Push Security
Security platform that uses browser telemetry and autonomous agents to detect and stop identity attacks.
Push Security is a browser based identity security platform, essentially endpoint detection and response for the browser, that turns the browsers employees already use into a high fidelity telemetry source and real time control point. Founded in London in 2020 by red team and blue team veterans Adam Bateman, Tyrone Erasmus, and Jacques Louw, with backgrounds spanning MWR InfoSecurity, Duo Security, and CrowdStrike, the company has raised about 49 million dollars across three rounds, most recently a 30 million dollar Series B led by Redpoint Ventures in 2025, with Datadog Ventures, Decibel, and GV also backing it. It is deployed on more than 1.5 million endpoints.
The platform targets the attacks behind most modern breaches: credential phishing, adversary in the middle phishing, session hijacking, and account takeover using stolen credentials and tokens, all of which play out inside the browser through legitimate authentication flows that traditional tools miss. Push deploys as a lightweight extension via device management or browser policy across Chrome, Edge, Firefox, Safari, and even emerging agentic browsers like Comet and Atlas, with no migration required. In May 2026 it launched agentic threat hunting: autonomous agents continuously ingest research, generate and test detection hypotheses across live browser telemetry, and ship production ready detections and blocks in minutes rather than waiting on a human analyst.
The company's bet is that context beats model size. Rather than leaning on a proprietary model, Push operationalizes years of red and blue team research across trillions of browser events, focusing on attacker techniques that are hard to rotate rather than easily changed indicators. Beyond identity, it adds visibility and control over shadow SaaS and AI app usage, data loss prevention, and insider threat investigation, all from the same extension. For a security team that sees the browser as the new perimeter and wants identity threat detection and response without rolling out a separate enterprise browser, Push is a category leading option; teams wanting full endpoint or network coverage will still run it alongside other tooling.
Vendor details
Canonical URL
https://pushsecurity.com
Category
Security / SOC agent
Subcategory
Identity threat detection and response
Funding status
Independent, founded in London in 2020 by Adam Bateman, Tyrone Erasmus, and Jacques Louw. Has raised about 49 million dollars across seed, Series A, and a 30 million dollar Series B led by Redpoint Ventures in April 2025, with Datadog Ventures, Decibel, GV, and B3 Capital participating. Deployed on more than 1.5 million endpoints, with customer growth reported above 380 percent year over year.
Company status
independent
Use cases & customers
Primary use cases
Target customers
Deployment options
Integrations
Deploys as a browser extension via device management, browser policy, or direct install across Chrome, Edge, Firefox, Safari, Brave, Opera, Arc, and agentic browsers such as Comet, Atlas, and Dia, with no migration. It turns each browser into a telemetry source and real time control point, capturing trillions of events for autonomous agents to hunt.
In practice
Credential phishing and session hijacking slip past your email and endpoint tools because they happen inside the browser. Push detects and blocks them in real time using behavioral signals attackers cannot rotate, before an account is taken over.
New attack techniques appear faster than your analysts can write detections. Push's autonomous agents hunt across trillions of browser events, generate and test hypotheses, and ship production ready detections in minutes.
Shadow SaaS and unsanctioned AI tools are spreading through the browser with no visibility. Push surfaces and controls that usage and flags identities missing MFA or single sign on, all from one extension.
Sources & related URLs
Research sources
Research notes
Added via Crunchbase discovery batch July6Agentic1to50. Core fields only; enrichment (longDescription, useCaseScenarios, 14-axis VendorFeature, pricing) pending.
