Promptfoo

Promptfoo

Software Development

San Francisco, CA 669 followers

Find & fix LLM vulnerabilities

About us

Promptfoo discovers and eliminates major LLM risks before they are shipped to production. Its founders have experience launching and scaling AI to over 100M users using automated red-teaming and testing to overcome security, legal, and compliance issues. Promptfoo's open-source, developer-first approach has made it the most widely adopted tool in this space, with over 20,000 users at companies like Shopify, Amazon, and Anthropic. https://www.promptfoo.dev

Website
https://www.promptfoo.dev/
Industry
Software Development
Company size
2-10 employees
Headquarters
San Francisco, CA
Type
Privately Held

Locations

Employees at Promptfoo

Updates

  • Just shipped: Promptfoo can chain jailbreaks together to generate novel attacks

    View profile for Ian W., graphic

    Cofounder, CEO @ Promptfoo | LLM red teaming

    Just like traditional exploits, LLM jailbreaks can be combined to create more potent attacks. Here's an example. By combining techniques like encoding, formatting, fictional dialogue, and an affirmative prefix, the model tells us how to synthesize drugs. This chain bypasses safety controls that would have caught each technique individually. Sometimes the whole is greater than the sum of its parts. Completely coincidentally... Promptfoo now generates "composite" jailbreaks like this one, so you can test these chains and see how vulns interact.

    • No alternative text description for this image
  • Promptfoo reposted this

    View profile for Ian W., graphic

    Cofounder, CEO @ Promptfoo | LLM red teaming

    Just shipped: detection for cross-session data leaks in LLM-based apps. This is a pretty simple test, but an important one - many agentic systems are stateful. Now we can test automatically for this type of failure, applying jailbreaks/injections to retrieve data even when normal methods cannot. If you're thinking about AI security failures, check out Promptfoo - vulnerability scanner that runs locally and is open-source.

    • No alternative text description for this image
  • Promptfoo reposted this

    View profile for Ian W., graphic

    Cofounder, CEO @ Promptfoo | LLM red teaming

    Just shipped a plugin that tests for LLM hijacking/data exfiltration using ASCII smuggling (invisible unicode). These types of attacks are interesting because they can be used to circumvent human-in-the-loop mitigations. For example: - Invisible instructions embedded in the content of a webpage that, when pasted into an internal system, hijacks the session to call tools/db/exfiltrate, etc - Invisible instructions embedded in a document that, when loaded in a RAG architecture, hijacks or manipulates the result - Invisible data leak when paired with some exfiltration tactic (e.g. link unfurling, image previews, etc) - Invisible data generated by an LLM to fingerprint outputs Some but not all major chat interfaces strip these characters. If you're feeding UGC directly to an inference API this is something you should be aware of. Attached image outlines a basic example :)

    • No alternative text description for this image
  • View organization page for Promptfoo, graphic

    669 followers

    Shipped: conversational red teaming for LLMs Automated chat that probes an AI's boundaries and constraints. It starts with an innocent chat related to a sensitive topic, then subtly increases specificity to guide the AI into a successful attack. It exploits three common problems: 1. LLMs tend to be more compliant if they've already helped the user 2. LLMs are vulnerable when they are guided step-by-step into ethical and security gray areas 3. LLMs tend to drift from their system prompts during a long chat. As AIs become more sophisticated, so must our testing methodologies. Multi-turn attacks like this one help to make conversational AI more robust.

    • No alternative text description for this image
  • View organization page for Promptfoo, graphic

    669 followers

    Just shipped: tree-based method for jailbreaking LLMs. This pentest technique finds the most effective way to bypass AI safeguards by mutating a malicious prompt. For security professionals, this strategy can automate a lot of grunt work and put a spotlight on the real risks. The best news - it's free and open source. Try it here: https://lnkd.in/gKewZUJh

    • No alternative text description for this image
  • View organization page for Promptfoo, graphic

    669 followers

    Announcing three new red teaming plugins for LLM agents with access to internal APIs: 🔒 Unauthorized data access (Broken Object Level Authorization) ⬆️ Privilege Escalation (Broken Function Level Authorization) 🌐 Malicious resource fetching (Server-Side Request Forgery) They work by: 1. Targeting specific systems within your application’s infrastructure 2. Using "social engineering" tactics optimized for LLMs 3. Generating diverse adversarial inputs and running them through the agent Read more about how to red team gen AI systems: https://lnkd.in/g2Nb8gFe

    • No alternative text description for this image
  • Promptfoo reposted this

    View profile for Ian W., graphic

    Cofounder, CEO @ Promptfoo | LLM red teaming

    Excited to announce that Promptfoo has raised a $5M seed round from Andreessen Horowitz and other industry leaders to find and fix vulnerabilities in AI apps. AI security is broken. At Discord, I shipped generative AI to 200M users and tackled the unique risks of LLMs firsthand. The attack surface is massive and there are few tools or best practices. Promptfoo is the first product to adapt AI-specific pentesting techniques to your application. This helps you address the AI vulnerabilities that matter most to your business – like data leaks and insecure integrations – before they are shipped to users. Today, over 25,000 developers at companies like Shopify, Amazon, and Anthropic are fortifying their apps with our powerful open-source tool for evaluating AI behavior. Learn more about how to secure your applications below! https://lnkd.in/gFiE3hv7 Anjney Midha Zane Lackey Joel D. Adam Ely Frederic Kerrest Stanislav Vishnevskiy David Schellhase Michael D'Angelo Gregory Chang

    • No alternative text description for this image
  • New in Promptfoo in the last 2 weeks: 🔍 Advanced Red-Teaming Capabilities: We’ve added support for image model red-teaming and made it easier to add new plugins, giving you more flexibility in your security testing. 🛠️ Enhanced Developer Tools: New features like support for Gemini embeddings, markdown tables in the web UI, and improved support for AWS Bedrock. ✅ Improved Reliability: We’ve fixed several issues, including more robust JSON extraction, correct response formats, and better handling of environment variables. Huge thanks to our community for their contributions. Your input helps us continuously improve!

Similar pages

Funding

Promptfoo 1 total round

Last Round

Seed

US$ 5.0M

See more info on crunchbase