Independent reference. We are independent of every vendor listed. No affiliate links. No sponsored placements.
Promptfoo pricing 2026

Promptfoo: Pricing, Tiers and What's Actually Covered

Open-source LLM eval and red-team scanner. Strong on jailbreak and prompt-injection test generation. Cloud and Enterprise tiers add team collaboration and continuous monitoring.

AI red-team / eval
Promptfoo
San Francisco, CA, USA | Last verified 2026-06-19
Cheapest published rate
Free Community (open source), Team starts at published rate

Pricing tiers

Verbatim from the Promptfoo pricing page on 2026-06-19. Quote-only tiers are surfaced as such, never with an inferred price.

TierPriceFree allowanceNotes
Community (open source)Free / monthUp to 10K red-team probes per month, community supportAll core eval and red-team features
EnterpriseQuote only-Custom pricing, team collaboration, continuous monitoring, priority support
On-PremiseQuote only-Custom pricing, full infrastructure control

Source: https://www.promptfoo.dev/pricing/ | Verified 2026-06-19

OWASP LLM Top 10 coverage

What Promptfoo defends against, as claimed on its product pages and security documentation. Coverage flags are binary: an item is listed only if the vendor names the attack class explicitly.

  • LLM01 Prompt injection
  • LLM02 Sensitive information disclosure
  • LLM03 Supply chain
  • LLM04 Data and model poisoning
  • LLM05 Improper output handling
  • LLM06 Excessive agency
  • LLM07 System prompt leakage
  • LLM08 Vector and embedding weaknesses
  • LLM09 Misinformation
  • LLM10 Unbounded consumption

Hidden costs

Beyond the line-item price, every runtime AI guardrail carries operating costs the vendor page does not surface. Plan for these in any board paper.

  • Per-call latency overhead. Guardrail check sits in the request path; budget 50 to 300 ms extra per LLM call.
  • False-positive remediation. Allocate engineering time to tune policies after every guardrail rule change.
  • Logging and retention. Guardrail decisions need to land in your SIEM. See siemcostcalculator.com.
  • On-call coverage. Treat AI security alerts like SOC alerts. See securityoperationscost.com.

What Promptfoo is best for

Open-source LLM eval and red-team scanner. Strong on jailbreak and prompt-injection test generation. Cloud and Enterprise tiers add team collaboration and continuous monitoring.

Last verified June 2026Source: vendor pricing pages. See /methodology.