In 2024, Ian Webster and Michael D'Angelo started building Promptfoo, an open-source tool for red-teaming AI systems. Their platform now serves over 200,000 developers and more than 25% of Fortune 500 companies, including Shopify, Amazon, and Anthropic. Today, OpenAI announced it is acquiring them.

I've been tracking this trajectory. On January 16, I wrote that OpenAI was building a new cybersecurity product business unit to capture its share of the $213 billion enterprise security budget. On March 6, they launched Codex Security. Three days later, they bought Promptfoo.

Promptfoo's automated red-teaming and security testing will be integrated into OpenAI Frontier, the enterprise agent platform launched in February 2026 for building, deploying, and managing AI coworkers. OpenAI says it will continue building out Promptfoo's open-source offering under its current license.

My take:

  1. The real story is not the deal. It's what the deal reveals about direction. Codex Security scans code for vulnerabilities, builds threat models, and patches code. Promptfoo red-teams AI systems themselves: prompt injections, jailbreaks, data leaks, tool misuse, out-of-policy agent behaviors. That's AI security overall. OpenAI is signaling that some security verticals need to just become part of the AI platform.
  2. Security spending is migrating from thin, dedicated security budgets to far larger compute and token budgets. OpenAI now has three cybersecurity layers in one enterprise platform: Codex Security for code, Promptfoo for AI red-teaming, and Frontier for agent governance with enterprise IAM, compliance controls, and audit trails.
  3. Frontier labs are not building cybersecurity businesses. They are embedding security into their core offerings, the same way cloud providers spent the past decade folding IAM, encryption, and monitoring into AWS, Azure, and GCP. The pattern is the same, but moving much faster. The race is not over, but the endgame is clear. When you're selling AI coworkers to the Fortune 500, you can't outsource trust. Enterprises demand secure and trustworthy AI agents.
  4. For AI security founders, the window is narrowing fast. There are two strategies in front of them: sell now and collect acqui-hire premiums, or dig deeper into problems the labs will not solve. The most defensible angle may be the multi-vendor play. Enterprises learned from cloud lock-in that being multi-platform helps. The same lesson applies to AI. Security tools that secure agents across OpenAI, Anthropic, and Google simultaneously will be valuable.

Sources:

  1. OpenAI to acquire Promptfoo
  2. Codex Security: now in research preview
  3. OpenAI is building a new cybersecurity product business unit
  4. OpenAI releases Codex Security days after Anthropic announced Claude Code Security