Find & fix problems in your LLM apps
Open-source LLM testing used by 30,000+ developers
Automated pentesting for your app
Run an automatic scan tailored to your application that detects security, legal, and brand risks:
npx promptfoo@latest redteam init
Our probes cover common failures like:
- PII leaks
- Insecure tool use
- Cross-session data leaks
- Jailbreaks
- Harmful content
- Specialized medical and legal advice
- and much more
Trusted by developers at
Comprehensive security coverage
Custom probes for your application that identify failures you actually care about, not just generic jailbreaks and prompt injections.
Learn MoreBuilt for developers
Move quickly with a command-line interface, live reloads, and caching. No SDKs, cloud dependencies, or logins.
Get StartedBattle-tested, 100% open-source
Used by teams serving millions of users and supported by an active open-source community.
View on GitHubEasy abstractions for complex LLM testing
Simple declarative config
# Test cases are generated to specifically target the system's use case
purpose: 'Budget travel agent'
# Define where payloads are sent
targets:
- id: 'https://example.com/generate'
config:
method: 'POST'
headers:
'Content-Type': 'application/json'
body:
userInput: '{{prompt}}'
Detailed, actionable results