How Supabase Scaled Trust and Avoided 80 Hours of Manual Work Per Week

Turning customer assurance into a growth enabler with SecurityPal.

Executive Overview

Supabase is a fast-growing, open-source database platform that helps developers build production-ready applications with Postgres at the core. As the company scaled, scrutiny from enterprise customers scaled with it — particularly around security, compliance, and risk.

When Bil Harmer joined Supabase as CISO, he brought nearly two decades of experience navigating customer assurance, audits, and security questionnaires at scale. He also brought a deeply held conviction: security should enable the business, not slow it down.

That belief — paired with Bil’s long-standing trust in SecurityPal — made the decision clear.

“Audit once, comply many. That philosophy has guided my career. The goal isn’t to check one box one time — it’s to be continuously ready. SecurityPal helps us operationalize that mindset across customers, audits, and reviews.”
— Bil Harmer, CISO, Supabase

The Challenge: A Familiar Pain, at a New Scale

Bil’s relationship with SecurityPal goes back to 2021, when he first met founder Pukar Hamal through Craft Ventures — one of SecurityPal’s earliest investors. 

His immediate reaction: “Where have you been all my life?”

Earlier in his career at SAP SuccessFactors, Bil led customer assurance, security questionnaires, and audits across a global customer base. While his team built internal tools and processes, the work remained manual, resource-intensive, and difficult to scale. At Supabase, those same pressures resurfaced — amplified by rapid growth and increasing enterprise demand.

Key Challenges:

  • Repetitive, manual questionnaire work
  • Maintaining an accurate, up-to-date knowledge library
  • Risk of inconsistent or outdated answers
  • Heavy lift to integrate security responses into sales workflows
  • Limited bandwidth on security and compliance teams

To scale, Supabase needed one thing above all else: focus. Too much task switching was disrupting delivery timelines. A last-minute enterprise deal could easily create friction between revenue goals and execution.

“Science has proven people can’t multitask. When engineers are pulled off critical work to answer security questions, it doesn’t just slow you down — it disrupts delivery.”
— Bil Harmer

Bil recalls a moment early in his career that still shapes how he approaches customer assurance: In the final stages of closing a big enterprise deal, a single mis-contextualized answer cost the company over $100K to fix — completely derailing multiple projects and costing them trust with that customer. 

“Once you break trust with a customer, you don’t really have anything. It boils down to this: Say what you do. Do what you say. Prove it.”
— Bil Harmer

Security questionnaires are a drain — not because they’re unimportant, but because they demand precision, consistency, and constant maintenance. To do it right, Bil estimates it requires at least two full-time roles dedicated solely to building and maintaining a knowledge library. Without that investment, teams spin their wheels — or worse, respond with outdated or incorrect information.

“These manual processes don’t need to be done in house. Somebody who understands your business can answer 98% of a questionnaire before it ever comes to you — and clearly flag what’s missing. That’s what we needed.”
— Bil Harmer

The Solution: SecurityPal’s Assurance Management Platform (AMP), Powered by AI Agents

SecurityPal’s Assurance Management Platform (AMP) combines purpose-built AI Concierge Agents with human oversight to manage security questionnaires, knowledge governance, and assurance management workflows at scale.

When Bil joined Supabase, he was encouraged to learn that the team was already exploring SecurityPal.

“It made me feel good knowing the company was already heading in the right direction — with the same mentality.”
— Bil Harmer

Supabase evaluated several alternatives. Some platforms leaned too heavily on AI, producing ambiguous or overly confident responses without human oversight. Others lacked the depth of data needed to train models effectively.

Ultimately, Supabase chose SecurityPal for one critical reason: context.

Security questionnaires are inherently context-heavy. Answers change based on company, sector, regulatory environment, and risk appetite. AI alone, especially when trained on insufficient or generic data, can’t reliably handle that complexity.

“There are things AI is not good at yet. Hallucinations still happen. Pure AI tools lack context. SecurityPal’s AI Concierge Agents are trained on more than 2.5 million real security questions — and guided by human experts who understand risk, contracts, and nuance.”
— Bil Harmer

With SecurityPal’s Assurance Management Platform (AMP), Supabase gained:

  • A centralized, continuously governed security knowledge library
  • AI Agents that automate repetitive questionnaire work
  • Human oversight embedded into every response for accuracy and risk alignment
  • Sales-ready, vetted answers delivered directly into revenue workflows

For Bil, the partnership was also personal.

“Everyone has something in their past that hurt. For me, it was security questionnaires. Finding someone who actually solved that problem — I’ve always had a soft spot for SecurityPal because of that.”
— Bil Harmer

Why Supabase chose SecurityPal

AI is only as good as the data it’s trained on and the humans overseeing it. In customer assurance, where answers carry contractual and reputational weight, that distinction matters. Security questionnaires are context-heavy, risk-sensitive, and legally binding. An answer that’s technically plausible but misaligned with a company’s business model, risk appetite, or customer expectations can create more risk than it removes.

Other AI-only tools struggled with:

  • Ambiguous or overly confident answers
  • Lack of sector-specific context
  • No understanding of risk appetite
  • Inconsistent interpretations across audits, contracts, and customers
“A missed nuance in a questionnaire can turn into a contractual mess — and a bad customer experience is worse than no customer at all.”
— Bil Harmer

SecurityPal offered something fundamentally different: the speed of AI Agents combined with expert validation to ensure every response is accurate, consistent, and defensible.

