Jscrambler

28/05/2026

The era of 'compliance by documentation' is officially over. ⬇️

As of January 1, 2026, the updated CCPA regulations no longer accept a business's word on privacy - they demand technical proof of it. That means independent cybersecurity audits, documented risk assessments, mandatory GPC signal recognition, and real enforcement of opt-out preferences at the browser level.

For any enterprise running on the modern composable web - where first-party code, third-party scripts, and AI agents all interact in real time - this is a significant shift.

Jscrambler's Product Marketing Manager Nathan Coppinger and Head of Security Research Gareth Bowker have written a deep dive covering exactly what's changed, who needs to comply and when, and what 'demonstrable compliance' actually looks like in practice. From dark pattern prohibitions to the governance of automated decision-making technology, it's a practical guide to the new compliance reality.

Read it now at Jscrambler's blog https://eu1.hubs.ly/H0vK7J90 📘

The CPPA issued updates to the CCPA regulations, bringing the era of "compliance by documentation" to an end. Discover the 2026 CCPA rules.

27/05/2026

Software Supply Chain Security doesn’t stop at the build - it extends into the browser.

Join us at the OWASP Global AppSec EU 2026 on June 25–26 and discover why runtime protection is becoming essential for modern web applications.

As third-party scripts and AI agents increasingly bypass traditional release cycles, organizations need visibility and control where applications actually execute: the browser runtime.

Meet Pedro Fortuna, Jscrambler CTO & Co-Founder, to discuss:
✔ Continuous Runtime Inventory
✔ Behavioral Monitoring & Drift Detection
✔ Granular Client-Side Access Controls
✔ Real-time privacy & consent enforcement
✔ Payment skimming prevention (PCI DSS ready)

The latest OWASP Top 10 now places Software Supply Chain Risks among the top priorities - and for the first time explicitly calls for runtime inventorying and verification of client-side components.

If you're attending in Vienna, stop by and chat with our team about securing the browser layer beyond the build.

Schedule a meeting with the team at https://eu1.hubs.ly/H0vFBf40 🔗

25/05/2026

We’re happy to share this G2 Crowd review from one of our valued clients:

Read the complete review at G2 Crowd https://eu1.hubs.ly/H0vCpR10

Have a story to share? Drop your review on G2 and let us know how we’re helping you succeed! 📣 We love hearing from you!

25/05/2026

Your security stack isn't the problem. It's incomplete. ⬇️

Endpoint, network, cloud, identity, dev security. All necessary. The edge is under control. But modern applications don’t stop there.

They execute in the browser, where:

🔹 Dozens of third-party scripts run with persistent access
🔹 Customer data is created, modified, and exposed in real time
🔹 AI-driven interactions and agents operate inside live sessions

In this interview, Rui Ribeiro explains why organizations need runtime enforcement, not just monitoring, and why security must extend into the browser as the new control plane.

If your edge is locked down but your client-side ex*****on isn’t, you’re not secure. You’re exposed where it actually matters.

Read the full conversation: https://eu1.hubs.ly/H0vBDgl0 🔗

20/05/2026

AI isn’t just changing how code is written - it’s changing how applications are attacked. ⬇️

Today’s LLMs can analyze, reconstruct, and deobfuscate client-side code in seconds, dramatically accelerating reverse engineering and exposing critical business logic faster than ever before.

What does resilient protection look like in this new reality?

👉 Join Jscrambler experts Katia Kupidonova, Pedro Pereira, and Duarte Carneiro for a deep dive into the evolving LLM threat landscape and the defensive strategies organizations need to stay ahead.

📅 June 16
⏰ 10 am ET | 3 pm UK

In this webinar, we’ll cover:
🔹 How LLM-powered attacks work step by step
🔹 The risks facing modern applications and business-critical workflows
🔹 What runtime code resilience actually requires
🔹 How Jscrambler is adapting to defend against AI-driven threats — and what’s next

Register now at https://jscrambler.com/resilient-code-age-ai 🔗

In this webinar, we explore how LLMs are being used to deobfuscate, reconstruct, and analyze complex application logic across high-stakes industries.

