Can you test our Palantir Foundry without accessing our sensitive data?

Yes. Our assessment focuses on access controls, authentication mechanisms, API security and network segmentation, not on reading your data. We test whether unauthorized users can access data they should not see, whether APIs enforce proper authentication and whether network segmentation isolates Foundry components appropriately. We can operate under a strict NDA and our testers can be cleared to appropriate levels if required. Standard assessment costs $5,000 CAD.

We use Palantir Foundry in a classified or regulated environment. Can you still test?

Yes, with appropriate clearances and access arrangements. Our principal consultant holds Canadian security clearances and we have experience working in regulated environments. For classified deployments, we scope the assessment to test only the components and network layers accessible at your classification level. Contact us to discuss specific requirements.

What is the difference between your assessment and Palantir's own security reviews?

Palantir secures the platform. You configure the platform. Our assessment tests your configuration, your access controls, your API integrations and your network architecture. Palantir cannot tell you whether your ontology permissions are too broad, whether your data pipelines expose sensitive fields to unauthorized users or whether your network segmentation isolates Foundry from the rest of your infrastructure. We test what the vendor cannot.

Do you test Palantir Apollo and AIP as well?

Our primary focus is Foundry, as it handles data integration and access control. If your deployment includes Apollo for continuous delivery or AIP for AI-powered workflows, we can extend the assessment to cover those components. AIP introduces additional security considerations around AI model access to sensitive data, prompt injection risks and automated decision-making boundaries. Contact us to scope a combined assessment.

Palantir Foundry Assessment

You Run Palantir. Does Your Configuration Actually Stop Attacks?

Palantir sees everything in your data. Who sees everything in Palantir?

Sherlock Forensics offers Palantir Foundry security assessments starting at $5,000 CAD. We test whether your Foundry deployment has proper access controls, secure data pipelines, authenticated APIs, correct ontology permissions and adequate network segmentation. Using our ShadowTap platform for internal network testing, we simulate an attacker attempting to reach and compromise your Foundry environment. You receive a detailed report showing security gaps and specific remediation steps. Comprehensive assessment with full internal and external testing is available at $12,000 CAD.

Purchase Assessment Book a Scoping Call

Common Security Gaps

What We Find in Palantir Deployments

Access Control Misconfigurations

Palantir Foundry's access control model is powerful but complex. Organizations frequently grant overly broad project-level access, fail to implement least-privilege principles for service accounts and leave default role assignments unchanged. A single over-provisioned user account can expose datasets across the entire organization. We map actual access against intended access and document every gap.

Data Pipeline Security

Foundry data pipelines ingest, transform and expose data across your organization. Pipelines that pull from external sources without validation, transforms that expose sensitive fields to downstream consumers and output datasets with insufficient access restrictions create data leakage paths. We trace data flows from ingestion to consumption and identify where sensitive data escapes its intended boundaries.

API Security Gaps

Foundry APIs enable programmatic access to your data and workflows. Weak API authentication, missing rate limiting, excessive API token permissions and API endpoints that bypass Foundry's built-in access controls create attack surfaces. We test every exposed API endpoint for authentication bypasses, authorization flaws and data exposure.

Ontology Permission Drift

The Foundry ontology defines how objects, relationships and actions map to your real-world data. As ontologies evolve, permissions on object types, link types and action types can drift from their intended state. Users gain access to object relationships that expose data from datasets they cannot directly access. We audit ontology permissions for unintended data exposure paths.

Network Segmentation Failures

Palantir Foundry should be isolated from general corporate networks, with controlled access points and monitored connections. Many deployments lack proper network segmentation, allowing lateral movement from compromised corporate endpoints to Foundry infrastructure. We test whether an attacker on your corporate network can reach Foundry components.

Audit and Monitoring Gaps

Foundry provides detailed audit logging, but logs are only useful if they are monitored and alerts are configured. Many organizations collect Foundry audit logs but do not actively monitor for suspicious access patterns, bulk data exports or privilege escalation attempts. We test whether your monitoring detects our simulated attack activities.

Our Process

What We Test

Internal Network Testing

We deploy ShadowTap on your internal network, simulating an attacker who has gained access to your corporate environment. We test whether network segmentation prevents lateral movement to Foundry infrastructure, whether Foundry APIs are accessible from unauthorized network segments and whether monitoring detects our activities. Your firewall protects the front door. We test the windows, the basement and the hallway.

Access Control Validation

We test Foundry access controls from multiple user perspectives: standard users, elevated users, service accounts and API tokens. We attempt to access datasets, objects and actions outside our authorized scope. We test whether role-based access controls enforce least privilege and whether access inheritance follows intended patterns.

Data Flow Analysis

We trace data from ingestion through transformation to consumption, identifying where sensitive data is exposed to unauthorized users, where pipeline configurations allow data leakage and where output datasets have insufficient access restrictions. This reveals the actual data exposure surface of your Foundry deployment.

Frequently Asked Questions

Palantir Assessment FAQs

Can you test our Palantir Foundry without accessing our sensitive data?: Yes. We focus on access controls, authentication, API security and network segmentation. We test whether unauthorized users can access data they should not see. We operate under strict NDA and our testers can be cleared to appropriate levels. Standard assessment costs $5,000 CAD.
We use Foundry in a regulated environment. Can you still test?: Yes, with appropriate clearances and access arrangements. We have experience working in regulated environments and scope assessments to test only components accessible at your classification level. Contact us to discuss specific requirements.
How is this different from Palantir's own security reviews?: Palantir secures the platform. You configure the platform. We test your configuration, your access controls, your API integrations and your network architecture. Palantir cannot tell you whether your ontology permissions are too broad or whether your network segmentation isolates Foundry properly.
Do you test Palantir Apollo and AIP as well?: Our primary focus is Foundry. If your deployment includes Apollo or AIP, we can extend the assessment. AIP introduces additional concerns around AI model access to sensitive data and prompt injection risks. Contact us to scope a combined assessment.

Validate Your Investment

Palantir sees everything in your data. Make sure only the right people see everything in Palantir.

Standard Palantir Assessment: $5,000 CAD. Comprehensive Assessment with ShadowTap internal testing, data flow analysis and executive report: $12,000 CAD.

Purchase Assessment

Ready to Test Your Palantir Deployment?

Tell us about your Palantir Foundry environment and we will scope a security assessment. Free scoping call, fixed-price quote, testing typically completed within 5-10 business days.

Call 604.229.1994

Phone: 604.229.1994
Burnaby Office: Burnaby, BC, Canada
Coquitlam Office: Coquitlam, BC, Canada
Related Pages: All Vendor Validations · ShadowTap Platform · NDR Validation