Outtake's $40M AI Security Breakthrough: Inside the Funding [2025]

The $40 Million Bet on Autonomous Cybersecurity

There's a moment in every tech industry cycle when money stops being about the idea and starts being about the execution. Outtake just had that moment.

A startup that barely anyone outside the security world had heard of just closed a

So what's Outtake actually doing that's got these titans of tech opening their wallets?

The company makes an agentic cybersecurity platform that solves one of the most relentless, expensive, and growing problems in enterprise security: digital identity fraud at scale. We're talking about fake accounts pretending to be your company, malicious domains that look identical to yours, rogue apps in app stores, counterfeit ads leading people to phishing pages. It's the digital equivalent of someone stealing your face and using it to commit crimes in your name.

The problem has gotten exponentially worse because AI has weaponized the attack surface. Building a convincing fake website used to require skills. Now? You need a prompt. Building thousands of them? Couple minutes. This is why the old way of fighting identity fraud—hiring people to manually spot and take down fraudulent assets—doesn't work anymore. You can't manually keep up with something that scales exponentially.

Outtake's core insight is deceptively simple: turn a "human problem" into a "software problem." Use AI agents to detect, investigate, and execute takedowns of fraudulent digital assets in real-time. No human in the loop for the routine stuff. No waiting 48 hours for someone to get back from lunch and handle a ticket.

The company was founded in 2023 by Alex Dhillon, a former Palantir engineer. Palantir's DNA is deep: they know how to build products that operate at scale for enterprises with serious security requirements. That matters. This isn't someone building a point solution for SMBs. This is someone who understands what it takes to operate at the level of the US government and Fortune 500 companies.

How Outtake Actually Works

Let's get technical for a second, because the mechanics matter.

Outtake's platform uses AI agents to automate the entire threat lifecycle: detection, investigation, and takedown. Here's how it plays out in practice.

Detection is about signal. The platform is constantly scanning the internet for digital assets that impersonate your company. This includes domains that typo-squat yours ("microsft-security.com" instead of "microsoft-security.com"), apps in the Apple App Store and Google Play that use your branding, social media accounts claiming to represent your company, and ads running on search networks using your brand terms. Traditional systems flag these by matching signatures. Outtake's system is smarter. It understands context, intent, and patterns.

Investigation is where AI agents really shine. Once something is flagged as potentially fraudulent, the system needs to verify it actually is. Is this a legitimate partner using your branding? Is this an employee who just set up an unauthorized fan account? Is this definitely a scammer? This requires reasoning, not just pattern matching. The agent pulls data from multiple sources, analyzes the context, and makes a judgment call. Can it actually execute this takedown, or does it need to escalate to a human?

Takedown is the execution phase. For accounts, this means filing abuse reports with the platform. For domains, it means working with registrars and DNS providers. For apps, it means submitting removal requests to Apple and Google. For ads, it means flagging them with the ad platforms. Each of these has different APIs, different requirements, different timelines. The agent system knows all of these and can execute them autonomously.

The kicker? The entire cycle can happen in minutes. A fraudulent asset goes live. Outtake detects it. The agent investigates. The agent initiates takedown. The asset is gone. Before the scammer even sends their first phishing email.

This is genuinely different from how the industry has worked. Brand security used to be a quarterly exercise where a team would spend weeks investigating threats and months trying to get platforms to actually remove them. Now it's continuous, automated, and scaled to the speed of the internet.

Estimated allocation of the $40 million funding shows significant investment in engineering and product development, followed by platform integration and operations. Estimated data.

The Investors: Why These Specific People?

The funding round was led by ICONIQ, specifically by Murali Joshi. If you're tracking venture capital trends, ICONIQ is that firm that backs the companies that matter. They've invested in Anthropic (pre-Series A), Datadog, Drata, 1Password. These are companies that became foundational infrastructure. ICONIQ doesn't chase trends. They find companies solving real problems at scale.

Murali Joshi's quote to the press is worth analyzing: "Historically, detection and takedown was a manual, human-intensive process that couldn't keep up with the speed of the internet. They've turned a human problem into a software problem."

That's not marketing language. That's a clear-eyed description of the problem Outtake solves.

