Jeswin Mathai on Closing the Security Gap with Browser Detection & Response

80% of enterprise work now happens in browsers—yet legacy tools can’t see what’s happening there.

Jeswin Mathai, Chief Architect at SquareX, believes this is the blind spot shaping the future of cybersecurity. By treating the browser as the new endpoint, SquareX is tackling threats like browser-native ransomware, QR code exploits, and pixel-perfect phishing that slip past traditional defenses. In this interview, Jeswin explains the rise of Browser Detection & Response (BDR), how AI-driven attacks demand new strategies, and why modular, scalable design is key to protecting enterprises in the years ahead.

Based on your experience bridging security innovation with enterprise adoption, what do you see as the biggest challenges and opportunities for browser-native security today?

The biggest challenge facing browser-native security is that 80% of enterprise work now happens in browsers, yet traditional security architectures provide zero visibility into browser rendering engines where sophisticated client-side attacks unfold. Legacy security tools require an average of six days to detect zero-hour phishing attacks, while browser-based phishing has surged 140% year-over-year. The opportunity is immense: by treating the browser as the new endpoint and implementing detection directly within the browser context, we can close this fundamental security gap. Our research has documented over 30 Last Mile Reassembly Attack techniques that bypass every major Secure Web Gateway, demonstrating that network-level inspection is fundamentally insufficient for modern browser-based threats. The market opportunity lies in providing real-time protection where traditional tools cannot reach, without disrupting user productivity through complex enterprise browser deployments.

What is SquareX doing differently as a Browser Detection & Response (BDR) vendor compared to other players in the space?

SquareX is the industry's first Browser Detection and Response vendor, fundamentally different from enterprise browsers or traditional security extensions. We seamlessly transform any existing browser into an enterprise-grade secure environment through a simple extension. We protect against attack vectors others miss entirely: browser-native ransomware that operates without file downloads, malicious QR code attacks, Browser-in-the-Browser phishing with pixel-perfect login replicas, extension-based data exfiltration and more. Our approach eliminates the infrastructure complexity of enterprise browsers while providing comprehensive protection against threats.

As Chief Architect, how do you design SquareX's products to address the rapidly evolving and complex cybersecurity needs of enterprises?

We have developed a fundamentally different approach to combating web threats by deploying advanced threat intelligence directly within the end-user's browser, rather than depending solely on traditional cloud-based processing. While the cybersecurity industry has relied heavily on server-side scanners for over a decade, these centralized solutions have shown diminishing effectiveness against today's rapidly evolving threat landscape.

Our browser-based approach enables real-time threat detection and response at the point of interaction, delivering superior protection while significantly reducing operational costs through minimal cloud data transmission. This edge-computing model not only improves response times but also enhances privacy by processing sensitive data locally. The comprehensive telemetry data we collect provides deep visibility into emerging threat patterns, attack vectors, and user behavior, enabling us to continuously refine our threat detection engine and develop adaptive security policies that stay ahead of sophisticated threats.

How do you ensure that SquareX’s products meet current customer requirements while leaving room for future scalability?

We use a modular architecture with policy-driven controls that lets us meet today’s enterprise requirements, such as applying differentiated access control for contractors vs. employees, without hardcoding logic. As new threats emerge, we can plug in new policies and support detection engines and response actions without forcing a re-architecture. We also design with multi-browser and cross-environment support in mind, because enterprises don’t live in a Chrome-only world. Scalability is about both scale of deployment and scale of evolution, and we’re deliberate about both.

With AI-driven threats and increasingly sophisticated attacks, how is SquareX further fortifying its browser security strategy?

AI is fundamentally reshaping the threat landscape. Phishing pages can now be spun up in seconds, social engineering content is hyper-personalized, and malware delivery chains mutate faster than signature-based tools can react. Our strategy is to build resilience directly into the browser layer, where these threats first appear. 

What mechanisms do you use to convert customer insights into actionable product improvements?

We run a tight feedback loop. Every customer deployment feeds anonymized telemetry into our analytics pipeline, where we identify new attack patterns and usability friction points. We pair this with structured design sessions with CISOs and security teams to understand workflow gaps. Both the quantitative signals from telemetry and qualitative insights from practitioners flows into our product backlog. From there we fine tune customer policies, or improve our product and portal UX.

From an architectural perspective, how are you planning for SquareX's growth and innovation over the next 3-5 years?

The architecture roadmap focuses on three primitives: observability (seeing everything), controllability (modifying anything), and composability (combining capabilities). Everything else, such as features, products, integrations, are built on these primitives. We will continue expanding our web attack detection-mitigation engine to be the founder and leader of the Browser Detection and Response category.