MirrorTab raises $8.5M in seed funding to secure web application with AI-powered browser protection

Browsers have become the front line for cyber threats, with attacks like man-in-the-browser becoming more common. Now, San Francisco-based cybersecurity startup focused on securing web applications MirrorTab has just secured new funding to take on this battle.

Today, MirrorTab announced it has raised $8.5 million in seed funding. The round was led by Valley Capital Partners, with backing from GV, Ludlow Ventures, Altman Capital Fund, NextGen Venture Partners, and Alumni Ventures.

MirrorTab will use the fresh capital to expand its capabilities, enhance integrations, and commercialize its product.

A New Approach to Web Security

MirrorTab is stepping into a crowded market with a different strategy: protecting web applications without adding friction for users or requiring extra downloads. Its isolation technology removes the browser as a direct target, hiding data, code, and APIs to create safer online sessions. The company says the new funding will go toward building more features, integrating with other security tools, and pushing its product to more businesses.

“Browsers have become the battleground for hacking, bots, and malware,” said Brian Silverstein, CEO and founder of MirrorTab. “Cyberattacks have evolved, leveraging browsers, AI, and automation to evade detection, mimic human-like behavior, and execute attacks that cannot be prevented with typical web security controls. MirrorTab addresses this critical blind spot in traditional detection-based solutions.”

A Founder with a Track Record

Silverstein has seen this browser-based vulnerability up close. Before MirrorTab, he co-founded Honey, the popular coupon and rewards extension later acquired by PayPal for $4 billion. While building that tool, he realized how similar technology could be exploited to access sensitive information during web sessions, exposing businesses and consumers to fraud.

The Technology Behind MirrorTab

“MirrorTab protects any web platform by securing the session itself—a capability that Web Application Firewalls (WAFs) and bot management tools don’t have,” said Allison Miller, MirrorTab Advisor and Former CISO and VP of Trust at Reddit, who also held cybersecurity roles at Bank of America, Google, PayPal, and Visa.

“It creates a secure, bot-proof wrapper. Even if the client is untrusted or compromised, MirrorTab ensures sensitive information doesn’t leak, under all circumstances. In high-stakes interactions, such as account takeovers or fraud, MirrorTab provides the gold standard of protection without disrupting the user experience.”

The rise of AI-driven attacks has turned browsers into easy targets for cybercriminals. Client-side protections often fall short as attackers use automated tools to mimic human behavior and bypass traditional defenses. MirrorTab’s server-side security aims to block malicious extensions and malware before they can access sensitive data.

Investor Confidence in Browser Security

“Attackers have discovered that the browser can be actively and extensively exploited – and that there’s currently no way to stop them,” said Steve O’Hara, Founder and Managing Partner at Valley Capital Partners. “Recent events have shown just how devastating these attacks can be, with critical personal and financial information easily acquired. The scale of fraud, theft, and damage attributable to these client side attacks is shocking and unacceptable. We believe that MirrorTab has created an innovative and effective solution that is unmatched in stopping these hard-to-detect attacks.”

The company is entering a competitive space where established players like Cloudflare and Imperva dominate, but MirrorTab is betting on its isolation-first approach to stand out.

The Road Ahead

Web-based attacks are becoming more sophisticated, pushing companies to rethink traditional defense methods. MirrorTab is positioning itself as the alternative for businesses seeking protection without adding complexity for end users. The challenge will be whether the company’s technology can live up to its promise—and whether security-conscious companies are willing to try something new.