Stemming a rising tide — welcome, c/side! 🌊
As a long-time investor in developer tools and infrastructure companies, I love finding early-mover startups solving an overlooked problem with the opportunity to become a category leader. I also love to find ambitious, scrappy entrepreneurs with a keen sense of product roadmap and go-to-market strategy. That’s why we’re so pleased to welcome c/side, a pioneering cybersecurity startup focused on client-side (i.e. the browser but also any thin-client) attack detection and protection, to our portfolio.
c/side is solving the critical issues posed by third-party, browser-side scripts, which have become increasingly common. Marketing teams use them for A/B testing and social media widgets. Customer service needs them for things like chatbots and interactive support pages. Legal teams embed third-party scripts to meet regulatory compliance requirements.
While these scripts make perfect sense, their use means that a company’s website can end up with a ton of executable code from outside parties that hasn’t undergone testing, creating a security blind spot. Today, third-party add-ons can threaten the performance and security of any corporate website. Frighteningly, these third-party scripts can even view and rewrite page content, listen to data entry, or even run a virtual machine in the browser. Sometimes these scripts call other scripts, which call other scripts — malicious code high enough up in the supply chain can make it almost impossible for websites owners to protect themselves.
Just ask British Airways, Kaiser Permanente, and any site using the polyfill.io javascript how risky unprotected third-party scripts can be. These companies know firsthand how bad actors can inject malicious functionality within browser-side scripts to redirect website visitors, steal sensitive information, or manipulate website content. Exploiting browser-side scripts is such an effective attack vector that it has become a signature move of wily hacking groups like Magecart.
The good news: the c/side team have found a way to outsmart these groups. Founder and CEO Simon Wijckmans and his team have created a comprehensive toolkit comprising an advanced proxy service and an AI-driven detection engine to identify and neutralize malicious scripts in real-time.
c/side is the only fully autonomous detection tool for assessing third-party scripts. It monitors over 70 attributes and uses various AI detection mechanisms to review scripts, making it the most advanced detection mechanism to date. Notably, adding the c/side script does not add latency and, in many cases, improves site-wide performance.
c/side’s solution has become critically important because:
- Browsers continue to become more complex
Browsers are designed to execute code from various sources, inherently making them vulnerable. Browser functionality includes features like portable code compilation, JavaScript APIs like WebGPU, and client-side storage like IndexedDB. This expanded functionality increases the potential attack surface. - Mobile apps have become commonplace
Progressive web apps (PWAs) enhance the mobile web user experience and improve engagement. However, they also increase the browser attack surface. - PCI DSS 4.0 compliance
PCI DSS 4.0 mandates entities handling card data to implement tamper-detection mechanisms by March 31, 2025. c/side’s technology simplifies compliance, making it a critical tool for businesses accepting digital payments via their sites. - Client-side security lags backend security
Due to design limitations, traditional security measures, such as firewalls and endpoint protection, often fall short in securing browser activities. - Vulnerable infrastructure and open-source supply chain
As a result of increased security awareness on the infrastructure and open-source supply chain, malicious actors are increasingly weaponizing the browser as the place of execution. - AI is perfect for weeding through script code
c/side does not rely purely on threat feed intel or easy-to-circumvent detections. The company cleverly uses AI to solve the obscurity that has blocked security for decades.
The team behind c/side comprises senior security engineers from the world’s forefront tech companies. Simon (CEO) was a senior product manager at Vercel and worked on their enterprise-level web application firewall. Prior, he was at Cloudflare, where he worked on their Page Shield product. He is ambitious and possesses business maturity beyond his years. Simon has built a similarly smart, can-do team devoted to the highest levels of quality and care.
I’m excited to announce that Uncork Capital has led c/side’s $6 million seed financing alongside our friends Mantis VC, Scribble Ventures, and Roar Ventures.
c/side’s total funding is now $7.7 million, following a pre-seed round announced earlier this year. Scribble and Roar, along with strategic angel investors, also participated in the pre-seed.
Welcome Simon and all the c/siders to the Uncork portfolio. A big thumbs up for addressing an overlooked security concern that safeguards organizations from cyberattacks while simplifying compliance and improving site performance.
Note that c/side’s free tier is now available and anyone can sign up. There are literally zero reasons to not protect your site and your users!
