Want smarter insights in your inbox? Sign up for our weekly newsletters to get only what matters to enterprise AI, data, and security leaders.<\/em> Subscribe Now<\/em><\/p>\n\n\n\n When a tech vendor wants to sell into a large enterprise \u2014 or when that enterprise wants to buy software from a tech vendor or AI model provider \u2014 each side may be required by the other to prove they will handle shared data responsibly in the form of mandatory surveys and questionnaires. <\/p>\n\n\n\n Regulations such as GDPR, the soon-to-be effected EU AI Act and a patchwork of U.S. state laws make those proofs more complex each year. <\/p>\n\n\n\n As a consequence, a tech vendor trying to sell to a large enterprise will usually be asked to complete security questionnaires that can stall deals for weeks and cost six figures in staff time.<\/p>\n\n\n\n San-Francisco-based SecurityPal was founded in March 2020 by CEO Pukar Hamal to handle all that paperwork largely automatically on behalf of the vendor, using the vendor\u2019s unique product information and internal data. <\/p>\n\n\n\n The AI Impact Series Returns to San Francisco – August 5<\/strong><\/p>\n\n\n\n The next phase of AI is here – are you ready? Join leaders from Block, GSK, and SAP for an exclusive look at how autonomous agents are reshaping enterprise workflows – from real-time decision-making to end-to-end automation.<\/p>\n\n\n\n Secure your spot now – space is limited: https:\/\/bit.ly\/3GuuPLF<\/p>\n\n\n\n SecurityPal combines an AI engine with a 240-person analyst team in Kathmandu, Nepal, to draft, verify and package the answers vendors and buyers need. <\/p>\n\n\n\n \u201cIt\u2019s like Palantir for security reviews \u2014 expert humans and AI working together to accelerate enterprise security assessments,\u201d Hamal said on a recent exclusive video call with VentureBeat.<\/p>\n\n\n\n Hamal labels the category \u201csecurity assurance\u201d: a workflow that sits between traditional compliance software and the sales-ops stack.<\/p>\n\n\n\n The company just announced a fleet of updates in its Q2 blog post this week, including smarter fallback responses from its AI Copilot, a fully brandable White Label Package for Trust Centers, and a new Custom HTML Block for embedding rich media in assurance profile, all geared toward making its AI interactions more professional and informative, even when data is limited.<\/p>\n\n\n\n The firm has also added Salesforce Auto-Approval, which enables real-time, criteria-based approvals using live Salesforce data; Global Search across the full SecurityPal platform; and soon, a Custom Tasks feature that should let customers manage workflows with personalized fields and forms. <\/p>\n\n\n\n \u201cWe\u2019re on a mission to accelerate GDP growth by solving complex security assurance challenges for buyers and sellers,\u201d Hamal added, further offering that, \u201cmy thesis when we raised money was that there will be $10 trillion companies, and we\u2019re staring at market caps in the hundreds of billions or more. That demands a radically different capital strategy.\u201d<\/p>\n\n\n\n SecurityPal ingests a customer\u2019s existing controls \u2014 policies, cloud configurations, attestations \u2014 and maps them to a proprietary corpus of roughly 2.5 million previously answered security questions it has assembled from customers and filtered web data.<\/p>\n\n\n\n The company uses a combination of cutting-edge third-party AI models, among them, those from OpenAI, Google\u2019s Gemini family, and open-source alternatives.<\/p>\n\n\n\n But Hamal emphasized that the true value lies in how those models are applied, explaining: \u201cAI alone is not enough. With AI, you get speed, but you sacrifice quality, judgment, and context.\u201d <\/p>\n\n\n\n To address this, SecurityPal integrates AI with expert human analysts in a tightly interlaced workflow, ensuring accuracy and nuance in every security review. While the models are widely available, the company\u2019s proprietary data, deep customer relationships, and human-in-the-loop design form a critical moat that makes their solution far more than just automation.<\/p>\n\n\n\n The AI engine takes the first pass; human analysts perform a second pass and final QA to catch hallucinations or missing context. Hamal likens the effect to having an exam key in advance: \u201cIt\u2019s almost like SecurityPal knows the answers to the test before the test shows up.