OpenAI acquires Promptfoo to stress-test AI agents before bad actors do

OpenAI is acquiring Promptfoo, a San Francisco-based AI security startup, in a move that signals how seriously the company is taking enterprise trust as it pushes deeper into agentic AI. The deal brings Promptfoo’s red-teaming and vulnerability-testing technology directly into OpenAI Frontier—its platform for deploying AI agents in corporate environments. Terms were not disclosed.The acquisition is less about adding a new product and more about fixing a structural gap. Frontier is built around the idea of AI agents—autonomous software that can browse, write, execute code, and manage data on a user’s behalf. That’s a compelling pitch for enterprises. It’s also a significant security risk, and until now, OpenAI didn’t have robust native tooling to address it.

Promptfoo, founded in 2024 by Ian Webster and Michael D’Angelo, builds tools that let companies systematically attack their own AI systems to find weaknesses—prompt injections, jailbreaks, data leaks, tool misuse—before bad actors do. More than 25% of Fortune 500 companies already use its products. Once integrated into Frontier, these capabilities become part of the platform itself: automated security testing, compliance reporting, and risk monitoring baked into the development workflow rather than bolted on afterward.

For OpenAI, enterprise credibility now depends on safety as much as capability

The timing matters. OpenAI is in an aggressive push to sign large enterprise customers, and those customers need more than performance benchmarks—they need audit trails, governance controls, and the assurance that their AI agents won’t be manipulated or misused. Promptfoo directly addresses that checklist.Anthropic launched a comparable vulnerability-scanning tool just last week, underscoring that agentic security has quickly become a competitive battleground—not just a technical afterthought.