When a tech vendor desires to promote into a big enterprise — or when that enterprise desires to purchase software program from a tech vendor or AI mannequin supplier — either side could also be required by the opposite to show they are going to deal with shared information responsibly within the type of obligatory surveys and questionnaires.
Laws akin to GDPR, the soon-to-be effected EU AI Act and a patchwork of U.S. state legal guidelines make these proofs extra advanced every year.
As a consequence, a tech vendor making an attempt to promote to a big enterprise will often be requested to finish safety questionnaires that may stall offers for weeks and value six figures in employees time.
San-Francisco-based SecurityPal was based in March 2020 by CEO Pukar Hamal to deal with all that paperwork largely mechanically on behalf of the seller, utilizing the seller’s distinctive product info and inner information.
The AI Affect Sequence Returns to San Francisco – August 5
The subsequent section of AI is right here – are you prepared? Be a part of leaders from Block, GSK, and SAP for an unique take a look at how autonomous brokers are reshaping enterprise workflows – from real-time decision-making to end-to-end automation.
Safe your spot now – area is restricted: https://bit.ly/3GuuPLF
SecurityPal combines an AI engine with a 240-person analyst workforce in Kathmandu, Nepal, to draft, confirm and bundle the solutions distributors and consumers want.
“It’s like Palantir for security reviews — expert humans and AI working together to accelerate enterprise security assessments,” Hamal stated on a current unique video name with VentureBeat.
Hamal labels the class “security assurance”: a workflow that sits between conventional compliance software program and the sales-ops stack.
The corporate simply introduced a fleet of updates in its Q2 weblog put up this week, together with smarter fallback responses from its AI Copilot, a completely brandable White Label Bundle for Belief Facilities, and a brand new Customized HTML Block for embedding wealthy media in assurance profile, all geared towards making its AI interactions extra skilled and informative, even when information is restricted.
The agency has additionally added Salesforce Auto-Approval, which permits real-time, criteria-based approvals utilizing reside Salesforce information; International Search throughout the complete SecurityPal platform; and shortly, a Customized Duties characteristic that ought to let prospects handle workflows with customized fields and types.
“We’re on a mission to accelerate GDP growth by solving complex security assurance challenges for buyers and sellers,” Hamal added, additional providing that, “my thesis when we raised money was that there will be $10 trillion companies, and we’re staring at market caps in the hundreds of billions or more. That demands a radically different capital strategy.”
How the service works
SecurityPal ingests a buyer’s current controls — insurance policies, cloud configurations, attestations — and maps them to a proprietary corpus of roughly 2.5 million beforehand answered safety questions it has assembled from prospects and filtered internet information.
The corporate makes use of a mix of cutting-edge third-party AI fashions, amongst them, these from OpenAI, Google’s Gemini household, and open-source alternate options.
However Hamal emphasised that the true worth lies in how these fashions are utilized, explaining: “AI alone is not enough. With AI, you get speed, but you sacrifice quality, judgment, and context.”
To handle this, SecurityPal integrates AI with skilled human analysts in a tightly interlaced workflow, making certain accuracy and nuance in each safety assessment. Whereas the fashions are extensively accessible, the corporate’s proprietary information, deep buyer relationships, and human-in-the-loop design kind a crucial moat that makes their answer way over simply automation.
The AI engine takes the primary go; human analysts carry out a second go and last QA to catch hallucinations or lacking context. Hamal likens the impact to having an examination key prematurely: “It’s almost like SecurityPal knows the answers to the test before the test shows up.”
As a result of the platform maintains a dwelling mannequin of every buyer’s posture, new questionnaires hardly ever require guide digging.
“Our average SLA [service-level agreement] time is 24 hours, but really, our customers are going down to same-day turnaround,” Hamal says.
The corporate says vendor prospects can flip round most safety questionnaires from potential consumers as much as 87 instances quicker than they may with guide workflows.
Second, by letting its platform deal with third-party-risk critiques begin to end, consumers report as a lot as 125 instances quicker vendor assessments.
Third, the aggregated assurance information the system collects turns into a reside dashboard that chief information-security and income officers can mine for board-level perception somewhat than spreadsheet trivia.
AI plus folks, not AI as a substitute of individuals
Hamal is fast to emphasize that SecurityPal’s analysts stay central to the product.
“AI alone is not enough…you need expert humans layered on top of the technology,” he advised VentureBeat, describing the interior workflow as a “centaur” mannequin the place machine and human passes alternate all through the pipeline.
The human layer additionally feeds a network-effect moat. Every new engagement expands the corpus of accepted solutions, which the AI reuses (with contemporary proof) for different prospects.
SecurityPal claims protection of “most of the Fortune 1000” query units, giving it early data of rising considerations—for instance, the shift from cloud fundamentals to LLM-specific controls famous in current federal questionnaires.
Traction and enterprise mannequin
SecurityPal bootstrapped to roughly $1 million in annual recurring income earlier than David Sacks’ Craft Ventures pre-empted the corporate’s first funding spherical; the $21 million seed deal was signed on a literal serviette, with no slide deck concerned.
The client roster now consists of OpenAI, Airtable, Figma, Snap, a top-three U.S. airline and a top-five U.S. well being insurer, amongst different Fortune-class accounts.
SecurityPal doesn’t disclose pricing publicly, nevertheless it sells the service as an annual subscription whose price undercuts the interior headcount many firms dedicate to the duty.
Internally, Hamal operates on two continents. Income, product and go-to-market groups sit in San Francisco and New York, whereas the analyst group types the kernel of what he calls “Silicon Peaks” — a tech hub 100 miles from Mount Everest that faucets Nepal’s deep pool of STEM graduates.
Why consumers care
For distributors, quicker questionnaire turnarounds shorten gross sales cycles and cut back the chance of stalled offers.
For consumers, automated critiques make it possible to guage each provider as a substitute of sampling a dangerous few.
The result, Hamal argues, is alignment between income and safety groups which have traditionally been at odds: “There are very few tools that are the favorite tool of the CRO and the CISO. We’re it.”
Aggressive panorama
Begin-ups akin to Vanta, Drata and Secureframe additionally goal compliance ache factors, however they give attention to proof assortment and audit preparation.
SecurityPal’s differentiator is doing the precise writing and response work—one thing Hamal believes will show more durable for pure-software rivals to automate as a result of it nonetheless requires judgment and area experience.
The Kathmandu heart of excellence provides SecurityPal a value base low sufficient to maintain people within the loop whereas staying price-competitive.
What’s subsequent?
SecurityPal’s near-term objective is to assist 5,000 international enterprises tame their most advanced assurance challenges inside 5 years.
Long run, Hamal sees the service as infrastructure for an financial system the place each vital transaction carries a safety or privateness attestation.
“It’s called SecurityPal, but it’s way more than just about security,” he stated, including “I look to Salesforce—it’s way more than just sales. Same for us. It’s all about satisfying requirements and accelerating deals.”
If that forecast is appropriate, the corporate’s mixture of AI scale and human nuance might grow to be an ordinary a part of enterprise procurement, whether or not or not anybody notices the “vibe coding” origin story alongside the best way.
Each day insights on enterprise use circumstances with VB Each day
If you wish to impress your boss, VB Each day has you coated. We provide the inside scoop on what firms are doing with generative AI, from regulatory shifts to sensible deployments, so you may share insights for max ROI.
An error occured.
