Promptfoo

freemium

Automated red teaming, guardrails, and evaluations for LLM applications. Trusted by 127 Fortune 500 companies and 300,000+ developers to ship secure AI.

Testing & QA Tools

LLM Developer Tools

AI Infrastructure Tools

About

Promptfoo is a comprehensive AI security and testing platform designed to help engineering and security teams build safe, reliable AI applications. It integrates directly into development workflows — from local IDE to CI/CD pipelines — so vulnerabilities are caught before they reach production. The platform offers five core products: **Red Teaming** that auto-generates context-aware adversarial attacks including prompt injections, jailbreaks, PII leaks, and insecure tool use; **Guardrails** that provide real-time protection against jailbreaks and adversarial inputs at runtime; **Evaluations** for systematically testing prompts, models, and RAG pipelines against quality and safety benchmarks; **Code Scanning** that surfaces LLM vulnerabilities directly in the IDE and in CI/CD; and an **MCP Proxy** for securing Model Context Protocol communications. Prompfoo is powered by a global threat-intelligence community of 300,000+ open-source users and contributors from OpenAI, Google, Microsoft, and Amazon, ensuring attacks stay current with the latest real-world exploits. Security findings surface as actionable remediation steps in pull requests, enabling teams to track and close the loop efficiently. Available as an open-source CLI tool (via npm) and as a full enterprise SaaS platform, Promptfoo is well suited for developers, AI security engineers, and enterprise teams shipping agents and LLM-powered products.

Key Features

Automated Red Teaming: Generates thousands of context-aware adversarial attacks — including prompt injections, jailbreaks, PII leaks, and toxic content — tailored specifically to your AI application.
Real-Time Guardrails: Intercepts and blocks jailbreaks, adversarial inputs, and policy violations at runtime, protecting production AI systems continuously.
Prompt & Model Evaluations: Systematically test and compare prompts, models, and RAG pipelines using configurable YAML test suites with local or cloud execution.
CI/CD & IDE Integration: Integrates with GitHub, GitLab, Jenkins, and popular IDEs to surface security findings and remediation guidance directly in pull requests and developer workflows.
Global Threat Intelligence: Leverages real-time attack data from a community of 300,000+ users and contributors from top AI labs to keep test coverage current with emerging threats.

Use Cases

Security teams red-teaming LLM-powered customer-facing chatbots to uncover jailbreaks and data leakage before launch.
ML engineers running automated evaluations to compare prompt versions and model upgrades across quality and safety benchmarks.
DevOps teams embedding LLM vulnerability scanning into CI/CD pipelines to block risky AI code changes in pull requests.
Enterprises in regulated industries (finance, healthcare, insurance) using compliance-aligned security testing to meet FINRA, PHI, and fair housing requirements.
AI developers testing and securing multi-step agent workflows and RAG pipelines for insecure tool use and indirect prompt injection.

Pros

Developer-First Workflow: Runs locally via a single npm command, integrates into existing CI/CD pipelines, and delivers actionable findings in PRs — minimizing friction for engineering teams.
Open-Source Core: The open-source CLI is free and widely adopted, making it easy to trial and embed without procurement overhead while still scaling to enterprise needs.
Broad Attack Coverage: Covers a wide range of LLM-specific threats — prompt injection, jailbreaks, data leakage, business logic violations, and agent tool misuse — in one unified platform.
Enterprise Scale & Trust: Trusted by 127 Fortune 500 companies including top financial services, healthcare, and telecom organizations, with compliance-aligned testing for regulated industries.

Cons

Advanced Features Require Paid Plan: Enterprise capabilities like managed guardrails, full threat-intel feeds, and team-level tracking are gated behind paid tiers, which may be costly for smaller teams.
YAML Configuration Learning Curve: Setting up comprehensive test suites and custom attack flows requires familiarity with YAML configuration, which can slow initial adoption for non-developer users.
Primarily CLI/API Driven: The open-source version is heavily CLI-based; the richer visual dashboard and workflow features are mainly available in the cloud/enterprise offering.

Frequently Asked Questions

Yes — Promptfoo has a free, open-source CLI available via npm (`npx promptfoo@latest`). Enterprise features such as managed guardrails, advanced threat intelligence, and team collaboration tools are available on paid plans.

Promptfoo detects direct and indirect prompt injections, jailbreaks, PII and data leaks, business rule violations, insecure tool use in AI agents, toxic content generation, and more — all tailored to your specific application context.

It integrates with CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins), IDEs for code scanning, and MCP-based agent frameworks. Security findings are surfaced as comments and remediation steps directly in pull requests.

Yes. Promptfoo supports evaluations and red teaming for RAG pipelines, multi-step agents, and tools using the Model Context Protocol (MCP), making it suitable for complex agentic architectures.

Promptfoo is used by 300,000+ developers and 127 Fortune 500 companies across industries including financial services, healthcare, insurance, telecommunications, and real estate. Contributors include engineers from OpenAI, Google, Microsoft, and Amazon.