15/05/2026

Jscrambler, the pioneering platform for client-side security, announced the appointment of Sean O'Leary as Vice President of Global Sales. In this role, O'Leary will oversee all sales, alliances and partnerships, and technical pre-sales, helping Jscrambler bring its industry-leading client-side security solutions to businesses worldwide. ⬇️

👉 "Demand for client-side security has never been stronger. Enterprises are waking up to the fact that the browser is where their most sensitive data lives, yet it is also where they are most exposed,” said Rui Ribeiro, CEO and co-founder of Jscrambler. “Sean's deep experience building and scaling revenue organizations at high-growth cybersecurity companies makes him exactly the right leader to help us meet that moment. In this role, he will be instrumental in bringing our Client-Side Security Platform to the security, privacy, and compliance leaders who need it most."

Read the full announcement now at https://eu1.hubs.ly/H0vlntc0 🗞️

The vice president of Global Sales is a strategic hire to accelerate Jscrambler's global expansion and to meet growing demand for client-side security.

13/05/2026

The security perimeter you've been defending no longer exists ⬇️

For decades, we built our defenses around infrastructure - secure development practices, firewalls, API gateways, cloud controls. We shifted left, we hardened the build pipeline, we governed at the network edge. The "edge" was the network's boundary. Protect that, and you're safe. ⚠️

But digital business moved. And most security strategies didn't follow.

Today, your application doesn't live on a server you control. It assembles itself inside your customer's browser. First-party code. Third-party scripts. AI agents. All converging in a runtime environment that sits entirely outside your traditional stack.

🎯 The browser is now the Point of Creation. It's where payment details are entered. Where identity is verified. Where behavioral signals are born. And it's where your security controls stop watching.

This is the structural gap that client-side security was built to close.

Consider what's at stake:
🔹Over 70% of application attacks target the application layer
🔹 40%+ of websites expose users through vulnerable client-side components
🔹 90% of websites leak user data to third parties — often without anyone knowing

And it's getting more complex. Marketing tags that update independently of your release cycle. AI agents that absorb live session data into external models — permanently. Shadow scripts that bypass code reviews entirely.

You can write the most secure code in the world. You can shift left, scan every dependency, and pass every audit. But if you're not governing what executes in the browser at runtime, you're not securing where your most sensitive data is actually born.

You may own the application. But you don't govern the environment where it executes.

That's not an edge case. That's the default state of the modern web.

Client-side security is the missing layer of enterprise security. 🛡️ It's the control plane that enforces your policies at the exact moment value is created.

🚀 We wrote our manifesto to make this case. Read it here 👇
https://eu1.hubs.ly/H0vjGyS0

Modern digital business has moved. Your applications no longer run solely on servers you own or in clouds you control.

12/05/2026

The software supply chain doesn’t end at deployment - and neither should security. ⬇️

From AI-generated code to third-party scripts and runtime-loaded components, modern applications introduce risks that traditional AppSec tools can’t see once a page goes live.

Why is runtime risk becoming one of the biggest gaps in modern security:
🔒 Hidden third-party behavior
🤖 AI supply chain exposure
👁️ Lack of runtime visibility
📤 Data leakage risks

Read the full blogpost now at Jscrambler's Blog https://eu1.hubs.ly/H0vdhzJ0 📘

Runtime security is the missing layer in most software strategies. Discover why build-time controls alone can't protect your systems once code goes live.

08/05/2026

Most companies still see data collection on advertising platforms as a privacy issue.

But there’s another side to the conversation: business strategy. ⤵️

Every day, merchants feed platforms with valuable intelligence - product catalogs, pricing structures, conversion funnels, and customer cart composition. The more data these platforms aggregate across companies and industries, the stronger their targeting capabilities become.

And ultimately, that advantage tends to favor the advertisers with the biggest budgets.

This clip from our latest webinar explores why businesses should start looking at data exposure through a competitive lens - not just a compliance one. 🎥

Watch the on-demand webinar now at https://eu1.hubs.ly/H0v8Xmn0 🔗

hashtag

07/05/2026

AI has sparked a new cybersecurity arms race — with attackers and defenders leveraging the same powerful technologies to outpace one another. Understanding how AI can be used as both an attack vector and a defense tool is becoming essential for organizations looking to protect their digital assets. ⬇️

In this week’s blog post, we explore:
🔹 Understanding AI in Cybersecurity
🔹 AI as an Attack Vector
🔹 AI as a Defense Tool
🔹 The Future of AI in Cybersecurity

Read it now at Jscrambler's blog https://eu1.hubs.ly/H0v7v4s0 📘

This two-sided nature of AI has sparked a cybersecurity arms race in which attackers and defenders evolve in tandem, employing the same technologies.