But the angels are where this gets really interesting.

Satya Nadella (Microsoft CEO) is investing because Microsoft absolutely needs this. Microsoft gets impersonated constantly. Microsoft Azure, Office 365, Microsoft Teams—all of these get spoofed by attackers. Nadella isn't just writing a check. He's signaling that this is the kind of infrastructure Microsoft should be using or integrating.

Nikesh Arora (Palo Alto Networks CEO) is the cybersecurity veteran in the room. Palo Alto's entire business is built on seeing threats early and moving fast. Arora wouldn't invest in something that doesn't fit his worldview of how security should work. His investment is essentially saying: "This is how we should be automating security."

Bill Ackman (Pershing Square) is a different animal. Ackman is a sophisticated investor who digs into the details. He doesn't invest in hype. He invests in companies with defensible business models solving real problems at scale. His presence signals that the unit economics make sense.

Bob McGrew (former OpenAI VP) is the AI expert. McGrew spent years at OpenAI understanding how to build AI systems that work in the real world. He knows the difference between a GPT wrapper and actual AI product engineering. His investment says: "This is real AI product work, not AI theater."

Shyam Sankar (Palantir CTO) is particularly interesting because Palantir is Outtake's godfather company. Dhillon came from Palantir. The Palantir DNA is all over how Outtake thinks about scale, security, and government requirements. Sankar's investment is almost tribal—it's Palantir's ecosystem investing in the next generation.

The rest of the angels include Trae Stephens (Anduril), Guillermo Rauch (Vercel), and John Donovan (former AT&T). These are people who've all built or funded companies that scaled. They're not finance professionals gambling on AI. They're operators.

That cap table is doing three things simultaneously: (1) validating that the product works and solves a real problem, (2) providing enormous distribution advantages, and (3) sending a signal to the market that this is the team and product you should pay attention to.

Outtake's AI efficiently completes the entire threat lifecycle in approximately 6 minutes, with detection being the quickest stage. Estimated data.

Why This Problem Matters Right Now

Outtake's timing is perfect. Not lucky perfect. Structural perfect.

Digital identity fraud has become a top-three concern for enterprise security teams. Here's why.

First, AI has democratized attack capability. You don't need to be a sophisticated state actor anymore to launch convincing brand impersonation campaigns. You need a $20/month Claude subscription and 30 minutes. This means the volume of threats has exploded. Where you used to see dozens of fake accounts per month, you now see thousands.

Second, the damage from successful impersonation has gotten worse. A fake app that steals credentials from a thousand users doesn't just cost those users money. It damages your brand reputation. It increases customer churn. It triggers regulatory scrutiny. It becomes a class action lawsuit. The downstream cost of brand fraud has gone from "annoying" to "potentially company-threatening."

Third, the tools available to security teams have gotten worse at this problem, not better. Your traditional endpoint security, your SIEM, your SOC—none of them are optimized for detecting fraudulent digital assets. They're optimized for detecting malware, network intrusions, data exfiltration. Brand fraud is a different problem entirely.

Fourth, the platforms that host fraudulent assets have gotten worse at removing them. Apple's app review process once meant a certain level of brand protection. Now? App review is overwhelmed. The same applies to Google Play, Meta, Google Ads, the DNS ecosystem. These platforms can't keep up with the volume either. They're reactive, not proactive.

Outtake fills the gap. It's the system sitting between you and the internet, constantly monitoring for your fake twins and removing them before they cause damage.

This is infrastructure that enterprises need. Not want. Need.

The Metrics That Justify the Investment

Outtake just shared some numbers that explain why investors are excited.

Annual recurring revenue has grown 6x year-over-year. That's not hockey stick growth. That's geometric growth. This is a company that started with a specific problem (brand fraud) and found that the market is genuinely hungry for a solution.

Customer count has grown over 10x. This matters because it shows they're not just selling to one giant customer. They're selling to many. Distribution is working. Product-market fit is real.

The company scanned 20 million potential cyberattacks in the past year alone. That's the scale of the problem they're solving. And they're just getting started. As they add more customers, that number will grow exponentially.

