Welcome back to The Trident Radar!

We're writing this from RSA Conference in San Francisco, where the Trident team has been on the ground all week. CISO Karaoke was a hit last night, more on it next week.

Last week was a monster for funding. Cloaked pulled in $375M to bring consumer privacy to the enterprise. XBOW raised $121M at a near-unicorn valuation for AI autonomous pen testing. Oasis Security grabbed $120M for non-human identity management. Cape raised $100M for a privacy-first mobile carrier. And that's before we get to Surf AI ($57M), RunSybil ($40M with Anthropic on the cap table), and Clover ($36M with Shlomo Kramer and Assaf Rappaport as angels).

The autonomous pentest wars are heating up. The NHI category is exploding. And privacy is becoming a product category, not just a compliance checkbox.

Lets dive in!!

Insider Insight: The Autonomous Pentest Wars
Company Spotlight: Cloaked

Something different this week!

Learn more about us, who we are and why we do what we do everyday!

Find Trident Search at RSA this week.

CISO Karaoke was legendary last night. We'll have the full recap next week, but if you missed it, you missed something special.

Still time to connect:

The Harlequin (Today and Tomorrow) Tuesday March 24 and Wednesday March 25, 9am-4pm both days. We're hosting meetings in a relaxed setting away from the Moscone floor.
Contact: [email protected]

On the Floor The Trident team is walking the conference all week. If you see us, say hello. We're the ones in navy blue asking pointed questions at vendor booths.

See you out there.

Cloaked
Series B, $375M (General Catalyst, Liberty City Ventures, Lux Capital, Human Capital, Thiel Capital, DuckDuckGo, NFL Players Association, LG Technology Ventures)
Consumer privacy platform creating unlimited digital identities for online protection. Virtual phone numbers, emails, passwords, data removal, identity theft insurance, VPN, dark web monitoring, and AI-powered call screening.

Category: Consumer Privacy / Identity Protection
HQ: Lowell, MA

XBOW
Series C, $120.9M (DFJ Growth, Northzone Ventures, Sequoia Capital, Alkeon Capital, Altimeter Capital, Sofina)
AI-powered autonomous penetration testing platform. Autonomously finds, exploits, and reports vulnerabilities without human intervention. Adapts learned attack patterns to new situations. Post-money valuation near $1B.

Category: AI Penetration Testing
HQ: Seattle, WA

Oasis Security
Series B, $120M (Craft Ventures, Sequoia Capital, Accel, CyberStarts, Frontline Ventures, Leaders Fund)
Non-human identity management platform providing visibility, risk assessment, and auto-remediation. Discovers all NHIs, simplifies secret management, implements governance. Expanding across AI agent frameworks.

Category: Non-Human Identity / NHI Security
HQ: New York, NY

Cape
Series C, $100M (Bain Capital Ventures, IVP, Fifth Down Capital, 01 Advisors, 137 Ventures)
Privacy-first mobile carrier protecting user data and location from hackers. Government, business, and consumer focus. Post-money valuation $946M.

Category: Privacy / Secure Communications
HQ: Arlington, VA

Surf AI
Series A, $57M (Accel, CyberStarts, Boldstart Ventures)
Agentic security operations platform bringing contextual intelligence into security processes. AI-driven automation integrating contextual awareness into workflows. Founded by Israeli cybersecurity veterans.

Category: Agentic SecOps / Security Automation
HQ: Tel Aviv, Israel

RunSybil
Series A, $40M (Khosla Ventures, Anthropic, Conviction Partners, S32, Menlo Ventures)
AI-based penetration testing and offensive security platform. Automated attack surface discovery, autonomous testing modeling attacker behaviour. Angel investors include Nat Friedman, Elad Gil, Nikesh Arora, Jeff Dean, Daniel Gross. Post-money valuation $141M.

Category: AI Penetration Testing
HQ: Palo Alto, CA

Clover
Series A, $36M (Team8, Notable Capital, ServiceNow, Silicon Valley CISO Investments)
Design-stage security using AI agents to embed security into earliest development phases. Replicates thinking of experienced security architects. Angels include Shlomo Kramer, Assaf Rappaport, Yinon Costica, Rene Bonvanie. Post-money valuation $161M.

