La Seguridad Comienza Con Conciencia

Explora lo último en ingeniería social, amenazas generativas de inteligencia artificial y estrategias de ciberseguridad para proteger lo que más importa: su equipo.
Blog post
The AI risks your compliance team has not modelled yet
Most security and risk leaders built their model of AI risk in 2023: hallucinations, data leaks, unsanctioned tools. That model is now incomplete. Three risks have moved from theoretical to operational: bias amplified at scale, inference from accumulated context, and an accountability gap with no audit trail. Today, 39.7% of workplace AI interactions involve sensitive data (Cyberhaven, 2026 AI Security Report). None of these three look like an AI problem when they surface, which is exactly why they go unmanaged.
June 19, 2026
¡Gracias! ¡Su presentación ha sido recibida!
¡Uy! Algo salió mal al enviar el formulario.
Blog post
The AI risks your compliance team has not modelled yet
Most security and risk leaders built their model of AI risk in 2023: hallucinations, data leaks, unsanctioned tools. That model is now incomplete. Three risks have moved from theoretical to operational: bias amplified at scale, inference from accumulated context, and an accountability gap with no audit trail. Today, 39.7% of workplace AI interactions involve sensitive data (Cyberhaven, 2026 AI Security Report). None of these three look like an AI problem when they surface, which is exactly why they go unmanaged.
June 19, 2026
Blog post
Your employees know AI hallucinates. They still don't verify.
Most AI literacy programs are awareness programs with a new label. They teach employees what the risks are. They don't change what employees do when those risks materialize under real work pressure. The gap between knowing AI can produce unreliable outputs and building the habit of verifying before acting is a behavior gap, not a knowledge gap. Closing it requires what works for any behavioral security program: repeated exposure, realistic scenarios, and reinforcement at the point of decision.
June 12, 2026
Blog post
Your employees pass the phishing test. 87.5% still fall for the attack.
Adding a single channel to a phishing attack multiplies the failure rate by six. That is what most security awareness programs are not measuring — and it is the gap where coordinated attacks succeed. This post argues that single-vector simulation produces readiness data that does not map to how attacks actually land, and examines what a testing methodology built for this reality looks like.
June 5, 2026
Blog post
Your Face Is Now a Weapon. Here's What That Actually Means
A finance employee at a global engineering firm joins a video call. He sees his CFO. He sees colleagues. Everyone looks real, sounds real, acts real. By the end of the call, he has wired $25 million to an account he'll never recover. Every person on that call was a deepfake. This wasn't a movie. It happened in February 2024, at Arup — one of the world's most respected engineering companies. And it's no longer an edge case.
May 29, 2026
Blog post
How attackers steal passwords through social engineering
Most compromised credentials aren't broken through brute force. They're obtained by convincing the person who holds them. Helpdesk vishing, MFA fatigue, and AI-personalized phishing are the active vectors — and the defence that works has to operate at the human layer.
May 7, 2026
Natalia Bochan
Blog post
Suplantación de identidad por invitación al calendario: cómo un ataque a Google Calendar eludió todos los controles perimetrales
El 17 de marzo, un atacante envió una invitación a Google Calendar por un cargo de 399,77 dólares que no era real. No había ningún enlace en el que hacer clic ni ningún archivo adjunto en el que hacer estallar, y DKIM fue aprobado. La única parte del ataque que importaba era el número de teléfono. He aquí por qué fallaron todos los controles perimetrales y dónde vive realmente la defensa.
April 28, 2026
Enrique Holgado
Blog post
AI social engineering in 2026: why phishing simulations built on last year's templates are the wrong defense
Targeted social engineering used to require hours of manual reconnaissance. AI removed that ceiling. Personalized, multi-channel attacks now take seconds to build — and most simulation programs still test only email.
April 22, 2026
Natalia Bochan
Blog post
The architecture gap: why your security gateway and your training program have never shared a single data point
Your security gateway logs every threat targeting your employees. Your training platform runs on a quarterly calendar. These two systems were built for different buyers, measured by different metrics, and were never designed to exchange data — and that gap is where incidents happen.
April 16, 2026
Natalia Bochan
News
ZEPO INTELLIGENCE, FIRST CYBERSECURITY ECOSYSTEM TO CONNECT THREAT DETECTION WITH HUMAN RISK PREVENTION
Zepo Intelligence is now the first cybersecurity ecosystem for human risk — a platform where real-time threat detection and security training share a single data model. Every blocked attack immediately informs training. Every behavioral signal refines how protection is applied.
April 13, 2026
Antonio Muñoz
Blog post
What every regulation now requires from your cybersecurity training program — and why completion rates fail all of them
Modern cybersecurity regulations have shifted from "completion" to "competence," leaving organizations legally vulnerable when they prioritize annual check-boxes over actual behavioral change. Discover the five documentation gaps that fail regulatory scrutiny and how to build a training program that is truly defensible after an incident.
April 7, 2026
Natalia Bochan
Blog post
One call to a vendor. 15,661 records exposed. The Ericsson breach shows where security awareness ends.
A single vishing call to a third-party vendor gave attackers access to Ericsson customer data for five days — and Ericsson wasn't notified for seven months. The gap most security awareness programs don't cover is vendor employees. Here's how to start bridging it.
March 19, 2026
Natalia Bochan
Blog post
Deepfakes don't exploit technology gaps. They exploit obedience.
99% of security leaders say they're confident in their deepfake defenses. The average detection score is 44%. This post argues the industry is solving the wrong problem — and that verification culture, not detection technology, is the defensible response to AI-powered social engineering.
February 18, 2026
Natalia Bochan
Blog post
The leak of 47 political leaders: A case study in context-driven risk
A recent breach has exposed the personal data of 47 high-profile Spanish politicians, including regional presidents and high-ranking officials.
January 23, 2026
Natalia Bochan
News
Zepo Intelligence Selected for the 2026 CrowdStrike, AWS & NVIDIA Cybersecurity Startup Accelerator
Zepo Intelligence, an agentic social intelligence platform for workspace security, has been selected to participate in the 2026 Cybersecurity Startup Accelerator with CrowdStrike, Amazon Web Services (AWS) and NVIDIA through its Inception program, to help fuel the next generation of AI-driven cloud security innovation.
January 22, 2026
Natalia Bochan
FraudGPT: what security leaders need to know in 2026
AI tools like FraudGPT have made convincing phishing attacks accessible to anyone with a subscription. Here's how the threat has evolved since 2023 and why the defense is behavioral, not technical.
January 18, 2026
Natalia Bochan
News
Zepo Intelligence Raises $15M Seed Round to Protect Workspaces from AI-Driven Social Engineering
Zepo Intelligence, the company redefining human-centric security, announced today the closing of a $15 million Seed investment round. The round includes three European VCs with strong focus in cybersecurity, Kibo Ventures, eCAPITAL and TIN Capital, and will allow Zepo to expand its team and scale its proprietary technology globally as AI-driven social engineering rapidly escalates into one of the most persistent and costly challenges for security leaders in modern organizations.
January 12, 2026
Natalia Bochan

Anticípate antes de que ataquen.