Trust and Security Center

Pinecone is aware of the ongoing Shai-Hulud and Shai-Hulud 2.0 worm campaigns targeting the NPM ecosystem. Following a comprehensive audit of our infrastructure and dependencies, we have confirmed that Pinecone is not affected.

We have successfully deployed monitoring capabilities and detection logic specifically designed to identify this worm. We are actively scanning for compromised packages to prevent any impact on our services or customers.

We are proud to announce the successful completion of our 2025 SOC 2 Type II audit, which confirmed that our security, availability, and confidentiality controls operated with zero deviations. This milestone reinforces our commitment to providing a secure and reliable vector database for your production applications. The full report is now available for review in our safety center.

Pinecone completed an internal investigation and confirmed that we have never installed or used any Salesloft integration.

We will continue to monitor our vendor supply chain to assess any potential indirect impact.

Pinecone is aware of the Sharepoint vulnerabilities, we are not directly impacted as we do not use the platform. We are monitoring the situation and will respond to any potential exposure from our third-party service providers, should they arise.

We're thrilled to announce that Pinecone has achieved ISO 27001:2022 certification! This milestone underscores our unwavering commitment to providing the highest standards of information security for our valued customers.

This globally recognized standard validates that Pinecone has implemented rigorous, industry-leading security controls and processes to safeguard your data. For complete transparency, you can access our ISO 27001:2022 certificate and learn more about our comprehensive security measures within our Security Center: https://security.pinecone.io