SecurityPal, a San-Francisco-based company founded in March 2020 by CEO Pukar Hamal, is revolutionizing the way tech vendors handle security questionnaires for large enterprises. With the increasing complexity of regulations such as GDPR and the upcoming EU AI Act, the process of proving responsible data handling has become more challenging each year.
SecurityPal’s innovative approach combines an AI engine with a team of 240 expert human analysts in Kathmandu, Nepal, to automate and streamline the completion of security questionnaires. By leveraging the vendor’s unique product information and internal data, SecurityPal is able to draft, verify, and package the necessary answers for both vendors and buyers.
Described as “Palantir for security reviews,” SecurityPal offers a category of service called “security assurance,” bridging the gap between traditional compliance software and sales operations. The company recently announced a series of updates in its Q2 blog post, including enhancements to its AI Copilot, a White Label Package for Trust Centers, and a Custom HTML Block for embedding rich media in assurance profiles.
One of the key features of SecurityPal is its ability to ingest a customer’s existing controls and map them to a database of approximately 2.5 million previously answered security questions. By utilizing cutting-edge AI models from third-party providers like OpenAI and Google, SecurityPal ensures speed and accuracy in completing security reviews.
Despite the advanced technology, Hamal emphasizes the importance of the human element in the process. SecurityPal’s analysts play a critical role in ensuring the quality, judgment, and context of the responses. The company’s unique combination of AI and expert human input sets it apart from competitors in the compliance and security space.
SecurityPal’s impressive traction and customer base, which includes top companies like OpenAI, Airtable, and Snap, demonstrate the effectiveness of its solution. The company operates on a subscription-based business model, offering an annual subscription that is cost-effective compared to dedicating internal resources to security assessments.
Overall, SecurityPal’s innovative approach to automating security questionnaires not only accelerates sales cycles for vendors but also enables buyers to evaluate every supplier effectively. By aligning revenue and security teams, SecurityPal is poised to become a favorite tool for both Chief Revenue Officers and Chief Information Security Officers in large enterprises. SecurityPal is setting itself apart in the cybersecurity industry by focusing on the human element of writing and responding to security threats. CEO Hamal believes that this personalized approach, requiring judgment and domain expertise, is something that pure-software competitors will struggle to automate. With a center of excellence in Kathmandu, SecurityPal is able to keep costs low while still incorporating human input, making them price-competitive in the market.
Looking ahead, SecurityPal’s goal is to assist 5,000 global enterprises in tackling their most complex assurance challenges over the next five years. However, Hamal envisions a larger role for the company in the long term. He sees SecurityPal as the foundation for an economy where every significant transaction includes a security or privacy attestation. While the company’s name implies a focus solely on security, Hamal emphasizes that SecurityPal is about much more than that. Drawing a parallel to Salesforce, he explains that SecurityPal is about meeting requirements and expediting business deals.
If Hamal’s vision comes to fruition, SecurityPal’s combination of AI technology and human expertise could become a standard component of enterprise procurement processes. Whether or not the company’s unique “vibe coding” origin story is recognized along the way, SecurityPal has the potential to revolutionize the way businesses approach cybersecurity and assurance.
