Congratulations to Ilan, Avihay, Suresh, and the entire Seraphic team.
When we first partnered with Seraphic Security, the browser was already quietly becoming the enterprise’s primary operating environment. SaaS applications, collaboration tools, and increasingly AI systems all converged in a single place: the browser tab. Yet while security investments focused on endpoints, networks, and identity providers, the live browser session itself remained comparatively under-addressed.
We were thrilled to invest in Seraphic at the seed stage and to lead the Series A round, because Ilan, Avihay, and Suresh recognized this gap early and set out to solve it in an entirely new way. Their view was not incremental: If the browser had become the center of enterprise activity, security needed to be built natively for that environment, not as an extension, wrapper, or forced migration to a new browser, but as something Net New. While much of the market attempted to retrofit perimeter tools to a browser-centric world, Seraphic embedded runtime security directly within the browser’s execution environment, building a distinctly new architectural layer around the reality that the browser had become the enterprise control plane.
That architectural clarity shaped the company from the beginning. And it is against that backdrop that Seraphic now enters its next chapter with CrowdStrike.
An Architectural Gap
The SaaSification of the workplace transformed the browser into a continuously executing environment in which every tab runs external code, every session manages identity tokens, cookies, and sensitive data flows, and AI copilots and browser-based agents operate within the same dynamic context. Traditional security controls were never designed for this layer. VPNs and VDIs secure network paths, endpoint agents protect devices, and identity platforms gate authentication. Still, none were built to observe and enforce security directly within the live browser runtime, where session hijacking, token theft, extension abuse, and data exfiltration occur.
The industry acknowledged the risk, yet most responses were reactive, ranging from secure browsers that disrupted workflows to isolated environments that introduced latency and patchwork extensions that attempted to compensate for structural gaps. What enterprises ultimately required was browser-native protection embedded at runtime.
Seraphic approached the problem from first principles, placing a lightweight JavaScript-based agent directly atop the browser’s execution engine to enable deep runtime visibility and control. Rather than relying solely on static indicators of compromise, the system continuously monitors and dynamically defends the session itself, including through techniques such as Moving Target Defense. The result is not another security add-on, but a dedicated enforcement layer within the environment where modern work already takes place.
Why CrowdStrike + Seraphic Matters
As the industry begins to recognize the browser as a core enforcement layer, Seraphic now enters its next phase alongside CrowdStrike.
Integrating browser-native runtime protection into one of the industry’s most widely adopted security platforms reflects a broader structural shift. Enterprise security is evolving from protecting where attackers land to securing where they operate.
As AI-driven workflows expand and enterprises increasingly rely on live browser sessions across managed and unmanaged devices, securing access at login is no longer sufficient; controls must persist throughout the interaction.
By combining Seraphic’s runtime capabilities with Falcon’s endpoint telemetry and identity intelligence, the gap between endpoints, identities, and browser sessions begins to close. It is a meaningful step toward a unified security fabric that extends from device to identity to execution.
Looking Ahead
From our earliest conversations, it was clear that Seraphic’s founders were not content to work within existing constraints. They were determined to rethink browser security at its core, and they built with the kind of conviction and technical rigor that rarely shows up in emerging categories.
With CrowdStrike’s global reach and distribution, this technology now has the opportunity to scale across enterprises navigating distributed work, AI adoption, and an increasingly session-centric threat landscape.
We are grateful to have been part of the journey with Ilan, Avihay, Suresh, and the entire Seraphic team and are looking forward to seeing what’s next.
Share Story
