Interview with cside CEO Simon Wijckmans on Client Side security for ecommerce and retail
In this episode of the Retail Tech Podcast, Darius Vasefi speaks with Simon Wijckmans, founder of cside, about a rapidly expanding but still widely misunderstood area of cybersecurity: client-side security and the growing risks inside the browser itself.
Simon begins by tracing his background through Microsoft, Cloudflare, Vercel, and several startups, noting that his first true immersion into cybersecurity happened at Cloudflare. What stood out to him early on was a pattern that would later shape Seaside’s mission: attackers behave like water. They constantly probe systems, find the weakest point, and exploit it aggressively and repeatedly.
Historically, web security was designed to protect infrastructure. Firewalls, network inspection, and server-side protections evolved to prevent malicious requests from reaching databases or exposing backend systems. But over the past decade, the architecture of the web has shifted dramatically.
Modern applications push enormous amounts of logic into the browser, relying heavily on JavaScript, open-source dependencies, analytics platforms, marketing tools, A/B testing frameworks, and third-party SDKs. While the browser became a full execution environment, security tooling largely remained stuck at the network layer, leaving a widening gap between how applications actually operate and how they are protected.
Simon explains that this gap is where cside focuses. When a user visits a website, the server sends down a single HTML file that instructs the browser to load a wide array of additional resources. Those scripts execute with significant visibility and power inside the user’s environment.
Any one of them can listen to keystrokes, manipulate page content, redirect users, or silently exfiltrate data. While some tooling exists to monitor privacy and data flows, most of it is easy to bypass and largely ineffective against truly malicious scripts, especially those introduced through compromised dependencies or hijacked third-party services.
The attack methods themselves are often deceptively simple. A script can attach a basic keydown listener and capture everything a user types, including emails, passwords, or payment information. In e-commerce, a common technique is to overlay a fake payment iframe on top of the real checkout form. The page looks legitimate, the user enters their credit card details, sees an error, retries, and successfully completes the transaction—unaware that their card data has already been stolen. None of this requires malware on the user’s device.
In many cases, the vulnerability originates from the website’s own dependencies, whether through a compromised open-source library, a hijacked marketing script, or an injected tag that executes conditionally only for real users while hiding from scanners.
Cside’s approach is to make the browser itself observable and defensible. Customers add a single cside script as the first script loaded on their site. From there, cside monitors all client-side scripts executing in the browser, analyzing what actions they attempt to take, where data is sent, and how behavior changes across environments. One of cside’s key products, Gatekeeper, allows customers to route selected scripts through cside’s infrastructure, enabling version control, rollbacks, behavior enforcement, and even performance improvements.
Beyond security, cside also supports privacy compliance frameworks like GDPR and CCPA and works with Chargebacks911 to provide browser fingerprinting that helps merchants submit compelling evidence under Visa’s chargeback rules, reducing fraud and dispute exposure.
More recently, cside has focused heavily on AI agent detection, particularly in e-commerce. This is not traditional bot detection aimed at blocking infrastructure-based automation, but detection of agentic browsing behavior where AI tools operate inside real browsers on real user devices. These agents are optimized for speed and task completion, not nuance. They click through checkout flows rapidly, accept defaults, skip upsells, and often increase fraud and chargeback risk.
Cside enables merchants to detect when agentic behavior is present and adapt accordingly—whether by adjusting checkout flows, adding protective measures like insurance, or redesigning experiences to be more agent-aware rather than simply trying to block them.
Simon notes that detecting agent behavior is an ongoing cat-and-mouse game. Infrastructure-based agents are easier to identify, while human-driven agent browsers are far more subtle. Over time, detection will get harder, but meaningful signals still exist. Importantly, the old mindset that “all bots are bad” no longer applies. Many agent interactions are legitimate and even desirable; the challenge is understanding when and how to adapt experiences rather than blindly blocking traffic.
The conversation also touches on the broader cultural narrative around AI and agents replacing apps, websites, or even entire companies.
Simon is openly skeptical of these claims, pointing to growing conversational fatigue and the reality that many users simply want to click a button rather than craft perfect prompts.
While AI dramatically increases velocity, it often creates downstream cleanup work for humans. In practice, he sees a future where AI acts more like junior staff, with humans remaining the senior decision-makers, rather than a world where software replaces people entirely.
This perspective extends to recent conflicts between large platforms and AI companies, such as Amazon’s dispute with Perplexity. Simon argues that these are not technical limitations but strategic choices. Large companies could prevent agent access if they devoted sufficient resources, but doing so is expensive and often misaligned with market demand.
Blocking agents risks pushing customers toward competitors willing to embrace new purchasing behaviors. The deeper tension is between preserving direct customer relationships and adapting to an increasingly intermediated world.
That tension is especially visible in industries built on experience and storytelling, such as luxury, fashion, jewelry, and watches. Agent-driven purchasing strips away narrative, discovery, and cross-sell opportunities, potentially commoditizing brands and eroding margins. Simon draws parallels to European markets, such as Belgium’s resistance to online pharmacies, where entrenched interests fought digital adoption to protect high-margin ancillary sales. Similar dynamics are now playing out in e-commerce as agentic buying accelerates.
Finally, the discussion turns to local commerce.
Despite massive investment in online retail and agentic tooling, roughly 80% of retail still happens locally. Agentic commerce struggles in this environment due to fragmented data, inconsistent updates, and limited digital maturity among small businesses. Some local shops thrive precisely because they ignore digital optimization entirely, relying on habit, community, and physical presence.
Others will need hybrid models that combine human agents with AI assistance. Simon believes local retail will take much longer to crack from an agentic perspective, and that the future is more likely to be mixed rather than fully automated.
The episode closes with a look at how customers typically engage with cside. Most arrive due to a specific compliance requirement or after encountering a security issue. Some self-serve, integrating Seaside quickly using documentation and support, while others require more guided onboarding. While the visibility cside provides can initially feel overwhelming, it surfaces real risks that were already present but previously invisible.
The central message is clear: as browsers become execution environments and AI agents accelerate change, client-side security is no longer optional or secondary. It is now a foundational part of operating any modern digital business.
Useful links:
On ecommerce: https://cside.com/industry/ecommerce
On ecommerce chargebacks: https://cside.com/solutions/chargeback-evidence
Interview with Steve Dennis on Retail Transformation and Leadership in 2025
Interview with Ryan Esteb, VP of Sales at Shiftlab on Retail Workforce Optimization
Interview with Passport Global CEO Alex Yancher on the latest in supply chain technology
