SURF provides users with freedom of work, letting them interact with applications, data, and each other securely. We address the critical business asset neglected by security experts for years: The browser.
The browser is the access frontier for everything: users, data, corporate assets, applications, development activities — and cybercriminals, too.
For years, security experts focused on network perimeters, endpoints, and identity — while the browser sat undefended at the center of every enterprise workflow. SURF was founded to close that gap.
Today, SURF extends that mission into the era of enterprise AI — providing the governed browser runtime that makes it safe to deploy AI agents across the workforce at scale.
SURF founded in London. Mission: secure the browser as the enterprise access frontier.
SURF Browser and Extension launched. First enterprise deployments in financial services and healthcare.
Agentic AI governance research program launched. First organizations pilot governed AI agents.
Agentic AI Platform released at scale. Expanded to North America and APAC.
SURF recognized as the leading enterprise platform for governed AI deployment and execution.
SURF was founded by two operators — a global CISO and a security architect — who spent their careers living the problem SURF was built to solve.
Co-Founder & CEO
A cybersecurity expert with more than 20 years of experience as a global CISO and cybersecurity professional, spanning from the military to the enterprise. Moty has led information security for major global enterprises, including Telefonica, Dunnhumby (Tesco), Traiana, and CME Group.
He is the founder of CyberKingdom — a premier CISO network that includes more than 400 CISOs from a variety of industries across the UK. This firsthand experience at the intersection of enterprise operations and cybersecurity informs SURF's product philosophy at every level.
Co-Founder & CTO
A highly accomplished security architect and technology leader with a deep background in advanced cyber defense, enterprise software engineering, and endpoint security. Ziv leverages decades of hands-on experience in building robust, low-latency security architectures capable of enforcing real-time data protection policies at scale without impacting user performance.
He leads the core engineering and architectural development of SURF's secure enterprise browser ecosystem — from the browser runtime and process isolation layer to the agent policy enforcement engine.
Five core capabilities that define SURF's value to enterprise security, IT, and operations teams.
Seamless integration with existing enterprise tools and operational workflows. SURF plugs into your identity stack, SIEM, ticketing, and governance frameworks without disruption.
A highly responsive, safe, and ad-free web experience that looks and feels like a traditional browser — with zero performance lag. Employees adopt it because it works better, not just because it is mandated.
Align regulatory frameworks and data governance requirements from a single enterprise access point. SOC 2, ISO 27001, GDPR, HIPAA, and FedRAMP requirements are addressed through one control plane.
Maintain absolute control over Shadow IT with a single point of access to all cloud, SaaS, and on-premise applications. Unapproved tools cannot operate outside the governed browser environment.
Built-in tools preventing unauthorized data copy/paste, printing, screen sharing, and malicious file downloads — enforced at the browser layer for both human users and AI agents.
The browser is the access frontier for everything: users, data, corporate assets, applications, and development activities. SURF turns that frontier into your most defensible security perimeter.
Whether you are an enterprise security team, an investor, or a potential partner — we would like to hear from you.