# promptfoo > Promptfoo is an AI security testing platform that helps developers and enterprises find and fix vulnerabilities in LLM applications through automated red teaming, guardrails, and evaluations. Promptfoo is an open-source AI security testing platform used by 127 of the Fortune 500 to proactively identify and remediate vulnerabilities in LLM applications, agents, and RAG pipelines. It provides automated red teaming, real-time guardrails, model security testing, and prompt/model evaluations — all integrated directly into developer workflows and CI/CD pipelines. Backed by Andreessen Horowitz and Insight Partners, Promptfoo is built by practitioners who scaled generative AI to hundreds of millions of users. With over 300,000 open-source users and 134,000+ weekly downloads, it represents the world's largest AI security community. - **Automated Red Teaming** — *Run `npx promptfoo@latest redteam setup` to generate thousands of context-aware attacks including prompt injections, jailbreaks, PII leaks, and business rule violations tailored to your application.* - **Real-Time Guardrails** — *Deploy runtime protection against jailbreaks and adversarial attacks to shield production AI applications from live threats.* - **Model Security Testing** — *Conduct comprehensive security assessments across foundation models and custom deployments to benchmark safety and compliance.* - **LLM Evaluations** — *Test and compare prompts, models, and RAG pipelines with configurable YAML-based test suites and view results locally or in the cloud.* - **MCP Proxy** — *Secure Model Context Protocol communications with a dedicated proxy layer for agent frameworks.* - **Code Scanning** — *Find LLM vulnerabilities directly in your IDE and CI/CD pipeline before they reach production.* - **CI/CD Integration** — *Connect to GitHub, GitLab, Jenkins, and more to run continuous security testing as part of your development lifecycle.* - **Compliance Dashboards** — *Verify adherence to industry frameworks (HIPAA, FINRA, etc.) with centralized reporting and issue tracking.* - **Threat Intelligence** — *Leverage real-time attack data from a community of 300,000+ developers, with contributors from OpenAI, Google, Microsoft, and Amazon.* - **Enterprise Controls** — *SSO, granular permissions, team-based access control, webhooks, and managed cloud or on-premise deployment options.* ## Features - Automated red teaming - Real-time guardrails - Model security testing - LLM evaluations - MCP proxy - Code scanning - CI/CD integration - Compliance dashboards - Threat intelligence - SSO and access control - On-premise deployment - Continuous monitoring - Remediation guidance in PRs - RAG pipeline evaluation - 50+ vulnerability types coverage ## Integrations GitHub, GitLab, Jenkins, Amazon Bedrock, OpenAI, Anthropic, Discord, Shopify, Microsoft, AWS, MCP agent frameworks ## Platforms LINUX, WEB, API, VSC_EXTENSION, DEVELOPER_SDK ## Pricing Open Source, Free tier available ## Links - Website: https://www.promptfoo.dev - Documentation: https://www.promptfoo.dev/docs/intro/ - Repository: https://github.com/promptfoo/promptfoo - EveryDev.ai: https://www.everydev.ai/tools/promptfoo