Category: Shift-Left Security / DevSecOps
HQ: New Castle, DE

Native
Series A, $31M (Ballistic Ventures, YL Ventures, General Catalyst, Merlin Ventures)
Cloud security platform safeguarding digital assets and promoting data sovereignty. Threat detection, ransomware mitigation, SDLC automation.

Category: Cloud Security
HQ: Tel Aviv, Israel

Corridor Security
Series A, $25M (Felicis Ventures, Datadog, SV Angel, Conviction Partners, Sunflower Capital, Lux Capital)
Agentic Coding Security Management platform using LLMs to identify vulnerabilities and generate validated fixes. Angels include Mike Krieger (Instagram co-founder).

Category: AI Code Security
HQ: San Francisco, CA

Eclypsium
Later Stage, $25M (PEAK6 Investments, Qualcomm Ventures, Singtel Innov8, Madrona, Andreessen Horowitz, Ten Eleven Ventures)
Firmware and hardware security platform defending below-the-OS attack surface. Device integrity and supply chain risk mitigation.

Category: Firmware Security / Hardware Security
HQ: Portland, OR

Tracebit
Series A, $20M
Cloud-native deception technology deploying decoy resources mimicking legitimate infrastructure like AWS S3 buckets and IAM roles.

Category: Deception Technology
HQ: London, UK

A very underwhelming week, but I suppose not every week is Wiz level!

Zygon → Memority
Deal Type: Merger / Acquisition
Deal Date: March 16, 2026
Deal Size: Undisclosed

Identity Governance and Administration platform streamlining access reviews, account provisioning, and identity lifecycle operations. Detects risky behaviour on any application.

Sekera → Aegis Ventures
Deal Type: Merger / Acquisition
Deal Date: March 19, 2026
Deal Size: Undisclosed

Cybersecurity and risk management platform. Penetration testing, security audits, incident response, forensic analysis.

This year three interesting companies collectively raised $212 million for AI-driven penetration testing. XBOW led the charge with $121 million, while RunSybil secured $40 million with Anthropic backing them. Earlier this year, Novee also made waves with a $51.5 million raise.

This leaves me wondering: what does this mean for traditional pen testers?

Every AI pentest vendor seems to be singing the same tune: continuous testing at machine speed, no more waiting for annual assessments, and AI that mimics an attacker's mindset. XBOW boasts about its ability to autonomously find, exploit, and report vulnerabilities without any human help. RunSybil highlights its platform's knack for automated attack surface discovery and testing that mirrors attacker behaviour. Novee claims its proprietary AI outperformed Claude and Gemini by 55% in web exploitation challenges.

The Technology Is Real

These platforms can scan, probe, and exploit at speeds no human can match. They run 24/7. They don't take holidays. They don't get tired at 3am.

But penetration testing is more than just scanning. The best human testers bring intuition, creativity, and a deep understanding of business context that even the smartest AI struggles to match. An AI can spot a SQL injection vulnerability in seconds, but can it grasp that the database it's targeting holds the company's most sensitive customer data? Can it weave together a complex attack involving social engineering, physical access, and technical exploitation? Can it recognise when a seemingly minor finding is actually catastrophic due to specific regulatory requirements?

The honest vendors will tell you: AI pentesting excels in breadth but falls short in depth. It's fantastic for continuous baseline testing, catching obvious issues early, and covering assets that might otherwise be overlooked.

The traditional annual pentest isn't disappearing. But it's evolving:

Tier 1
Basic vulnerability scanning, configuration checks, and known exploit testing is increasingly automated. AI handles this better, faster, and cheaper than humans.

Tier 2
Covers moderate complexity issues, business logic flaws, and chained vulnerabilities, this is where the battle is being fought right now. The best AI platforms are starting to handle some of this, but humans still catch things the machines miss.

Tier 3
Red team exercises, APT simulation, and creative attack chains remains firmly human territory. No AI is replicating a skilled red teamer's ability to think laterally across technical and non-technical attack vectors.

So what does this mean for hiring?

