Two Palantir staff left to build a startup, and what they built is a centralized system that watches every question employees ask, every document an AI retrieves on their behalf, and every action an agent takes across an enterprise.
Sometimes I ask myself who would gladly admit they worked at Palantir. For several years, after it first started, a regular flow of staff would leave and reach out to me personally to discuss the ethical dilemmas that forced them to quit. I literally held a confession box routine in the pizza parlors and cafes of downtown San Francisco, effectively Big Data Ethics counseling. Some of the brightest people I ever met, who had gone to work expecting to do good, came out expressing severe disappointment, soul-searching like people processing the evil they had helped build.
When I see the inverse, the proud Palantir alums overtly stating they are launching more surveillance centralized for more use-cases, I guess I’m the person expected to call it out for what it is.
Credal, founded in 2022 by Jack Fischer and Ravin Thambapillai after five and seven years respectively at Palantir, sells what it calls “The Control Plane for Enterprise Agents.” Their tagline is an embarrassment. The control plane is where power concentrates, and they named the product for amassing power over people, as if Palantir has inverted ethics in America.
The company documentation is candid about what the platform does, which makes the analysis below straightforward: no whistleblowers, no leaked memos, just their own words.
Architecture
Credal is structurally indistinguishable from a surveillance platform, built as a data custody and observation layer. Their documentation describes indexing unstructured data from Slack, Confluence, Google Drive, Salesforce, and databases into a central context layer running on infrastructure the vendor operates or ships. Administrators get, in Credal’s own framing, a single control panel showing every agent using a given system, full audit logging, and usage visibility across the organization. Prompts, retrievals, and actions all transit the vendor’s code. Only the vendor can make the distinction between governance and surveillance verifiable, and nothing they publish does.
We all know what that means based on breaches like Uber’s “God View”. A system that ingests an organization’s communications and documents into a centralized store, mediates all queries against that store, logs who asked what and what they were shown, and reports it to a monitoring authority. That is literally a commercialized intelligence system.
Staff trained on Palantir’s architecture emerge selling surveillance and governance as the same capability to different orgs. Palantir built a generation of systems on exactly this duality, so the repetition is unsurprising. The founders’ stated insight was that their Palantir background in enterprise data positioned them to build a data platform doing the same thing again, with sprinkles on top.
Structural Warning
Intent is unknowable and irrelevant to the judgment. The relevant question for any customer, and the only question a security review should ask, is: can a Palantir-derived surveillance system achieve safety?
The answer, for Credal, is hand-waving with generic policy documents. Contractual terms, a SOC 2 Type II report, HIPAA-ready configurations, Data Privacy Framework registration. These are weak, just attestations about process, audited periodically, by auditors the vendor engages. They are not disclosing the properties of the system that any auditor or customer can verify. Their code is closed. Their audit logs are produced by the entity judging them, avoiding independence. There is no external mechanism by which a customer can confirm that their observation layer observes less than everything Palantir would.
A system whose safety rests entirely on unverifiable policy should be evaluated by its structure, not the glossy brochures. Palantir itself leaked its own tools and key customer list to TechCrunch in 2015, and a 2021 misconfiguration gave FBI employees unwarranted access. The systems that watch everyone are not exempt from failure, and certain types of vendors have a documented record of screwing it up completely.
Structurally, an agentic surveillance platform has been built from first steps to violate the distributed nature of privacy. Centralization for observation moves the burden of demonstrating otherwise to the vendor, and the demonstration would have to be structural: verifiable builds, inspectable enforcement code, customer-held keys, tamper-evident logs the vendor cannot rewrite. Until then, “trust us” is the entire security model, offered by alumni of the company that made “trust us” indefensible.
Dangerous EU Exposure
For European customers the product fails under jurisdictional requirements.
Credal was created to be a rapid-valuation venture-backed US company. Its EU legal story, per the founders’ own statements to press, leans on Data Privacy Framework registration. The DPF is the third attempt at a US-EU transfer mechanism; the Court of Justice of the EU invalidated the first two, Safe Harbor in 2015 and Privacy Shield in 2020, both times over US government access to data held by US providers. A compliance posture built on the third iteration of a twice-invalidated mechanism shows they haven’t done more than the bare minimum, which could evaporate any day.
Jurisdiction does not stop at the transfer mechanism. Under the US CLOUD Act, a US provider is subject to US legal process for data in its possession, custody, or control regardless of where the servers sit. Credal’s architecture therefore maximizes risk to non-US customers: the product’s value proposition is in data custody. The corpus, the query history, the audit trail of what every employee asked and saw, all held by a US entity that also serves the US Federal Government as a customer. An EU customer can’t avoid the fact that no data processing agreement will protect against harm. The vendor knows the agreement binds them and not the American government, putting their customers in harm’s way.
The on-premises option shifts the servers, not the trust model. Closed code running on your hardware is still closed code. What are you allowed to verify about what it phones home, what its update channel delivers, or what its logging omits? Orca’s amended complaint documented Wiz architecture reading customer snapshots into Wiz’s own cloud account while Wiz marketing claimed snapshots never leave the customer tenant. On-prem deployment of an unverifiable system is a different variation of the same question, opposite of a proper answer.
The EU Cloud and AI Development Act (COM(2026) 502 final) makes it clear. Its sovereignty requirements are aimed at vendors like this one: critical AI infrastructure whose custody, code, and legal exposure resolve to a non-EU entity. A European organization routing its internal communications and its agents’ actions through this centralized architecture is installing a foreign-controlled observation layer at the center of its operations, without protection from American political whimsy.
Test Time
There is a simple test for whether a governance platform is distinguishable from a surveillance platform: can the customer verify they are free from surveillance, or only get marketing docs?
Everything Credal publishes describes a system where the customer is told. Certifications attest, contracts promise, dashboards display what the vendor’s code chooses to display. Nothing published describes a mechanism by which a customer, or a regulator, could independently confirm the system’s behavior against its claims.
Companies who define products the way Credal does are playing against transparency while asking for trust. Customers who evaluate the architecture on structure alone, regardless of intention, should note an agentic observation layer with unverifiable behavior is a privacy anti-pattern, if not a national security exposure. The assessment stands because only the vendor can make it falsifiable, and the vendor, not the customer, holds the means to do so.
The founders learned at Palantir that the control plane is where power concentrates. Palantir’s police deployments show what concentrated observation becomes in practice: a secret predictive program run without the knowledge of New Orleans city government, LAPD training manuals for searching people by race and family association, a German constitutional court ruling against it. In Hesse, the German state that pioneered Palantir’s Gotham as hessenDATA, police insiders pulled non-public personal data from the force’s databases that surfaced in neo-Nazi death threats against a lawyer, politicians, and an artist, signed “NSU 2.0”, and not a single officer was convicted. Centralized observation does not stay pointed where the brochure promises. European customers should recognize the pattern before signing.