\u201d<\/p>\n\n\n\n Because the platform maintains a living model of each customer\u2019s posture, new questionnaires rarely require manual digging. <\/p>\n\n\n\n \u201cOur average SLA [service-level agreement] time is 24 hours, but really, our customers are going down to same-day turnaround,\u201d Hamal says. <\/p>\n\n\n\n The company says vendor customers can turn around most security questionnaires from prospective buyers up to 87 times faster<\/strong> than they could with manual workflows. <\/p>\n\n\n\n Second, by letting its platform handle third-party-risk reviews start to finish, buyers report as much as 125 times faster<\/strong> vendor assessments. <\/p>\n\n\n\n Third, the aggregated assurance data the system collects becomes a live dashboard that chief information-security and revenue officers can mine for board-level insight rather than spreadsheet trivia.<\/p>\n\n\n\n Hamal is quick to stress that SecurityPal\u2019s analysts remain central to the product. <\/p>\n\n\n\n \u201cAI alone is not enough\u2026you need expert humans layered on top of the technology,\u201d he told VentureBeat, describing the internal workflow as a \u201ccentaur\u201d model where machine and human passes alternate throughout the pipeline.<\/p>\n\n\n\n The human layer also feeds a network-effect moat. Each new engagement expands the corpus of accepted answers, which the AI reuses (with fresh evidence) for other customers. <\/p>\n\n\n\n SecurityPal claims coverage of \u201cmost of the Fortune 1000\u201d question sets, giving it early knowledge of emerging concerns\u2014for example, the shift from cloud basics to LLM-specific controls noted in recent federal questionnaires.<\/p>\n\n\n\n SecurityPal bootstrapped to roughly $1 million in annual recurring revenue before David Sacks\u2019 Craft Ventures pre-empted the company\u2019s first funding round; the $21 million seed deal was signed on a literal napkin, with no slide deck involved. <\/p>\n\n\n\n The customer roster now includes OpenAI, Airtable, Figma, Snap, a top-three U.S. airline and a top-five U.S. health insurer, among other Fortune-class accounts. <\/p>\n\n\n\n SecurityPal does not disclose pricing publicly, but it sells the service as an annual subscription whose cost undercuts the internal headcount many companies dedicate to the task.<\/p>\n\n\n\n Internally, Hamal operates on two continents. Revenue, product and go-to-market teams sit in San Francisco and New York, while the analyst organization forms the kernel of what he calls \u201cSilicon Peaks\u201d \u2014 a tech hub 100 miles from Mount Everest that taps Nepal\u2019s deep pool of STEM graduates.<\/p>\n\n\n\n For vendors, faster questionnaire turnarounds shorten sales cycles and reduce the risk of stalled deals. <\/p>\n\n\n\n For buyers, automated reviews make it feasible to evaluate every supplier instead of sampling a risky few. <\/p>\n\n\n\n The outcome, Hamal argues, is alignment between revenue and security teams that have historically been at odds: \u201cThere are very few tools that are the favorite tool of the CRO and the CISO. We\u2019re it.\u201d<\/p>\n\n\n\n Start-ups such as Vanta, Drata and Secureframe also target compliance pain points, but they focus on evidence collection and audit preparation. <\/p>\n\n\n\n SecurityPal\u2019s differentiator is doing the actual writing and response work\u2014something Hamal believes will prove harder for pure-software rivals to automate because it still requires judgment and domain expertise.<\/p>\n\n\n\n The Kathmandu center of excellence gives SecurityPal a cost base low enough to keep humans in the loop while staying price-competitive.<\/p>\n\n\n\n SecurityPal\u2019s near-term goal is to help 5,000 global enterprises tame their most complex assurance challenges within five years. <\/p>\n\n\n\n Longer term, Hamal sees the service as infrastructure for an economy where every significant transaction carries a security or privacy attestation. <\/p>\n\n\n\n \u201cIt\u2019s called SecurityPal, but it\u2019s way more than just about security,\u201d he said, adding \u201cI look to Salesforce\u2014it\u2019s way more than just sales. Same for us. It\u2019s all about satisfying requirements and accelerating deals.\u201d<\/p>\n\n\n\n If that forecast is correct, the company\u2019s combination of AI scale and human nuance could become a standard part of enterprise procurement, whether or not anyone notices the \u201cvibe coding\u201d origin story along the way.<\/p>\n Daily insights on business use cases with VB Daily<\/strong><\/p>\n If you want to impress your boss, VB Daily has you covered. We give you the inside scoop on what companies are doing with generative AI, from regulatory shifts to practical deployments, so you can share insights for maximum ROI.<\/p>\n \n\t\t\t\t\tThanks for subscribing. Check out more VB newsletters here.\n\t\t\t\t<\/p>\n An error occured.<\/p>\n<\/p><\/div>\n
\n<\/div>
\n\n\n\n
\n<\/div>How the service works<\/h2>\n\n\n\n
AI plus people, not AI instead of people<\/h2>\n\n\n\n
Traction and business model<\/h2>\n\n\n\n
Why buyers care<\/h2>\n\n\n\n
Competitive landscape<\/h2>\n\n\n\n
What\u2019s next?<\/h2>\n\n\n\n
![\"\"\/](\"https:\/\/venturebeat.com\/wp-content\/themes\/vb-news\/brand\/img\/vb-daily-phone.png\")
\n\t\t\t\t<\/div>\n<\/p><\/div>\n<\/div>\t\t\t<\/div>\r\n