Capability coverage
10.0 / 14 capabilities · 71%
| Integrations & Tool CallingDeploys as a browser extension across Chrome, Edge, Firefox, Safari, Brave, Opera, Arc, and agentic browsers via device management or policy, turning existing browsers into a telemetry and control point with no migration, Push Security docs 2026-07-06 | Full |
|---|---|
| Workflow OrchestrationAutonomous agents run a continuous hunt to detection pipeline generating, testing, and shipping detections; broad multi step workflow orchestration is not the framing, Push Security docs 2026-07-06 | Partial |
| Knowledge Grounding & RAGGrounds detection in high fidelity browser telemetry plus red and blue team research and threat intelligence, ingesting research to form hunt hypotheses, Push Security docs 2026-07-06 | Full |
| Human Oversight & GuardrailsAgents write and deploy detections and blocks autonomously without waiting on an analyst, while security teams retain real time visibility and control to tune policy, Push Security docs 2026-07-06 | Partial |
| Security, Identity & GovernanceThe product is itself an enterprise identity threat detection and response platform with a privacy preserving architecture and real time identity controls, Push Security docs 2026-07-06 | Full |
| Observability & AuditabilityGives security teams real time visibility and control across every browser, and browser layer telemetry provides an evidentiary record for investigations that traditional tools lack, Push Security docs 2026-07-06 | Full |
| Memory & State PersistenceMaintains a continuous map of the organization's identity attack surface and browser context; persistent agent memory is not the framing, Push Security docs 2026-07-06 | Partial |
| Deployment & Data ResidencyDelivered as SaaS with a browser extension and a privacy preserving architecture; self host or specific data residency options are not documented, Push Security docs 2026-07-06 | Partial |
| Prebuilt Agents, Templates & PacksShips prebuilt detection and control coverage across mapped browser and identity attacks including phishing, session hijacking, and account takeover out of the box, Push Security docs 2026-07-06 | Full |
| Triggers & Channel CoverageOperates continuously in real time across every browser session, with agents hunting trillions of events and controls acting instantly at the point of attack, Push Security docs 2026-07-06 | Full |
| Model Flexibility & RoutingDeliberately not model centric; operationalizes AI on telemetry and research rather than exposing customer model choice or routing, Push Security docs 2026-07-06 | Unable to verify |
| APIs, SDKs & MCP ExtensibilityFeeds telemetry and alerts into the broader security stack; a public developer SDK or MCP surface is not documented, Push Security docs 2026-07-06 | Partial |
| Testing, Debugging & OptimizationAgents generate and test detection hypotheses against live telemetry as a continuous internal evaluation loop; a customer facing testing toolset is not documented, Push Security docs 2026-07-06 | Partial |
| Browser & Computer UseOperates natively inside the browser as an extension, capturing telemetry and applying real time controls and blocks within browser sessions across many browsers, Push Security docs 2026-07-06 | Full |
Recent platform changes
No recent material changes tracked yet.
Pricing
Not public; enterprise sales, typically priced per user or endpoint
users or endpoints
What is public
No public rate. Push publishes no list pricing and routes commercial terms through sales.
Billing mechanics
Enterprise subscription typically priced per user or protected endpoint, deployed as a browser extension across the workforce. Trials and assessments are available before purchase.
Cost watchouts
Confirm whether add on modules such as AI app control, DLP, and insider threat are included or priced separately, and how pricing scales as endpoint count grows.
Variable cost rationale
Priced per user or endpoint as an enterprise subscription, so cost tracks headcount and is largely predictable once sized to the workforce.
Additional watchouts
With no public rate, benchmark per user pricing against comparable identity and browser security tools, and confirm what coverage across browsers and modules the base tier includes.
Sales call required
Yes — required for paid access
Free / trial
Free trial or assessment available on request; no public self serve tier
Key ambiguities
No entry rate or per user figure is published; all pricing is quoted under sales.
Related vendors
- 7AI — Swarming agentic SOC from the Cybereason founders: sixty plus domain…
- Airrived — Agentic OS that unifies SOC, GRC, IAM, vulnerability management, IT,…
- CrowdStrike — Cybersecurity platform whose Charlotte AI delivers agentic…
- depthfirst — AI security platform that detects, triages, and remediates software…
- Dropzone AI — Production proven AI SOC analyst that investigates every alert in…
- Exaforce — AI SOC platform unifying Exabots agents with an integrated knowledge…