He helped build the browser extension half the internet installed. Then he founded the company that refuses to trust extensions at all.
Brian Silverstein spent years writing the code that lives inside your browser. That is the part worth knowing first. Most security founders study attacks from the outside. He learned the browser from the inside out, at Honey, the shopping-rewards extension that rode along on millions of sessions and watched every checkout page load. He knows what an extension can see because he shipped one that saw a lot.
So when he describes the modern threat, he is not theorizing. "Browsers have become the battleground for hacking, bots, and malware," he says. His startup, MirrorTab, starts from an uncomfortable premise: if the attacker can reach the page, the attacker has already won half the fight. Watching that fight more closely does not help. The trick is to stop handing the browser anything worth stealing.
MirrorTab does this with server-side isolation. The real session, the code, the data, the APIs, stays on the server. What reaches the user's device is a sanitized rendering. A malicious extension, a man-in-the-browser trojan, a Magecart skimmer injected three vendors deep into someone's tag manager - they all reach for the goods and close on a mirror. The product is named Haven, which is the rare piece of cybersecurity branding that actually says what it does.
The company is deliberate about where it sits. MirrorTab positions itself at the application layer, intercepting and sanitizing browser sessions before they reach a user's device, obfuscating data, code, and APIs so the browser stops being an attack surface at all. It is a server-side solution that needs no plugins and is built to slot in alongside the defenses companies already run - web application firewalls, bot management, DDoS protection - rather than replace them. Allison Miller, the former Reddit CISO who advises the company, described what it produces as "a secure, bot-proof wrapper" around sensitive web sessions. That is the whole job in five words.
"Browsers have become the battleground for hacking, bots, and malware."
Caption: Same web page, two philosophies. One trusts the browser. The other never does.
To understand why a company like MirrorTab exists, look at what it is built to stop. The modern attack surface is no longer the server or the network perimeter. It is the browser session itself, and the cast of threats is specific: evasive bots that pass for humans, man-in-the-browser malware that quietly edits what you see, malicious extensions that read the page over your shoulder, and skimmers in the style of Magecart and formjacking that lift card numbers straight off a checkout form. Each one automates something a criminal used to do by hand - credential theft, session hijacking, click fraud - and each one happens inside the user's own browser, where traditional server-side defenses cannot reach.
The numbers explain the urgency. The browser security platform market was valued around $4.8 billion in 2024 and is projected to reach roughly $18.4 billion by 2034. Phishing is implicated in more than a third of all data breaches, and AI-generated phishing emails have posted click rates several times higher than the human-written kind. The arrival of generative AI did not invent these attacks - it industrialized them. Silverstein's framing is that the same automation that makes the web faster also makes the attacker faster, and the only durable answer is to remove the thing the attacker is automating against.
Automation built to look human, slipping past detection to commit fraud and abuse at scale.
Malware that sits inside the session and rewrites what the user sees and submits.
Skimming code injected into a page to harvest payment and form data on the way through.
The career reads like three different people who happen to share a resume. A semiconductor engineer. A consumer-product builder. A cybersecurity founder. The thread connecting them is a habit of working one layer below where everyone else looks - at the silicon, at the extension, at the session.
The Honey years taught him exactly how extensions and the DOM get weaponized. MirrorTab is that knowledge pointed in the other direction.
A Cornell electrical engineer with eight patents and time inside Apple's silicon group, now solving a software-session problem from first principles.
"No plugins, no friction - just seamless protection." Security that the user never feels is the whole point, not a footnote.
His thesis: the browser tab is now the primary corporate endpoint, and it has been guarded like an afterthought. MirrorTab treats it like the front door.
Most tools watch for the attack. MirrorTab makes the attack land on a reflection. Different verb, very different outcome.
GV in the round, a fraud-and-security advisory board, and a COO from DNSFilter. The signal travels in the right circles.
"We built MirrorTab to close a massive gap in web security. No plugins, no friction - just seamless protection."
He helped build one of the most-installed shopping extensions on the internet, then started a company to neutralize the kind of browser tricks extensions can hide.
MirrorTab's platform is literally called Haven - the real session hides safely server-side while the attacker only ever sees a reflection.
Semiconductors to consumer hardware to coupons to cybersecurity. Few founders have shipped at the chip level and the checkout level.
The kind of engineer who files, not just ships. The instinct to invent below the surface shows up in everything he builds.
In June 2026, MirrorTab brought on Colin Britton - who previously ran operations at Devicie and DNSFilter - as chief operating officer. The job: turn a strong technical story into reach, especially among managed service providers and channel partners. "Colin has a rare ability to turn strong technical vision into operational scale," Silverstein said of the hire.
It is the move of a founder who has done this before. Honey was not just a product; it was a distribution machine. MirrorTab now wants the same kind of spread for defense - quietly riding along on web sessions, except this time on the side of the people whose sessions they are. The browser is the battlefield. He just intends to be the one who decides what the attacker gets to touch, which is nothing.
The Haven platform reflects that ambition. Alongside the server-side isolation core, it ships as a Chrome extension offering real-time link scanning and phishing detection, aimed squarely at managed service providers and enterprise customers - the channel that defends thousands of smaller companies at once. The 2025 CyberSecurity Breakthrough Award for Web Filtering and Control Solution of the Year was an early validation, but Silverstein has been clear about the roadmap: expand the platform's capabilities and deepen its integrations with the security tools companies already trust. The point was never to be one more dashboard. It was to be the layer underneath the dashboards that quietly takes the most dangerous option off the table.
The investor list reads as a vote on that thesis. The $8.5 million seed was led by Valley Capital Partners and joined by GV - Google's venture arm - along with Ludlow Ventures, Altman Capital Fund, NextGen Venture Partners, and Alumni Ventures. The advisory board, assembled a month after the raise, gathered fraud and security veterans to pressure-test the approach. For a category as crowded and skeptical as cybersecurity, that combination of capital and credibility is its own kind of signal. The market has seen plenty of tools that watch. Silverstein is betting it is ready for one that simply refuses to hand the attacker anything real.