Credit: VentureBeat made with Midjourney
Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders. Subscribe Now
When a tech vendor wants to sell into a large enterprise — or when that enterprise wants to buy software from a tech vendor or AI model provider — each side may be required by the other to prove they will handle shared data responsibly in the form of mandatory surveys and questionnaires.
Regulations such as GDPR, the soon-to-be effected EU AI Act and a patchwork of U.S. state laws make those proofs more complex each year.
As a consequence, a tech vendor trying to sell to a large enterprise will usually be asked to complete security questionnaires that can stall deals for weeks and cost six figures in staff time.
San-Francisco-based SecurityPal was founded in March 2020 by CEO Pukar Hamal to handle all that paperwork largely automatically on behalf of the vendor, using the vendor’s unique product information and internal data.
The AI Impact Series Returns to San Francisco – August 5
The next phase of AI is here – are you ready? Join leaders from Block, GSK, and SAP for an exclusive look at how autonomous agents are reshaping enterprise workflows – from real-time decision-making to end-to-end automation.
Secure your spot now – space is limited: https://bit.ly/3GuuPLF
SecurityPal combines an AI engine with a 240-person analyst team in Kathmandu, Nepal, to draft, verify and package the answers vendors and buyers need.
“It’s like Palantir for security reviews — expert humans and AI working together to accelerate enterprise security assessments,” Hamal said on a recent exclusive video call with VentureBeat.
Hamal labels the category “security assurance”: a workflow that sits between traditional compliance software and the sales-ops stack.
The company just announced a fleet of updates in its Q2 blog post this week, including smarter fallback responses from its AI Copilot, a fully brandable White Label Package for Trust Centers, and a new Custom HTML Block for embedding rich media in assurance profile, all geared toward making its AI interactions more professional and informative, even when data is limited.
The firm has also added Salesforce Auto-Approval, which enables real-time, criteria-based approvals using live Salesforce data; Global Search across the full SecurityPal platform; and soon, a Custom Tasks feature that should let customers manage workflows with personalized fields and forms.
“We’re on a mission to accelerate GDP growth by solving complex security assurance challenges for buyers and sellers,” Hamal added, further offering that, “my thesis when we raised money was that there will be $10 trillion companies, and we’re staring at market caps in the hundreds of billions or more. That demands a radically different capital strategy.”
How the service works
SecurityPal ingests a customer’s existing controls — policies, cloud configurations, attestations — and maps them to a proprietary corpus of roughly 2.5 million previously answered security questions it has assembled from customers and filtered web data.
The company uses a combination of cutting-edge third-party AI models, among them, those from OpenAI, Google’s Gemini family, and open-source alternatives.
But Hamal emphasized that the true value lies in how those models are applied, explaining: “AI alone is not enough. With AI, you get speed, but you sacrifice quality, judgment, and context.”
To address this, SecurityPal integrates AI with expert human analysts in a tightly interlaced workflow, ensuring accuracy and nuance in every security review. While the models are widely available, the company’s prop