Zscaler Acquires SquareX to Secure Any Browser with Zero Trust

Enterprises face escalating threats from malicious browser extensions, scripts, and AI-driven attacks, especially as remote work and BYOD policies proliferate. Zscaler’s acquisition of SquareX, closed on February 5, 2026, directly addresses this by integrating lightweight browser extensions that enforce Zero Trust principles in standard browsers like Google Chrome and Microsoft Edge. This move allows IT teams to protect SaaS and private apps without deploying heavy agents or forcing users into proprietary browsers, a common pain point in legacy setups.

Traditional VPNs and Virtual Desktop Infrastructure (VDI) expose organizations to lateral movement risks and productivity bottlenecks. SquareX’s technology detects threats in real-time and applies least-privilege access, tailored to an organization’s risk profile. For security leaders, this means replacing insecure tools with precise controls that safeguard data interactionscritical as AI amplifies attack surfaces.

Imagine a sales team accessing customer CRM data from personal laptops during a client meeting. Without robust browser security, a malicious extension could exfiltrate sensitive info or inject ransomware. With SquareX integrated into Zscaler’s Zero Trust Exchange platform, the browser extension blocks such threats inline, enforcing policies that allow only approved apps while permitting seamless browsing. This scenario highlights the user-centric win: employees stay productive in their preferred browser, while IT gains visibility and control over unmanaged devices.

Zscaler CEO Jay Chaudhry emphasized ditching flawed legacy systems: “Enterprises have historically relied on legacy VPNs and VDIs, but these technologies are fundamentally flawed and laden with security risks.” SquareX founder Vivek Ramachandran added that the integration secures apps across managed or BYOD devices without productivity hits, enabling risk-based Zero Trust policies.

This deal fits Zscaler’s aggressive acquisition strategy, following Red Canary in August 2025 for AI-powered SOC capabilities and SPLX in November 2025 for AI security governance. SquareX bolsters browser defenses, positioning Zscaler against rivals like CrowdStrike’s recent Seraphic acquisition and Palo Alto Networks’ Prisma Access Browser. Gartner predicts secure enterprise browsers will reach 25% adoption by 2028, up from 10% today, signaling massive market growth.

By extending Zero Trust to browsers, Zscaler eliminates the need for third-party enterprise browsers, reducing costs and complexity. Investors note this could impact margins and cash flow, amid recent insider selling, but it strengthens Zscaler’s platform in AI-era security.

Looking ahead, this acquisition future-proofs enterprises against evolving AI-powered threats, where browsers become prime vectors for data poisoning or automated exploits. Organizations can now scale Zero Trust to every endpoint, fostering secure innovation in hybrid environments. As workforces demand flexibility, Zscaler’s approach promises enforceable policies that adapt to real-time risks, potentially setting a new industry standard.

For CISOs evaluating options, the key question is integration speed into Zscaler’s platform. Early metrics on threat detection and user adoption will determine if this truly disrupts the secure browser market. One thing is clear: in an era of unmanaged devices and intelligent attacks, browser-native Zero Trust isn’t optionalit’s essential for resilient operations.

This development empowers security teams to focus on strategy over firefighting, giving every user the protection they need without slowing them down.