Explore the latest in social engineering, generative AI threats, and cybersecurity strategies to protect what matters most: your people.
Blog post
The AI risks your compliance team has not modelled yet
Most security and risk leaders built their model of AI risk in 2023: hallucinations, data leaks, unsanctioned tools. That model is now incomplete. Three risks have moved from theoretical to operational: bias amplified at scale, inference from accumulated context, and an accountability gap with no audit trail. Today, 39.7% of workplace AI interactions involve sensitive data (Cyberhaven, 2026 AI Security Report). None of these three look like an AI problem when they surface, which is exactly why they go unmanaged.
June 19, 2026
Zepo Intelligence
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Blog post
The AI risks your compliance team has not modelled yet
Most security and risk leaders built their model of AI risk in 2023: hallucinations, data leaks, unsanctioned tools. That model is now incomplete. Three risks have moved from theoretical to operational: bias amplified at scale, inference from accumulated context, and an accountability gap with no audit trail. Today, 39.7% of workplace AI interactions involve sensitive data (Cyberhaven, 2026 AI Security Report). None of these three look like an AI problem when they surface, which is exactly why they go unmanaged.
June 19, 2026
Zepo Intelligence
Blog post
Your employees know AI hallucinates. They still don't verify.
Most AI literacy programs are awareness programs with a new label. They teach employees what the risks are. They don't change what employees do when those risks materialize under real work pressure. The gap between knowing AI can produce unreliable outputs and building the habit of verifying before acting is a behavior gap, not a knowledge gap. Closing it requires what works for any behavioral security program: repeated exposure, realistic scenarios, and reinforcement at the point of decision.
June 12, 2026
Zepo Intelligence
Blog post
Your employees pass the phishing test. 87.5% still fall for the attack.
Adding a single channel to a phishing attack multiplies the failure rate by six. That is what most security awareness programs are not measuring — and it is the gap where coordinated attacks succeed. This post argues that single-vector simulation produces readiness data that does not map to how attacks actually land, and examines what a testing methodology built for this reality looks like.
June 5, 2026
Zepo Intelligence
Blog post
Your Face Is Now a Weapon. Here's What That Actually Means
A finance employee at a global engineering firm joins a video call. He sees his CFO. He sees colleagues. Everyone looks real, sounds real, acts real. By the end of the call, he has wired $25 million to an account he'll never recover. Every person on that call was a deepfake. This wasn't a movie. It happened in February 2024, at Arup — one of the world's most respected engineering companies. And it's no longer an edge case.
May 29, 2026
Zepo Intelligence
Blog post
How attackers steal passwords through social engineering
Most compromised credentials aren't broken through brute force. They're obtained by convincing the person who holds them. Helpdesk vishing, MFA fatigue, and AI-personalized phishing are the active vectors — and the defence that works has to operate at the human layer.
May 7, 2026
Natalia Bochan
Blog post
Calendar invite phishing: how a Google Calendar attack bypassed every perimeter control
On March 17, an attacker sent a Google Calendar invite for a $399.77 charge that wasn't real. There was no link to click, no attachment to detonate, and DKIM passed. The only piece of the attack that mattered was a phone number. Here's why every perimeter control failed, and where the defense actually lives.
April 28, 2026
Enrique Holgado
Blog post
AI social engineering in 2026: why phishing simulations built on last year's templates are the wrong defense
Targeted social engineering used to require hours of manual reconnaissance. AI removed that ceiling. Personalized, multi-channel attacks now take seconds to build — and most simulation programs still test only email.
April 22, 2026
Natalia Bochan
Blog post
The architecture gap: why your security gateway and your training program have never shared a single data point
Your security gateway logs every threat targeting your employees. Your training platform runs on a quarterly calendar. These two systems were built for different buyers, measured by different metrics, and were never designed to exchange data — and that gap is where incidents happen.
April 16, 2026
Natalia Bochan
News
ZEPO INTELLIGENCE, FIRST CYBERSECURITY ECOSYSTEM TO CONNECT THREAT DETECTION WITH HUMAN RISK PREVENTION
Zepo Intelligence is now the first cybersecurity ecosystem for human risk — a platform where real-time threat detection and security training share a single data model. Every blocked attack immediately informs training. Every behavioral signal refines how protection is applied.
April 13, 2026
Antonio Muñoz
Blog post
What every regulation now requires from your cybersecurity training program — and why completion rates fail all of them
Modern cybersecurity regulations have shifted from "completion" to "competence," leaving organizations legally vulnerable when they prioritize annual check-boxes over actual behavioral change. Discover the five documentation gaps that fail regulatory scrutiny and how to build a training program that is truly defensible after an incident.
April 7, 2026
Natalia Bochan
Blog post
One call to a vendor. 15,661 records exposed. The Ericsson breach shows where security awareness ends.
A single vishing call to a third-party vendor gave attackers access to Ericsson customer data for five days — and Ericsson wasn't notified for seven months. The gap most security awareness programs don't cover is vendor employees. Here's how to start bridging it.
