CrowdStrike announced it has signed a definitive agreement to acquire Seraphic Security, positioning the deal as a move to extend its Falcon platform from endpoint protection deeper into the web browser, the environment where employees increasingly work, collaborate, and access cloud applications.
Seraphic, which CrowdStrike described as a leader in browser runtime security, provides continuous, in-session protection that operates directly inside common browsers including Chrome, Edge, Safari, and Firefox. CrowdStrike said integrating Seraphic’s browser-native controls with Falcon’s endpoint telemetry and threat intelligence—along with SGNL’s continuous authorization technology—will support a broader “Next-Gen Identity Security” strategy intended to secure interactions from the endpoint through the browser session and into cloud services.
CrowdStrike CEO and founder George Kurtz said the company’s approach is designed to deliver enterprise-grade browser security without requiring organizations to force employees onto a separate, locked-down enterprise browser or to accept performance trade-offs tied to network-based routing models. CrowdStrike said Seraphic’s runtime enforcement is intended to keep security “decoupled” from a single managed browser, allowing users to stay within their preferred browser while still applying policies and protections during active sessions.
The company framed the browser as a growing cybersecurity blind spot as more workflows shift to SaaS applications and as generative AI tools and AI agents become embedded in everyday work. CrowdStrike cited third-party research indicating employees spend a significant share of the workday in the browser, arguing that traditional controls often fail to provide sufficient visibility into in-session behavior, data movement, and session-based threats.
CrowdStrike said the Seraphic acquisition would strengthen security operations by correlating Falcon’s large-scale endpoint signals with detailed, in-session browser telemetry. The company said this combination is intended to improve real-time contextual understanding of user intent, application behavior, and data flow, enabling faster detection and response to attacks that originate or execute within browser sessions.
CrowdStrike also pointed to the planned use of SGNL’s continuous authorization to move away from “static” access models. In its description, access decisions would be made dynamically during a session based on risk signals, with permissions granted on a per-session basis and revoked immediately when conditions change—an approach CrowdStrike said can help prevent attacks before they cause damage.
In outlining how the combined capabilities could be used, CrowdStrike highlighted protecting enterprise use of generative AI at the browser layer, including preventing sensitive data from being scraped or exfiltrated through unauthorized AI tools and agents. The company also said the technology is designed to enable continuous, identity-driven verification beyond the initial login, applying policy enforcement across browser tabs as a session unfolds.
CrowdStrike further said the integration would support web-focused data loss prevention capabilities, including controls to prevent copying, uploading, or screen-grabbing sensitive information, along with content filtering and execution-layer policy enforcement. The company also said Seraphic’s approach is designed to disrupt session-based threats such as session hijacking, advanced phishing, and man-in-the-browser attacks, including by changing how browser execution can be targeted at runtime.
Another focus area is coverage for unmanaged devices and BYOD environments. CrowdStrike said Seraphic can provide “agentless-style” protection for contractors and third parties by securing the browser session without requiring a full endpoint agent, which it said could extend protections to environments where traditional endpoint deployments are difficult.
Seraphic CEO and co-founder Ilan Yeshua said the combination with CrowdStrike is aimed at bringing platform-level security to what he described as the enterprise’s most important execution layer, turning zero trust into a continuous, session-driven control rather than a single checkpoint at the point of access.
Financial terms were not disclosed. CrowdStrike said the purchase price is expected to be paid predominantly in cash, with a portion delivered in stock subject to vesting conditions. The company expects the acquisition to close in CrowdStrike’s first quarter of fiscal 2027, subject to customary closing conditions.
KEY QUOTES:
“Productivity requires flexibility and security; users want to work in their browser of choice. Seraphic delivers exactly that. By decoupling security from the browser itself, we can turn any browser into a secure enterprise browser, without forcing change or slowing productivity. With our vast endpoint signals combined with Seraphic’s in-session visibility and SGNL’s dynamic authorization, we are defining the future of Zero Standing Privilege for the modern agentic workforce.”
George Kurtz, CEO And Founder, CrowdStrike
“The browser is where modern work happens. In joining CrowdStrike, we are bringing platform-level protection to the most important execution layer in the enterprise, ensuring that zero trust is a continuous reality, not just a gateway check.”
Ilan Yeshua, CEO And Co-Founder, Seraphic
