Trust Center
Drata's platform helps companies build and maintain the trust of their users, customers, partners, and prospects. We believe the best way to earn trust is by being transparent and proving that we are doing what we're saying we're doing. That’s why we take a security-first approach to everything we do. From building our infrastructure as code to monitoring our environment with anomaly detection and automated remediation, security is a core value that drives our business forward. This Trust Center provides you with artifacts to help show how we walk-the-walk when it comes to our own security, compliance, and privacy programs. Please reach out to our compliance team with any questions not answered here.
Capital One
Vercel
Tenable
Okta
Zscaler
LinkedIn
T-Mobile
OpenAI
Brex
Xerox
WizDocuments
Drata Not Impacted by Axios npm Supply Chain Attack
On March 30, 2026, Drata became aware of the Axios npm supply chain attack security incident.
Threat intelligence sources have reported that this incident introduced a malicious dependency into specific npm releases of the widely used HTTP client Axios, specifically axios@1.14.1 and axios@0.30.4.
-Recommended: Supply Chain Attack on Axios Pulls Malicious Dependency from npm, Socket Research Team
-Recommended: Hidden Blast Radius of the Axios Compromise, Socket Research Team
We want our customers to know that Drata is not impacted by this threat.
We do not leverage the affected versions of this software (axios@1.14.1 or axios@0.30.4) within our product and therefore the confidentiality, integrity, and availability of our systems remain unharmed.
- Is sensitive data encrypted at rest and in transit?
- Will my data be transferred or shared with any third parties?
- What is Drata's tenancy model and how is customer data segregated?
- Are all personnel required to use Multi Factor Authentication (MFA) to access the production cloud environment?
- Are there any web facing application protection mechanisms?