Back to Blog
companybrowser-securityadaptive-detectionagentic-aisovereign

Why Does Surface Security Exist?

March 2, 2026Surface Security Team

Why Does Surface Security Exist?

The team behind Surface spent years on both sides of the fight. Red teaming, penetration testing, adversary emulation, SOC analysis, and incident response across the Department of Defense and the private sector. On offense, the browser was our most dependable foothold. On defense, it was the seam every tool refused to own.

The enterprise stack kept buying point products. Email gateways, EDR, SIEM, SASE, CASB, identity providers, a separate DLP, a separate GenAI monitor, a separate phishing blocker. Each one watched a slice. None of them watched the place where the user actually decides: the browser session, post-click, in the moments between a link and a credential, between an idea and a paste into ChatGPT, between an agent receiving a page and acting on it.

Surface exists because that seam needed a defender, not another point tool. We built the security analyst in the browser: adaptive, sovereign, and broad enough to cover identity, data, and action in a single platform.

The Threat Landscape Outran Static Defenses

The attacks that matter today share a profile: they are fast, novel, and built to evade signatures.

  • Phishing kits like Tycoon, EvilProxy, and Mamba 2FA rotate domains hourly and bypass MFA via adversary-in-the-middle relay. By the time a URL is in a threat feed, the campaign has already moved.
  • ClickFix attacks weaponize the user's own clipboard. There is no malicious payload to detect until it has already pasted into PowerShell.
  • Token theft from session cookies makes MFA irrelevant after the fact, and the replay happens from infrastructure you have never seen.
  • Malicious browser extensions update silently and inherit every permission the user ever granted.
  • AI agents and copilots act on whatever a page tells them, including hidden prompts attackers embed for them to find.

Signature-based detection cannot keep up with this. Block lists cannot keep up with this. A control plane that updates monthly, or even weekly, cannot keep up with this. The defenders who win are running detection that learns. Detection that understands what a real Microsoft login looks like at the pixel and DOM level, what a normal authentication pattern looks like for a given user, and what an unfamiliar page is trying to imitate.

That is what we mean by an automated security analyst in every browser. Not a rule engine waiting for someone in a SOC to push a new IOC. A locally-running, adaptive system that decides what a page is, in real time, the way a senior analyst would. It gets sharper as your organization uses it.

The Enterprise Security StackEmail GatewayCOVEREDPhishing emailsSpam filteringMalicious attachmentsLink scanningUserclicks link!Browser SessionBLIND SPOTPhishing pagesCredential theftData exfiltrationShadow SaaS usageAI data leakageNo traditional tool monitors this layerPayloaddeliveredEDR / EndpointCOVEREDMalware on diskRansomwareSuspicious processesFile-based threats70%of malware is browser-based95%experienced browser attacks<10%have browser security deployed

One Surface. Not Five Half-Surfaces.

The other reason we built Surface is that the existing market split the problem into pieces no single vendor would unify.

The DLP vendors monitor file transfers and email attachments but go quiet the moment data leaves through a web form, a paste into a GenAI chat, or an upload to a personal drive. The new GenAI monitoring tools watch ChatGPT but cannot tell you whether the page is real or a Tycoon clone. The agentic AI security startups instrument browser agents but ignore the human employee pasting source code one tab over. The secure-browser vendors replace Chrome with their own forked product, lose extension support, and still send everything to their cloud.

Every one of those is a partial answer. An attacker only needs the unwatched seam.

Surface is built around a different premise: the browser session is one surface, and identity, data, and action have to be defended together.

  • Identity. Adaptive page-level vision catches phishing kits no signature has seen, fusing DOM, OCR, perceptual hashing, and brand intent into one verdict, on-device. Shadow Sessions detects stolen tokens the moment they replay, inside or outside your perimeter. Step-up identity verification cuts off the help-desk impersonation and deepfake call vectors.
  • Data. Browser-level DLP that sees pastes, uploads, drags, and form submissions into any web app, sanctioned, unsanctioned, or GenAI, and applies policy at the moment of interaction, not after the fact.
  • Action. Guardrails for AI agents and copilots acting in the browser. Prompt-injection detection on every page, origin-pinned credentials, and action-level governance for autonomous workflows.

These are not three products glued together. They are one platform with one event pipeline, one policy engine, and one investigation console. You see a credential paste, a phishing kit detection, an agent prompt-injection block, and a session replay attempt in the same timeline, because that is how attackers actually move.

Adaptive Learning, Not Static Rules

The hardest part of building this was getting away from the signature model that the rest of the industry is stuck in.

Surface Vision, our patent-pending detection engine, treats every page the way an experienced analyst would. It looks at the rendered output through computer vision, reads the DOM the way a parser would, hashes the visual structure to spot brand impersonation, and reasons about intent before issuing a verdict. It runs on-device. It does not need a domain to be in a feed somewhere. It does not need a signature to have been published.

When a new phishing kit launches Tuesday morning and rotates through a thousand domains by Tuesday afternoon, Surface Vision catches the first hit. The static stack catches the campaign three days later, in the post-incident report.

The same principle applies elsewhere in the platform. Authentication anomaly detection builds a behavioral baseline for each user, not a static rule about geography or time of day, but a learned model of how that person actually signs in. GenAI DLP adapts its sensitivity to your organization's content patterns rather than spraying false positives at every code snippet.

An adaptive analyst gets sharper. A rule list gets stale.

Sovereign by Design, Not as an Afterthought

When we surveyed the browser security market, every single product demanded that browsing telemetry be uploaded to the vendor's cloud. For finance, healthcare, government, defense, critical infrastructure, and any organization with data residency obligations, that is not a deployment option. It is a non-starter.

The logic also breaks on inspection. We were being asked to send sensitive browsing data to a third-party cloud in order to protect it from being sent to third parties. If the data is worth protecting, it is worth keeping inside your perimeter.

Surface runs fully on your infrastructure. Docker, Kubernetes, VMs, bare metal, air-gapped if you need it. Detection runs on-device in the browser extension. Telemetry flows to your own platform deployment. There are no outbound calls to a vendor cloud, no shared multi-tenant database, no foreign jurisdiction processing your users' activity. Your keys, your logs, your perimeter.

This was not an afterthought we bolted on for the regulated buyers. It was the first architectural decision. Everything else was built to fit inside it.

YOUR NETWORKChromeEdgeFirefoxExtensionsEncryptedSurfacePlatformDocker / K8sData LakeInternalPostgres / ESSIEM/ SOARSplunk / etcNo cloud callbacksNo third-party processingNo external dependenciesYour browsing telemetry never leaves your infrastructure.

Built by Operators, for Operators

Surface exists because the people who built it needed it and could not find it.

We were the red teamers exploiting the browser blind spot. We were the SOC analysts staring at incomplete telemetry trying to reconstruct what happened in a session we could not see. We were the incident responders watching organizations buy four more tools to cover what should have been one. We started with the unsolved problems we already knew were unsolved.

If you are running a SOC that is drowning in partial signals, evaluating GenAI risk without browser-level visibility, deploying AI agents into production without guardrails, or trying to meet data-sovereignty requirements that no SaaS browser security vendor can satisfy, this platform was built for you.

Learn more about the platform, the attack coverage matrix, or the case for sovereign deployment. When you are ready to see it in your environment, get in touch.