When tech vendors want to sell to large enterprises — or when an enterprise wants to purchase software from a vendor of AI models — each party may be required to prove that they will handle shared information responsibly through mandatory surveys and questionnaires.
Regulations like GDPR, the soon to be implemented EU AI Act, and a patchwork U.S. State laws make these proofs more complicated each year.
As such, a tech company trying to sell to large enterprises will be asked to fill out security questionnaires. These can cause deals to stall for weeks and cost staff six figures.
San-Francisco-based SecurityPal is a software application founded by CEO Pukar Hamal in March 2020 to automate the paperwork for vendors using their unique product information.
AI Impact Series Returns To San Francisco – 5 August
Are you ready for the next phase of AI? Join leaders from Block GSK and SAP to get an exclusive look at the ways autonomous agents are reshaping workflows in enterprise – from end-to-end automated workflows to real-time decision making.
Reserve your seat now as space is limited. https://bit.ly/3GuuPLF
SecurityPal combines an AI engine with a 240-person analyst team in Kathmandu, Nepal, to draft, verify and package the answers vendors and buyers need.
Hamal, in a recent exclusive interview with VentureBeat, said that the system is similar to Palantir – expert humans and AI working together for enterprise security assessments.
Hamal calls the category “security” assurance: a workflow between traditional compliance software, and the sales-ops stack.
Hamal just announced a This week, Q2’s blog postincluded a number of updates, including smarter fallback answers from its AI Copilot and a fully brandable white label package for Trust Centers. A new Custom HTML Block was also introduced to embed rich media into assurance profiles. All these updates are aimed at making AI interactions more professional, even when the data is limited.
In addition to Salesforce Auto-Approval which allows real-time approvals based on criteria using live Salesforce data, Global Search across the entire SecurityPal platform, and soon a Custom Tasks function that will let customers manage workflows and forms with personalized fields, the firm has added Salesforce Auto Approval.
Hamal said, “We are on a mission of accelerating GDP growth by solving complex challenges in security assurance for buyers and sellers.” He added that “my thesis, when we raised money, was that there would be $10 trillion companies and we were looking at market caps that range from hundreds of billions to more.” This requires a radically new capital strategy.
How the service works
SecurityPal takes a customer’s current controls — policies and cloud configurations — and maps them against a proprietary corpus consisting of approximately 2.5 million previously answered questions that it has compiled from customers and filtered internet data.
SecurityPal uses a combination cutting-edge AI models from third parties, including those from OpenAI and Google’s Gemini families, as well as open-source alternatives. Hamal stressed that the real value of these models lies in their application, explaining: “AI is not enough.” AI is fast, but it sacrifices quality, judgment, context, and context.
SecurityPal addresses this by integrating AI with expert analysts in a tightly integrated workflow, ensuring accuracy, nuance, and nuance for every security review. The models are widely available but the company’s proprietary customer data, deep relationships, and human in the loop design form a critical moat which makes their solution more than just automation.
AI engine performs the first pass. Human analysts perform a final QA and second pass to catch hallucinations. Hamal compares the effect of the platform to that of having an exam key before the test: “It’s like SecurityPal already knows the answers to a test before it shows up.”
Since the platform maintains a model living customer’s postures, new questionnaires require little manual digging. Hamal says that “our average SLA [service-level agreement] is 24 hours but our customers are moving down to same-day turnaround.”
According to the company, vendor customers can complete most security questionnaires for prospective buyers up to 87 times faster than they could do with manual workflows.
Secondly, by letting the platform handle third-party risk reviews from start to finish, buyers can report up to 125 times faster vendor assessment.
The aggregated assurance data that the system collects is then displayed as a live dashboard, which chief information security officers and revenue officers can use to gain board-level insights rather than spreadsheet trivia.
Hamal is quick in stating that SecurityPal analysts remain at the core of the product.
He told VentureBeat that “AI alone isn’t enough…you need expert human beings layered on top of technology,” describing the internal workflow model as a “centaur”where machine and humans alternately pass through the pipeline.
A network-effect moat is also fed by the human layer. Each new engagement increases the corpus (with new evidence) of accepted answers that the AI reuses for other customers.
SecurityPal claims to have covered “most of Fortune 1000’s” question sets. This gives it an early understanding of emerging concerns, such as the shift from cloud basic controls to LLM-specific control noted in recent federal questions.
Traction and business model
Among the Fortune-class customers are OpenAI, Airtable Figma Snap, a U.S. top-three airline, and a U.S. top-five health insurer. SecurityPal does disclose its pricing, but sells it as an annual subscription that is cheaper than the number of employees many companies dedicate for the task. Hamal is a global company that operates on two continents. The revenue, product, and go-to market teams are located in San Francisco and New York. Meanwhile, the analyst organization is the core of “Silicon Peaks”a tech hub that is 100 miles away from Mount Everest and taps into Nepal’s large STEM graduate pool.
Why buyers care about
For sellers, quicker questionnaire turnarounds reduce sales cycles and the risk of stalled transactions.
Automated reviews allow buyers to evaluate all suppliers instead of just a few that are risky.
Hamal argues that the result is an alignment between revenue teams and security teams who have traditionally been at odds. “There are very little tools that are the preferred tool of the CRO or the CISO.” We’re it.”
Competitive landscape
While Vanta, Drata, and Secureframe all target compliance pain points, they also focus on evidence gathering and audit preparation. SecurityPal is differentiating itself by doing the actual writing and responding work. Hamal believes that pure-software competitors will find it harder to automate this because it still requires domain expertise and judgment.
SecurityPal’s Kathmandu center provides a cost base that is low enough to allow humans to remain in the loop, while still remaining competitive.
What’s next? SecurityPal has a near-term goal of helping 5,000 global companies overcome their most complex assurance issues within five years. Hamal views the service as an infrastructure for a future economy where every major transaction is accompanied by a privacy or security attestation.
He said: “It is called SecurityPal but it’s more than just security,” adding that “I look at Salesforce–it’s more than just sales.” We are the same. It’s about satisfying requirements and speeding up deals.”
This forecast could be correct. If so, the company’s combination AI scale and human nuance will become a standard in enterprise procurement, regardless of whether anyone notices that “vibe coding’s” origin story.
Daily insights into business use cases from VB Daily
Want to impress your boss? VB Daily can help. We provide you with the inside scoop on what companies do with generative AI. From regulatory shifts to practical implementations, we give you the insights you need to maximize ROI.
Read our privacy policy
Thank you for subscribing. Click here to view more VB Newsletters.
An error occured.
