OpenAI Acquires Promptfoo for Agent Security

This deal shows that OpenAI wants enterprise agent security to be part of the product itself, not a separate tool bought later by cautious customers. Frontier is being positioned as a full operating layer for AI coworkers, with identity, permissions, observability, and now built in red teaming for prompt injection, jailbreaks, data leaks, tool misuse, and policy violations. Promptfoo matters because it already has real enterprise distribution and a developer footprint large enough to seed this workflow inside existing teams.

• Promptfoo was not just a small acquihire. Its team says the open source project has been used by more than 350,000 developers, with 130,000 active each month, and by teams at more than 25% of the Fortune 500. That gives OpenAI a ready made testing layer with enterprise credibility.
  2 promptfoo 4 sacra
• Frontier is aimed at companies running agents inside real systems, not just chatbots. OpenAI describes it as a platform that connects enterprise data, gives agents scoped permissions, runs them in production, and logs their actions. Security testing becomes much more important once agents can touch CRM records, internal apps, and workflows.
  1 openai 3 openai
• There is also a tradeoff. Promptfoo built its reputation as a model agnostic security layer across OpenAI, Anthropic, Google, AWS, Azure, and others. Inside OpenAI, that same technology becomes a wedge to make Frontier safer and stickier, but it may look less neutral to multi model enterprises.
  5 sacra 2 promptfoo 1 openai

The next phase of enterprise AI competition will be won by the platform that makes agents safe enough to approve for production. As rivals add their own governance and control layers, OpenAI is moving early to collapse model access, agent runtime, security testing, and compliance evidence into one system, which should make Frontier harder to displace once deployed.