and a list of attack types the tool can generate: “Direct and indirect prompt injections,” “Jailbreaks tailored to your guardrails,” “Data and PII leaks,” “Business rule violations,” “Insecure tool use in agents,” “Toxic content generation,” and “And much more.” Promptfoo’s site also claims a contributor base that includes engineers “from companies like OpenAI, Google, Microsoft, and Amazon,” and headlines such as “Built on the world's largest AI security community.”

OpenAI framed the acquisition as an engineering lift. “Promptfoo brings deep engineering expertise in evaluating, securing, and testing AI systems at enterprise scale. Their work helps businesses deploy secure and reliable AI applications, and we’re excited to bring these capabilities directly into Frontier,” Srinivas Narayanan, CTO of B2B Applications at OpenAI, said in the company post. Ian Webster, co-founder and CEO of Promptfoo, said, “We started Promptfoo because developers needed a practical way to secure AI systems. As AI agents become more connected to real data and systems, securing and validating them is more challenging and important than ever. Joining OpenAI lets us accelerate this work, bringing stronger security, safety, and governance capabilities to the teams building real-world AI systems.”

Secondary reporting shared on social media by moneycontrol.com states, “Promptfoo will remain open source under its current license, while OpenAI says it will continue to service and support existing customers.” That specific language does not appear in the OpenAI post excerpts provided, and the companies have not supplied financial terms, a closing date, or a detailed integration timeline in the announcement.

The acquisition signals a shift by a major AI platform to internalize tooling that probes agent behavior, tests guardrails, and hunts for data-exfiltration risks. For enterprises deploying multi-step agents and retrieval-augmented workflows, integrating red-team automation could shorten development cycles and reduce deployment risk. It also raises governance questions: how OpenAI will preserve or alter Promptfoo’s open-source projects, which licenses will govern community contributions, and how existing Promptfoo customers will be transitioned into Frontier offerings.

The OpenAI post contains an editorial artifact in its excerpt, “Image 1: our-agreement-with-the-department-of-war-1-1” and a line mentioning “Our agreement with the Department of War Company Feb 28, 2026,” text presented without context in the supplied material. Absent disclosed terms, staffing plans, or regulatory considerations, the acquisition is nonetheless a clear signal that platform providers intend to own the tools used to validate and operate increasingly agentic AI in production.