In the traditional castle-and-moat model of security, legacy Virtual Private Networks (VPNs) act as “digital drawbridges,” a measure that is no longer effective in protecting a castle without walls like the modern distributed enterprise. As VPN and Virtual Desktop Infrastructure (VDI) technology become increasingly vulnerable and outdated, investing in zero-trust principles and architecture is more important than ever.
On February 5th, 2026, Zscaler announced the acquisition of SquareX to enable the extension of the company’s zero-trust capabilities into browser environments. The browser has become the new security perimeter, and this deal serves as a defining bet on that future.
What SquareX Brings to the Table
SquareX’s core technology is in Browser Detection and Response (BDR) through lightweight browser extensions that turn Chrome and Edge into enterprise-grade secure browsers. It differs from traditional approaches in a variety of ways, with less friction and adoption challenges than third-party enterprise browsers, less resource demand than full security agents, and less vulnerability than VPNs. It is designed to cover a wide range of threats, including phishing, malicious extensions, generative AI data leakage, and insider threats.
SquareX founder Vivek Ramachandran highlights the advantages of the acquisition and integration with Zscaler: “This approach allows IT leaders to replace expensive, insecure legacy access tools with precise Zero Trust policies that protect data and AI interactions based on an organization’s specific risk profile.”
Zscaler Building a Security Empire
This deal comes as part of Zscaler’s recent acquisition spree, including AI security pioneer SPLX in November 2025, security operations firm Red Canary in August 2025 for $675 million, AI-enhanced data security startup Avalor in March 2024 for $350 million, and agentless segmentation company AirGap Networks in April 2024. As a leader in cloud security, Zscaler is assembling a unified security platform that covers cloud, endpoint, browser, AI, and network segmentation under one zero-trust umbrella.
Zscaler is not the only company attempting to work toward this goal, as the competitive landscape shows. CrowdStrike announced in January that it had signed an agreement to acquire Seraphic Security, a browser runtime security company, for $420 million. This investment by another leading organization signals industry-wide convergence toward consolidation via mergers and acquisitions.
The AI Threat Landscape
The timing of this acquisition is notable in the context of the ongoing AI era, with generative AI tools like ChatGPT, Claude, and Gemini creating new vectors for data exfiltration directly through the browser. Browser security is more important than ever, with these tools constantly enabling data leakage in enterprise environments. The explosion of malicious browser extensions and AI-powered phishing campaigns only amplifies the extreme risk associated with browser use. Increasing efforts toward browser security is also significant in a time when bring-your-own-device (BYOD) arrangements and unmanaged devices pose widespread challenges to organizations. Contractors, remote and hybrid workers, and third-party partners accessing corporate software-as-a-service (SaaS) applications from personal devices can introduce new risks.
Browser-native security is no longer optional—it’s essential for enterprise defense. “Especially now, as the browser has become central to work, where our employees, partners, and contractors are accessing our business-critical applications and using AI,” says Negin Aminian, Senior Manager of Cybersecurity Strategy at Menlo Security, a Mountain View, Calif.-based provider of browser security. “The key is to pivot from those painful, agent-heavy ZTNA models and focus on where the risk actually lives: the browser.”
Market Reality Check—Strategic Vision vs. Stock Price
While the acquisition of SquareX is an attempt toward a unified security future, there is a disconnect from the practical reality of the market. Zscaler is trading around $167–171, well below the Wall Street consensus target range of $260-390, with an average of $325.62. The broader software sector has experienced a $2 trillion selloff amid fears that AI will disrupt traditional SaaS business models. RBC Capital has repeatedly cut price targets, further reinforcing the narrative that AI is the death of software. However, analysts like J.P. Morgan identify cybersecurity as “AI-resistant” and see the downturn as a buying opportunity.
What This Means for Enterprises
CISOs and IT leaders should look to the practical implications of this acquisition and the broader market trends to see that the browser-first security model can reduce complexity and cost while expanding coverage to unmanaged devices. This signals the end of the enterprise browser as a separate product category, emphasizing that security should be invisible and embedded into the tools that employees already use. It is important to consider the risk of integration, as it remains to be seen whether Zscaler can seamlessly weave SquareX into its Zero Trust Exchange platform without disrupting existing workflows.
The Browser-First Future
The SquareX deal is both a product of the current moment—with the convergence of AI threats, remote work, and software selloff—and a bet on where cybersecurity is heading. It is an opportunity to consider critical questions about the future of cybersecurity, such as whether the browser will replace the endpoint agent as the primary unit of enterprise security. The tension between Zscaler’s ambitious vision and the skepticism of the market makes the company a test case for whether bold M&A strategies can outrun the AI disruption narrative.
