👋 Hi, it’s Rohit Malhotra and welcome to the FREE edition of Partner Growth Newsletter, my weekly newsletter doing deep dives into the fastest-growing startups and S1 briefs. Subscribe to join readers who get Partner Growth delivered to their inbox every Wednesday morning.

If you’re new, not yet a subscriber, or just plain missed it, here are some of our recent editions.

Deel's free 2026 trends report cuts through all the hype and lays out what HR teams can really expect in 2026. You’ll learn about the shifts happening now, the skill gaps you can't ignore, and resilience strategies that aren't just buzzwords. Plus you’ll get a practical toolkit that helps you implement it all without another costly and time-consuming transformation project.

Get the free report today.

_{Interested in sponsoring these emails? See our partnership options here.}

Subscribe to the Life Self Mastery podcast, which guides you on getting funding and allowing your business to grow rocketship. 

Previous guests include Guy Kawasaki, Brad Feld, James Clear, Nick Huber, Shu Nyatta and 350+ incredible guests.

Zscaler acquiring SquareX isn't a typical big-company-buys-startup story — it's a strategic move to own the last mile of enterprise security: the browser. Zscaler already dominates Zero Trust network access. Now it's adding real-time, in-browser threat detection to close the gap that firewalls and secure web gateways were never designed to cover. One platform, one extension, and a bet that the browser is the new endpoint.

On the surface: a cloud security giant doing what cloud security giants do — acquire, integrate, extend the moat. But look closer, and the logic gets sharper.

SquareX wasn't failing. It was filling a blind spot. The company built Browser Detection and Response (BDR) — think EDR, but for what happens inside Chrome, Edge, Firefox, and Safari. Malicious extensions, rogue scripts, data exfiltration through browser-native channels — the stuff traditional security stacks miss entirely. And it delivered all of this through a lightweight extension, no browser swap required.

The founders understood something the market was slow to catch: employees don't work inside corporate networks anymore. They work inside browsers — on managed laptops, personal devices, airport WiFi. VPNs and VDI were band-aids. The real play was making any browser, on any device, a secure workspace.

And here's the strategic fit: instead of bolting on another standalone tool, Zscaler is embedding SquareX directly into its Zero Trust platform — turning browser-level visibility from a nice-to-have into a native capability.

SquareX didn't start inside Zscaler's product roadmap. It started as a conviction bet by a security researcher who saw what most vendors were ignoring — that the browser had become the biggest attack surface in enterprise IT, and nobody was defending it from the inside.

Vivek Ramachandran founded SquareX with a thesis that cut against the grain: perimeter security was solving yesterday's problem. Employees weren't sitting behind corporate firewalls anymore. They were working inside Chrome tabs, accessing SaaS apps from personal laptops, installing browser extensions no security team had vetted. The threats were browser-native — malicious scripts, rogue extensions, data leaking through browser channels — and traditional tools were blind to all of it.

So SquareX built Browser Detection and Response. Not another secure web gateway. Not another CASB bolt-on. A lightweight browser extension that embedded real-time threat detection directly where work actually happens — inside Chrome, Edge, Firefox, and Safari. No browser swap. No VPN. No disruption. Security teams got deep telemetry; users noticed nothing.

The product found traction fast. Enterprises dealing with BYOD sprawl and unmanaged device access saw SquareX as the missing layer — the thing that made Zero Trust actually work at the browser level, not just at the network edge.

Then Zscaler came calling. The Zero Trust leader had built the exchange, the cloud gateway, the network fabric. But browser-native threats were a gap. SquareX filled it perfectly — same philosophy of invisible security, same enterprise buyer, complementary technology. Instead of building from scratch, Zscaler acquired the team and tech to make the browser a first-class citizen in its platform.

Zscaler isn't disclosing the acquisition price, but the strategic math tells a clear story. A publicly traded $30B+ market cap company acquiring a browser-native security startup to plug the one gap its Zero Trust platform couldn't cover from the network layer alone.

The deal logic is straightforward.

What Zscaler bought: SquareX's Browser Detection and Response technology — real-time, in-browser threat detection delivered through a lightweight extension across Chrome, Edge, Firefox, and Safari. No browser replacement required. Deep telemetry on malicious extensions, rogue scripts, and browser-native data exfiltration that traditional SWGs and CASBs miss entirely.

The technology fit: Zscaler already owns the Zero Trust Exchange and recently launched its Zero Trust Browser. SquareX fills the detection layer. On managed devices, the extension feeds browser threat data directly into Zscaler's platform. On BYOD and unmanaged devices, it enables last-mile controls — work profiles, browser DLP, device posture — turning any browser into a secure workspace without VDI overhead.

The customer play: SquareX's existing deployments stay intact. Zscaler gets an installed base already proving out browser-native security in production. Over time, those customers get tighter integration with Zscaler's analytics, risk-based controls, and global infrastructure — without changing browsers or workflows.

What changes: SquareX's team joins Zscaler. The technology integrates into the platform roadmap. Existing customers get continuity now, deeper capabilities later. Classic acqui-hire-plus-product — the team built something Zscaler needed, and building it internally would have taken years.

The deeper signal: Browser security is moving from nice-to-have to foundational. Employees work inside browsers, not behind firewalls. Zscaler's bet is that owning detection at the browser level — not just controlling access at the network level — is what makes Zero Trust actually complete. SquareX was the fastest path to get there.

