CrowdStrike has announced its intent to acquire Seraphic, a browser runtime security company, in a move designed to address growing security risks tied to browser-based work.
The deal would expand the CrowdStrike Falcon platform into live browser sessions, reflecting how central browsers have become to enterprise productivity and risk exposure, according to the company’s announcement published on the CrowdStrike website.
For many organizations, the browser now functions as the main workspace, connecting users to Software-as-a-Service (SaaS) applications, corporate data, and Artificial Intelligence (AI) tools.
However, this trend has created visibility and control challenges, especially as employees increasingly use unmanaged devices and multiple browsers.
Bringing Zero Trust Into Live Browser Sessions
Seraphic’s technology is designed to operate inside standard browsers such as Chrome, Edge, Safari, and Firefox, providing real-time insight into user activity.
CrowdStrike plans to integrate this telemetry with Falcon’s endpoint data and with continuous authorization technology from SGNL, another firm it has agreed to acquire, to support a more adaptive zero trust security model.
Under this approach, browser sessions are continuously evaluated in relation to user behavior and associated risk signals. Access can be adjusted dynamically (allowed, limited, or blocked) if conditions change. This model is intended to reduce reliance on device trust alone and limit attackers’ ability to hide within legitimate sessions.
The combined platform is also expected to address emerging risks connected to the increasing use of genAI tools. According to CrowdStrike, the integrated solution would apply guardrails to browser-based AI tools, helping organizations prevent unauthorized scraping or leakage of data from shadow AI usage across managed and unmanaged devices.
As browsers become the control plane for enterprise access, embedding security directly into browser sessions may help organizations balance flexibility with stronger protection against session-based attacks.
