When tech vendors sell to large enterprises or AI providers supply models, both sides must prove responsible data handling through extensive security questionnaires—a process complicated by regulations like GDPR and the EU AI Act. These questionnaires often stall deals for weeks and cost six figures in staff time.
Founded in March 2020 by CEO Pukar Hamal, San Francisco-based SecurityPal automates this paperwork using AI combined with a 240-person analyst team in Kathmandu, Nepal. Leveraging proprietary data and expert review, SecurityPal drafts, verifies, and packages responses to speed up security assessments. Hamal describes it as “Palantir for security reviews,” blending AI’s speed with human judgment to ensure quality and context.
The platform ingests customers’ existing controls—policies, cloud configurations, attestations—and maps them against a corpus of 2.5 million answered security questions sourced from clients and filtered web data. It uses leading AI models from OpenAI, Google Gemini, and open-source alternatives but underscores that AI alone can’t guarantee accuracy. Human analysts perform a second pass to catch errors and maintain high standards.
SecurityPal’s workflow averages 24-hour turnaround, often same-day, enabling vendors to complete security questionnaires up to 87 times faster and buyers to accelerate vendor risk reviews by as much as 125 times. The aggregated assurance data also provides actionable dashboards for CISOs and CROs.
With coverage of most Fortune 1000 question sets, SecurityPal stays ahead of emerging regulatory shifts, such as new LLM-specific controls. Its hybrid AI-human model creates a network-effect moat, expanding the knowledge base with each engagement.
The company bootstrapped to $1 million ARR before raising a $21 million seed round from Craft Ventures. Clients include OpenAI, Airtable, Figma, Snap, a top U.S. airline, and a leading health insurer. Pricing is subscription-based and positioned to be more cost-effective than in-house teams.
SecurityPal’s product and revenue teams operate in San Francisco and New York, while the analyst hub in Nepal taps into a rich STEM talent pool, dubbed “Silicon Peaks.” This setup keeps costs competitive while retaining human expertise.
Buyers benefit from thorough, scalable vendor assessments that align security and revenue teams historically at odds. Unlike competitors like Vanta or Drata, which focus on evidence collection and audits, SecurityPal handles the full writing and response process requiring nuanced judgment.
Looking ahead, SecurityPal aims to assist 5,000 enterprises worldwide with complex security assurance in five years. CEO Hamal envisions the platform as essential infrastructure for a future economy where every major transaction includes security and privacy attestations—extending beyond security into deal acceleration and compliance satisfaction.