Key differentiators:

  • AI Concierge Agents™ with human-in-the-loop oversight for high-stakes, customer-facing assurance
  • AI trained on proprietary SecurityPal data, including more than 2 million expertly answered security questions
  • Consistency across audits, contracts, and customer reviews through a centralized assurance platform
  • A continuous feedback loop that improves answer quality, confidence, and readiness over time
  • High-touch responsiveness from a dedicated SecurityPal team that acts as an extension of Supabase’s security function

The Impact

By partnering with SecurityPal, Supabase was able to:

  • Centralize and govern security knowledge
  • Automate repetitive questionnaire work
  • Reallocate two full-time roles, saving 80 weekly hours of manual work
  • Protect engineers’ focus and delivery timelines
  • Support sales with accurate, vetted answers
  • Scale customer trust without scaling headcount

With a modern Assurance Management Platform designed to scale trust across the business, security questionnaires shifted from a drain on resources to a strategic enabler of growth.

“If you believe security should enable the business and help you sell faster and better, I don’t think there’s a better solution for centralizing and managing this information.”
— Bil Harmer

Why it Worked

For Bil, the partnership with SecurityPal came down to trust — not just in the platform, but in the people behind it. 

“You learn very quickly whether a vendor needs to be watched — or whether you can let them do their job. With SecurityPal, AI Agents handle the repeatable work, while humans step in where judgment matters. That balance lets me trust they’ll get it right.”
— Bil Harmer

That trust extends across Supabase’s teams. Engineers and sales reps know they can rely on SecurityPal to provide accurate, vetted answers without disrupting critical workflows. Bil’s confidence was reinforced when he visited the SecurityPal team in Kathmandu and saw firsthand their dedication and curiosity.

“I presented a lunch-and-learn at SecurityPal's SACC in Kathmandu. Not a single person pulled out their phone. The questions, the engagement — it was incredibly encouraging. Pukar builds teams that believe in the vision. Things will always break, but it’s how you respond that counts.”
— Bil Harmer

By combining technology and human expertise, SecurityPal not only reduces operational friction but also strengthens the culture of trust that underpins Supabase’s growth and customer relationships.

Want Similar Results?

SecurityPal’s Assurance Management Platform (AMP) helps high-growth companies transform security from a cost center into a sales enabler — using AI Agents and human expertise to scale trust without slowing down teams.

Reduce turnaround times. Scale customer trust. Win more business — without slowing down your teams.

Schedule a demo to see how SecurityPal can support your growth.

Supabase partnered with SecurityPal to centralize security knowledge, reduce repetitive work, and ensure sales teams always have access to accurate, contextual answers. Powered by AI Concierge Agents™ and a human-in-the-loop approach, SecurityPal transformed Supabase’s customer assurance into a scalable, trust-building function — without pulling engineers off revenue-generating work.
Ready for more?
Connect with a specialist

Read More Customer Stories

Join live sessions or watch recordings of past webinars covering the latest in cybersecurity, featuring industry experts and SecurityPal leaders.

How Orum Accelerated Sales and Built Buyer Trust with SecurityPal AI

Discover how Orum partnered with SecurityPal AI to cut security review time from days to minutes, accelerate sales cycles, and build enterprise buyer trust.
Learn more

LangChain Accelerates Enterprise Deals with SecurityPal

Discover how LangChain partnered with SecurityPal to streamline security reviews, accelerate enterprise deals, and remove 80% of questionnaire workload.
Learn more

Elastic (NYSE: ESTC) Saves Time, Enhances Accuracy on Customer Security Reviews

Elastic cuts security review time, boosts accuracy, and enables faster customer assurance with SecurityPal.
Learn more

Grammarly Saves 12 Hours Per Week on Security Questionnaires

With the help of SecurityPal’s AI-powered security questionnaire management, Grammarly saved 12 hours per week on security questionnaires, freeing up their Sales Engineers for high-impact work.
Learn more

Airtable Frees Time for High-Impact Compliance Initiatives

SecurityPal’s Customer Assurance (CAx) Suite Expedites Airtable’s Security Reviews.
Learn more

WEX (NYSE: WEX) Streamlines Assurance Requests with SecurityPal

WEX Inc., partnered with SecurityPal allowing them to expedite reviews, streamline internal documentation, and develop self-serve capabilities to reduce workload.
Learn more

How SecurityPal Collaborated with Plaid to Build Trust in the FinTech Ecosystem

Plaid, Inc. partnered with SecurityPal to reduce the burden on their Sales and Security teams, freeing them up for high-impact risk assessment for business growth.
Learn more

Productiv Saves Time and Builds Customer Trust with SecurityPal

Explore how Productiv, enhanced efficiency and built customer trust by partnering with SecurityPal to streamline security questionnaire workflows. Learn how this collaboration reduced review times from 20 hours to just 30 minutes, improving agility and transparency.
Learn more

Contentstack Fosters Cross-team Collaboration to Expedite Security Reviews

See how we helped Contentstack navigate security assessments, expediting questionnaires and improving collaboration between sales and security teams.
Learn more

Stack Overflow Expedites Security Questionnaires, Enabling Business Growth

It used to take Stack Overflow hours to answer lengthy security questionnaires. Now, SecurityPal completes 90.6% of each questionnaire before it reaches the Sales Engineering team — a 20% increase from their internal completion goal before working with SecurityPal.
Learn more

Ready to Elevate Your Security Strategy?
Connect with a SecurityPal Expert Today.

Discover how SecurityPal can transform your security posture and accelerate your business growth.
Get started now
Products
Agents
Assurance Management
Questionnaire Concierge
Trust Center
Knowledge Library
Copilot (AI)
Vendor Assess (TPRM)
vCISO
Resources
eBooks & Whitepapers
Case Studies
Events & Webinars
FAQs
Blog
SecurityPal Council
Company
About
Vision
SACC
Careers
Press
Newsroom
Connect
Contact us
Call us: +1 650-503-9216
Legal & Compliance
Terms of Use
Terms of Service
Privacy Policy
DPA
Security & Assurance