Who are the customers? Outtake names OpenAI, Pershing Square, App Lovin, and federal agencies. Let's pause on that for a second. OpenAI is a customer. That's significant. OpenAI is dealing with the same problem every AI company deals with: fraudsters impersonating you to sell scams. The fact that they're using Outtake's platform is a massive endorsement.

OpenAI even profiled Outtake in July 2025 as an example of an agentic startup built on reasoning models. This is Apple endorsing your app through featuring. When OpenAI highlights you as a canonical example of how to build on their platform, it's both validation and distribution.

Federal agencies are customers. Think about what that means. The US government doesn't buy products that don't work. They don't buy from companies with shaky funding. They don't buy from teams that can't execute. The fact that Outtake is selling to federal agencies tells you this is production-grade software.

Outtake has achieved 6x ARR growth and 10x customer base expansion. Its AI system detects threats in 0.5 hours and executes takedowns in 0.1 hours. Estimated data based on FAQ insights.

How Agentic AI Changes Security

Outtake is riding a wave in AI architecture that's about to reshape how security products get built.

Traditional security tools are rules-based or signature-based. You define the pattern. The tool looks for the pattern. If the pattern exists, you alert. This works great for known threats. It fails catastrophically for novel attacks. This is why zero-days are still a thing.

Machine learning-based security tools improved on this. Instead of rules, you have models that learn patterns from data. This helped with classification and detection. But it doesn't help with the reasoning and execution side. You still need a human to decide what to do about the threat.

Agentic AI changes this fundamentally. An agent is a system that can perceive, reason, plan, and act. In the context of security, this means the system can detect a threat, reason about whether it's real, plan a response, and execute that response. All autonomously. All at the speed of code.

This is why Outtake works. It's not just using AI to detect fraud. It's using AI agents to manage the entire lifecycle of fraud from detection to remediation.

This pattern is going to repeat across security. You're going to see agentic systems for:

• Incident response (agent detects breach, investigates, contains, remediates)
• Vulnerability management (agent finds vulnerability, assesses risk, prioritizes patching, executes patches)
• Threat hunting (agent generates hypotheses about threats, tests them, escalates findings)
• Compliance (agent monitors controls, documents evidence, generates reports)

All of these are moving from "analyst-heavy" to "agent-assisted" models. Outtake is just the first to crack it in the brand protection space.

The Competition and Why Outtake Wins

Outtake isn't operating in an empty market. There are established players in brand protection and fraud detection.

Traditional brand protection companies like Markmonitor (owned by Thomson Reuters), Spec Tor, and Brand Shield have been around for years. They do good work. But they operate on the old model: human investigators, manual takedowns, quarterly reporting. They're not designed for real-time, autonomous operation.

Newer entrants in the fraud detection space include companies like Unit 221B and Netcraft that focus on specific vectors like phishing or malware domains. Again, good work. But they're point solutions.

Where Outtake wins is integration and autonomy. The platform doesn't just detect fraud. It integrates with the platforms where fraud lives (Apple, Google, DNS registrars, ad networks, social media) and can execute takedowns directly. No waiting. No human handoff required for routine cases.

The second advantage is the reasoning layer. Because Outtake is built on agentic AI, it's not just pattern-matching. It's understanding context. Is this a real threat or a false positive? What's the risk level? Can we action this or does it need human review? Traditional tools either flag everything (alert fatigue) or flag nothing (misses real threats). Outtake tries to be smart about it.

The third advantage is the team and the investors. Dhillon knows scale from Palantir. The investors are people who've built or funded critical infrastructure. They're not going anywhere if the going gets tough. They're going to push this forward.

Estimated data showing the influence and expertise scores of key investors in Outtake. Satya Nadella and Nikesh Arora are highlighted for their high influence and expertise in technology and cybersecurity.

Implications for Enterprise Security

If Outtake succeeds at the scale indicated by these metrics and investor confidence, it changes how enterprises think about brand protection and fraud prevention.

Right now, brand protection is often an afterthought. Security teams focus on hardening their own infrastructure. Brand fraud gets pushed to legal or marketing. This is inefficient. The fraud damages your brand, your customers, and your bottom line. It should be a first-class security concern.

