Robots Outnumber Humans at Figure AI — and the Company's Fastest-Growing Job Category Is Data Governance

Robots Have Already Outnumbered Humans Here

On June 20, 2026, Figure AI CEO Brett Adcock posted four words on X: "robots now outnumber humans at Figure." The chart he shared showed a robot count that had crossed 750 units while the human employee line stayed relatively flat near 650. Either way, the crossover happened in Q2 2026, roughly four years after the company's founding in 2022.

This is the first time a company of meaningful scale has publicly confirmed that its robot fleet outnumbers its human workforce. That Figure is the company where this happened first is not incidental — it builds the robots it's counting. But the self-referential nature of the milestone is exactly what makes it a concrete data point rather than a projection.

The production math behind the chart is documented. Figure's BotQ factory in California went from producing roughly 60 robots per month in February 2026 to 240 per month by April — a fourfold increase in two months. By May, the company had ramped from one robot per day to one robot per hour in under 120 days. The BotQ facility is designed for 12,000 units per year in its initial configuration, with a stated path to 100,000. Reaching 750+ total robots by Q2 2026 fits that trajectory.

The human side of the chart tells its own story. Figure has maintained a lean headcount consistent with a hardware-AI company that scales through factory output, not payroll. The company raised $1 billion in its Series C at a $39.5 billion valuation, backed by Microsoft, Nvidia, Jeff Bezos, and OpenAI. That capital is going into production capacity, not headcount.

What the robots are actually doing matters more than the raw count. Figure 02 completed an 11-month commercial trial at BMW's Spartanburg, South Carolina plant, helping produce more than 30,000 BMW X3 vehicles and moving 90,000+ parts across 1,250 hours of operation. BMW then deployed 40 Figure 03 units at the same facility, with expansion planned through 2026 and 2027, plus pilot programs at plants in Munich, Regensburg, and Leipzig. Hyundai and Google DeepMind have also reserved 2026 production capacity.

The milestone lands in a labor market already under pressure. Layoffs.fyi reports that more than 119,000 technology workers have lost their jobs globally in 2026, with AI and automation cited as a leading driver. Figure's chart doesn't cause that trend, but it gives it a visual — a single company where the robot line has already crossed the human line and shows no sign of flattening.

The question the chart raises isn't whether this will happen elsewhere. It's how fast.

How a Warehouse Deal Pushed Figure Past the Crossover Line

On May 26, 2026, Figure AI announced a commercial agreement with Catalyst Brands to deploy humanoid robots into the retail holding company's distribution and logistics network. The deal is the concrete event that pushed Figure's operational robot count past its human headcount.

The initial deployment starts at Catalyst's Reno, Nevada distribution center, where Figure 03 robots will handle sorting and packing tasks alongside human workers. The robots will integrate with Catalyst's existing Joey Pouch induction system, a computerized sorting and packing operation that received a $40 million upgrade in 2024. Figure's pitch is that the humanoid form factor lets the machines work inside existing warehouse layouts without costly structural retrofits.

Catalyst Brands is a 2025 merger of JCPenney and SPARC Group, now operating more than 1,800 retail locations across JCPenney, Aéropostale, Brooks Brothers, Lucky Brand, and Nautica. The company employs roughly 60,000 people and generates over $9 billion in annual revenue. That scale matters: Adcock called the agreement a "playbook for how AI-driven hardware can serve as a primary growth engine for modern holding companies," signaling a strategy of signing umbrella deals that can expand across multiple business units.

The Brookfield connection runs through both companies. Brookfield invested in Figure's September 2025 Series C round and also holds a significant equity stake in Catalyst Brands. The asset manager previously partnered with Figure on Project Go-Big, a data collection initiative that gave Figure access to Brookfield's commercial and residential properties to train its Helix vision-language-action models. The Catalyst deal is the first commercial bridge converting those training datasets into active warehouse operations.

Before the announcement, Figure ran a 200-hour autonomous endurance test at its Sunnyvale facility. During a continuous 52-hour window, a Figure 03 unit processed roughly 250,000 packages with zero hardware failures. The company says the platform matched human-equivalent efficiency during a standardized 10-hour sorting challenge. Whether that performance holds in a live warehouse with variable product sizes, shifting schedules, and human coworkers remains the open question.

