If you believe you have an ongoing security incident, immediately contact your Palantir representative. They will be able to page the Palantir Information Security team to assist you.
For routine security issues, you may contact the Palantir Computer Incident Response Team (CIRT) directly. To do so, follow this reporting process:
If you believe you have identified a security vulnerability, contact your Palantir representative. They will be able to surface any vulnerability concerns you have directly to the Palantir Information Security team.
Alternatively, you may be report the vulnerability directly to the Palantir CIRT by encrypted email using the steps outlined in Reporting Security Incidents above.
Palantir is proud to base our responsible disclosure policy on the disclose.io ↗ vulnerability disclosure framework. Security is one of our core tenets at Palantir, and we value the input of security professionals acting in good faith to help us maintain a high standard for the security and privacy of our users. This includes encouraging responsible vulnerability research and disclosure. This policy sets out our definition of good faith in the context of finding and reporting vulnerabilities, as well as what you can expect from us in return.
You may find the full contents of our responsible disclosure policy, including scope and bug bounty rewards, on our HackerOne public bug bounty program page ↗.
To report a potential security issue or vulnerability in our products or infrastructure, follow this reporting process:
Your representative at Palantir will be happy to discuss any questions or concerns you may have regarding Foundry security. In the event that your question goes beyond their area of expertise, they will coordinate a conversation with Palantir’s security staff regarding the matter.