Do you want smarter information in your reception box? Sign up for our weekly newsletters to obtain only what matters for business managers, data and security managers. Subscribe now
When a technology supplier wishes to sell a large company – or when this company wants to buy software from a technology supplier or an AI model provider – each side may be required by the other to prove that he will manage the shared data responsible for the form of compulsory investigations and questionnaires.
Regulations such as the GDPR, the AI EU law which will soon be achieved and a patchwork of American laws of states make these proofs more complex each year.
Consequently, a technology supplier who tries to sell to a large company will generally be invited to fill in security questionnaires that can block offers for weeks and cost six figures in staff time.
SecurityPal, based in San-Francisco, was founded in March 2020 by the CEO Pukar Hamal to manage all these documents widely automatically in the name of the seller, using information on the unique products of the supplier and internal data.
The IA Impact series returns to San Francisco – August 5
The next AI phase is here – are you ready? Join the Block, GSK and SAP leaders for an exclusive overview of how autonomous agents reshape business workflows – from real -time decision -making to end -to -end automation.
Secure your place now – space is limited: https://bit.ly/3guuplf
SecurityPal combines an AI engine with a team of analysts from 240 people in Kathmandu, Nepal, to write, check and pack the answers that sellers and buyers need.
“It’s like palantant for security criticism – human experts and AI working together to accelerate business security assessments,” said Hamal during a recent exclusive video call with Venturebeat.
Hamal labeling the “Safety insurance” category: a workflow that is between traditional compliance software and sales stack.
The company has just announced a fleet of updates in its blog article in the first quarter this week, including more intelligent rescue responses from its co -pilot AI, a completely brandable white label package for confidence centers and a new personalized HTML block to integrate rich media in the insurance profile, all focused on the more professional and informative interactions, even when the data is limited.
The company also added Salesforce Auto-APPROVAL, which allows approvals based on real-time criteria using live dataforce data; Global research throughout the SecurityPal platform; And soon, a personalized task functionality that should allow customers to manage workflows with personalized fields and forms.
“We are on a mission to accelerate GDP growth by resolving complex security insurance challenges for buyers and sellers,” added Hamal, offering that “my thesis when we have collected funds was that there will be 10 billions of dollars in companies, and we look at stock market capitalizations in hundreds of billions or more. This requires a radically different capital strategy. ”
How does the service work
SecurityPal ingests the existing controls of a client – politicians, cloud configurations, certificates – and maps the proprietary corpus of approximately 2.5 million security questions previously answered from customers and filtered web data.
The company uses a combination of advanced third -party models, including those of Openai, the Gemini family of Google and open source alternatives.
But Hamal stressed that the true value lies in the way these models are applied, explaining: “AI alone is not enough. With AI, you get speed, but you sacrifice quality, judgment and context.”
To remedy this, SecurityPal integrates AI into human analysts experts in a closely intertwined workflow, guaranteeing accuracy and nuances in each security review. Although the models are widely available, the business owners of the company, deep customer relationships and human conception in a loop form a critical gap that makes their solution much more than simple automation.
The AI engine takes the first pass; Human analysts perform a second pass and a final QA to capture hallucinations or a missing context. Hamal compares the effect to have an examination key in advance: “It is almost as if SecurityPal knew the responses to the test before the test appears.”
Since the platform maintains a living model of the posture of each client, the new questionnaires rarely require manual excavations.
“Our average SLA [service-level agreement] The weather is 24 hours, but really, our customers go to a turnaround the same day, ”explains Hamal.
The company claims that sellers customers can overturn most of the security questionnaires for potential buyers to 87 times faster that they could with manual workflows.
Second, by letting its platform Manage third party risks start to finish, buyers report Up to 125 times faster Supplier assessments.
Third, the aggregated insurance data that the system perceives becomes a live dashboard that the main information security officers and income can operate for information on the board of directors rather than anecdotes on the spreadsheets.
Have people more, not AI instead of people
Hamal quickly points out that SecurityPal analysts remain at the heart of the product.
“The only AI is not enough … You need human experts superimposed in addition to technology,” he told Venturebeat, describing the internal workflow as a “centaur” model where the machine and human passes alternate throughout the pipeline.
The human layer also feeds a network with network effect. Each new commitment extends the corpus of accepted responses, which AI reuses (with new evidence) for other customers.
SecurityPal claims the coverage of sets of questions “most fortune 1000”, which gives it early knowledge of emerging concerns – for example, the transition from the bases of the cloud to specific LLM controls noted in recent federal questionnaires.
Traction and business model
SecurityPal kicked around $ 1 million in annual recurring income before David Sacks’ craft businesses became the first cycle of financing of the company; The $ 21 million agreement was signed on a literal towel, without a slide bridge involved.
The list of customers now includes Openai, AirTable, Figma, Snap, an American airline among the first three and an American health insurer among the first five, among other Fortune class accounts.
SecurityPal does not reveal the prices publicly, but it sells the service as an annual ability, the cost of which underwears internal staff that many companies devote to the task.
Internally, Hamal operates on two continents. The income, products and bench teams are in San Francisco and New York, while the organization of analysts forms the nucleus of what he calls “Silicon Peaks” – a technological center 100 miles from Mont Everest which draws the deep basin of Nepal graduates.
Why buyers care
For sellers, the rapid questionnaire reversals shorten the sales cycles and reduce the risk of standing offers.
For buyers, automated opinions make it possible to assess each supplier instead of sampling some risky.
The result, maintains Hamal, is the alignment between the income and security teams that have always disagreed: “There are very few tools which are the favorite tool of CRO and Ciso. We are there. “
Competitive landscape
Start-ups such as Vanta, Drata and Secureframe also target the points of compliance pain, but they focus on collecting evidence and the preparation of the audit.
The SecurityPal differentiarator does the actual work of writing and the answer – which Hamal thinks that Hamal will be more difficult for pure software rivals to automate because it always requires judgment and expertise in the field.
Kathmandu’s center of excellence gives SecurityPal a cost base enough to keep humans in the loop while remaining competitive on the price.
What is the next step?
The short -term objective of SecurityPal is to help 5,000 global companies to tame their most complex insurance challenges within five years.
In the longer term, Hamal considers service as an infrastructure for an economy where each important transaction has a guarantee or a certificate of confidentiality.
“It’s called SecurityPal, but it is much more than security,” he said, adding “I look at Salesforce-it’s much more than sales. Same thing for us. It is a question of meeting the requirements and accelerating the agreements.”
If these forecasts are correct, the combination of the AI scale and the human nuances of the company could become a standard part of the company supply, whether someone notes or not the original story “coding of the atmosphere” along the way.