To meet demand from this contract and future rollouts, Figure is scaling production at BotQ, targeting 12,000 units annually as part of a longer-term goal to ship 100,000 humanoids over four years.

Why the Hiring Blitz Skips Mechanical Engineers

Figure AI's robot fleet now outnumbers its human workforce, and the company's response wasn't to hire more mechanical engineers. It went looking for privacy and security specialists, the kind of roles that rarely headline a robotics recruiting pitch.

The company's careers board and external job postings confirm at least four open positions squarely in this lane: a Security & Privacy Technical Program Manager for Program Leadership/Operations/Compliance, a Software Engineer focused on Privacy & Data Governance, a Security Engineer for Vulnerability Management and Automation, and a Security Engineer for Application Security. All are based in San Jose, CA, all carry base salary ranges of $150,000 to $350,000, and none involve writing motor-control firmware.

The TPM role, posted publicly on LinkedIn and aggregated by Simplify Jobs and TheLadders, reads less like a typical robotics job description and more like a Silicon Valley platform-security listing transplanted into a humanoid company. The successful candidate will "establish a security & privacy program at Figure," set the vision for data governance, embed privacy principles into products and operations, and drive certification against SOC-2, NIST, ISO 27001, and the robotics-specific ISO/TR 22100-4 and IEC/TR 63074. The posting explicitly calls for navigating GDPR, CCPA, and the EU Digital Services Act. Eleven years of experience leading large-scale programs is the floor, not the target.

These aren't speculative hires to fill a roadmap slot. They are prerequisites. Figure's Catalyst Brands deployment and its in-house inference pipeline both depend on moving sensitive operational data through cloud and edge systems that regulators, customers, and insurers will scrutinize. A humanoid picking retail packages in a Catalyst facility is recording video, audio, and spatial data continuously. Who controls that data, where it goes, how long it persists, and which compliance frameworks apply aren't questions a robotics team can answer retroactively. They need dedicated engineers now, before the fleet scales further.

The Regulatory Wall No One Is Talking About

Figure AI's hiring board tells a story that its press releases don't. Multiple roles the company added recently are security and privacy positions, not mechanical engineers or controls researchers. A Software Engineer, Privacy & Data Governance sits alongside distinct security engineering roles, all based in San Jose. That's not a coincidence.

The reason is structural. Humanoid robots don't operate behind safety cages. They share floor space with people, which means every sensor they carry, every data stream they generate, and every onboard model they run becomes a potential liability. Figure's robots work in commercial environments where they capture video of employees, record audio, map facility layouts, and make real-time decisions about movement and manipulation. Each of those data flows creates an attack surface and a privacy exposure that didn't exist when robots were bolted to concrete pads behind fences.

Regulators have started to notice. The EU's Machinery Regulation now explicitly ties cybersecurity protections to safety functions, meaning a compromised robot isn't just a data breach — it's a physical hazard. In the U.S., OSHA still has no robot-specific regulations, which shifts the burden to voluntary standards and liability law. The result is that companies like Figure have to build their own compliance architecture from scratch, and that requires people who understand both the technical stack and the legal exposure.

The standards gap makes this worse. ISO 10218 and ANSI/RIA R15.06 cover traditional industrial robots. ISO 13482 addresses personal-care robots in broad terms. Neither was written for a 150-pound bipedal machine that navigates stairs, reads facial expressions, and makes autonomous decisions in a warehouse full of workers. A new standard (ISO/AWI 25785-1) is in development to address legged, actively controlled stability systems, but it's still a draft. Until it matures, manufacturers are engineering safety and privacy controls without a clear compliance target, which means they need people who can work in ambiguity.

This is why privacy engineering has become the bottleneck. You can hire a thousand mechanical engineers and still not deploy a single robot if you can't answer three questions: What data does the robot collect? Where does it go? Who can access it? Figure's job postings for vulnerability management and application security engineers suggest the company is building those answers into the system from the start, rather than bolting them on after a pilot goes wrong.

The talent market reflects the urgency. Figure's privacy and security roles command the same salary ceiling as its top hardware positions, up to $350,000 per year. That parity tells you where the company thinks the risk lives. It's not in the actuators. It's in the data.

