CrowdStrike & Perplexity Unite to Shield the "Agentic" Workforce

SAN FRANCISCO, CA — On the same stage where Perplexity CEO Aravind Srinivas declared "AI is the computer" at Ask 2026, CrowdStrike and Perplexity announced a strategic partnership that directly addresses the security problem Srinivas's vision creates: who guards the AI doing the work?

The collaboration integrates the CrowdStrike Falcon security platform directly into Comet Enterprise — Perplexity's AI-native browser — creating a specialized defense layer for employees working alongside autonomous AI agents. For CrowdStrike, it also marks the first major public deployment of technology from its $420 million acquisition of Seraphic Security in January 2026.

The New Front Door of the Enterprise

As enterprises shift from static web browsing to "agentic" workflows — where AI browsers like Comet autonomously research, draft, and execute multi-step tasks — the security attack surface has fundamentally changed. The browser is no longer a passive display layer. It is an active execution environment with access to internal systems, credentials, and sensitive data.

This creates two distinct threat categories that traditional endpoint detection was not built to handle: data exfiltration via AI (employees or rogue agents pasting sensitive data into LLMs), and "shadow AI" usage (unsanctioned AI tools running undetected inside corporate networks). The CrowdStrike-Perplexity partnership targets both simultaneously.

Enterprises are deploying agentic AI browsers before the security tooling needed to govern them exists. This partnership is a direct response to that gap — embedding detection at the layer where agentic work actually happens.

Falcon Inside Comet: What It Does

Enterprise administrators can now opt in to Falcon-powered monitoring within the Comet browser. The integration operates at the browser runtime level, meaning security policies are enforced inside the execution context — not at the network perimeter. Key capabilities include:

{[ ['Real-time web threat detection', 'Malicious scripts, phishing pages, and drive-by attacks within the browser session'], ['Data loss prevention (DLP)', 'Employees or agents pasting sensitive code, credentials, or PII into external LLMs'], ['Shadow AI enforcement', 'Unsanctioned AI tools running inside corporate Comet sessions without admin approval'], ['Session monitoring', 'Full audit trail of agentic task execution — who authorized what, and when'], ['Policy-based controls', 'Admins can restrict which LLMs, tools, and external services Comet agents can reach'], ].map(([cap, desc], i) => ( ))}

Capability	What It Prevents
{cap}	{desc}

The Seraphic Factor: A $420M Bet Goes Live

The technical core of this partnership is Seraphic Security, an enterprise browser security company CrowdStrike acquired for $420 million in January 2026. At the time of the acquisition, analysts questioned the price tag relative to Seraphic's revenue and market share. The Ask 2026 announcement provides the clearest signal yet of why CrowdStrike paid it.

Seraphic's core technology — what CrowdStrike internally refers to as its "secret sauce" — works by randomizing a browser's JavaScript engine at runtime. This technique defeats an entire class of browser-based attacks that rely on predictable memory layouts and JavaScript execution patterns:

By randomizing the JavaScript engine itself, Seraphic closes the attack window before session hijacking or man-in-the-browser exploits can find a foothold — regardless of the specific vulnerability being targeted.

How JavaScript Engine Randomization Works

Traditional browser attacks — including session hijacking, credential theft, and man-in-the-browser (MitB) attacks — rely on the attacker knowing how the browser's JavaScript engine will behave at a memory level. They exploit predictable object layouts, function pointer locations, and garbage collection patterns.

Seraphic's approach re-randomizes these internal structures each time the browser session initializes, meaning any exploit payload crafted against a known engine layout will silently fail. The technique is particularly effective against zero-day attacks, where the vulnerability exists but a specific exploit has not yet been publicly catalogued — and therefore cannot be patched or signature-detected.

Seraphic's randomization defense is architecture-agnostic — it does not require knowing what the attacker will do. It makes the browser an unpredictable target by default, shifting the cost of exploitation back onto the attacker on every session.

Why This Partnership Makes Sense Now

The timing is not accidental. Perplexity's Personal Computer announcement at the same conference extends Comet from a browser into a 24/7 autonomous agent that accesses files, apps, and external services continuously — even while the user is away. The security implications of a browser that never sleeps require a security layer that never sleeps either.

CrowdStrike, for its part, has been building toward browser-native security since acquiring Seraphic. Comet Enterprise provides the ideal deployment vehicle: a managed, enterprise-grade AI browser where every session is already instrumented, logged, and running under admin control — a far cleaner integration surface than trying to retrofit Seraphic into a general-purpose consumer browser like Chrome or Edge.

Partnership at a Glance

{[ ['Announced', 'March 11, 2026 — Ask 2026 developer conference, San Francisco'], ['Parties', 'CrowdStrike (Falcon / Seraphic) + Perplexity (Comet Enterprise)'], ['Integration Layer', 'Falcon monitoring embedded inside Comet browser runtime'], ['Seraphic Technology', 'JS engine randomization — stops session hijacking & MitB attacks'], ['Seraphic Acquisition', '$420 million — January 2026'], ['Availability', 'Opt-in for Comet Enterprise admins — rollout timeline TBA'], ['Target Customer', 'Enterprises deploying agentic AI workflows at scale'], ['Key Threats Addressed', 'Data exfiltration, shadow AI, session hijacking, man-in-the-browser'], ].map(([detail, summary], i) => ( ))}

Detail	Summary
{detail}	{summary}

Ask 2026 positioned Perplexity not just as an AI company, but as enterprise infrastructure. The CrowdStrike partnership is the clearest signal that the "agentic browser" is being treated as a new endpoint — one that needs its own security stack from day one.

Discussion

Your comments appear live in our Discord server — every post grows the community.

Every comment appears live in our Discord server.

Join to see the full conversation, get notified on new articles, and connect with the community.

Join ObjectWire Discord

Comments sync to our ObjectWire Discord · CrowdStrike & Perplexity Unite to Shield the .