Trust Center
At NetApp, trust is more than a principle, it’s a promise. Whether you're a customer, prospect, or part of our sales team, this portal is your gateway to understanding how we protect data and uphold our security commitments.
Powered by SafeBase, this center provides real-time visibility into our security and compliance program. You’ll find up-to-date information on how we monitor, test, and continuously improve our controls, so you can speak confidently about our practices, make informed decisions, and trust that your data is in safe hands.
Documents
Self-Service Audit Evidence
Self-Service Audit Evidence
This section is reserved for customers conducting a self-service audit. Contact us to learn more or request access.
NetApp Statement Regarding Anthropic Disclosure and Mythos Research Model
NetApp is aware of the publicly reported Anthropic disclosure related to its newest agentic AI research model, Mythos, which identified previously unknown vulnerabilities by operating outside expected containment parameters. NetApp leverages AI technologies, including Anthropic/Claude models, for internal use and within select product offerings; however, NetApp’s policy or guidelines do not permit the use of Mythos. NetApp has not approved any access to or use of Mythos for internal use or within product offerings. Following public disclosure of the identified vulnerabilities for which patches were available, NetApp’s security team conducted an assessment of products against the referenced issues and, based on currently available information, determined that NetApp products are not presently impacted.
Under the Glasswing initiative, Anthropic ran Mythos against FreeBSD and found an age old vulnerability, which they reported directly to FreeBSD foundation: https://www.freebsd.org/security/advisories/FreeBSD-SA-26:08.rpcsec_gss.asc
The CVE associated with this report was assessed by NetApp’s engineering team and found to be non-impactful to NetApp product(s). FreeBSD is only used in ONTAP. The following advisory was published Friday, April 10, 2026 to NetApp’s Product Security Page: https://security.netapp.com/advisory/ntap-20260410-0014
NetApp maintains guidelines and a formal, risk‑based vulnerability management program across its products, incorporating continuous security oversight, severity‑based triage, timely remediation, and compensating controls aligned with secure‑by‑design principles. Emerging and emergency AI‑driven vulnerabilities are assessed under this same governance framework. NetApp continues to closely track the situation using enhanced threat intelligence and its 24/7 Security Operations Center to enable rapid response and prompt customer notification, should a material risk be identified.
Salesloft Drift
Frequently Asked Questions:
- Does the company use the Salesloft Drift application in any capacity, or have it integrated with any application in support of your services?
- Yes, the Salesloft Drift Application was used as a third-party application for sales lead and contact management as noted in our advisory at this website: Trust Center Updates
- If yes, what applications / services?
- Salesloft Drift was used for sales lead and contact management.
- How do these applications / services interact with customer data or processes associated to providing services to customers?
- This application does not interact with the services or applications that provide services to customers.
- What data is stored within these applications? What is the data’s classification?
- Standard business contact details, such as: Names, business email address, phone numbers, regional or location preferences. Additional security information can be found here: Trust Center Updates
- Are there any API tokens associated with this service / application / appliance?
- Yes
- If yes, can these be rolled?
- Yes, and all credentials with Salesloft Drift were rotated.
- Are there any remote access (SSH keys, etc.) capabilities and can those be rotated?
- N/A
- Are there any OAuth Integrations with the company?
- Yes, other Salesloft OAuth integrations were rotated
- Are there any SSO integrations with the company?
- Both Drift and Salesloft had SSO integrations with NetApp. Administrative access was managed through CyberArk with passwords rotated for each login.
NetApp was notified about a security incident impacting Salesforce customers who use Salesloft Drift—a third-party application which NetApp uses for lead and contact management. During this incident, unauthorized individuals obtained Salesloft Drift customer credentials, including those associated with NetApp.
An internal investigation determined that these compromised credentials may have enabled unauthorized access to a limited set of NetApp data stored within the company’s Salesforce instance. The information potentially exposed is restricted to standard business contact details, such as:
- Names
- Business Email Addresses
- Phone Numbers
- Regional or Location References
Importantly, the investigation confirmed that any unauthorized activity was confined to Salesforce alone, with no evidence of breach or impact to NetApp products or other internal systems. Currently, there is no evidence of customer information misuse. NetApp is providing this information for your awareness and precaution.
We want to assure you that we take this issue extremely seriously and are actively monitoring the situation. Safeguarding your information is our highest priority, and we are working diligently to ensure the ongoing security of our systems and data.
NetApp remains committed to transparency and will continue to provide updates as more information becomes available at Trust Center Updates. For further questions or inquiries, please contact grc@netapp.com.
NetApp Global Security