OpenAI Acquires Promptfoo to Secure Its Enterprise AI Agents

OpenAI Buys AI Security Startup Trusted by Fortune 500

OpenAI announced on Sunday that it is acquiring Promptfoo, a startup that helps enterprises identify and fix security vulnerabilities in AI systems before they reach production. The acquisition, first reported by Bloomberg, signals a strategic shift as OpenAI moves to make security a native feature of its enterprise platform rather than an afterthought.

Promptfoo, founded in 2024 by Ian Webster and Michael D'Angelo, has built a suite of tools for automated red-teaming, static scanning, and evaluation of AI models and applications. The platform is currently used by over 25% of Fortune 500 companies and had raised $23 million at a valuation of $86 million before the deal. Financial terms of the acquisition were not disclosed.

Integration Into OpenAI's Frontier Platform

Once the acquisition closes, Promptfoo's technology will be integrated directly into OpenAI Frontier, the company's platform for building and operating enterprise AI agents. The integration will add automated red-teaming, security testing, and compliance monitoring as core capabilities, helping enterprises identify risks like prompt injections, jailbreaks, data leaks, tool misuse, and out-of-policy agent behaviors.

The timing is deliberate. As enterprise customers push beyond simple chatbots into autonomous agents that interact with code, internal databases, and business workflows, the attack surface for AI systems has expanded dramatically. OpenAI wants security testing embedded in the development pipeline from day one, not bolted on after deployment.

Open Source Tools Will Remain Available

In a notable commitment, OpenAI confirmed that Promptfoo's open-source tools will remain available to the broader developer community. The company stated it will continue to develop and maintain the open-source suite as a best-in-class red-teaming, static scanning, and evaluation tool for any AI model or application, not just OpenAI's own products.

This approach mirrors a broader industry trend where major AI companies acquire specialized tooling while preserving open-source ecosystems. For Promptfoo's existing enterprise customers, OpenAI promised continuity of service during the integration period.

The Enterprise AI Security Race Heats Up

The acquisition comes as leading AI labs compete to prove their technology can be safely deployed in mission-critical business operations. With autonomous AI agents now handling tasks ranging from financial analysis to code deployment, the potential consequences of security failures have grown from embarrassing chatbot responses to significant business and legal liability.

Promptfoo's tools address this gap by testing AI systems during development rather than waiting for vulnerabilities to emerge in production. The platform can simulate adversarial attacks, test for policy violations, and validate that AI agents behave within defined boundaries across thousands of scenarios.

What This Means for Developers and Engineers

For engineers building on OpenAI's platform, the Promptfoo acquisition suggests that security testing will become a more integrated part of the development workflow. Enterprise developers can expect native tools for red-teaming and compliance validation within Frontier, potentially reducing the need for third-party security audits. The deal also signals growing demand for AI security expertise, a niche that barely existed two years ago but is now critical as companies deploy autonomous agents at scale.