OpenAI's Promptfoo acquisition and Microsoft's shift to a multimodel stack
Contents
On March 10, 2026, two moves landed on the same day in enterprise AI. OpenAI announced that it would acquire the AI security evaluation platform Promptfoo, while Microsoft announced that Anthropic’s Claude Cowork would be integrated into Microsoft 365 Copilot.
The announcements came from different angles, but together they point to the same thing: the problems that appear once AI is taken seriously in the enterprise.
Why OpenAI acquired Promptfoo
Promptfoo is a security testing and evaluation platform for AI applications. It automatically simulates more than 50 classes of issues, including prompt injection, jailbreaks, data leakage, and business-rule violations. More than 300,000 developers use it, including 127 Fortune 500 companies, and contributors have come from OpenAI, Anthropic, Google, and Microsoft.
Its capabilities can be grouped into four buckets.
| Capability | Summary |
|---|---|
| Red teaming | Automatically runs offensive tests against 50+ vulnerability patterns |
| Code scanning | Static analysis for LLM-specific weaknesses in IDEs and CI/CD |
| Guardrails | Detects and blocks jailbreaks and adversarial attacks in production |
| Evaluation | Quantitatively measures quality during prompt tuning, model swaps, and RAG tuning |
For OpenAI, the point of the acquisition is simple: it is not enough to provide models for enterprise use. You also need the verification layer that tells customers whether those models are safe to deploy.
As AI agents become more autonomous and start calling tools, manipulating data, and talking to external services, static prompt-injection defenses are no longer enough. Promptfoo’s red-teaming workflow can also be applied to dynamic risk assessment during agent execution.
Impact on the open source community
Promptfoo was released as open source under MIT/Apache 2.0. OpenAI has not yet disclosed how it plans to handle the project after the acquisition, and whether it will preserve the project’s neutrality will be an important question. The acquisition price was not disclosed.
Why Microsoft moved away from OpenAI exclusivity
On the same day, Microsoft announced Microsoft 365 Copilot Wave 3 and said that Claude Cowork would be integrated as Copilot Cowork. The feature is currently available as a research preview.
Until now, Microsoft 365 Copilot had relied only on OpenAI models. That changed. The Wave 3 announcement introduced the keyword “multimodel intelligence” and showed a move away from single-model dependency toward task-specific model selection.
This is the first time Microsoft has adopted a non-OpenAI AI vendor for Microsoft 365 Copilot.
What Copilot Cowork does
Copilot Cowork is a computer-use AI agent. It is not just a coding assistant for IT teams; it is designed to autonomously handle the day-to-day work that ordinary business users do on a PC.
The target tasks include:
- Operating web browsers to collect and summarize information
- Processing data across multiple files and applications
- Handling communication flows that include email and chat
- Turning meeting notes into follow-up tasks
The key feature is that it can continue multi-step work for minutes or even hours, rather than stopping at a single turn or a single app. Microsoft’s official blog describes it as breaking down complex requests into multiple steps, reasoning across tools and files, and making progress visible as it goes.
What Claude Cowork is based on
Claude Cowork, which backs Copilot Cowork, extends Anthropic’s Claude Code agent features toward general-purpose business automation. Claude Code focused on software development tasks; Claude Cowork expands the scope to browser work and office workflows.
Anthropic had already released experimental computer-use features for Claude 3.5 Sonnet, and Claude Cowork sits on that line as an enterprise product.
Relationship to multi-agent systems
Wave 3 also introduces an architecture that combines multiple specialized agents called Copilot Agents. For example, an Excel-oriented data-analysis agent can run in parallel with, or alongside, Copilot Cowork. Copilot Cowork handles the overall workflow, while specialized agents handle deep work inside individual tools.
At the moment this is only a research preview, and Microsoft has not announced a release schedule. Microsoft 365 has more than 300 million users worldwide, so if this rolls out fully, Claude Cowork will reach the business world at a scale we have not seen before.
What this means
OpenAI acquired Promptfoo. Microsoft adopted Anthropic. Put those two moves side by side, and the current state of enterprise AI becomes clearer.
The platform stack is diversifying. Microsoft’s move away from OpenAI exclusivity shows that “use the best model for the task” is now a realistic option even for large enterprises. For customers, that means more choice. For AI vendors, it means the competition is now about functionality, performance, and trustworthiness.
Security verification is becoming a platform feature. OpenAI’s acquisition of Promptfoo shows that AI security testing is moving from an add-on to a built-in ecosystem capability. Just as DevSecOps and penetration testing became part of standard software practice, AI security testing is becoming part of the platform itself.
The more AI spreads through the enterprise, the harder it becomes to avoid these two questions: which model should be used for which job, and whether that model is behaving safely. The two March 10 announcements showed that reality from different angles.
The security design of AI agent execution platforms is also being documented by GitHub around the same time. For a concrete implementation of zero-secret design and safe output validation, see GitHub’s security design for agentic workflows.