1. Headline & intro
AI scams, data broker dossiers and endless password leaks have turned “privacy” from a niche concern into a mainstream anxiety. Most people, however, still juggle half a dozen tools — a VPN here, a password manager there — and hope for the best. Cloaked’s new $375 million round is a signal that investors think that era is ending.
In this piece, we’ll look at what Cloaked is really building, why such a large bet on consumer privacy makes sense now, how the company’s enterprise pivot reshapes the security market, and what this could mean for European users, regulators and competitors.
2. The news in brief
According to TechCrunch, privacy startup Cloaked has raised $375 million in a combination of Series B equity and growth financing. The round is led by General Catalyst and Liberty City Ventures, with participation from Lux Capital, Human Capital, Marquee Ventures, Fifth Growth Fund, the NFL Players Association, LG Technology Ventures, Assurant Ventures and DuckDuckGo. General Catalyst also provided non‑dilutive growth capital via its Customer Value Fund.
Founded in 2020 by brothers Arjun and Abhijay Bhatnagar, Cloaked started as a consumer app for generating alternative identities (emails, phone numbers, passwords) so users could sign up to services without sharing real data. It has since added data‑broker record removal, VPN, dark‑web monitoring, identity theft insurance and, more recently, AI‑powered call screening.
TechCrunch reports that Cloaked grew tenfold last year, now counts over 350,000 paying customers, says it has protected 10 million identities and removed more than 1 billion records from data brokers. The company is expanding its AI screening to SMS, email and browsing, testing an AI agent that can take protective actions, and launching an enterprise product focused on employee protection and risk visibility for CISOs.
3. Why this matters
A $375 million round for a consumer privacy company is not normal. It’s a statement that “privacy” is evolving into something closer to a personal safety utility — and that there might be a category‑defining platform up for grabs.
So far, digital self‑defence has been fragmented: a password manager from one vendor, a VPN from another, email aliases from a third, and perhaps an identity‑theft product from your bank or insurer. That fragmentation punishes normal users; the people who need help the most are the least likely to assemble and maintain a complex toolchain.
Cloaked’s bet is that bundling those capabilities and wrapping them in automation — generating burner identities, scrubbing data brokers, filtering scams, even changing passwords after a breach — can turn privacy into a background service instead of a hobby.
The winners, if this works, are:
- Consumers who get something closer to “always‑on protection” instead of a toolbox they must manage.
- CISOs who can extend protection to employees’ personal attack surface, which is increasingly where phishing and account takeovers start.
- Investors betting that subscription security can become as ubiquitous as streaming.
The losers could be:
- Single‑feature apps (standalone VPNs, email alias services) that risk being absorbed into broader suites.
- Ad‑tech and data brokers, if large providers make data removal and pseudonymous identities mainstream.
The big question is whether Cloaked can justify this war chest with sustainable acquisition and retention, or whether it becomes another overfunded consumer security story.
4. The bigger picture
Cloaked sits at the intersection of several converging trends:
AI‑driven fraud and social engineering. As TechCrunch notes, Cloaked sees AI now outmatching humans at compromising individuals. Deepfake voice scams, realistic phishing emails and automated credential‑stuffing attacks all raise the value of proactive, automated defence. A human simply cannot manually inspect every call, text and email anymore.
The erosion of the corporate perimeter. Employees reuse personal emails and phone numbers for work accounts, access SaaS tools from home networks and discuss business via consumer messaging apps. “Personal” and “enterprise” attack surfaces are now entangled. That makes a consumer‑grade product with an enterprise view — risk scoring, incident visibility, trend reporting — strategically interesting.
The platform privacy race. Apple’s Private Relay, Google’s ongoing cookie deprecation and tools like iCloud Keychain, Chrome’s password manager and passkeys show that big platforms see privacy and security as key differentiators. Cloaked is effectively trying to become a cross‑platform “privacy OS” that rides on top of Apple, Google and Windows rather than being baked into any one.