Outtake's existence and success will change this. Enterprises will start treating brand fraud as a security problem that requires security-grade tooling and investment. You'll see:

• CISOs taking ownership of brand fraud as part of their mandate
• Budget allocation shifting from reactive to proactive brand protection
• SLAs for brand fraud remediation becoming as strict as SLAs for malware detection
• Integration of brand fraud signals into overall risk scoring and incident response

This creates a flywheel. As more enterprises adopt agentic systems for brand fraud, the bar for what's "normal" in security operations goes up. Enterprises that don't have these systems will be seen as taking on unnecessary risk. This drives adoption further.

The Funding in Context

Let's talk about what $40 million actually means for Outtake and the market.

It's not enough to be a massive war chest in 2025. But it's enough to matter. Let's think about what the company needs to do with this capital.

Engineering and product: The team needs to stay ahead of how attackers evolve. If you stop innovating in fraud detection for six months, you fall behind. This requires hiring top talent. $40M gives you runway to hire 20-30 engineers over the next 18-24 months.

Sales and go-to-market: Brand protection has been sold as a niche product. Outtake has an opportunity to make it mainstream. That requires sales hiring, marketing investment, and partnerships. Figure $5-8M to get serious about this.

Platform integration and API development: Right now, Outtake integrates with the major platforms (Apple, Google, etc.). But as customers demand more customization, the company needs APIs that let customers integrate with their own systems. That's engineering effort.

Scaling infrastructure: Scanning 20 million potential cyberattacks requires serious infrastructure. As the company grows 10x, that infrastructure needs to scale. Cloud costs are real. This is probably $2-3M annually.

Operations and security: This is critical and often overlooked. Outtake is getting access to sensitive information about fraud patterns, customer data, attack vectors. They need to be SOC 2 Type II certified, HIPAA compliant (if healthcare customers), potentially FedRAMP certified (for federal customers). Building and maintaining these compliance programs is expensive.

So the $40M gets absorbed pretty quickly. But here's why the investors are confident: the company is already profitable or close to it at Series B. The metrics (6x ARR growth, 10x customer growth) suggest they're past the "prove the model" phase. They're in the "scale what works" phase. That's why you can attract investors like this.

Estimated data shows a significant increase in threat volume and damage severity due to digital identity fraud, while tool effectiveness and platform responsiveness are lacking.

The Broader Trends Outtake Represents

Outtake isn't an isolated phenomenon. It's part of a larger trend in security and enterprise software.

Trend 1: Autonomy in security. The industry is moving from "detect and alert" to "detect and respond." Humans are the bottleneck. Automating the response loop is the next frontier.

Trend 2: Agent-based architecture. You're going to see more companies built on the architecture of intelligent agents that can reason and act. This applies beyond security.

Trend 3: Specialized infrastructure for AI-native threats. AI has created new classes of threats (prompt injection, model poisoning, synthetic media). You need infrastructure purpose-built for these threats. General-purpose security tools won't cut it.

Trend 4: Founder DNA matters more. In a crowded market, investors are increasingly betting on founder pedigree. Founders from Palantir, OpenAI, Microsoft—these are non-zero predictors of success. Outtake has this in spades.

Trend 5: Enterprise infrastructure is consolidating around winners. As the market matures, enterprises want fewer vendors, not more. Outtake's ability to plug into multiple threat surface areas (domains, apps, ads, accounts) makes it sticky once it's deployed.

Looking Ahead: What's Next for Outtake

With $40 million and a cap table that reads like a tech hall of fame, what's likely next for Outtake?

Near term (next 12 months): Product expansion. They'll likely expand beyond brand fraud into adjacent threat surfaces. Counterfeit e-commerce listings? Fraudulent customer service accounts? These are variations on the same problem. The agent system they've built can be retrained on new data.

Medium term (12-24 months): Partnership deals. You'll probably see Outtake integrations announced with major security platforms (Okta, CrowdStrike, Palo Alto Networks). These companies want agentic fraud detection capabilities. Outtake can provide them without these companies building it themselves.