Inside Figure's Breakup With OpenAI — and What Replaced It

In February 2024, Figure and OpenAI announced a collaboration aimed at developing next-generation AI models for humanoid robots. OpenAI was already an investor in Figure. The deal was unveiled alongside a $675 million funding round that valued the robotics startup at $2.6 billion, with backing from Microsoft, Nvidia, and Jeff Bezos. On paper, the pairing made sense: OpenAI's language models would give Figure's robots the ability to process natural language and reason through complex tasks, while Figure's hardware would give OpenAI a physical platform for embodied AI.

The partnership's first visible output came in August 2024, when Figure said its Figure 02 humanoid would use OpenAI models for natural language communication. The robot, launched that same month as Figure's primary commercial deployment platform, shipped with microphones and speakers designed around conversational AI.

Within six months, Figure ended the deal.

Adcock announced the split on February 4, 2025, saying Figure had made a "major breakthrough" on fully end-to-end robot AI built entirely in-house. The core problem, Adcock told TechCrunch, was integration. OpenAI is a large company with broad priorities. Embodied AI (the work of making a physical robot perceive, decide, and act in the real world) is not its primary focus. "We found that to solve embodied AI at scale in the real world, you have to vertically integrate robot AI," Adcock said. "We can't outsource AI for the same reason we can't outsource our hardware."

The break was not bitter. OpenAI remains an investor in Figure and has continued backing other robotics ventures, including Norwegian startup 1X. OpenAI also filed a U.S. trademark application in early February 2025 referencing "user-programmable humanoid robots," a signal that it may be exploring its own hardware.

What Figure built to replace OpenAI's models is the Helix VLA (Vision-Language-Action) system, a generalist neural network that unifies perception, language, and motor control. Helix runs on embedded GPUs aboard the robot, operates two humanoids simultaneously for collaborative tasks, and was trained on roughly 500 hours of teleoperation data. It is the backbone of Figure's claim that its robots can handle unfamiliar objects in commercial environments without task-specific reprogramming.

The shift to in-house AI has direct consequences for Figure's hiring. When a company controls its entire AI stack — from training data collection on factory floors to inference running on robots inside customer facilities — it owns the full privacy and security surface. There is no external API provider to absorb liability. Every data pipeline, every model update, every sensor stream that flows through a Figure robot in a BMW plant or a Catalyst Brands warehouse is Figure's responsibility.

That is precisely why the company's open roles now include a Software Engineer for Privacy & Data Governance, a Security Engineer for Vulnerability Management, and a Security Engineer for Application Security — all based in San Jose. The OpenAI partnership, while it lasted, would have distributed some of that complexity. Its end concentrates it.

The partnership's brief arc (announced with fanfare, operational within months, abandoned within a year) also signals something about the broader humanoid industry. Most humanoid firms are developing custom AI models to varying degrees. Boston Dynamics partnered with Toyota Research Institute for its Atlas robot. Tesla is building Optimus entirely in-house. The pattern suggests that general-purpose AI labs and specialized robotics companies have different clocks, different risk tolerances, and different definitions of done. Figure's decision to go solo is a bet that those differences are large enough to matter at scale.

Three Roles That Define the Next Wave of Robotics Hiring

Figure AI's careers page lists open roles under a single category: Security & Privacy. A Software Engineer for Privacy & Data Governance, a Security Engineer for Application Security, and a Security Engineer for Vulnerability Management and Automation — all in San Jose, all posted recently. The salary band for these roles runs $150,000 to $350,000 a year, matching or exceeding most of the company's traditional hardware and controls positions. That range signals something Figure's leadership has been quiet about: the hardest problems in humanoid deployment are no longer mechanical.

The privacy-engineering hire is the telling one. Figure isn't looking for a compliance attorney or a policy writer. It wants a software engineer who builds privacy and data governance systems, someone who can embed data-handling controls directly into the robots' operational pipelines. When a humanoid moves through a warehouse, it captures video, maps environments, records audio, and logs interactions with workers. Every sensor feed is a data governance problem. Every inference the model makes in a commercial environment raises questions about what gets stored, what gets sent back to training pipelines, and who has access. Figure needs an engineer who can write code to manage that, not a consultant who can write a policy doc.

This hiring pattern maps onto a broader taxonomy of roles the humanoid industry will need at scale. The IAPP's 2025–26 Salary and Jobs Report, surveying over 1,600 professionals across 60+ countries, found that people working in both privacy and AI governance earn a median of $169,700 in total compensation, $46,700 more than those focused on privacy alone. Professionals who add AI governance to an existing compliance or legal background see measurable salary gains, and technical AI governance roles in the technology sector reach a median of $221,000. The demand curve is steep: 77% of organizations are actively building AI governance programs, yet only 1.5% report being satisfied with their current staffing levels.

