Palantir Completes SOC 2® Type 2 Audit

Reports of major customer data breaches appear in the news almost daily. According to the nonprofit Identity Theft Resource Center, there were more than 3,300 documented data compromises in 2025 alone, impacting over 278 million people. Scammers actively use the information stolen from these breaches to commit identity theft, file fraudulent charges, and launch ransomware attacks—all of which have grown much more sophisticated in recent years because of generative artificial intelligence.

In this climate, organizations need to go beyond good intentions and demonstrate their commitment to security through independent verification. For any organization that handles customer or employee data, establishing and demonstrating an ongoing commitment to security is no longer optional; it is a fundamental pillar of operational integrity and customer trust.

That’s why we are happy to announce that Palantir.net has successfully completed its first SOC 2® Type 2 audit. This means that our internal security controls have been independently evaluated for effectiveness over a period of time by a licensed CPA firm in accordance with criteria established by the American Institute of Certified Public Accountants (AICPA).

In practical terms, this means an independent auditor verified that our security measures aren't just policies on paper—they're working systems that effectively protected customer data throughout our 10-month audit period.

How does Palantir protect customer data?

While we had long followed cybersecurity best practices like requiring two-factor authentication and password managers, the SOC 2 process helped us formalize and strengthen these into a comprehensive security framework.

The AICPA's Trust Services Criteria provided a structure for documenting our processes, policies, and systems, and establishing more robust mechanisms to ensure accountability. For us, this involved the creation of a dedicated Systems and Infrastructure group within Palantir.

This group is responsible for monitoring the different tools and systems that we use in our day-to-day work, such as Google Workspace, Slack, and GitHub. They approve access to those systems, evaluate and approve new tools, and conduct ongoing risk assessments. We created a self-service portal where team members can submit tickets to the Systems and Infrastructure group for everything from account log-in issues to reporting potential security incidents.

In addition, we implemented more robust endpoint management for our team members' work devices, established ongoing security training, set up automated backups for our key systems, and had an independent security review conducted.

What we learned from the audit process

A SOC 2® audit does not just look at what tools you have in place to protect customer data—it's a comprehensive review of your entire organization. The Trust Services Criteria cover everything from organizational structure to hiring and human resources, internal and external communication, risk management, and incident response. Each one of the 70 controls we put in place was tested by our auditors, who asked us to provide documentation to validate that we had actually done the things that we said we did.

As a company that develops software for its clients, we were asked to provide documentation that we conducted pull requests for every change that was made to a customer's codebase and received approval from the client for those changes prior to deployment in their production environment.

As you might imagine, the audit process can be challenging, especially the first time around. The audit confirmed our operational maturity; in the end, the auditor's opinion stated that our controls were suitably designed and operated effectively during the period covered by the report.

Our ongoing commitment

We're proud to have completed this first audit, but we also recognize that protecting customer data is an ongoing responsibility, not a one-time achievement. Our controls will remain in place, and we'll continue to refine our practices as we prepare for our next audit.

Security and trust are at the heart of everything we do. If you're looking for a digital partner that takes data protection seriously and can demonstrate that commitment through independent verification, we'd love to talk with you. Contact us today to learn more about how we can help with your next project.