Company Overview
About Feroot Security
Feroot Security is a Vancouver, British Columbia-based client-side cybersecurity company providing compliance and security monitoring for B2B websites — detecting malicious third-party JavaScript, preventing form jacking (credential theft at the browser level), and achieving compliance with PCI DSS 4.0.1 client-side security requirements, CCPA, HIPAA, and 50+ data privacy regulations. Founded and backed by Y Combinator (W21) with $27.5 million raised including a $14 million Series A in November 2025 led by True Ventures with Industry Ventures and Preface, Feroot achieved $5 million in revenue in November 2024 and reported 300% year-over-year revenue growth in Q3 2025 while doubling its team.
Business Model & Competitive Advantage
Feroot's platform addresses a growing attack surface that traditional security tools miss: third-party JavaScript loaded by websites (analytics, chat widgets, ad tags, consent management scripts) runs in the visitor's browser with direct access to form data, credentials, and payment card numbers — without server-side visibility. PCI DSS 4.0.1 (requirements effective March 2025) created a hard compliance mandate: every payment page must implement client-side security controls to detect and alert on unauthorized script behavior. Feroot's agent monitors all JavaScript execution in real-time, inventories third-party scripts, detects behavioral anomalies indicating Magecart-style skimmer compromise, and generates the compliance documentation that payment and healthcare sites need for audits.
Competitive Landscape 2025–2026
In 2025, Feroot competes in the client-side security and web compliance market with PerimeterX (HUMAN Security), Reflectiz, Source Defense, and traditional WAF vendors (Cloudflare, Akamai) for JavaScript security and PCI DSS 4.0.1 compliance. The March 2025 PCI DSS 4.0.1 deadline created a compliance-driven procurement wave for client-side monitoring — every e-commerce operator processing card payments needs a qualifying solution. The 300% Q3 2025 growth reflects this deadline driving enterprise buying urgency. The 2025 strategy focuses on financial services and healthcare verticals with active compliance requirements, building automated remediation beyond passive monitoring, and expanding the regulation coverage to include EU AI Act website obligations.
Recent Activity
View all →The Browser Has Quietly Become the Biggest Blind Spot in Security Google Tag Manager is one of the most trusted tools on the modern web. Marketing teams rely on it daily. Ecommerce teams use it to move quickly. And most security teams rarely question it because it sits under the umbrella of a globally trusted […] The post Google Tag Manager Wasn’t Hacked. Your Trust Model Was. appeared first on Feroot Security .
Material Event filed 2026-05-06
Quarterly Report filed 2026-05-06
Proxy Statement filed 2026-04-24
I was on ABC News recently discussing why banks are on alert as new AI systems like Anthropic’s Claude Mythos raise cybersecurity concerns. What struck me most is how quickly the conversation has shifted. This is no longer a hypothetical risk or something we are planning for in the future. Financial institutions and regulators are […] The post Anthropic’s Mythos and the New Reality of AI Cybersecurity Risk appeared first on Feroot Security .
Organizations have invested heavily in consent management. Consent Management Platforms (CMPs) are standard infrastructure for privacy programs, and for good reason. Regulations like GDPR, CCPA/CPRA, LGPD, PDPA, and HIPAA require organizations to obtain, record, and honor user consent before collecting or processing personal data. CMPs provide the framework to do that. Most organizations have done […] The post Feroot Launches AI-Powered Digital Consent Audit to Prove CMP Enforcement appeared first on Feroot Security .
The post HIPAA + PCI for Healthcare Billing: Protecting Both PHI and Payment Card Data appeared first on Feroot Security .
The post GDPR Compliance Automation: What Can and Cannot Be Automated on Websites appeared first on Feroot Security .
AppsFlyer’s JavaScript SDK has been compromised in an active supply chain attack. Websites loading the script are serving malicious code to their users without any changes to their own codebase. What happened Attackers modified AppsFlyer’s SDK, the script websites load to track marketing attribution. Because the script is served from AppsFlyer’s infrastructure, any site that […] The post AppsFlyer’s JavaScript SDK Has Been Compromised appeared first on Feroot Security .
The post Proving CCPA Compliance: Logs, Reports, and Runtime Evidence appeared first on Feroot Security .
The post Third-Party BAA Checklist: HIPAA Requirements for Website Technology Vendors appeared first on Feroot Security .
The post Why SAQ-A-EP Fails Without Client-Side Script Monitoring appeared first on Feroot Security .
Key Differentiators
Emerging Innovator
Feroot Security is an emerging player bringing innovative solutions to the Security market.
Frequently Asked Questions
Estimated Visibility Trend (Beta)
Simulated 8-week rolling score
Based on estimated brand signals. Historical tracking coming soon.
Similar Brands
Reality Defender
Reality Defender is an AI-powered deepfake and synthetic media detection platform protecting enterprises, media organizations, and government agencies from AI-generated voice cloning, video manipulati
Tracecat
Tracecat is a San Francisco-based open-source security automation platform — backed by Y Combinator (W24) with $500,000-$2 million in seed funding from Y Combinator, Pioneer.app, Pioneer Fund, and Sur
1Password
1Password is an enterprise password manager and secrets management platform enabling individuals, teams, and businesses to securely store, manage, and share credentials, credit cards, and sensitive in
Bitwarden
Bitwarden is a Santa Barbara-based open-source password manager and identity security platform — backed with $100 million raised in a Series C led by PSG in September 2022 — providing individuals, tea
Anduril Industries
Anduril Industries is a defense technology company building autonomous weapons systems, surveillance infrastructure, and AI-driven defense platforms for the US military and allied nations. Founded in
Browser Use
Browser Use is an open-source project that provides a Python library allowing AI agents and large language models to control web browsers as a tool. The library sits between LLM APIs and browser autom
Compare Feroot Security with Competitors
Side-by-side AI visibility scores, platform breakdown, and market position.
Claim This Profile
Are you from Feroot Security? Claim your profile to see full AI mention excerpts, get weekly visibility change alerts, and optimize how AI systems describe your brand.
Claim Feroot Security Profile →Track AI Visibility in Real Time
Monitor how ChatGPT, Gemini, Perplexity, and Claude mention Feroot Security vs competitors. Get alerts when AI recommendations shift.
Start Free Tracking →