Promptfoo
What is Promptfoo?
Promptfoo is an AI security testing platform for AI product, security, and platform teams that generates application-specific attacks, runs evaluations, and turns findings into remediation guidance. It combines Red Teaming, Guardrails, MCP Proxy, Code Scanning, Evaluations, and Automated PR review, and is used by OpenAI, Anthropic, Shopify, Discord, Okta, Fidelity, and Fortune 500 companies. Plans run Community Free Forever, Enterprise Custom, and On-Premise Custom.
Last verifiedHow we evaluate
At a glance
- Promptfoo is best for AI product teams who need continuous security testing before release.
- Community Free Forever; Enterprise Custom; On-Premise Custom
What does Promptfoo do?
Promptfoo automates AI security testing by generating application-specific attacks, running evaluations, and turning findings into remediation guidance. Its red teaming flow simulates real users to uncover prompt injections, jailbreaks, data leaks, tool misuse, and other risks, while guardrails add a feedback loop that improves defenses over time. Code scanning brings the same checks into IDE and CI/CD workflows, so teams can catch issues before they ship. At scale, Promptfoo is used by 156 of the Fortune 500 and backed by a 300k+ user community with 300,000+ developers contributing threat intelligence and test ideas. The platform covers 50+ vulnerability types and supports local or self-hosted deployment for teams that want control over their environment. Customers and users cited on the site include OpenAI, Anthropic, Shopify, Discord, Okta, and Fidelity, alongside enterprise teams that need continuous monitoring and compliance reporting.
Why use Promptfoo?
- It combines red teaming, guardrails, model security, and code scanning in one workflow, so teams can move from finding issues to fixing them faster.
- The open-source Community tier supports local use and self-hosting, which helps teams keep testing close to their own infrastructure.
- Continuous monitoring and remediation guidance reduce the gap between a vulnerability report and an actual fix.
- Its adaptive guardrails use red team findings to refine defenses, so protection can improve as attack patterns change.
- The platform is built for enterprise adoption, with SSO, granular permissions, and centralized security dashboards in paid plans.
Who is Promptfoo for?
- Security directors who need enterprise-scale AI risk testing across many applications.
- Developers who want LLM vulnerability checks inside their coding workflow.
- Platform teams who need continuous monitoring and remediation tracking.
- Compliance teams who need audit-ready security reports and framework mapping.
- AI engineering teams who need to test prompts, models, RAG, and agents together.
What are Promptfoo's key features?
Red Teaming
Run red team tests with 10k probes per month to find prompt injection and jailbreak issues before release, reducing exposure in production.
Guardrails
Validate any guardrail system against LLM attacks and vulnerability scanning, so teams can measure whether protections actually block risky outputs.
MCP Proxy
Proxy MCP traffic through approved servers and monitor activity in real time, helping teams control tool access across MCP integrations.
Code Scanning
Scan code in GitHub, GitLab, and VS Code workflows for LLM-specific detection, catching risky patterns before they reach CI or review.
Evaluations
Run LLM evaluations across all model providers and integrations, giving teams repeatable checks they can use locally or on self-hosted infrastructure.
Centralized security management
Manage security and compliance from one dashboard with SSO, granular permission profiles, and continuous monitoring for enterprise teams.
Automated PR review
Review pull requests in GitHub, GitLab, and Bitbucket Pipelines to catch prompt and security issues during code review instead of after merge.
Self-improving protection
Use data-driven improvement loops to tune attack profiles and target settings, so defenses get better as teams test more cases.
What does Promptfoo integrate with?
- GitHub
- GitLab
- Jenkins
- AWS CodeCommit
- Splunk
- Azure Pipelines
- Bitbucket Pipelines
- Burp Suite
- CircleCI
- GitHub Actions
- GitLab CI
- Google Sheets
- Helicone
- Langfuse
- Looper
- n8n
- Portkey AI
- SharePoint
- SonarQube
- Travis CI
- VS Code
What are Promptfoo's use cases?
Security directors red team apps
Security directors who need enterprise-scale AI risk testing across many applications use Promptfoo to run Red Teaming across prompts, models, RAG, and agents together. They centralize findings with Centralized security management and track what needs remediation before risky behavior reaches production.
Developers scan in workflow
Developers who want LLM vulnerability checks inside their coding workflow use Promptfoo with Code Scanning and Automated PR review to catch issues before merge. They get feedback in VS Code or GitHub Actions, helping them fix prompt and model problems without slowing delivery.
Compliance-ready security reporting
Compliance teams who need audit-ready security reports and framework mapping use Promptfoo's Evaluations and Centralized security management to document testing results across teams. They can keep evidence organized for reviews while showing how guardrails and model checks were applied.
Platform monitoring and remediation
Platform teams who need continuous monitoring and remediation tracking use Promptfoo's Guardrails and Real-time monitoring & alerts to watch live AI behavior. They can spot regressions quickly, then use Self-improving protection to tighten defenses as new issues appear.
How does Promptfoo work?
- Connect your first app, model, or repository through GitHub, GitHub Actions, VS Code, or another supported integration, then point Promptfoo at the prompts, models, RAG, or agents you want to test.
- Run Red Teaming and Evaluations to probe for jailbreaks, hallucinations, and policy gaps, or use Code Scanning and Pull Request Review to catch issues before they ship.
- Review findings in Centralized security management, then apply Guardrails or whitelist approved MCP servers to reduce exposure and control what your AI systems can access.
- Monitor ongoing behavior with Real-time monitoring & alerts and Continuous monitoring, so new regressions surface quickly and teams can respond before users are affected.
- Use Self-improving protection and Data-driven improvement to tune defenses over time, keeping remediation visible and your AI stack safer as it changes.
How much does Promptfoo cost?
Community
Free Forever- All LLM evaluation features
- All model providers and integrations
- Red teaming (10k probes/month)
- Custom integration with your own app
- Run locally or self-host on your own infrastructure
- Vulnerability scanning
- Community support
Enterprise
Custom- All Community features
- Custom red teaming limits
- Team sharing & collaboration
- Continuous monitoring
- Centralized security/compliance dashboard
- Customizable attack profiles and target settings
- SSO and granular permission profiles
- Promptfoo API access
- Managed cloud deployment
- Professional services support
- Priority support & SLA guarantees
On-Premise
Custom- All Enterprise features
- Deployment on your own infrastructure
- Complete data isolation
- Dedicated runner
- Assigned deployment engineer
Frequently asked questions
What is Promptfoo?
Promptfoo is an AI security testing platform for AI product, security, and platform teams that generates application-specific attacks, runs evaluations, and turns findings into remediation guidance. It combines Red Teaming, Guardrails, MCP Proxy, and Code Scanning, and is used by OpenAI, Anthropic, Shopify, Discord, Okta, and Fidelity. Plans run Community Free Forever, Enterprise custom, and On-Premise custom.
How much does Promptfoo cost? Is it free?
Promptfoo has a free plan, with paid tiers including Enterprise at Custom, On-Premise at Custom.
What is Promptfoo used for? Who is it for?
Promptfoo is used for Red Teaming, Guardrails, and MCP Proxy. It's built for Security directors, Developers, and Platform teams.
Does Promptfoo have an API and what does it integrate with?
Promptfoo doesn't publish a public API.
Editor's read
Check whether your workflow needs the 10k probes/month Community ceiling or the custom red teaming limits in Enterprise. If you also need complete data isolation, that is only listed on On-Premise.
Explore other Security AI Agents