Long term (2+ years): Either acquisition or Series C on the path to public markets. Given the investor caliber and the market dynamics, Outtake is either a strategic acquisition for a large security vendor (Palo Alto, CrowdStrike, Microsoft) or they're on a path to IPO. Series B with this cap table usually means an exit is being planned.

The wildcard is how fast the fraud problem scales. If AI makes fraudulent assets so easy to create that the volume becomes infinite, Outtake's agent system becomes mandatory infrastructure. That accelerates everything.

Lessons for Founders and Investors

There's a masterclass in how Outtake raised this round.

For founders: This shows that even in a crowded AI market, you can raise significant capital if you've (1) identified a specific, painful, growing problem, (2) built technology that actually solves it at scale, (3) found product-market fit with customers willing to pay, and (4) assembled a team people trust. You don't need to chase trendy technology. You need to solve real problems.

For investors: This shows what due diligence on a Series B should look like. It's not just "do you have AI?" It's "do you have real customers? Are they growing? Is the team credible? Will they execute?" ICONIQ did this right. They looked under the hood.

For enterprises: This is a signal that brand fraud at scale is now manageable. You have tools. You have infrastructure. You can now build this into your security program without relying on manual processes.

For security leaders: This is a signal that agentic security tools are coming whether you like it or not. The question isn't whether to adopt them. The question is when. Outtake is the vanguard, but it won't be alone for long.

The Risk Factors Nobody Talks About

All of this sounds great. But let's be real about the risks.

Platform dependency: Outtake's entire operation depends on APIs from Apple, Google, Meta, DNS registrars, and ad platforms. If any of these platforms decide to deprecate or change their APIs, Outtake's automation breaks. This is existential risk that most investors don't think deeply about.

Adversarial evolution: Fraudsters know about tools like Outtake. They'll evolve. They'll find new platforms Outtake doesn't monitor. They'll use more sophisticated techniques. This is an arms race, and Outtake has to stay ahead.

Customer concentration: We don't know the revenue distribution. If a few customers represent 50%+ of ARR, losing one customer is catastrophic. At Series B, revenue concentration is a real risk.

International complexity: The US has specific laws around takedowns and IP enforcement. But other countries don't. Expanding internationally requires navigating complex legal frameworks. This could be slow and expensive.

Regulation: As agentic systems get more powerful, regulation will follow. Automated takedown systems might come under new requirements. Outtake will need to adapt.

These risks don't make the company a bad investment. But they're worth acknowledging.

The Bottom Line

Outtake's $40 million Series B is more significant than it looks at first glance.

It's significant because it validates that agentic AI can solve real, expensive problems that enterprises currently manage manually. It's significant because the cap table is sending an unmistakable signal that this team, with this product, in this market, is going to matter. It's significant because it shows that founders don't need to chase hype or chase large language models to build valuable companies. They need to solve specific problems at scale.

For Outtake, this is runway to scale what's working and expand into adjacent markets. For the security industry, it's a signal that the next generation of security tools are going to be agentic, autonomous, and focused on specific threat surfaces. For enterprises, it's a signal that you have options for managing brand fraud that don't require hiring more people.

The fraud problem isn't going away. If anything, it's getting worse as AI makes attacks faster and more convincing. The question is whether your infrastructure can keep up. Outtake's funding round suggests the industry finally has an answer.

FAQ

What exactly is Outtake and what does it do?

Outtake is an agentic cybersecurity platform built to detect, investigate, and automatically take down digital identity fraud at scale. This includes fake apps impersonating your company, spoofed domains, fraudulent accounts, and malicious ads. The platform uses AI agents to continuously scan the internet for these threats and execute automated takedowns without human intervention.

How does Outtake's agentic AI system work differently from traditional fraud detection tools?

Traditional fraud detection tools rely on rules or pattern-matching that flag potential threats for human review. Outtake's agentic system goes further by combining detection with reasoning and action. Once a threat is identified, the agent investigates to verify it's actually fraudulent, plans a response, and executes takedowns directly through integrations with platforms like Apple App Store, Google Play, DNS registrars, and ad networks. This happens in minutes, not hours or days.

Why are investors like Satya Nadella and Bill Ackman backing Outtake specifically?

