OpenAI acquires Promptfoo for Frontier agent security testing

• OpenAI said it is acquiring Promptfoo to strengthen “agentic security testing and evaluation capabilities” in Frontier, turning a well-known external red-teaming and eval stack into part of its own platform OpenAI announcement.
• The company also said Promptfoo will “remain open source under the current license” and that it will keep servicing and supporting existing customers, which lowers the immediate migration risk for teams already using the CLI or enterprise product license and support.
• OpenAI and secondary reports framed the deal around enterprise deployment: Promptfoo is described as technology for evaluating, securing, and testing AI systems “at enterprise scale,” with adoption claims that it already serves more than 25% of the Fortune 500 enterprise-scale quote Fortune 500 claim.
• For engineers shipping agents, the practical implication is more native vulnerability scanning, safety testing, and policy-style evaluation inside OpenAI’s stack rather than as a separate integration layer, according to OpenAI’s announcement and follow-on reporting Frontier focus Frontier integration.

OpenAI’s announcement says the Promptfoo acquisition is specifically about improving Frontier’s security testing and evaluation for agents, not a general acquihire or brand partnership agentic security testing. The company’s wording is narrow but consequential: Promptfoo’s core value is in testing, red-teaming, and finding failure modes before agentic systems touch real workflows.

That matches how others summarized the deal. TestingCatalog quoted OpenAI describing Promptfoo as bringing “deep engineering expertise in evaluating, securing, and testing AI systems at enterprise scale” enterprise-scale quote. For engineers, that points to stronger first-party eval harnesses around prompt attacks, unsafe tool use, and policy regressions rather than just more generic observability.

The clearest immediate commitment is continuity. OpenAI said Promptfoo will stay open source under its current license and that current customers will continue to be serviced and supported license and support. That matters because Promptfoo has been used both as an open-source CLI and as an enterprise security product, so the acquisition does not read as an abrupt shutdown of the existing workflow.

Supporting context from the discussion around the deal says Promptfoo already powers evaluation and red-teaming for “25%+ of the Fortune 500” Fortune 500 claim. Another summary describes OpenAI as baking Promptfoo’s capabilities into Frontier for “automated vulnerability scanning, safety testing, and compliance tracking” Frontier integration. Those extra details are secondhand rather than direct product docs, but they fit the direction of OpenAI’s own announcement: more of the security testing stack moves closer to the model platform.

OpenAI is making a bet that agent deployment is now a security-testing problem as much as a model-quality problem. Cedric Chee’s summary tied the acquisition to “AI coworkers” entering real enterprise workflows and the need for “systematic ways to test agent security” systematic testing. That is the operational shift behind this deal: evals are no longer just benchmark scorecards, but pre-deployment controls for tool use, data access, and policy compliance.

The announcement also lands alongside OpenAI’s broader push to expose more agent runtime behavior. In related discussion, OpenAI developer content highlighted a new “phase” parameter so agents can distinguish user-facing final responses from in-progress “commentary” during longer tasks phase parameter. That post is not about the acquisition itself, but it shows the same product direction: more structured agent behavior, and now, potentially, more native infrastructure to test whether that behavior is safe.