Figure's security-and-privacy openings sit at the intersection of two converging pressures. The first is regulatory. Colorado's SB 24-205, which takes effect June 30, 2026, requires deployers of high-risk AI systems to implement risk management programs, complete impact assessments, and disclose algorithmic discrimination risks to the attorney general within 90 days of discovery. The EU AI Act's high-risk system provisions follow on August 2, 2026, with penalties reaching €35 million or 7% of global annual turnover. A humanoid operating in a warehouse (making autonomous decisions in a space shared with workers) would almost certainly qualify as a high-risk system under both frameworks.

The second pressure is contractual. When Figure deploys robots into a Catalyst Brands facility, the customer will want assurances about data handling, model behavior, and liability. That means Figure needs people who can produce the documentation, build the technical controls, and pass the audits that commercial agreements increasingly require. A privacy-and-data-governance software engineer is the person who makes those assurances real rather than theoretical.

The skill set Figure is hiring for breaks into three emerging talent categories that will define the next wave of robotics companies. Embedded privacy engineering — building data governance into the product itself rather than bolting it on afterward. Security program management for physical AI — securing not just cloud infrastructure but the sensor-to-model-to-actuation chain that runs on a robot moving through the real world. Regulatory compliance engineering — translating frameworks like NIST's AI Risk Management Framework, ISO/IEC 42001, and the EU AI Act into technical requirements that engineering teams can implement.

These are not roles that existed in robotics five years ago. They exist now because the deployment environment has changed. A robot in a controlled test facility is a robotics problem. A robot in a shared commercial workspace is a robotics problem plus a privacy problem plus a security problem plus a regulatory compliance problem. Every other humanoid company approaching commercial deployment will face the same expansion, and the talent market for people who understand both the technical stack and the regulatory landscape is, for now, nearly empty.

Trust Infrastructure Is the Next Robotics Frontier

Figure AI does not operate in a vacuum. Its privacy and security hiring spree is the leading indicator of a constraint the entire humanoid sector is about to hit. BMW, Mercedes-Benz, and Tesla are already piloting humanoids on factory floors. Agility Robotics' Digit has moved more than 100,000 totes in live logistics operations. Boston Dynamics committed its entire 2026 Atlas output to Hyundai and Google DeepMind. The industry is moving from pilots to fleets, and the gating factor is no longer whether these machines can walk. It is whether companies can legally, safely, and publicly deploy them among people.

The numbers confirm the shift. Barclays projects the humanoid market will grow from roughly $2 billion to $200 billion by 2035. Deal value across industrial robotics hit $7.3 billion in the first half of 2025 alone, per a ResearchAndMarkets report. But the same investment boom is colliding with a regulatory reckoning. The EU AI Act is forcing robotics teams to embed compliance into core system architecture rather than bolt it on later. NIST is developing humanoid benchmarking standards that could become the sector's safety baseline. Apptronik CEO Jeff Cardenas put it bluntly in The Robot Report: "We can do pilots and get a small number of systems out, but we need to solve safety as an industry in order to see real adoption."

This is where Figure's hiring pattern becomes a map for the rest of the industry. The company is recruiting privacy engineers, data governance leads, and security engineers at salary bands reaching $350,000 per year, on par with its hardest-to-fill robotics roles. That is not a compliance checkbox. It is a signal that Figure expects the trust layer — the combination of data handling, safety certification, regulatory navigation, and operational security — to be what separates companies that scale from those that stall after a few pilot units.

The talent market is already responding. Figure AI added multiple roles in a single week, several of them in security and privacy engineering. OpenAI added its own compliance-heavy roles across global markets. The demand is not isolated. It is structural.

The companies that will dominate the next phase of humanoid deployment will not be the ones with the best actuators alone. They will be the ones that figured out how to handle sensitive commercial data from factory floors, certify their machines for OSHA-compliant operation, and build the governance frameworks that let a Fortune 500 legal team sign off on a fleet rollout. That is a hiring problem, and it is the one that will define 2026.

Working in robotics? Zero G Talent tracks the openings: browse robotics jobs, openings at OpenAI and Figure AI, and the people building the field.