At Palantir, we’re passionate about solving real-world problems. Our software has been used to stop terrorist attacks, develop new medicines, gain an edge in global financial markets, combat child trafficking, and more.
Given the critical work performed on our platforms, information security is our lifeblood. Our industry-leading InfoSec team works tirelessly to stay ahead of adversaries by hunting for sophisticated threats, thwarting changes in their tactics, and immediately eradicating risks.
As part of our commitment to make the world safer, our InfoSec team embraces an open-source first policy to help the larger InfoSec community better guard against attacks on their own software.
Our software and internal tools are built around open-source tools, and we contribute prolifically to the open-source community through bug fixes, improvements, and developer tooling. We're also proud to partner with SpecterOps, a cybersecurity company that shares our commitment to OSS.
We frequently tell the stories behind our open-source contributions on our company blog. The posts below offer a good starting point:
Our customers rely on Palantir to power their most critical work, and we’re dedicated to building platforms they can trust. Our cloud offering is a managed, standardized, tested, and externally audited platform with robust access controls that scale to meet customer demand
Our cloud platform’s infrastructure and operations are certified compliant with the following industry best practice standards and frameworks:
In addition, we have extensive experience helping customers meet specific regulatory and industry requirements. Our software provides functionality that customers can configure and operate to meet requirements such as those arising from:
Palantir is an active member of the Vendor Security Alliance, an organization improving information security across vendors and PaaS and SaaS solution providers, and a partner with SpecterOps, a leader in red team operations.
We perform biannual penetration tests to ensure our backing infrastructure and operations meets the highest security standards.
Current or prospective customers can reach out to Palantir to learn more about our security assessments. Customers who would like to perform their own penetration tests can do so under certain conditions, provided the tests are scheduled at least seven days before the start of an engagement.
The following types of customer-initiated security-assessment activities are permitted:
The following types of security assessment activities are strictly prohibited:
If you've identified a potential security flaw in our infrastructure or software, please let us know within 24 hours using GPG encryption. We'll triage the issue and get back to you within three business days.
The Information Security team is Palantir's first line of defense. We're engineers, analysts, and operators committed to making the world a safer place — and we're hiring.