Historically, attempts to bundle consumer security — think antivirus suites or early identity‑theft products — often became bloatware: noisy, complex, and poorly aligned with user needs. The difference now is that AI, cloud infrastructure and APIs into major platforms make real‑time, context‑aware protection (for example, automatically rotating a password after a breach) feasible.
Cloaked’s competition is therefore not just 1Password, Proton or Firefox, but also whatever Apple, Google and Microsoft decide to include by default — and the user’s growing expectation that security should “just work.”
5. The European / regional angle
For European users and companies, Cloaked’s model lands right in the middle of the EU’s regulatory thicket: GDPR, the Digital Services Act (DSA), the forthcoming EU AI Act and NIS2 for critical‑infrastructure security.
On the plus side, Cloaked’s focus on data‑broker removal and pseudonymous identities is structurally aligned with GDPR principles like data minimisation and privacy by design. Many EU citizens have the right, in theory, to demand erasure and restrict profiling; in practice, few have the time or legal savvy. Outsourcing that work to a specialist service could turn theoretical rights into practical protection.
But there are frictions:
- Data localisation and transfers. If Cloaked processes EU residents’ data outside the Union, it must navigate Schrems II, standard contractual clauses and, increasingly, customer expectations for EU‑based hosting.
- AI transparency and oversight. Under the AI Act, risk‑bearing AI systems will face obligations around explainability, logging and human oversight. An AI that screens communications or autonomously changes passwords will attract regulatory interest, especially in a workplace context.
- Enterprise deployment culture. In countries like Germany, works councils and strong privacy norms mean monitoring‑heavy tools can be controversial. Cloaked will need to prove that its enterprise dashboards do not become a backdoor for employee surveillance.
Cloaked also enters a region with strong local competitors: Proton (Switzerland) on secure communications and VPN, Tuta (Germany) for encrypted email, and a dense ecosystem of password managers and identity‑protection services. To win here, it must show not only technical excellence but also a deep respect for European privacy culture and governance.
6. Looking ahead
Several things are worth watching over the next 12–24 months.
1. Can Cloaked become a default, not a niche? With 350,000 paying customers, the company has strong traction but is still tiny relative to the smartphone user base. The growth capital from General Catalyst is clearly aimed at aggressive customer acquisition. Pricing, bundling with ISPs/banks and partnerships (for example, offering Cloaked as a perk with credit cards or neobanks) will determine whether it breaks out of the tech‑savvy bubble.
2. How far will the AI agent go? Automatically changing compromised passwords is a logical start. But a true “security concierge” could, in theory, dispute fraudulent charges, freeze credit files, or negotiate with service providers after a breach. Each extra capability, however, increases complexity, regulatory exposure and the blast radius if something goes wrong.
3. Enterprise traction. The new B2B product is strategically important. If CISOs see measurable reductions in phishing incidents and identity‑related breaches, per‑employee subscriptions could become a new budget line alongside EDR and SASE. If not, the enterprise pivot risks diluting focus.
4. Trust and resilience. A breach at a privacy company is existential. Cloaked’s entire value proposition rests on being more trustworthy than the dozens of services it shields you from. Transparency reports, third‑party audits and clear data‑handling guarantees will be essential.
Expect the next visible milestones to be: European market entries and local partnerships, deeper AI features rolling out across channels (calls, SMS, email, browsing) and, longer term, potential consolidation — either Cloaked acquiring niche players or becoming an acquisition target for a major platform.
7. The bottom line
Cloaked’s massive round is less about another app in your security folder and more about a bid to redefine consumer privacy as an automated, full‑stack safety layer for people and companies. If it can balance powerful AI assistance with strict data minimisation and genuine transparency, it could become the “personal SOC” most users badly need. If not, it risks becoming an overfunded bundle in an already noisy market.
The real question for readers: would you trust a single company to sit between you and almost every digital interaction you have — and, if so, what would it need to prove first?
