Promptfoo

We tested OpenClaw with Promptfoo. A malicious webpage was enough to push the agent through capability discovery, local artifact creation, and false incident messages sent to test endpoints. A browse-capable local agent is not just "an AI tool for employees." If it can read local documents and send outbound messages, it starts to look a lot more like a privileged endpoint inside your work environment. The important issue is not only whether the model is helpful. It's whether browsing, local access, and outbound actions are separated by real control points. If those capabilities share one trust boundary, prompt injection becomes a workplace deployment risk: - false internal or external communications - local secrets packaged into new artifacts - agent-written files that later prompts or workflows may trust My view: do not broadly deploy browser-capable local agents with company data access and messaging integrations unless outbound actions are explicitly approved and local access is tightly constrained. Link to post in comments.

I’m super excited to welcome Ian W., Michael D'Angelo, and the Promptfoo team to OpenAI. As enterprises deploy AI coworkers into real workflows, evaluation, security, and compliance become foundational requirements. Promptfoo has built a great set of tools for automated security testing and red-teaming, security and evaluation built into development workflows, and integrated reporting and traceability to meet growing governance, risk, and compliance expectations. We are excited to integrate these capabilities into Frontier and bring them to our customers. https://lnkd.in/gxZknbWh

Today we're announcing that Promptfoo will be joining OpenAI. Ian W. and I started Promptfoo in 2024 to help developers test and secure AI systems. We quickly realized the harder problem was trust: security, safety, and unpredictable behavior were major barriers to deploying AI at scale, especially in large enterprises. That pushed us beyond evals into AI security and red teaming. Promptfoo grew further and faster than I could have imagined. More than 350,000 developers have run evals with Promptfoo, 130,000 are active each month, and teams at more than 25% of the Fortune 500 have adopted it. In the process, we built an exceptional team of 23 across engineering, go-to-market, and operations. I'm proud of what we've built and how quickly this team built it. We're joining OpenAI to take this work much further. After close, the Promptfoo team will continue building inside OpenAI Frontier, helping make evaluation, red teaming, and security review a built-in part of how teams ship AI agents. Promptfoo remains open source. We'll continue maintaining the project, accepting contributions, supporting multiple providers and models, and serving customers. I'm grateful to Ian for building this with me from the beginning, to our team for the talent, speed, rigor, and discipline that made this possible, to our investors at Andreessen Horowitz and Insight Partners for believing early, and to everyone in the community who contributed code, filed issues, ran evals with Promptfoo, or trusted it in production. We set out to solve a hard problem, and now we have the chance to keep doing it at a much bigger scale. Read more: https://lnkd.in/e4T6JPBC https://lnkd.in/efBJWNrB

Promptfoo is being acquired by OpenAI. We will remain open source, and we will continue to serve and support our users and customers. We started Promptfoo to help developers systematically test AI applications. It was clear very quickly that the biggest blockers to real world AI usage are security and governance. That’s why 350k open-source users and nearly half the Fortune 100 use Promptfoo. Joining OpenAI will let us take our best-in-class red teaming tech and connect it deeply into the model and inference layers. We will be able to find & fix AI security issues in a way that no one else has done before. Grateful to our team, our investors at Insight Partners and a16z, our open-source community, and every team that trusted us in production. You built this with us. There is lots more to look forward to ❤️

We recently filed 7 security advisories against existing ML model scanners, including a CVSS 10.0 universal bypass. It's pretty clear the ecosystem needs a fundamental improvement. So today we’re open-sourcing ModelAudit, our static scanner for ML artifacts. Model files execute code at load time and can be a serious supply chain risk. ModelAudit has already found 4 malicious models live on HuggingFace that bypass every scanner in their pipeline. If your org treats models like dependencies (as it should), worth checking this out. Congrats to Yash Rajesh Chhabria for your incredible work on this! Details in comments

OpenAI just released their cookbook for AI agent governance. Looks like Promptfoo is the tool of choice for testing whether an attacker can break guardrails 😉 That said, this cookbook is a solid technical walkthrough of a fintech agent with access to sensitive data. Also glad they leaned into traceability. As architectures get more complex (and enterprises actually roll out agents), this is going to be a prereq for any security and compliance testing. Cookbook: https://lnkd.in/grDeDxja

This is it—tomorrow's the day! 🚀 Thanks Northern Virginia Technology Council (NVTC) for organizing this high-impact briefing on "When AI Becomes the Threat: Cybersecurity in the New Age of Agentic AI" at Amazon HQ2—right in our backyard! 🏢 I'll keynote on Risk Management in the Agentic AI Era with a focus on Cloud Security Alliance's MAESTRO Threat Modeling Framework. ⚔️ Join the panel with: 🚀 Rob Joyce(Former NSA Cybersecurity Director) on nation-state AI weaponization 🔍 Ian W. (CEO, Promptfoo) on espionage workflows Moderated by KJ Lian (Amazon Web Services (AWS)) Meeting details in comment below. #AgenticAI #AISecurity #Cybersecurity #NVTC

We are excited to have Ian Webster, our CEO and Co-Founder, join the Northern Virginia Technology Council for a panel discussion on the topic of "When AI Becomes the Threat: Cybersecurity in the New Age of Agentic AI". During the discussion, he will show in a live demo how attackers chain “innocent” prompts into full espionage workflows (and how to stop them). When: Feb 4, 2026 from 08:45 to 11:00AM Where: AWS HQ2 in Arlington, VA Registration link and address details in the comments.

Databricks just announced BlackIce, a red-teaming toolkit for AI that bundles 14 tools. Promptfoo is included :) It's kind of like Kali Linux for AI red teamers - a curated set of tools that just work. Great to see the ecosystem pushing AI security forward together. Details in comment

Understand the key deadlines for 2026, what documentation is required and how to prepare your systems for this new reality. By Promptfoo CEO & Co-Founder Ian W.