To understand why Zscaler acquired SquareX, you need to understand what SquareX actually solved. Not another secure web gateway. Not incremental network security improvements. A fundamentally different approach to the problem that matters most in enterprise security today: the gap between where employees work and where security actually operates.

SquareX's Browser Detection and Response did one thing obsessively well — eliminate the blind spot between browser-native threats and security team visibility. While traditional platforms excelled at inspecting network traffic and controlling cloud access, SquareX was designed specifically for what happens after the connection is established: the in-browser environment where malicious extensions execute, rogue scripts exfiltrate data, and phishing attacks bypass every upstream filter.

Here's the product advantage: legacy security tools are perimeter-obsessed. They require agents, demand network-level control, optimize for managed environments — everything that breaks down when employees use personal devices, unvetted browsers, and shadow IT. SquareX is browser-native. A lightweight extension across Chrome, Edge, Firefox, and Safari. No browser replacement, no VPN dependency, no device management overhead. Just real-time detection for the exact attack surface that CASBs and SWGs were never designed to cover.

The real-world difference wasn't subtle. SquareX detected malicious browser extensions within seconds, flagged data exfiltration through browser channels without DLP agents, and provided device posture checks on unmanaged endpoints — not through network inspection but through direct browser telemetry. For security teams managing hybrid workforces where BYOD is policy, not exception, this became the missing infrastructure layer.

And this mattered more as the attack surface shifted from networks to browsers. Phishing sophistication increases annually. Browser-native threats compound with every extension installed. SquareX owned the layer where enterprises actually stop threats that traditional stacks miss entirely.

Zscaler saw all of this. The technology differentiation, the complementary architecture, the positioning in a category that was becoming foundational. SquareX wasn't building toward standalone scale. It was building toward integration — and Zscaler was the platform that made the combination inevitable.

The Zscaler acquisition exposes a hard truth about browser security startups: category innovation without platform scale is an acquisition target, not a defensible position.

Vivek Ramachandran isn't a first-time founder chasing a trend. He's a twenty-year security veteran who discovered the Caffe Latte attack, built Pentester Academy into a respected training platform, and spoke at DEFCON and Black Hat before browser security was a category anyone took seriously. When he founded SquareX, it wasn't because browser detection was a hot market — it was because he'd spent two decades watching attackers evolve faster than the tools defending against them and saw the browser becoming the biggest unprotected surface in enterprise IT.

Most founders in this space fight over features — better dashboards, more detection rules, slicker consoles. Ramachandran went one level deeper: the browser itself. Real-time detection, extension monitoring, and data protection delivered through a lightweight extension on browsers he didn't own. He didn't build another endpoint agent. He packaged browser-native telemetry into a product that felt like invisible security, not another IT burden.

That positioning made SquareX acquirable, not independent. Browser-level security without network-level distribution meant Ramachandran could prove the technology but couldn't scale it alone. SquareX sat inside the browser, catching threats that Zscaler, Palo Alto, and CrowdStrike couldn't see from the network layer. That's exactly why Zscaler moved — before someone else did.

Now Ramachandran and his team operate inside Zscaler's platform roadmap. A researcher who built companies by staying focused and technically deep is walking into a structure where integration velocity matters more than standalone innovation. But for a founder who spent twenty years understanding how attackers think, having Zscaler's scale and distribution behind his technology might be exactly the leverage SquareX always needed.

The acquisition sounds like validation. It is — but it's also a market signal. Browser security merged into Zero Trust because the standalone window was closing. Ramachandran read the map correctly. Better to be the technology Zscaler integrates than the startup Zscaler eventually builds around.

The SquareX story isn't about disruption. It's about recognizing when a standalone category is about to become a platform feature — and getting acquired before the market treats you as one.

Years of deep security research, a product that proved browser-native detection works, and now integration into the largest Zero Trust platform on the planet. Not because Ramachandran built inferior technology or lost product-market fit. Because he built something genuinely differentiated inside a browser he didn't control — and merged into the platform that did before every security giant shipped their own version.

Everyone's obsessed with building moats. SquareX built capability. It embedded real-time threat detection where no endpoint agent could reach — inside Chrome, Edge, Firefox, and Safari — for enterprises that needed BYOD security without VDI overhead. That positioning made it valuable to exactly one type of buyer: whoever needed browser-native detection without building it from scratch.

Zscaler wrote the check.

Here's what founders should take from this: integration beats isolation. The browser security layer isn't defensible long-term as a standalone play, but it is combinable — if you merge before platforms commoditize your core capability. Ramachandran saw Palo Alto extending into browsers, CrowdStrike pushing endpoint telemetry further, Cisco bundling controls into Umbrella. He knew the standalone window was closing.

Zscaler gets browser-native detection embedded into its Zero Trust platform. Ramachandran gets scale, distribution, and resources to evolve the technology he couldn't fund alone.

That's not failure. That's what happens when you build something valuable enough to acquire, technical enough to differentiate, and consolidate before the category compresses around you.

The best outcomes aren't always IPOs. Sometimes they're acquisitions that turn your technology into infrastructure.

Here is my interview with Bani K Maini: an AI product leader who transforms complex enterprise operations into scalable solutions that actually get adopted.

If you enjoyed our analysis, we’d very much appreciate you sharing with a friend.

Here are the options I have for us to work together. If any of them are interesting to you - hit me up!

And that’s it from me. See you next week.

What do you think about my bi-weekly Newsletter? Love it | Okay-ish | Stop it