BREAKING — MirrorTab raises $8.5M seed led by Valley Capital Partners Honey co-founder Brian Silverstein takes on browser-based attacks GV, Ludlow Ventures & Alumni Ventures join the round NEW — CISO advisory board: Reddit, SoFi, Chime, Databricks, Bank of America No DOM exposure. No plugins. No code changes. The browser is the new corporate endpoint BREAKING — MirrorTab raises $8.5M seed led by Valley Capital Partners Honey co-founder Brian Silverstein takes on browser-based attacks GV, Ludlow Ventures & Alumni Ventures join the round NEW — CISO advisory board: Reddit, SoFi, Chime, Databricks, Bank of America No DOM exposure. No plugins. No code changes. The browser is the new corporate endpoint
Cybersecurity · San Francisco · Est. 2021

MIRRORTAB

The web app you're using may never actually run in your browser.

A San Francisco startup is quietly moving the browser session somewhere attackers can't reach it - the edge - so malware, bots, and rogue extensions get a mirror instead of your code.

MirrorTab logo and wordmark
The logo, lit like a security badge. A stylized "MT" glows inside a rounded tile - a company whose entire product is about what you don't get to see.
FILED: San Francisco, CA CATEGORY: Web & API Security STAGE: Seed · $8.5M TEAM: ~12 people
The Story

A Browser Guy Decides The Browser Can't Be Trusted

There is a particular kind of person who understands exactly how dangerous a browser extension can be, and it is a person who has built one. Brian Silverstein co-founded Honey, the shopping-rewards extension that lived deep inside your browser's DOM, watched your checkout pages, and eventually convinced PayPal to buy it for a reported $4 billion. Honey worked because it could see and touch everything happening in your tab. That was the feature. Silverstein's next company, MirrorTab, exists because that is also the bug.

The pitch is almost pleasingly counterintuitive. For roughly two decades, web security has assumed the browser is a place you defend - you scan it, you score it, you sprinkle it with agents and detection models and hope you catch the bad script before it skims a credit-card field. MirrorTab's argument is that this is the wrong layer. You cannot protect what you insist on exposing. So instead of guarding the browser, MirrorTab removes it from the equation.

Mechanically, the company describes intercepting and sanitizing a browser session at the edge - through the CDNs and web application firewalls a company already runs - before that session ever reaches the user's device. The application's actual code, data, and API calls stay server-side. What lands in your browser is an obfuscated view of the session, a mirror. If your laptop is riddled with malware, or you've installed a browser extension that turns out to be malicious, or an automated bot is hammering a login page, none of it finds the real thing to attack. There is, in MirrorTab's phrasing, "no DOM exposure."

Browsers have become the battleground for hacking, bots, and malware. — Brian Silverstein, Founder & CEO, MirrorTab

This is a sensible thing to say if you are the person raising money to fight on that battleground, but it also happens to be true in a boring, well-documented way. Magecart and formjacking attacks - the digital equivalent of a skimmer glued to a gas pump - have quietly drained e-commerce and banking sites for years by injecting code that reads form fields as users type. Credential stuffing and account-takeover bots grind through stolen password lists at industrial scale. The common thread is that all of it happens in a place the application chose to trust: the browser. MirrorTab's answer is to stop trusting it.

How It Works

The Mirror Trick, In Four Moves

The elegant part of MirrorTab's design is what it does not require: no plugins, no agents on employee laptops, no rewrite of your application. It rides infrastructure you already own and switches on only when you want it to.

01

Trigger

A WAF rule, bot score, authentication state, or feature flag decides a session is risky enough to isolate.

02

Intercept

MirrorTab catches the session at the edge, inside the CDN/WAF stack, before it reaches the device.

03

Sanitize

Code, data, and APIs are obfuscated and kept server-side. The browser only ever receives a mirrored view.

04

Defend

Extensions can't read submitted fields or modify the DOM; bots and automation lose the surface they need.

