Startup Trends Shaking Up Browsers, SOC Automation, AppSec
Summary
Startups in 2025 pushed three major shifts that will reshape enterprise security: the browser as the primary attack surface, a new control plane powered by Manifest V3 (MV3) extensions enabling Browser Detection and Response (BDR), and AppSec retooled for AI-driven code generation. At the same time, agentic AI for SOC tasks — both SaaS-style AI SOC agents and outcome-driven AI-MDRs — matured into economically persuasive alternatives to human-heavy operations. These moves come from a cluster of early-stage vendors (SquareX, Keep Aware, LayerX for browsers; Seezo, PrimeSec, Clover Security, Clearly AI for AppSec; Zero Cmd, Twine, Conifers, Legion Security, Simbian, TENEX, AirMDR in the SOC space) and indicate large shifts in how organisations will detect, protect and build software.
Key Points
- The browser is now the primary enterprise workspace and a dominant attack surface — attackers who compromise the browser rarely need to go to the OS.
- Manifest V3 (MV3) extensions give unprecedented real-time observability and control inside browsers, enabling a new product class often called Browser Detection and Response (BDR).
- BDR solutions can inspect decrypted requests, DOM content, AI prompts and OAuth flows, and enforce controls like DLP (block downloads, copy/paste) across unmanaged devices without admin installs.
- AppSec is shifting up the stack: startups use LLMs to analyse business intents, PRDs, tickets and diagrams to find design and privacy flaws before code is generated.
- Design-security tools read unstructured enterprise context (GDrive, Slack, Confluence, Jira) to generate findings, blueprints and mitigation comments back into workflows.
- AI SOC agents and AI-MDRs gained traction in 2025 — they automate Tier 1 (and parts of Tier 2/3) response and claim much lower costs than human teams, especially attractive to the midmarket.
- These trends mean defenders must re-educate: investigate threats in the browser, govern identity and OAuth in-browser, and treat EDR/SSE as less central where browser visibility is available.
Context and Relevance
This article matters because it maps where startup innovation is nudging enterprise security policy and tooling. The browser-as-endpoint thesis undermines assumptions that visibility lives at the OS or network layer; MV3 gives a new choke point for policy enforcement and detection. Meanwhile, AppSec’s shift to ‘design security’ reflects the reality that AI-assisted code generation moves risk upstream into prompts, docs and tickets. Finally, the economics of AI SOC agents threaten to upend traditional MDR pricing and staffing models — meaning smaller organisations may finally afford meaningful response capabilities.
For CISOs, SecOps leads, AppSec teams and security product managers, these trends indicate practical changes: prioritise browser visibility, embed security earlier into design artifacts, and evaluate agentic SOC offerings against outcome-based AI-MDRs for cost and risk trade-offs.
Why should I read this?
Short version: this is where the industry actually moved in 2025. Read it if you want a quick, punchy heads-up on what to change in your controls and hiring plans. If you care about protecting data, governing identity or buying detection/response services, this piece saves you time by flagging the real startups and shifts worth investigating now. Seriously — skim the key points, then drill into anything that touches browsers, AppSec or SOC automation in your estate.