These high-caliber investors are backing Outtake because it solves a growing, expensive problem that has become more critical as AI enables faster and more convincing fraud at scale. The founders have proven product-market fit with 6x year-over-year ARR growth, a 10x expansion in customer base, and customers including OpenAI and federal agencies. The team combines deep expertise from Palantir, OpenAI, and other credible companies, giving investors confidence in execution.

What problems does Outtake solve that other brand protection companies don't?

Unlike traditional brand protection firms that rely on human investigators for detection and takedown, Outtake automates the entire lifecycle in real-time. It integrates directly with the platforms where fraud occurs, enabling instant removal instead of multi-day manual processes. Its agentic AI system also makes smarter decisions about what's actually fraud versus false positives, reducing alert fatigue while improving detection accuracy.

How much has Outtake grown and what are the key metrics showing success?

Outtake has achieved 6x year-over-year ARR growth and expanded its customer base by over 10x. The platform scanned 20 million potential cyberattacks in the past year. Named customers include OpenAI, Pershing Square, App Lovin, and federal agencies. These metrics indicate strong product-market fit and clear demand for autonomous fraud detection at scale.

What are the biggest risks Outtake faces as it scales?

Key risks include dependency on APIs from major platforms like Apple and Google, which could change or deprecate their integrations. There's also the arms race dynamic where fraudsters continuously evolve their tactics. Customer concentration, international regulatory complexity, and the coming wave of AI regulation all pose scaling challenges. Additionally, adversaries are getting faster and more sophisticated, requiring continuous innovation.

What does Outtake's funding mean for the broader security industry?

Outtake's success signals that the security industry is moving from manual, human-intensive processes to agentic, autonomous systems. This trend will likely accelerate across other security domains like incident response, vulnerability management, and threat hunting. Enterprises will increasingly expect security tools to not just detect threats but reason about and respond to them automatically.

How does Outtake compare to competitors in the brand protection and fraud detection space?

Traditional competitors like Markmonitor and Spec Tor excel at manual investigation but lack real-time automation. Newer point solutions handle specific vectors like phishing or malware domains but don't integrate across platforms. Outtake differentiates through its agentic architecture that enables autonomous reasoning and action, multi-platform integration, and real-time response capabilities that create a more complete fraud remediation system.

What should enterprises do about brand fraud if they're not using automated solutions yet?

Enterprises should audit their current threat surface by checking for typosquatted domains, counterfeit app store listings, fake accounts, and spoofed ads. If this investigation reveals significant fraud, it signals a need for more systematic, automated detection and takedown capabilities. Implementing tools like Outtake shifts the operational model from reactive, human-driven investigation to proactive, automated response.

Where is Outtake headed after this Series B funding round?

Likely near-term expansions include additional threat surfaces (counterfeit e-commerce listings, fraudulent customer service channels) and deeper platform integrations. Medium-term, expect partnership announcements with major security vendors. Long-term, the trajectory points toward either strategic acquisition by a large security firm or a path toward Series C and eventual public markets, given the caliber of investors and market momentum.

Key Takeaways

• Outtake raised $40M Series B with elite investor cap table (Satya Nadella, Bill Ackman, Bob McGrew) validating agentic AI for security
• The platform achieves 6x YoY ARR growth and 10x customer expansion by automating fraud detection, investigation, and takedown in real-time
• Agentic security systems represent the next evolution beyond rule-based or ML-based detection, enabling autonomous reasoning and action
• Federal agencies and OpenAI are customers, signaling production-grade maturity and real-world impact at enterprise scale
• The funding signals broader trend: security is moving from manual, human-intensive processes to autonomous agentic systems across multiple domains

Related Articles

• WinRAR Security Flaw CVE-2025-8088: Complete Defense Guide [2025]
• Okta SSO Under Attack: Scattered LAPSUS$ Hunters Target 100+ Firms [2025]
• Northwood Space Lands
  $100M Series B and$
  50M Space Force Contract [2026]
• Browser-Based Attacks Hit 95% of Enterprises [2025]
• AI-Powered Phishing: How LLMs Enable Next-Gen Attacks [2025]
• Galaxy S26 Scam Detection: Why Samsung's New Feature Matters [2025]