OpenAI has agreed to acquire Promptfoo, an AI security testing platform, in a move designed to embed security evaluation directly into enterprise AI agent development.
The integration will extend OpenAI’s recently launched enterprise platform, Frontier, strengthening how AI systems undergo testing, evaluation, and validation before deployment inside organizations. The deal reflects a growing concern across the enterprise AI ecosystem: agents increasingly access internal documents, interact with APIs, and trigger operational workflows. As a result, the risk profile of AI systems now resembles that of automated employees rather than simple chat interfaces.
OpenAI plans to use Promptfoo’s technology to ensure organizations can deploy AI agents with stronger reliability, governance frameworks, and compliance safeguards.
Srinivas Narayanan, CTO of B2B Applications at OpenAI, highlighted the strategic importance of embedding testing directly into the AI development lifecycle.
“Promptfoo brings deep engineering expertise in evaluating, securing, and testing AI systems at enterprise scale,” he explained. “Their work helps businesses deploy secure and reliable AI applications, and we’re excited to bring these capabilities directly into Frontier.”
As AI Agents Gain Autonomy, Security Risks Escalate
Enterprise AI agents increasingly operate inside corporate systems, where they read internal documents, query databases, call APIs, and trigger actions such as approving tickets, sending emails, or executing workflow steps. This shift changes the fundamental nature of AI deployment. Instead of functioning as passive text generators, agents now act as operational participants inside software environments.
Consequently, traditional software security frameworks struggle to address these emerging risks. Problems often emerge when large language models misinterpret instructions by blending developer prompts with external or embedded content. Malicious instructions hidden inside that content can appear legitimate to the model. Prompt injection attacks represent one of the most persistent threats. A model cannot reliably distinguish between instructions written by developers and instructions embedded inside retrieved data, which can lead to data leakage or unauthorized actions.
Additional vulnerabilities arise when agents connect to internal knowledge bases, customer databases, and financial systems. If an agent responds to the wrong query or misinterprets context, it could expose sensitive information.
These failures rarely appear obvious. Instead, they can occur quietly and repeatedly at scale, potentially leading to data breaches, regulatory violations, or operational disruptions before developers detect the issue.
Promptfoo Adds Scenario Testing and AI Red-Teaming
Promptfoo’s platform addresses these risks by introducing systematic testing for AI agents operating inside real enterprise environments. Rather than relying on traditional deterministic unit tests, developers define behavioral scenarios and expected outcomes. The system then runs these tests across large batches of prompts to identify potential failure points.Promptfoo also simulates adversarial conditions.
For example, the system can generate prompt injection attacks, attempt to extract confidential information, or create edge cases where an agent might misuse a connected tool.
After running these scenarios, the platform records the responses and evaluates model performance against predefined criteria. It then produces a report highlighting unpredictable behavior, security weaknesses, or reliability gaps.
This approach allows engineering teams to measure system behavior across thousands of variations instead of relying on single test cases.OpenAI plans to embed these capabilities directly inside the Frontier platform so that security testing becomes a built-in step in AI agent development workflows.
The Rise of AI Security Platforms
Promptfoo launched in 2024 with the goal of giving developers structured tools to test and evaluate AI systems before production deployment. Initially developed as a prompt evaluation toolkit, the platform evolved into a broader AI red-teaming and security testing framework used by developers and enterprise teams.
Ian Webster, Co-Founder and CEO of Promptfoo, said the expansion of AI agents into operational systems makes security validation increasingly critical.
“We started Promptfoo because developers needed a practical way to secure AI systems,” he explained. “As AI agents become more connected to real data and systems, securing and validating them is more challenging and important than ever. Joining OpenAI lets us accelerate this work, bringing stronger security, safety, and governance capabilities to the teams building real-world AI systems.”
Building Safer Enterprise AI Systems
The acquisition also signals OpenAI’s broader ambition to position Frontier as more than a model access layer. Instead, the platform aims to function as enterprise infrastructure for building AI-powered automation.
OpenAI launched Frontier in February as a platform designed to help organizations build AI agents capable of executing real business tasks. With the addition of Promptfoo’s testing technology, Frontier can now incorporate built-in evaluation, red-teaming, and safety validation directly into the development pipeline.
Organizations will gain tools to identify unexpected AI behavior before deployment, reducing the chances of incorrect responses, data exposure, or operational errors reaching users.By focusing on security, governance, and compliance at the development stage, OpenAI hopes to increase enterprise trust in autonomous AI systems, a critical requirement as agents begin to participate directly in real business operations.
