OpenAI announced on Monday that it is acquiring Promptfoo, a startup whose open-source tools test AI systems for security vulnerabilities before they reach production. Financial terms were not disclosed, though the company was valued at roughly $86 million after its Series A last July, according to PitchBook. The 23-person team will join OpenAI and build inside Frontier, the enterprise agent platform OpenAI launched in early February.
Eight months. That is how long Promptfoo operated as an independent company after closing its $18.4 million Series A led by Insight Partners. Andreessen Horowitz participated in both that round and the earlier $5 million seed, which also drew angel checks from Shopify CEO Tobi Lütke and Discord CTO Stanislav Vishnevskiy. For a startup that had raised just $23 million total, getting absorbed this quickly suggests OpenAI saw something it could not afford to let a competitor pick up first.
Why a red-teaming tool, and why now
Promptfoo was founded in 2024 by Ian Webster and Michael D'Angelo. Webster ran the LLM engineering team at Discord, shipping AI features to 200 million users, and grew frustrated that the security tooling available simply was not built for the problems AI applications create. Prompt injection, jailbreaks, data exfiltration through chat interfaces: none of these map neatly onto traditional vulnerability scanners.
"As AI agents become more connected to real data and systems, securing and validating them is more challenging and important than ever," Webster said in a statement, which is the kind of measured phrasing a founder uses when the acquisition paperwork is still warm. The more telling detail is where Promptfoo already had traction: over 25% of Fortune 500 companies were using its tools, along with more than 125,000 developers running the open-source CLI.
Those are solid adoption numbers for a company that barely existed two years ago. But the "25% of Fortune 500" claim likely counts any team at those companies running the free open-source version, not necessarily paying enterprise customers. Still, the developer footprint is real, and that is what OpenAI is buying: not just code, but distribution.
The Frontier angle
Frontier is OpenAI's play for enterprise AI agents, the kind that access CRM platforms, internal databases, and ticketing systems to execute multi-step workflows. Early customers include Uber, State Farm, Intuit, and Thermo Fisher Scientific. When an AI agent can touch production data and make decisions with real consequences, the question shifts from "does it work?" to "what happens when it fails?"
Srinivas Narayanan, OpenAI's CTO of B2B applications, framed Promptfoo's capabilities as something Frontier needed natively, not as an add-on. Automated red-teaming, agentic workflow evaluation, compliance monitoring: these become built-in features rather than something customers bolt on after the fact. The logic makes sense, though it also means OpenAI is admitting its own platform did not ship with adequate security testing from the start.
The open-source question nobody wants to answer
OpenAI says it will keep Promptfoo open source. The GitHub repo has over 248 contributors, and developers at Anthropic and Google have reportedly used it to test their own models. That is the kind of vendor-neutral credibility that evaporates the moment a tool lives inside a competitor's commercial platform.
Zane Lackey, a general partner at a16z who backed the company, called the deal a validation of an early thesis about AI security becoming mission-critical. Maybe. But for those 130,000 monthly active developers, the practical question is simpler: will Promptfoo still test Claude and Gemini just as rigorously once OpenAI signs the paychecks? The commitment to multi-provider support faces its first real test when Frontier's commercial roadmap starts pulling in one direction and the open-source community pulls in another.
A pattern, not an isolated deal
This is OpenAI's third acquisition in roughly five months. The company picked up Software Applications in October and healthcare startup Torch for about $60 million in January, according to CNBC. The pace suggests a company that has decided building everything in-house takes too long when the competitive window is measured in quarters, not years.
Anthropic launched Claude Code Security in February. Microsoft has been integrating its own red-teaming framework, PyRIT, into Azure AI Foundry. The message from all three: enterprise AI sales will increasingly hinge on security credentials, not just model benchmarks. Promptfoo gives OpenAI a credentialed answer to procurement teams who want to see testing infrastructure before they sign.
The deal is expected to close in the coming weeks. After that, the Promptfoo team builds inside Frontier, the open-source project continues (for now), and 248 GitHub contributors get to find out what "committed to open source" means when it comes from a company valued at north of $300 billion.
