Cloudflare has announced that it plans to acquire Area 1 Security, a security startup that has developed a product that stops phishing attacks before they land in an employee’s inbox. Cloudflare plans to spend around $162 million on the acquisition. The company will use both cash and stock to fund the acquisition.
Cloudflare has developed its own suite of security products with a zero trust security model. These security solutions prevent data loss, malware or phishing attacks even if employees aren’t in the office or aren’t using a corporate VPN.
With today’s acquisition, the company is adding a mature email security product to its zero trust offering. Area 1 Security said that it blocked over 40 million phishing campaigns for its customers in 2021 alone.
“Email is the largest cyber attack vector on the Internet, which makes integrated email security critical to any true Zero Trust network. That’s why today we’re welcoming Area 1 Security to help make Cloudflare’s platform the clear leader in Zero Trust,” Cloudflare co-founder and CEO Matthew Prince said in a statement. “To us, the future of Zero Trust includes an integrated, one-click approach to securing all of an organization’s applications, including its most ubiquitous cloud application, email. Together, we expect we’ll be delivering the fastest, most effective, and most reliable email security on the market.”
This isn’t Cloudflare’s first email product. The company launched its first email products last year. For instance, you can associate a domain name with your Cloudflare account and create custom email addresses from Cloudflare’s interface. Incoming emails can be redirected to any other email inbox.
Cloudflare also guides you to improve your DNS records and make your emails more secure. For example, the company can help you prevent spoofing attacks.
And Area 1 Security fills an important gap in Cloudflare’s email offering. Area 1 Security constantly tries to discover and identify new phishing attacks. When employees receive new emails, Area 1 Security scans inbound emails for phishing attempts.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
Suspicious emails are automatically blocked before they land in inboxes. They don’t just appear in the “Spam” folder, they’re blocked altogether.
Behind the scenes, customers can start using Area 1 Security by changing the MX record at the DNS level. After that, it’s a cloud-first product, meaning that customers don’t have to install and patch software. If your company is using Google Workspace or Office 365, Area 1 Security works with those email providers.
Given Cloudflare’s deep expertise in DNS servers, this acquisition makes sense. Cloudflare has already been using Area 1 Security for its own employees’ inboxes. In other words, they already know what they’re acquiring.
