CrowdStrike has agreed to acquire Israel-based Seraphic Security, a browser runtime security company, to extend its Falcon platform to browser-native enterprise security.
Expected to close by April, the acquisition will allow CrowdStrike to integrate Seraphic’s browser-native protection with its Falcon endpoint telemetry and threat intelligence capabilities. The move comes just days after CrowdStrike announced plans to acquire SGNL, a continuous identity authorization company.
Browser as attack surface
With web browsers increasingly serving as the primary interface for enterprise work, communication, SaaS applications, and AI tools, they are emerging as one of the most exposed layers in corporate IT environments.
“Traditional endpoint controls like EDR focus on the OS level and miss in-session browser activity, while network tools like firewalls can’t inspect HTTPS-encrypted sessions or user actions within apps. They lack visibility into browser telemetry, shadow IT, malicious extensions, and data flows, leaving gaps that attackers exploit via phishing, session hijacking, and zero-days,” said Amit Jaju, global partner/senior managing director – India at Ankura Consulting. He added that web browsers pose risks even in controlled environments because they inherently process untrusted internet code, enabling zero-day exploits, malicious extensions acting as supply chain attacks, and credential theft that bypasses perimeter defenses.
CrowdStrike said the Seraphic acquisition will allow it to extend the Falcon platform deeper into in-browser activity. With Seraphic, the company aims to transform the SOC by correlating trillions of endpoint signals with deep, in-session browser telemetry. This will allow the Falcon platform to understand user intent, application context, and data flow in real time.
“Seraphic’s true USP lies in its ability to make the browser session itself a governable security surface, rather than treating the browser as a passive extension of the endpoint,” said Sanchit Vir Gogia, chief analyst at Greyhound Research. “Most enterprise security stacks stop at device health and identity validation. They confirm who logged in and from what device, but they lose visibility once the user begins interacting inside SaaS applications. Seraphic addresses this by enforcing policy inside the live browser session, covering user actions, session behaviour, and data movement that never touches disk and never triggers network anomalies. When integrated into CrowdStrike Falcon, it moves from detecting threats around user activity to governing behaviour during it.”
Gen AI altering browser risk
Generative AI has fundamentally altered the browser risk profile. Gogia noted that the browser is now a bidirectional data exchange, where employees routinely feed sensitive context into AI systems. Most of this activity happens outside formal enterprise governance.
Copying internal data into AI prompts, uploading files for summarisation, or using AI-enhanced browser features has become one of the fastest-growing data leakage paths in organisations. As a result, browser-level enforcement is one of the few practical ways to address this without resorting to unrealistic bans.
CrowdStrike will also integrate SGNL’s continuous authorization technology, enabling permissions to be dynamically granted or revoked on a per-session and risk-level basis.
The two solutions combined will create what the company described as a unified security fabric.
The integration will be designed to secure how generative AI applications and agents are accessed, to prevent shadow AI tools from scraping or exfiltrating sensitive enterprise data. It will also aim to prevent the copying, uploading, or screen-grabbing of sensitive data using AI-based content filtering and granular execution-layer controls, stop session hijacking, sophisticated phishing, and man-in-the-browser attacks at the point of execution by randomizing the browser’s JavaScript engine.
In addition, CrowdStrike will extend protection to unmanaged and BYOD devices by securing the browser session without requiring a full endpoint agent.
No Responses