CrowdStrike has announced it will acquire browser security specialist Seraphic Security, a move aimed at turning any web browser into a secure enterprise-grade workspace and closing what the company describes as a critical blind spot in modern security architectures.
Under the deal, CrowdStrike will integrate Seraphic’s browser runtime security technology into the Falcon platform, alongside SGNL’s continuous authorisation capabilities. The combined approach is designed to secure user and agent interactions from the endpoint, through the browser session, and into cloud applications.
CrowdStrike said the browser has effectively become the new front door of the enterprise, where the majority of work now takes place and where AI agents increasingly operate. However, existing security models often rely on restrictive enterprise browsers or high-latency network-based controls. Seraphic’s technology enforces security directly within the browser runtime itself, supporting Chrome, Edge, Safari, Firefox and emerging agentic browsers, across both managed and unmanaged devices.
By correlating Seraphic’s in-session browser telemetry with CrowdStrike’s endpoint signals and threat intelligence, the Falcon platform gains real-time visibility into user intent, application context and data flows during active sessions. When combined with SGNL’s continuous authorisation, access decisions become dynamic rather than static, with permissions granted and revoked based on live risk signals rather than one-time authentication events.
CrowdStrike CEO and founder George Kurtz said the acquisition enables the company to decouple security from the browser itself, allowing organisations to secure users without forcing them into a single enterprise browser or disrupting productivity. He said the combined capabilities support a Zero Standing Privilege model suited to both human users and AI-driven workloads.
For CISOs and risk leaders, the integration is positioned to address several high-risk areas. These include protecting access to generative AI tools at the browser layer, preventing data exfiltration through copy, upload or screen capture, and stopping session-based attacks such as phishing, session hijacking and man-in-the-browser techniques at the point of execution. The approach also extends security controls to contractors and third parties by securing browser sessions without requiring a full endpoint agent.
Seraphic CEO and co-founder Ilan Yeshua said the acquisition brings continuous zero-trust enforcement to the execution layer where modern work actually happens, rather than limiting controls to network gateways or login events.
The transaction is expected to close in CrowdStrike’s first quarter of FY27, subject to customary closing conditions. The purchase price will be paid primarily in cash, with a portion in stock subject to vesting.
