Free Tier as Distribution Engine
Promptfoo
The free tier is best understood as Promptfoo's distribution engine, because teams can install it locally, run full evaluations and limited red teaming in real workflows, and only involve procurement once they need shared controls. That flips the usual security software motion. Product proof happens before the sales process, and paid conversion starts when multiple developers, security staff, and compliance owners need one system of record.
-
Promptfoo gives away far more than a demo. The MIT licensed CLI includes all evaluation features, all provider integrations, local scanning, and red teaming up to 10,000 monthly probes. Paid plans start where coordination and governance start, with dashboards, RBAC, SSO, compliance reporting, API access, managed deployment, and extra probe capacity.
-
This is the same broad playbook that worked for developer tools like Semgrep and LangChain. Free or open source tools get adopted by individual builders first, then the company sells team collaboration, enterprise controls, and premium workflows after the product is already embedded in code review, CI, or production operations.
-
The model also fits Promptfoo's cost base. Core local testing is cheap to distribute, while the expensive part is inference heavy attack generation and grading. By charging when customers run larger continuous scans, Promptfoo turns higher compute usage into revenue instead of letting free users become an uncapped hosting burden.
Going forward, the strongest companies in AI security will look more like developer infrastructure than traditional security software. Promptfoo's free tier puts it on that path. As AI checks move into IDEs, pull requests, CI pipelines, and runtime controls, the companies that win distribution at the individual developer level should control the highest value enterprise upgrades later.