If you're a security leader, you're not replacing your pentest team, you're enhancing it. Junior roles focused on basic scans are shrinking. Senior testers who can think creatively and communicate findings to the board? More valuable than ever. If you're a pentester, the path forward is up, not out. Specialise in red teaming, adversary simulation, and the kind of creative testing that AI can't replicate. Learn to work alongside AI tools rather than competing against them. If you're a vendor, managed pentest firms that don't adapt will struggle. Those who integrate AI for routine testing while reserving human expertise for advanced assessments will thrive.

The rise of autonomous pentesting is a win for security. More frequent testing across more assets means more vulnerabilities found and fixed, but let's not get carried away. AI pentesting is a force multiplier, not a replacement. The best security programs will blend AI with human expertise. And vendors who are upfront about AI's limitations will earn more trust than those making grand promises.

If you're at RSA this week, ask the AI pentest vendors: "What can't your platform do?" Their answer will reveal whether they're offering a genuine solution or just a flashy demo.

Website - https://www.cloaked.com

The biggest round of the week, and it's not even close. Cloaked raised $375M to bring consumer privacy tools to the enterprise, proving that protecting personal data is now a serious business.

Founded in 2020 by brothers Arjun and Abhijay Bhatnagar, Cloaked built its name helping regular people take back control of their digital identities. The platform started simple: generate unlimited virtual phone numbers, email addresses, and passwords for different online accounts. No more giving your real information to every app and website.

Then it expanded:

Rather than forcing consumers to juggle multiple privacy apps, Cloaked bundles everything into one platform. 350,000 paying customers later, with 10x growth last year and 10 million identities protected, the traction speaks for itself.

Funding and Momentum

On March 19, 2026, Cloaked raised $375M in a combined Series B equity round and growth financing through General Catalyst's Customer Value Fund. The round was led by:

Total funding to date exceeds $400M. The company has nearly 70 employees and is hiring aggressively across product, engineering, enterprise sales, and international markets.

The Enterprise Play

Cloaked Enterprise, launched late last year, is where the growth capital is heading. The pitch to CISOs: the biggest blind spot in your security program is the human attack surface. Your employees' personal digital exposure creates risk you can't see with traditional security tools.

Cloaked Enterprise discovers and prioritises risks from employees' personal data exposure, then deploys the full Cloaked suite to mitigate them. It's not about monitoring employees' private lives. It's about protecting them from attacks that start by exploiting their personal information.

Leadership

Why It Matters

Consumer privacy is becoming enterprise security. As AI makes social engineering and phishing dramatically more effective, protecting employees' personal data protects the company. Cloaked is betting that the same tools that protect individuals can scale to protect organisations.

The $375M bet from General Catalyst and friends suggests they agree.

Head of Sales - US
💰 $200K base
📍 US
Deception-based identity protection platform using "phish-back" technology to trap attackers and recover stolen credentials.
Contact: [email protected]

Sr Director - Data & Research
💰 $250K base
📍 US
Cybersecurity platform protecting enterprises from sophisticated bot attacks, fraud, and account abuse. Verifies the humanity of 20+ trillion digital interactions weekly.
Contact: [email protected]

VP Marketing
💰 $225K base
📍 US
Early-stage cybersecurity company. Retained search. More can be disclosed in a conversation.
Contact: [email protected]

Sales Engineer
💰 £90K
📍 UK
All-in-one cybersecurity management platform combining MDR, pen testing, compliance, and incident response for SMEs and MSPs.
Contact: [email protected]

Sales Engineer
💰 $190K base
📍 US
AI penetration testing platform built to secure constantly changing environments against attackers operating at machine speed. Proprietary AI trained specifically for offensive security.
Contact: [email protected]

Sales Director
💰 $200K base
📍 US
AI-powered security and compliance platform using extremely unique proprietary technology. Streamlines audits, gap analysis, questionnaire automation.
Contact: [email protected]

Ready to make your next move? These roles won't stay open long.

Have market intelligence to share? Our network sees deals before they're announced, hiring freezes before they're public, and technology shifts before they hit the headlines.

Send us your tips:

Email: [email protected]
All sources protected. We verify before we publish.