CrowdStrike is buying Seraphic Security to lock down the browser, where work actually happens
CrowdStrike announced Tuesday an agreement to acquire Seraphic Security, a browser runtime security provider, in a move that signals growing recognition among cybersecurity firms that traditional protective measures have failed to keep pace with how employees actually work.
The acquisition, expected to close during CrowdStrike’s first fiscal quarter of 2027, will integrate Seraphic’s browser-level protection into CrowdStrike’s Falcon platform. Financial terms were not disclosed, but a source tells CyberScoop that the deal is worth $420 million, to be paid predominantly in cash with a portion in stock subject to vesting conditions.
The deal reflects an emerging challenge in enterprise security: while browsers have become the primary workspace for most employees, they remain largely unmonitored by existing security infrastructure. CrowdStrike cited data indicating 85% of the workday is now spent in web browsers, yet traditional security models have treated browsers as peripheral rather than central to threat detection.
Current approaches to browser security typically force users into specific enterprise browsers or route traffic through network monitoring systems that can slow performance. Seraphic’s technology operates within the browser runtime itself, working across Chrome, Edge, Safari, and Firefox on both company-managed and personal devices without requiring users to switch platforms.
The acquisition arrives as enterprises grapple with security implications of generative AI tools and autonomous AI agents that increasingly operate through browser interfaces. CrowdStrike specifically highlighted concerns about unauthorized AI applications potentially extracting corporate data, an issue the company refers to as “shadow AI.”
The deal continues CrowdStrike’s expansion beyond its core endpoint detection business into adjacent security domains. Last week, the company announced its intention to buy identity management startup SGNL for $740 million. CrowdStrike plans to combine Seraphic’s browser monitoring with technology from SGNL in order to enable dynamic access controls that adjust permissions based on real-time risk signals rather than static credentials.
This approach represents a departure from perimeter-based security models that dominated enterprise cybersecurity for decades. By monitoring activity at the session level within browsers, the combined technology aims to detect threats that occur after initial authentication, including session hijacking and sophisticated phishing attempts.
The strategy also addresses a persistent challenge in enterprise security: protecting data accessed by contractors, temporary workers, and employees using personal devices. Seraphic’s browser-level approach provides monitoring capabilities without requiring full endpoint security software installation.
CrowdStrike CEO George Kurtz characterized the acquisition as part of a broader strategy around “Zero Standing Privilege,” a security model that grants minimum necessary access for specific tasks rather than maintaining permanent permission levels.
