CrowdStrike browser runtime security acquisition announced

The CrowdStrike browser runtime security acquisition marks a strategic expansion of the Falcon platform into the web browser, which has become the primary execution layer for enterprise work, collaboration, and AI-driven applications. The agreement involves the acquisition of Seraphic Security, a specialist in browser runtime protection.

With this move, CrowdStrike aims to secure interactions that originate at the endpoint, continue through browser sessions, and extend into cloud environments.

Integration with the Falcon platform

Under the agreement, Seraphic’s browser-native protection will be integrated with the Falcon platform’s endpoint telemetry and threat intelligence. The integration also incorporates SGNL’s continuous authorisation technology to deliver what CrowdStrike describes as a unified next-generation identity security strategy.

The combined approach is designed to correlate endpoint signals with in-session browser telemetry, enabling real-time understanding of user behaviour, application context, and data movement.

Addressing a persistent security blind spot

The browser remains one of the most heavily used yet least controlled enterprise environments, with a significant share of the workday spent within browser-based applications. Existing security approaches often rely on restricted enterprise browsers or network-level routing, both of which can limit flexibility or introduce latency.

Seraphic’s technology enforces security controls directly within the browser runtime, supporting mainstream browsers such as Chrome, Edge, Safari, Firefox, and agentic browsers. The protection applies across managed and unmanaged devices.

Dynamic access and session-level controls

By combining browser telemetry with SGNL’s continuous authorisation, access decisions are designed to become session-based rather than static. Permissions can be granted or revoked dynamically based on real-time risk signals, reducing exposure to session hijacking, phishing, and man-in-the-browser attacks.

The approach also enables enforcement beyond initial login, applying identity-driven verification throughout active browser sessions.

Capabilities for AI-driven enterprises

The CrowdStrike browser runtime security acquisition is positioned to support emerging enterprise use cases involving generative AI and autonomous agents. The integrated platform is intended to secure how AI applications are accessed through the browser and prevent unauthorised data extraction or misuse.

Additional capabilities highlighted include web data loss prevention at the execution layer, protection for unmanaged and bring-your-own-device environments, and agentless-style security for contractors and third parties.

Statements from leadership

George Kurtz, CEO and founder of CrowdStrike, said productivity depends on both flexibility and security, noting that users increasingly expect to work in their browser of choice. He said decoupling security from the browser itself allows any browser to function as a secure enterprise browser without forcing behavioural change or reducing productivity.

Kurtz added that combining CrowdStrike’s endpoint signals with Seraphic’s in-session visibility and SGNL’s dynamic authorisation defines the future of Zero Standing Privilege for the modern agentic workforce.

Ilan Yeshua, CEO and co-founder of Seraphic, said the browser has become the primary execution layer for modern work. He said joining CrowdStrike enables platform-level protection at this layer, ensuring zero trust operates continuously rather than as a one-time gateway control.

Transaction timeline

The purchase consideration is expected to be paid primarily in cash, with a portion delivered as stock subject to vesting conditions. The transaction is expected to close during CrowdStrike’s first quarter of FY’27, subject to customary closing conditions.