Secure Your LLM Applications

Detect, mitigate, and monitor vulnerabilities in AI systems before deployment

Get started Get a demo

Promptfoo has run 16 million probes this year at companies like

Find and fix LLM vulnerabilities before deployment

Issues found & remediated

Average on the first scan

Minutes

Average scan duration

82%

Unique findings

Not caught by guardrails

How it works

Promptfoo provides a comprehensive solution for managing LLM vulnerabilities throughout your development lifecycle.

Adaptive Scans

Our LLM models generate thousands of dynamic probes tailored to your specific use case and architecture, outperforming generic fuzzing and guardrails.

See how scans work

Continuous Monitoring

Integrate with your CI/CD pipeline for ongoing risk assessment, catching new vulnerabilities before they reach production.

Guided Mitigation

Manage issues, track progress, and receive actionable recommendations to address vulnerabilities.

Comprehensive Coverage

Cover 30+ areas of harm including prompt injections, jailbreaks, data/PII leaks, and bias/toxicity.

Adhere to OWASP, NIST, and EU AI frameworks, or create custom policies to enforce your own organizational standards.

View supported vulnerability and harm types

Why Promptfoo Leads in LLM Security

30+

Security Plugins

Comprehensive coverage for all aspects of LLM security

100%

On-Premises

Full control with local deployment options

200+

Companies

Trust Promptfoo for LLM security & testing

Frequently Asked Questions

What's the difference between Promptfoo Open Source and Promptfoo Enterprise?

Promptfoo Open Source is a free, open-source version of our platform that focuses specifically on local testing and one-off scans.

Promptfoo Enterprise is our commercial version that offers additional capabilities such as team collaboration, continuous monitoring, a centralized security dashboard, customized plugins, SSO, access control, cloud deployment options, and priority support with SLA guarantees.

How does Promptfoo differ from other LLM security tools?

Promptfoo is the only LLM security tool that includes the following:

- Dynamic test sets that are unique to your application.
- ML search & optimization algorithms that explore the state space of your application to find novel vulnerabilities.
- 30+ configurable plugins, including advanced attack types like conversational jailbreaks and indirect prompt injections.
- A focus on testing the security of applications rather than base models.
- Support for both black-box and gray-box applications.
- No SDK or agent requirements.

What types of LLM vulnerabilities can Promptfoo detect?

Promptfoo covers a wide range of vulnerabilities. This includes:

- Prompt injections
- Jailbreaks
- Insecure output handling
- Data poisoning
- Sensitive information/PII disclosure
- Insecure plugin design
- Excessive agency
- Overreliance

How does Promptfoo integrate with existing development workflows?

Promptfoo integrates with common CI/CD pipelines, allowing for continuous vulnerability detection throughout the development lifecycle. It offers:

- Support for popular CI/CD platforms
- Configurable scans on code changes, pull requests, or scheduled intervals
- Flexibility to run locally or self-hosted

What deployment options are available for Promptfoo?

Promptfoo offers both cloud-based and on-premises solutions. The on-premises option provides complete data isolation and control over your infrastructure.

Ready to Secure Your LLM Applications?

Try Promptfoo today and contact us to discuss how Promptfoo can improve your LLM security posture.

Get Started Contact Us