March 19, 2026
Natalia Bochan
Blog post
Deepfakes don't exploit technology gaps. They exploit obedience.
99% of security leaders say they're confident in their deepfake defenses. The average detection score is 44%. This post argues the industry is solving the wrong problem — and that verification culture, not detection technology, is the defensible response to AI-powered social engineering.
February 18, 2026
Natalia Bochan
Blog post
The leak of 47 political leaders: A case study in context-driven risk
A recent breach has exposed the personal data of 47 high-profile Spanish politicians, including regional presidents and high-ranking officials.
January 23, 2026
Natalia Bochan
News
Zepo Intelligence Selected for the 2026 CrowdStrike, AWS & NVIDIA Cybersecurity Startup Accelerator
Zepo Intelligence, an agentic social intelligence platform for workspace security, has been selected to participate in the 2026 Cybersecurity Startup Accelerator with CrowdStrike, Amazon Web Services (AWS) and NVIDIA through its Inception program, to help fuel the next generation of AI-driven cloud security innovation.
January 22, 2026
Natalia Bochan
FraudGPT: what security leaders need to know in 2026
AI tools like FraudGPT have made convincing phishing attacks accessible to anyone with a subscription. Here's how the threat has evolved since 2023 and why the defense is behavioral, not technical.
January 18, 2026
Natalia Bochan
News
Zepo Intelligence Raises $15M Seed Round to Protect Workspaces from AI-Driven Social Engineering
Zepo Intelligence, the company redefining human-centric security, announced today the closing of a $15 million Seed investment round. The round includes three European VCs with strong focus in cybersecurity, Kibo Ventures, eCAPITAL and TIN Capital, and will allow Zepo to expand its team and scale its proprietary technology globally as AI-driven social engineering rapidly escalates into one of the most persistent and costly challenges for security leaders in modern organizations.
January 12, 2026
Natalia Bochan
Tangos, technology, and trust: a recap of our week in Buenos Aires
From exclusive roundtables at Happening Costanera to the bustling floor of IT Forum Financiero, our team spent an incredible week connecting with the heartbeat of LATAM’s financial sector.
Natalia Bochan
The Art of Connection
In the relentless pursuit of goals and deadlines, sometimes the most productive thing you can do is pause, reconnect, and look at the world through new eyes.
Natalia Bochan
Get Smarter Before Attackers Strike.
You have succesfully subscribed to the Zepo Newsletter.
El Sitio Web (https://zepo.ai) utiliza cookies propias y de terceros con fines técnicos, analíticos y de preferencia. Puedes aceptar todas las cookies pulsando "Aceptar todas", aceptar sólo las cookies necesarias pulsando "Aceptar sólo las cookies necesarias" o puedes configurar o rechazar su uso pulsando "Configurar". Para más información, visita nuestra Política de Cookies.
Configuración de cookies
Puedes activar o desactivar cada categoría de cookies. Las cookies necesarias siempre están activas.
Cookies necesarias
Imprescindibles para el funcionamiento del sitio web. No pueden desactivarse.
Cookie
Proveedor
Descripción
Duración
__cf_bm
Cloudflare
Soporte para Cloudflare Bot Management.
1 hora
_cfuvid
Calendly
Rastrea usuarios entre sesiones para mantener la consistencia y ofrecer servicios personalizados.
Sesión
__hssrc
HubSpot
Determina si el visitante ha reiniciado su navegador.
Sesión
__hssc
HubSpot
Rastrea sesiones y determina si HubSpot debe incrementar el número de sesión.
1 hora
wpEmojiSettingsSupports
WordPress
Determina si el navegador del usuario puede mostrar emojis correctamente.
Sesión
cookie_acm_temp_42549_shown
Propio
Cookie temporal de gestión del banner de cookies.
Menos de 1 minuto
Cookies analíticas
Nos ayudan a entender cómo interactúan los visitantes con el sitio web.
Cookie
Proveedor
Descripción
Duración
_ga
Google Analytics
Calcula datos de visitantes, sesiones y campañas. Almacena información de forma anónima y asigna un número generado aleatoriamente para reconocer visitantes únicos.
1 año 1 mes 4 días
_ga_*
Google Analytics
Almacena y cuenta las páginas vistas.
1 año 1 mes 4 días
__hstc
HubSpot
Cookie principal de HubSpot para el seguimiento de visitantes. Contiene el dominio, la marca de tiempo inicial, la última visita y el número de sesión.
6 meses
hubspotutk
HubSpot
Rastrea visitantes al sitio web. Se transmite a HubSpot al enviar formularios para evitar contactos duplicados.
6 meses
Cookies de preferencia
Permiten recordar información que cambia el comportamiento o aspecto del sitio.
Cookie
Proveedor
Descripción
Duración
wp-wpml_current_language
Propio (WPML)
Almacena la configuración del idioma actual del sitio.
Sesión
wpml_browser_redirect_test
Propio (WPML)
Comprueba si las cookies están habilitadas en el navegador.
Sesión
_icl_visitor_lang_js
Propio (WPML)
Almacena el idioma al que fue redirigido el visitante.
.png)