What You Can Do With It

Turning Off Automation Where It Hurts Most

The practical use of MirrorTab is narrow on purpose. You don't wrap your whole site in it; you point it at the workflows where automation and client-side tampering do real damage - the login page, the checkout, the money-movement screen, the API endpoint that's being abused. In those places, the sensitive fields never exist in a form an attacker can read, and the automation that fuels fraud simply stops working.

Stop Account Takeover

Break the credential-stuffing and session-hijack chain by removing the DOM the bots depend on.

Kill Skimmers

Defeat Magecart and formjacking - if the field data never reaches the browser, there's nothing to skim.

Block Bad Extensions

Malicious or compromised browser extensions can't see submissions or extract data from the page.

Curb API Abuse

Shut down scraping, data harvesting, and API abuse in the specific workflows you choose to protect.

Follow The Money

An $8.5M Bet On The Wrong-Layer Theory

In February 2025 MirrorTab emerged from stealth with a seed round led by Valley Capital Partners, with GV among the backers. It's the kind of investor list that suggests the "browser is the new endpoint" thesis is finding believers.

$8.5M
Seed Round
2025
Out of Stealth
~12
Employees
6
Named Investors
Valley Capital Partners · lead GV Ludlow Ventures Altman Capital Fund NextGen Venture Partners Alumni Ventures
The Threat Board

Where The Client Side Bleeds

A rough sketch of the attack classes MirrorTab is built to neutralize. Bars are illustrative of relative focus in the company's own materials, not measured incidence.

MirrorTab's target attack surface (illustrative)

Account Takeover
high
Bot / Automation
high
Magecart / Skim
high
Bad Extensions
med
API Abuse
med
Agentic AI Fraud
rising
The Room

A 12-Person Startup With A Fortune 500 Bench

In March 2025 MirrorTab announced a cybersecurity advisory board that is comically over-qualified for a company this size - which is either a red flag or, more likely, a sign that a lot of senior security people quietly agree with the premise.

Founder & CEO
Brian Silverstein

Co-founder / former CTO of Honey (acquired by PayPal). Built one of the world's most popular browser extensions.

Advisor · ex-Reddit CISO
Allison Miller

Former VP of Trust & CISO at Reddit; prior work at Google, EA, Visa, and PayPal on real-time risk.

Advisor · ex-SoFi
Kevin Moss

Former Chief Risk Officer at SoFi and EVP/CRO at Wells Fargo Consumer Lending. 40+ years in finance.

Advisor · Chime
Jeff Trudeau

VP, CIO & CSO at Chime; former CSO at Credit Karma. 30+ years of security leadership.

Advisor · Databricks
Omar Khawaja

Leads Field Security at Databricks; Carnegie Mellon CISO faculty; boards of HITRUST and the FAIR Institute.

Advisor · Knostic
Sounil Yu

Creator of the Cyber Defense Matrix and DIE Triad; ex-Chief Security Scientist, Bank of America; Hall of Fame inductee.

Today's hackers are getting smarter, faster, and more targeted. They have weaponized AI and more advanced tooling to bypass web security controls. — Omar Khawaja, MirrorTab Advisory Board
The Record

From Stealth To Category Creation

2021

MirrorTab Corp. founded in San Francisco to attack the client-side security problem.

Feb 2025

Emerges from stealth with an $8.5M seed round led by Valley Capital Partners; GV participates.

Mar 2025

Assembles a cybersecurity advisory board spanning Reddit, SoFi, Chime, Databricks, and Bank of America alumni.

Jun 2026

Taps a veteran COO to scale go-to-market around the "browser as the new corporate endpoint" thesis.

Worth Knowing

Four Things That Stick

The founder helped build one of the world's most popular browser extensions - then built the technology to block the malicious ones.

The app you interact with may never actually run in your browser. You're looking at a sanitized mirror rendered elsewhere.

It deploys with no plugins, no agents, and no code changes - it rides on the WAF you already have.

The team is roughly 12 people, but its advisory board could headline a Fortune 500 CISO summit.

Spread The Word

Share MirrorTab

Go Deeper

Links & Sources