Global verification and fraud prevention firm Sumsub recently published its report on the global rate of identity fraud. While the report witnessed a decrease in crime numbers in 2025, the immediate cheer may prove to be short-term, as things are undergoing a “sophistication shift,” with sloppy, low-effort incidents of identity fraud noticed in 2024 now replaced by fewer but sharper, multi-step, and coordinated operations.
In this backdrop, Brooklyn-based Outtake, whose agentic cybersecurity platform helps enterprises detect, investigate, and take down identity fraud, has raised a USD 40 million Series B round of funding. While the amount may not sound huge compared to the capital raised by Outtake’s industry peers, the funding round hit the headlines due to the list of participating angel investors, which included Microsoft CEO Satya Nadella, Palo Alto Networks CEO Nikesh Arora, Pershing Square Holdings CEO Bill Ackman, Palantir CTO Shyam Sankar, Anduril co-founder Trae Stephens, former OpenAI VP Bob McGrew, Vercel CEO Guillermo Rauch, and former AT&T CEO John Donovan.
Knowing The Player In Detail
Outtake, established in 2023 by former Palantir engineer Alex Dhillon, has come up with a fix when it comes to automating what has largely been a manual problem: spotting and taking down digital identity posers, entities like impersonation accounts, malicious domains posing as companies’ official websites, rogue apps, fraudulent ads, and more.
Outtake has customers like OpenAI, British financial services company Pershing Square, and American mobile technology company AppLovin, along with several federal agencies. OpenAI even profiled the company in July 2025 as an example of an agentic start-up built on its reasoning models.
Outtake’s ARR (Annual Recurring Revenue) has increased six times year-over-year, while its customer base grew more than ten times. This shows one thing: while the demand for foolproof cybersecurity solutions is expanding rapidly, the 21st century’s global socio-economic order is also taking the threat of digital identity theft more seriously than ever.
According to Dhillon and his team, two-thirds of identity theft-related attacks now utilise some form of AI, remarking, “the question isn’t whether your organisation will be targeted, it’s whether your defences can match the sophistication of AI-powered threats that are reshaping the very nature of cybercrime.”
So, what is Outtake dealing with? The rising menace of bots, with a 2024 study claiming that 30% of accounts across major social media platforms are likely to be fake. These bots are used to spread scams, steal identities, or manipulate public opinion.
Then add the 703% increase in credential phishing attacks, thanks to the widespread availability of AI-generated phishing kits online. We also have a 202% increase in phishing emails, with generative AI tools and automation again helping hackers compose phishing emails up to 40% faster.
Making ‘Digital Trust’ Great Again
Talking about Outtake’s “AI-Driven Intelligence for Open Sources,” the start-up’s AI agents cut through noise and contextualise risks in real time by delivering the early warning security teams need to protect people, reputation, and operations.
“Manual OSINT (Open-Source Intelligence) workflows can’t keep pace with today’s threat landscape. Security analysts spend hours chasing false positives, triaging repetitive alerts, and piecing together fragments from multiple sources,” the venture stated, further pointing out issues like manual backlogs (with threat actors quickly shifting their campaign methods by the time analysts detect and manually remediate a threat), an endless streak of false alerts (with keyword-based monitoring generating endless dead ends, burying investigators in irrelevant hits and obscuring the real signals that matter), and manual correlation of findings (with cybersecurity teams seeing isolated incidents as big wins rather than uncovering the full campaign across platforms and sources).
To counter these, Outtake has bet big on AI agents, which continuously discover and analyse images, videos, audio, and text across the open web, delivering contextualised intelligence without the manual overhead. They track emerging narratives (upcoming cybercrime trends) and force-protection campaigns before they escalate into reputational or physical risks.
Legacy traditional tools often end up missing threats from social platforms, forums, and open sources, something that Outtake’s AI agents address thoroughly, taking things further to “Location-Based Risk Intelligence” by mapping chatter tied to physical locations to anticipate risks to executives, facilities, and events.
Also, “AI-Driven Intelligence for Open Sources” keeps its client businesses safe by monitoring third-party players like vendors, partners, and acquisition targets for emerging risks. After everything, Outtake distils millions of signals into clear, prioritised summaries before delivering threat digests directly to clients’ inboxes or collaboration tools, customised to the latter’s security priorities.
Next are “Digital Risk Protection” agents that, in the start-up’s language, provide “AI that tirelessly detects, prioritises, and dismantles impersonation threats across domains, social media, apps, and ads.” When it comes to proactively identifying and eliminating digital impersonation threats, traditional methods are trailing severely. How? First of all, they are drowning in AI-generated noise due to the widespread availability of AI-generated phishing kits online.
Attacks are getting sophisticated and fast-paced, with threat actors diversifying their mediums. Apart from missing threats hidden in images, videos, code, and visual brand abuse, legacy keyword tools end up chasing nodes while missing well-coordinated campaigns. These solutions are only capable of tackling isolated threats instead of going after the full attack ecosystem. They can’t connect signals across platforms, leaving coordinated campaigns intact and growing.
“Digital Risk Protection” agents have been tailored with social engineering scams in mind—criminal acts that exploit human psychology to trick individuals into divulging confidential information, transferring money, or installing malware. These attacks are known for impersonating trusted entities or businesses through phishing (emails), vishing (phone calls), or smishing (SMS). Outtake’s solution goes aggressively after these elements, removing fake brand and executive impersonations across all platforms while continuously mapping threat infrastructure across digital mediums, revealing the hidden links that single-point tools overlook.
Be it fraudulent phishing, malware domains, fake mobile apps, or deceptive marketplace listings, “Digital Risk Protection” agents have been tasked with one job: monitor, identify, and take down.
Redefining Digital Verification
Business Email Compromise (BEC), which targets organisations through deceptive emails, skyrocketed in 2025, with Barracuda’s “Email Security Breach Report” registering a staggering 78% of surveyed organisations worldwide experiencing an email security breach throughout the year, with the lack of expertise, automation, and awareness ending up costing companies money, reputation, customers, and growth prospects.
Against this backdrop, Outtake has launched a device- and identity-bound authentication tool via World ID or passkeys, as AI is known for generating both phishing and legitimate emails. “Outtake Verify” has evolved as a browser extension that cryptographically verifies a business’ identity (through mathematical proof instead of probabilistic guessing) and signs the company’s emails. Even if the official mail account gets hacked, Outtake still ensures that these compromised accounts can’t send verified emails by denying attackers device-bound authentication.
The solution not only improves internal email security for Outtake’s client organisations, but it also increases trust in third-party communications by making the whole digital environment secure. “Outtake Verify” also reduces the burden on human cybersecurity professionals within a team by taking over tasks like verifying executive payment approvals, eliminating out-of-band confirmations, ensuring sensitive documents come from authenticated sources with message integrity, and extending trust beyond organisational boundaries by requiring authentication from key vendors.