Zscaler Aims To Boost Browser Security With Acquisition Of SquareX

The startup offers what it has called the industry’s first ‘browser detection and response’ platform.

Zscaler announced Thursday it has acquired browser security startup SquareX, as the vendor’s latest move aimed at extending its zero-trust security platform.

Terms of the acquisition, which closed Thursday, were not disclosed by Zscaler.

[Related: Zscaler CEO Jay Chaudhry: ‘Don’t Do Network Security’]

SquareX has offered what it has called the industry’s first “browser detection and response” platform. The offering enables “lightweight” security extensions to be embedded into any browser, providing a further incentive for organizations to dispense with traditional VPNs and VDI (virtual desktop infrastructure), Zscaler said in a news release.

Founded in 2023, SquareX raised a $20 million Series A funding round in April 2025, led by Syn Ventures.

In the news release Thursday, Zscaler Founder and CEO Jay Chaudhry is quoted as saying that “legacy” VPN and VDI systems are “fundamentally flawed and laden with security risks,” creating a need for the type of zero trust approach that Zscaler will be able to further expand with the acquisition of SquareX.

With the acquisition, Zscaler is “deepening our Zero Trust Exchange Platform’s capabilities in standard browsers,” Chaudhry said in the release.

Browsers supported by SquareX include Google Chrome and Microsoft Edge, as well as Mozilla’s Firefox and Apple’s Safari browsers, SquareX said in a blog post.

“Users keep their preferred browser, and IT does not have to manage yet another standalone tool,” SquareX founder Vivek Ramachandran said in the post Thursday.

It’s the third acquisition for Zscaler announced over the past year, most recently coming after the company’s acquisition of AI security startup SPLX in November. In August 2025, Zscaler completed its $675 million acquisition of Red Canary, a trailblazer in MDR (managed detection and response) that has also brought significant agentic-powered security capabilities to the company, Chaudhry has said.

In an interview with CRN in October, Chaudhry said that the continuing onslaught of cyberattacks exploiting traditional network security technologies such as VPNs is increasing the urgency around moving to zero-trust security.

Firewalls and VPNs “have lived a useful life,” he said. But if network security devices have themselves become the weak link on cybersecurity, then “having the network security architecture is irrelevant,” Chaudhry said.

“I like to say, ‘Don’t do network security,’” he said in October.