Insights & Updates
The latest on browser security, attack surface management, and building defenses for the modern enterprise.
Citrix Just Unbundled Enterprise Browser. That Is Your Re-Evaluation Window.
Starting with Citrix Workspace app 2511, Citrix Enterprise Browser is no longer included in the Workspace installer. For Citrix-heavy regulated organizations, that turns a routine update into a forced re-deploy and a strategic decision moment. Here is how to think about it.
EU Cloud III, SEAL, and the Coming Reckoning for Cloud-Rendered Browser Security
The European Commission's Cloud III procurement and its SEAL sovereignty framework now grade vendors on technology stack control, not just data residency. Every cloud-rendered browser security product is structurally on the wrong side of that line. Here is why, and what the on-prem extension model gets right.
Your AI Agents Belong Inside Your Perimeter
Menlo, Palo Alto, Island, and the newly-acquired LayerX are all pitching the same future: let AI agents run in our cloud, governed by our platform. For defense, intelligence, finance, healthcare, and regulated EU buyers, that architecture is backwards. Here is the case for the opposite.
Surface vs. Enterprise Browsers
Enterprise browsers replace Chrome with a forked Chromium. That choice has hidden costs: migration friction, lost extension support, mandatory cloud telemetry, and a patch cadence problem that the May 7 Chromium 148.0.7778.96 security release made unusually visible. Here is how Surface compares.
What Is Enterprise Browser Security?
Enterprise browser security is the discipline of defending the browser session itself: the post-click space between the email gateway and the endpoint where most modern attacks now land. Here is what it covers, how the major architectures differ, and what to ask before you buy.
Claude Mythos, Phishing, and the Agentic Threshold
Anthropic's unreleased Mythos model finds thousands of zero-days and runs multi-step attacks end to end. Here is what it changes for phishing, for AI browser agents, and for the defenders in between.
Agentic AI Security: Protecting Your AI-Powered Browser Agents
AI browser agents navigate pages, submit credentials, and interact with sensitive systems autonomously. They also trust everything they read. Here is how attackers exploit that, and how Surface Security defends against it.
How to Reduce Security Overhead and Increase Automation in the Age of AI
AI adoption is creating more security work than most teams can absorb. Browser-level automation helps you discover AI tools, enforce policy, and investigate incidents without adding more manual overhead.
Why Does Surface Security Exist?
Modern attacks move too fast for signatures, fragment across identity, data, and action, and increasingly run inside the browser. Surface exists because no other tool covers the full surface from inside your perimeter.
What If We Got Hacked? How We Protect Our Update Pipeline
Security vendors distribute software to your most sensitive systems. We designed our update architecture so that even a full compromise of our infrastructure can't push malicious code to your network.
ClickFix Attacks: What They Are and How to Stop Them
ClickFix attacks surged 517% in six months, tricking users into running malicious commands through fake CAPTCHAs and error dialogs. Here's how the technique works, how it evolved, and how browser-level security stops it.
Welcome to the Surface Security Blog
Introducing our blog where we share insights on browser security, enterprise attack surface management, and building defenses for the modern enterprise.