On March 9, 2026, OpenAI announced it is acquiring Promptfoo, an AI security platform founded in 2024 that helps enterprises find and fix vulnerabilities in AI applications before they ship. The deal is small by OpenAI’s standards — Promptfoo had raised just $23 million in total — but the strategic signal is loud.
More than 350,000 developers use Promptfoo. Teams at more than 25% of Fortune 500 companies rely on it. When a company with that kind of penetration gets absorbed into the world’s most widely used AI platform, it’s worth understanding why and what comes next.
What Promptfoo Actually Does
Most enterprise teams building AI agents focus on what the agent can do: automate the workflow, answer the question, generate the report. Security is typically an afterthought, addressed after launch when something goes wrong.
Promptfoo flips that. It’s a platform for automated red-teaming of AI applications — systematically trying to break your AI before your users do. The tools test for prompt injection attacks, data exfiltration risks, jailbreaks, and behavioural drift, running thousands of adversarial test cases against your AI application as part of the development cycle.
In practice, this means teams can catch issues like “the agent will hand over sensitive customer data if asked in a specific way” or “the agent can be manipulated into ignoring its instructions” before those behaviours reach production.
Why OpenAI Wants This Now
OpenAI launched its enterprise agent platform, OpenAI Frontier, in February 2026 with customers including Uber, State Farm, Intuit, and Thermo Fisher Scientific. Frontier is designed for businesses deploying AI coworkers — agents that access real systems, take real actions, and handle real data.
At that scale, security is not optional. Enterprise buyers have legal exposure, regulatory obligations, and reputational risk tied to what their AI systems do. They need to demonstrate that their agents behave as intended across a wide range of inputs, including adversarial ones. That is exactly what Promptfoo provides.
OpenAI’s stated plan is to integrate Promptfoo’s technology into Frontier’s model and infrastructure layers so teams can run security evaluations continuously rather than as a one-off exercise. The intent is to make security testing as automatic as running tests in a software build pipeline.
Promptfoo will remain open source and will continue to support all AI providers, not just OpenAI models. That is an important detail: enterprises using Anthropic, Google, or open-source models will still benefit from the tooling.
The Bigger Pattern
This acquisition fits a broader shift happening across the enterprise AI industry.
For the past two years, the conversation around AI agents in business has been dominated by capability: what can agents do, how much can they automate, what processes can they handle? The security and governance side has been acknowledged in theory but rarely prioritised in practice.
That is changing quickly. The 2026 CISO AI Risk Report found that 47% of CISOs had observed AI agents exhibiting unintended or unauthorised behaviour inside their organisations. Okta’s March 2026 research showed that 88% of organisations reported suspected or confirmed AI agent security incidents, while only 22% treat AI agents as independent identity-bearing entities with proper access controls.
The industry is catching up to the reality that autonomous agents introduce a different kind of risk than traditional software. A misconfigured application doesn’t take actions on its own. An AI agent can.
OpenAI buying the company that 25% of Fortune 500 security teams already trust accelerates the maturity of this space considerably. It normalises security testing as part of the agent development lifecycle rather than a specialist afterthought. The pattern continued in April 2026 when both Anthropic and OpenAI moved to restrict access to their most capable cybersecurity AI — Anthropic through Project Glasswing and OpenAI through its Trusted Access for Cyber product — signalling that the security arms race has moved well beyond tooling into the frontier models themselves.
What This Means for Business
If your organisation is deploying AI agents — or evaluating them seriously — this development matters in a few practical ways.
Security is becoming table stakes, not a differentiator. Enterprise AI platforms are moving toward built-in security validation. Businesses that have not started thinking about how their agents are tested and governed are falling behind a baseline that buyers and regulators are starting to expect.
Open-source tools are available now, without waiting for platform integration. Promptfoo’s tools remain free and open source. Teams building AI applications on any platform can use them today to test agent behaviour systematically. The acquisition does not change that.
The question to ask any AI vendor is: how do you test what your agents do in edge cases? A vendor that cannot answer this clearly is selling you something that has not been rigorously validated. That is fine for internal experiments. It is not fine for agents that touch customer data, financial systems, or operational workflows.
The compliance window is narrowing. As AI agents become more prevalent, regulatory frameworks around automated decision-making and AI safety are developing in parallel. Organisations that build security and evaluation practices into their agent deployments now will be better positioned when those frameworks become requirements rather than recommendations.
Building Agents That Earn Trust
The businesses that are winning with AI agents right now are not necessarily the ones with the most sophisticated technology. They are the ones whose agents work reliably, can be explained to stakeholders, and do not produce surprises in production.
That combination of reliability and transparency is what makes the difference between an AI agent deployment that generates ROI and one that gets quietly switched off after the first incident.
Enterprise DNA put together a free field guide on exactly this: the full Claude ecosystem, Claude Code, and how to roll agents out without breaking things. Get the guide.
Source
OpenAI
Free Resource
Going deeper with Claude?
Get the free 32-page implementation guide for ANZ teams.
Your guide is ready
Check your downloads folder. If it did not open automatically, use the button below.
Download the Guide