ContextQMD
Back to Promptfoo

Promptfoo Achieves SOC 2 Type II and ISO 27001 Certification: Strengthening Trust in AI Security

site/blog/SOC2-compliance.md

0.121.92.9 KB
Original Source

Promptfoo Achieves SOC 2 Type II and ISO 27001 Certification: Strengthening Trust in AI Security

We're proud to announce that Promptfoo is now SOC 2 Type II compliant and ISO 27001 certified — two globally recognized milestones that affirm our commitment to the highest standards in information security, privacy, and risk management.

At Promptfoo, we help organizations secure their generative AI applications by proactively identifying and fixing vulnerabilities through adversarial emulation and red teaming. These new certifications reflect our continued investment in building secure, trustworthy AI systems — not only in our technology, but across our entire organization.

<!-- truncate -->

Why This Matters

  • SOC 2 Type II: This audit confirms that our internal controls related to security, availability, and confidentiality are not only well-designed but operate effectively over time. It’s a rigorous, third-party validation that we maintain a robust security posture — every day, not just on paper.
  • ISO 27001: As the international standard for information security management systems (ISMS), ISO 27001 ensures that we have a systematic, risk-based approach to protecting sensitive data across people, processes, and technologies.

Together, these certifications demonstrate that Promptfoo meets the security and compliance expectations of modern enterprises — from regulated industries to forward-thinking AI adopters.

What This Means for You

If you're building or deploying generative AI in production, you can trust that:

  • Your data is handled securely and with integrity
  • Our systems are monitored and audited against the highest global standards
  • Promptfoo operates with a mature, resilient, and continually improving security program

Security Isn’t a Checkbox — It’s a Foundation

These milestones are part of our broader mission: to make LLMs safer and more reliable for enterprises. We’ll continue to invest in our security practices, from encryption and access controls to red teaming and compliance, as we support the growing ecosystem of developers and organizations building with generative AI.

To learn more about our security practices or request our audit reports, visit our Trust Center or contact us at [email protected].

Join Us and Get Involved

We're committed to being the best open-source LLM red teaming and eval tool available. We invite you to:

  • Apply to join our team
  • Follow us on GitHub to stay updated and contribute
  • Reach out with your ideas, feedback, or collaborations—we'd love to hear from you!
  • Spread the word and help grow our community even further
  • Join our Discord for real-time discussions and support

Thank You

Thank you to our customers, community, and team for helping us reach this important milestone.

– The Promptfoo Team