Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The acquisition of Promptfoo, which has more than 125,000 developers and more than 30 Fortune 500 companies among its users, is OpenAI’s most direct step yet into AI application security. Its technology will be incorporated into Frontier, the company’s enterprise agent platform, launched just a month ago.
When Ian Webster led an LLM engineering team that shipped AI products to 200 million users on Discord, he noticed something the security industry hadn’t yet caught up to: the tools his team was using to keep those products secure were built for a different era. Traditional vulnerability scanners could not provide a quick injection basis. Static analysis had nothing to say about a model that promised the user something it had no power to deliver. He said the testing infrastructure for AI applications simply doesn’t exist.
So he built it himself on nights and weekends as an open source project. That project became Promptfoo. On Monday, OpenAI announced that it was acquiring the company.
The deal, whose terms were not disclosed, will see Promptfoo’s technology integrated into OpenAI Frontier, the enterprise agent management platform that OpenAI launched in early February. a Type in XOpenAI, the acquisition’s “strengthen agent security testing and evaluation capabilities” promised to remain open source under its current license within the boundary and with ongoing support for Promptfoo’s existing customers.
💜 of EU technology
The latest rumblings from the EU tech scene, a story from our wise founder Boris and some questionable AI art. Free in your inbox every week. Register now!
Promptfoo, which Webster co-founded with Michael D’Angelo, went commercial in 2024 with $5 million in seed funding from Andreessen Horowitz, the former vice president of engineering and head of artificial intelligence at identity verification firm Smile Identity. The seed round was backed by an impressive list of angels, including Shopify CEO Toby Lütke, Discord CTO Stanislav Wisniewski, and Okta co-founder Frederik Kerrest. By July 2025, the company had raised an $18.4 million Series A round led by Insight Partners, with a16z again participating. Total funding prior to the acquisition was approximately $23.4 million.
During the Series A, Promptfoo said it has more than 125,000 developers using its open source framework and more than 30 Fortune 500 companies running its enterprise platform in production. Customers include retail, telecommunications, financial services and media, sectors that are acutely exposed to the regulatory and reputational risks of AI failures.
The product works by acting as an automated competitor. Instead of relying on manual penetration testing, the Promptfoo platform talks directly to the client’s AI application via a chat interface or API, using specialized models and agents that act as users or specifically as attackers. When an attack is successful, the platform logs it, analyzes why it worked, and iterates through an agent reasoning loop to refine the test and uncover deeper vulnerabilities. Risks targeted by the platform include operational injection, data leaks, jailbreaks and Webster’s “application layer” failures: AI systems that promise users things they can’t deliver, or reveal database contents to a customer service request, or turn a homework teacher into a political opinion.
It is the risks at the application level that make the acquisition of Promptfoo strategically aligned with OpenAI’s current direction. Border, which OpenAI described as an effort to create “AI collaborators” for the enterprise, designed to give AI agents access to production systems, CRM platforms, data warehouses, internal ticketing tools and implement workflows with real-world results. Agents operating at that entry level create a correspondingly expanded attack surface. The first customers named by OpenAI for Frontier include Uber, State Farm, Intuit and Thermo Fisher Scientific: organizations where a misbehaving agent is a liability, not a nuisance.
OpenAI is rapidly building the Frontier. After launching the platform on February 5, the company announced Frontier Alliances with Accenture, Boston Consulting Group, Capgemini and McKinsey, bringing in consulting firms for enterprise deployments. Separately, the company is introducing Codex Security, an AI-powered application security agent for software repositories, formerly known as Aardvark, which went into wider use on the same day as the Promptfoo acquisition announcement.
Promptfoo isn’t the only AI security product entering wider availability this month. anthropic Claude launched Code Security in February, targeting similar vulnerability scanning cases. Convergence shows that as AI agents move into production at scale, the question of who supplies them and how is fast becoming one of the defining commercial battlegrounds in enterprise AI.
For Promptfoo’s open source community, OpenAI’s commitment to keeping the project open source under its current license will be the line to follow. The project has more than 248 contributors, and its adoption by developers at companies in the AI industry, including teams at Anthropic and Google, according to Promptfoo’s own website, is based on the tool’s ownership of the developer community rather than any vendor. This promise now sits alongside commercial integration into one of the most powerful enterprise AI platforms on the market.
