CrowdStrike, a global leader in cloud-native cybersecurity, announced the signing of a definitive agreement to acquire Seraphic Security, a pioneer in browser runtime security. This acquisition reinforces CrowdStrike’s mission to protect the full digital attack surface by embedding advanced protection deep into web browsers where enterprise work, communications, applications, and AI-driven agents now operate.
By combining Seraphic’s browser-native security with the extensive endpoint telemetry and threat intelligence of the CrowdStrike Falcon® platform, along with SGNL’s continuous authorization technology, CrowdStrike plans to deliver a unified Next-Gen Identity Security architecture that safeguards interactions from endpoints through browser sessions and into cloud environments.
“Productivity requires flexibility and security; users want to work in their browser of choice. Seraphic delivers exactly that,” said George Kurtz, CEO and founder of CrowdStrike. “By decoupling security from the browser itself, we can turn any browser into a secure enterprise browser, without forcing change or slowing productivity. With our vast endpoint signals combined with Seraphic’s in-session visibility and SGNL’s dynamic authorization, we are defining the future of Zero Standing Privilege for the modern agentic workforce.”
Addressing Critical Browser Security Gaps
Web browsers have become a dominant vector for enterprise activity, yet they remain a significant blind spot for cybersecurity teams. With employees spending an estimated 85% of their workday in browsers, traditional security approaches such as constrained enterprise browsers and high-latency network routing often fail to protect critical interaction layers in real time.
Seraphic changes this paradigm by enforcing sophisticated security directly within any browser runtime including Chrome, Edge, Safari, Firefox, and modern agentic browsers on both managed and unmanaged devices. This approach enables organizations to secure browser sessions without disrupting productivity or restricting user choice.
Also Read: Cyera Secures $400M in Series F Funding to Fuel Enterprise AI Security Growth
Unified Security With Real-Time Context and Controls
By correlating trillions of Falcon endpoint signals with Seraphic’s in-session browser telemetry, CrowdStrike will significantly enhance visibility into user intent, application context, and data flow. When combined with SGNL’s continuous authorization, access decisions dynamically adjust based on real-time risk, granting and revoking permissions as needed to stop attacks before they impact the enterprise.
Key capabilities expected from the Seraphic integration include:
- Stronger Browser-Layer Protection for Enterprise AI: Secure access to generative AI applications and agents, reducing the risk of unauthorized data exposure.
- In-Session Zero Trust Enforcement: Continuous verification and context-aware controls that operate beyond initial login authentication.
- Next-Gen Web Data Loss Prevention (DLP): AI-assisted policies to prevent unauthorized copying, uploading, or screen capture of sensitive content.
- Advanced Defense Against Session-Based Attacks: Suppression of sophisticated techniques, such as session hijacking and man-in-the-browser exploits.
- Protection for BYOD and Unmanaged Devices: “Agentless-style” security that secures browser sessions without requiring a full endpoint agent.
“The browser is where modern work happens,” said Ilan Yeshua, CEO and co-founder of Seraphic. “In joining CrowdStrike, we are bringing platform-level protection to the most important execution layer in the enterprise, ensuring that zero trust is a continuous reality, not just a gateway check.”
Transaction and Closing Timeline
The acquisition consideration will be paid primarily in cash, with a portion delivered as stock subject to vesting conditions. The deal is expected to close during CrowdStrike’s first quarter of fiscal year 2027, subject to customary closing conditions.
