OpenAI Just Acquired Promptfoo — The $86M AI Security Startup Used by 25% of Fortune 500

OpenAI dropped a big announcement on March 9, 2026: it’s acquiring Promptfoo, the open-source AI red-teaming platform that’s become the go-to security testing tool for enterprise AI deployments. The deal marks OpenAI’s clearest signal yet that AI agent safety isn’t just a research priority — it’s a product one.

What Happened

OpenAI confirmed plans to acquire Promptfoo, a startup that builds tools for testing and evaluating LLM applications against security vulnerabilities. The acquisition price wasn’t disclosed, but for context, Promptfoo was valued at $86 million after its $18.4 million Series A in July 2025, led by Insight Partners with participation from Andreessen Horowitz. Total funding raised: just $23.6 million.

Once the deal closes, Promptfoo’s technology will be integrated directly into OpenAI Frontier, the company’s enterprise platform for building and managing AI agents. The entire Promptfoo team, led by co-founders Ian Webster and Michael D’Angelo, will join OpenAI.

OpenAI also committed to continuing development of Promptfoo’s open-source project under its current license — a promise the community will be watching closely.

Why This Acquisition Matters

The timing here is telling. OpenAI Frontier is designed to give AI agents access to production systems — CRM platforms, data warehouses, internal ticketing tools — and let them execute workflows with real-world consequences. When AI agents can take actions that affect actual business operations, the security stakes go way up.

Promptfoo addresses exactly this gap. The platform specializes in automated red-teaming that catches vulnerabilities like prompt injections, jailbreaks, data leaks, tool misuse, and out-of-policy agent behaviors before they reach production. These aren’t theoretical risks — they’re the kinds of failures that make enterprise buyers hesitant to deploy AI agents at scale.

The numbers back up Promptfoo’s credibility: over 25% of Fortune 500 companies already use it, the open-source project has accumulated 10,800+ GitHub stars with 169 contributors, and the tool has reached over 100,000 users. For a company that raised under $24 million total, that’s an impressive adoption curve.

The Founders Behind Promptfoo

Promptfoo’s founding story is rooted in real operational pain. CEO Ian Webster built the initial tool while leading LLM engineering at Discord, where he was scaling AI products to 200 million users. Ensuring reliable, safe model behavior across that user base was a daily grind — and existing tools weren’t cutting it.

Co-founder and CTO Michael D’Angelo brought 11 years of experience building ML and security-focused infrastructure. Before Promptfoo, he was VP of Engineering at Smile ID, leading teams that built identity verification APIs processing hundreds of millions of checks across Africa. He holds a Stanford MS degree and previously co-founded Arthena (acquired by Masterworks).

The combination of Webster’s experience with LLM safety at scale and D’Angelo’s security infrastructure background gave Promptfoo a practical edge that resonated with enterprise buyers.

How Promptfoo Stacks Up Against Competitors

Promptfoo isn’t the only AI red-teaming tool out there, but it occupies a unique position in the market.

Microsoft’s PyRIT is the most prominent open-source alternative. It’s a Python framework from Microsoft’s AI Red Team that provides building blocks for custom red-teaming scenarios. The key difference: PyRIT is a framework that requires security expertise to implement effectively, while Promptfoo is more like a plug-and-play security scanner — automated and developer-friendly.

Garak takes a different approach, maintaining a library of static, research-backed attack prompts organized into 20 categories (including well-known “DAN” jailbreaks and encoding tricks). Promptfoo’s advantage is that it generates AI-driven attacks tailored to your specific application rather than relying on a fixed catalog.

Giskard offers dynamic multi-turn stress tests with 50+ specialized probes and an adaptive red-teaming engine. It’s strong on conversational AI testing but lacks Promptfoo’s breadth in CI/CD integration and developer workflow.

Commercial alternatives like Braintrust, Adaline, and Splx AI serve different niches — production monitoring, prompt release management, and end-to-end adversarial testing respectively — but none match Promptfoo’s combination of open-source community adoption and enterprise penetration.

With OpenAI’s backing, Promptfoo now has a distribution advantage that no competitor can match. Being natively integrated into the platform where enterprise AI agents are built and deployed is a moat that’s hard to replicate.

The Bigger Picture: AI Safety as a Product Feature

This acquisition fits into a broader pattern. As AI agents move from demos to production deployments, security testing is shifting from “nice to have” to “deal breaker.” Enterprise buyers aren’t going to connect AI agents to their Salesforce instance or financial systems without rigorous security guarantees.

OpenAI’s move signals that the company sees security testing not as a separate product category, but as a native layer in the AI development stack. By baking Promptfoo’s capabilities directly into Frontier, OpenAI can offer enterprises a single platform where they build, test, secure, and deploy AI agents — reducing friction and locking in customers.

It also raises questions about the future of independent AI security tools. If the dominant AI platform provider bundles security testing into its enterprise offering, how do standalone competitors survive? Microsoft already has PyRIT in its ecosystem. Anthropic and Google will likely need similar answers.

What to Watch Next

Several threads are worth tracking in the coming months:

Open-source commitment. OpenAI says it will keep maintaining Promptfoo’s open-source project. History shows that big-company acquisitions of open-source tools don’t always end well for the community. Whether OpenAI genuinely invests in the open-source version or slowly starves it in favor of the Frontier-integrated product will be a key signal.

Integration timeline. How quickly Promptfoo’s capabilities appear as native features in OpenAI Frontier will indicate how seriously OpenAI is treating enterprise AI security. A fast integration would suggest this was a strategic priority, not just an acqui-hire.

Competitive responses. Microsoft, Google, and Anthropic all have enterprise AI ambitions. Expect to see accelerated investment in AI safety testing tools across the board — whether through acquisitions, partnerships, or in-house development.

Pricing impact. If Promptfoo’s core capabilities become part of the Frontier platform, will enterprise customers get security testing “for free” as part of their OpenAI subscription? That could reshape the economics of the entire AI security testing market.

FAQ

What is Promptfoo?
Promptfoo is an open-source CLI and library for evaluating and red-teaming LLM applications. It helps developers and enterprises test AI systems for security vulnerabilities including prompt injections, jailbreaks, data leaks, and tool misuse. The tool supports testing across multiple LLM providers including GPT, Claude, Gemini, and Llama.

How much did OpenAI pay for Promptfoo?
OpenAI did not disclose the acquisition price. Promptfoo was last valued at $86 million after its Series A round in July 2025, having raised $23.6 million total from investors including Andreessen Horowitz and Insight Partners.

Will Promptfoo remain open source after the acquisition?
OpenAI has publicly committed to continuing development of Promptfoo’s open-source project under its current license. However, the long-term trajectory remains to be seen — the community will be monitoring whether the open-source version continues to receive meaningful updates.

What are the main alternatives to Promptfoo?
Key alternatives include Microsoft’s PyRIT (open-source Python framework for AI red-teaming), Garak (static attack prompt library), Giskard (dynamic multi-turn testing), and commercial options like Braintrust, Adaline, and Splx AI. Each tool has different strengths depending on whether you need automated scanning, custom red-teaming frameworks, or production monitoring.

Who should care about this acquisition?
Enterprise teams deploying AI agents in production should pay close attention. If you’re building on OpenAI’s Frontier platform, integrated security testing will soon be available natively. If you’re using Promptfoo’s open-source tool independently, watch for any changes in development pace or licensing. And if you’re a competitor in the AI security testing space, this acquisition just raised the bar significantly.

Top AI Product