Ian Webster CEO Co founder

Ian Webster, CEO & Co-founder

Promptfoo: Pioneering AI Security in the Era of Generative Intelligence

In today’s world, where generative AI powers everything from chatbots to complex enterprise systems, security is no longer optional—it’s essential. Based in San Mateo, California, Promptfoo is leading the charge, building advanced frameworks to safeguard AI systems against ever-evolving threats.

Founded by experienced security and engineering professionals who have previously scaled generative AI products to hundreds of millions of users, Promptfoo was born from a single mission: to create the tools they wished existed while defending AI on the front lines.

Backed by Insight Partners, Andreessen Horowitz, and top figures in tech and cybersecurity, Promptfoo has rapidly earned a reputation as the gold standard in AI red teaming and security testing, offering comprehensive protection across the entire AI stack.

Red Teaming for AI Applications

Promptfoo’s AI red teaming platform identifies and mitigates vulnerabilities before attackers can exploit them. Unlike traditional cybersecurity testing, which focuses on networks or applications, AI red teaming dives into the behavioral and contextual weaknesses of language models and multimodal systems. Every potential attack vector—from prompt injections to data leaks—is rigorously tested and secured.

Core Security Capabilities

  1. Prompt Injection & Jailbreaking
    Preventing AI systems from being tricked into bypassing safety measures or generating harmful outputs, Promptfoo detects and blocks prompt injections and jailbreaking attempts.
  2. RAG Document Exfiltration
    Retrieval-Augmented Generation (RAG) systems are particularly vulnerable to data theft. Promptfoo safeguards sensitive information within knowledge bases from malicious access.
  3. System Prompt Override
    The platform ensures that core instructions and behavioral constraints remain intact, even against sophisticated attacks attempting to override system prompts.
  4. Malicious Resource Fetching
    Promptfoo protects against server-side request forgery (SSRF), preventing AI models from fetching unauthorized data or connecting to restricted servers.
  5. Data Privacy & PII Protection
    Monitoring interactions in sessions, APIs, and chat systems, Promptfoo blocks leaks of personally identifiable information (PII), ensuring compliance with privacy standards.
  6. Harmful Content Prevention
    Promptfoo filters and blocks toxic, illegal, or dangerous content, providing AI systems with consistent ethical safeguards.
  7. Unauthorized Data Access
    By uncovering Broken Object Level Authorization (BOLA) vulnerabilities, Promptfoo prevents exposure of sensitive data through improper access control.
  8. Tool & Function Discovery Protection
    The platform stops adversaries from probing connected AI functions and integrations.
  9. Unsupervised Contracts
    Promptfoo prevents AI from creating unauthorized legal or business commitments that could expose organizations to risk.

Why Choose Promptfoo

Promptfoo is more than an AI security tool—it’s a trusted standard used by foundation model labs, Fortune 50 enterprises, and over 200,000 open-source users globally. Its custom attack generation system leverages advanced ML techniques to simulate realistic, evolving threats, rather than relying on static jailbreaks.

Detailed vulnerability reports with actionable remediation steps enable teams to fix weaknesses quickly. Continuous monitoring integrates with CI/CD pipelines, maintaining an up-to-date record of AI risk posture. Deployments can be cloud-based or on-premises, aligning with compliance and data sovereignty requirements.

Adaptive AI Guardrails

Unlike static guardrails, Promptfoo’s adaptive guardrails learn and evolve from real-world attacks. They can even validate third-party safety systems, creating an independent verification layer. Deployment is fast and requires minimal code changes, supporting all major LLM providers and custom models. Each attempted breach strengthens defenses, turning attack data into actionable intelligence.

End-to-End AI Security

Promptfoo covers every stage of an AI system’s lifecycle:

  • Model File Security: Detects malicious code, unsafe configurations, or suspicious operations in formats such as PyTorch, TensorFlow, Keras, Pickle, JSON, and YAML.
  • Behavioral Testing: Simulates jailbreaks, injections, and stress conditions to ensure robustness.
  • Compliance Mapping: Automatically aligns with frameworks like OWASP Top 10 for LLMs, NIST AI RMF, EU AI Act, and MITRE ATLAS, while supporting custom industry-specific policies.

A Vision for Safe, Responsible AI

Promptfoo isn’t just building tools—it’s advancing a movement toward secure AI adoption. As generative AI becomes integral to healthcare, finance, education, and government, trusted AI is critical. By empowering developers, security teams, and enterprises with battle-tested solutions, Promptfoo ensures innovation never comes at the expense of safety.

In the fast-moving world of AI, Promptfoo isn’t just keeping pace—it’s defining the standard for secure, responsible AI.

Ian Webster, CEO & Co-founder

Before founding Promptfoo, Ian led LLM engineering and developer platform teams at Discord, scaling AI products to over 200 million users while maintaining the highest standards of safety, security, and compliance.