Cside

Cside was founded in January 2024 by Simon Wijckmans,^[3] a Belgian cybersecurity engineer previously employed at Microsoft, Cloudflare, and Vercel. While at Cloudflare Wijckmans worked on Page Shield, a client-side security product, where he identified a widespread gap in browser-side security tooling among established vendors.

In May 2024, the company emerged from stealth with $1.7 million in pre-seed funding led by Scribble Ventures, covered by Security Week.^[4]

In June 2024, cside was among the first to publicly report the Polyfill[.]io supply chain attack, in which a Chinese company acquired the popular open-source domain and injected malicious code affecting nearly 500,000 websites including The Guardian, Hulu, and Intuit. The findings were covered by PCMag, BleepingComputer, The Hacker News, CSOonline and The Register.^[5]

In September 2024, cside raised a $6 million seed round led by Uncork Capital, with participation from Mantis VC (fund led by The Chainsmokers), Scribble Ventures, Roar Ventures, and PrimeSet, bringing total funding to $7.7 million. The round was reported by Dark Reading, and SiliconAngle. The company was also selected to compete in the TechCrunch Disrupt 2024 Startup Battlefield in San Francisco.^[6][7]

In May 2025, Wired published a feature investigation into North Korean state-sponsored IT worker fraud, with Wijckmans as its central subject. The article, written by journalist Bobbie Johnson, documented cside's job listings being flooded with fake applicants linked to North Korean intelligence operations, and Wijckmans's efforts to identify and expose them.^[8] The article set in motion international coverage of the infiltration operation.^[9]

In January 2026, cside launched Privacy Watch, a module designed to detect data exfiltration of sensitive user content cause by client-side scripts.^[10]

In February 2026, cside launched an AI Agent Detection Toolkit. Aiming to help online businesses build boundaries on which actions are supported for use by AI agents.^[11]

Cside's platform offers a client-side script that intercepts script actions from JavaScript as it happens in the end users' browser. Its core products include privacy monitoring features, compliance features for PCI DSS which automated compliance with the PCI DSS v4.0.1 requirement standard 6.4.3 and 11.6.1, fraud detection fingerprinting, and a product for friendly chargeback evidence.

Cside published original threat intelligence derived from its monitoring network. Serve of its findings have been independently reported across major cybersecurity publications.

In January 2025, cside researchers identified a large-scale malware campaign targeting WordPress websites, reporting that over 10,000 sites had been compromised to serve fake browser update pages delivering infostealing malware targeting Windows and macOS users. The findings were the subject of an editorial article in TechCrunch by senior cybersecurity reporter Lorenzo Franceschi-Bicchierai.^[12]

In January 2025, the company identified the WP3[.]XYZ malware campaign in which over 5.000 Wordpress sites were compromised^[13] to install rogue administrator accounts and deployed credential-harvesting scripts.

In July 2025, cside researchers uncovered a large-scale cryptojacking campaign in which over 3,500 websites had been silently infected with Monero mining scripts using WebSocket connection injections to evade detection.^[14]

In April 2025, Simon Wijckmans, the founder of cside received the Forbes 30 under 30 award for Technology.^[15]

In March 2025, independent technology analyst firm ESG published a research brief titled "c/side Highlights the Growing Risk Around Client-side Web Application Security".^[16]

In May 2025, indepndent analyst firm Intellyx published a dedicated research brief on cside titled "c/side: Client-Focused, Browser-Based Script and Bot Protection".^[17]

Cside has received the Cyber Defense Magazine award for Client-Side Protection^[18] and Top InfoSec Innovators^[19] in 2025.

Cside is an active member of the World Wide Web Consortium, participating in discussions related to web security standards including Content Security Policy and the wider app-sec space.^[20]