Catherine (Cat) Karow
Cat Karow built security for Apple, the White House, and Fortune 100s. Then her mom got scammed, and she discovered the next cybersecurity frontier wasn't infrastructure. It was human beings.
Gainesville, Florida, United States
Actions
Cat Karow spent two decades securing some of the world's most complex institutions, including Apple, the White House, Fortune 100 companies, and large-scale research infrastructure. Then her mother became the target of a sophisticated scam, and she realized the biggest security problem wasn't in the systems she was protecting. It was in the people using them.
Today, Cat is the CEO and Technical Co-Founder of ZoraSafe, an AI-powered platform helping individuals identify and avoid scams, fraud, and digital manipulation before harm occurs. Her work focuses on the rapidly evolving intersection of cybersecurity, artificial intelligence, social engineering, consumer protection, and human behavior.
A TEDx speaker, cybersecurity leader, and founder, Cat explores how emerging technologies are reshaping trust, influence, and decision-making in modern society. Her talks examine topics ranging from AI-enabled fraud and human risk to data brokers, behavioral prediction, digital rights, and the growing influence of invisible systems on everyday life.
Cat is a founding member of Hack The Box, a Global Startup Awards North America Regional Finalist, author of *The Shield* cybersecurity publication, and the forthcoming author of *SOLD: How America Built a Legal Market for Human Beings*, a book examining the hidden economy behind personal data.
A self-taught technologist, disabled founder, and former theater performer, Cat brings a rare combination of technical depth, storytelling, and systems thinking to conversations about the future of technology and its impact on people.
Area of Expertise
Topics
The Industrialization of Human Manipulation: AI, Fraud, and the New Social Engineering Stack
For years, social engineering has been treated as a human problem: train users, improve awareness, reduce phishing clicks. But AI is changing the economics of manipulation itself.
Attackers are now combining:
- Data broker intelligence for hyper-targeting
- Voice cloning and identity simulation
- AI-generated urgency and emotional persuasion
- Behavioral timing optimization
- Multi-channel orchestration across phone, SMS, email, and messaging
- Fraud-as-a-service infrastructure
The result is not just better scams - it is the industrialization of human manipulation.
This talk breaks down the emerging social engineering stack from end to end:
- Data acquisition and enrichment
- Target selection and vulnerability profiling
- Identity simulation and trust exploitation
- Persuasion optimization and urgency engineering
- Multi-channel attack orchestration
- Payment coercion and monetization
We also examine:
- What has actually changed due to AI
- What remains unchanged but accelerated
- Where current enterprise security tools fail
- Why traditional awareness training is insufficient
This session provides a practitioner-focused framework for understanding AI-enabled manipulation and preparing for the next phase of social engineering attacks.
Security teams are still defending against phishing while attackers are building persuasion pipelines. AI is shifting social engineering from opportunistic scams to structured operations. This talk helps practitioners understand the system-level change underway.
AI Theater in Security: How to Tell What’s Real, Rebranded, and Useless
Security teams are being sold AI-powered everything: AI SOC analysts, AI threat detection, AI automation, AI copilots. But how much of this represents genuine capability?
This talk examines:
- Common AI-washing patterns in security products
- Rebranded classical ML
- LLM wrappers around existing workflows
- AI summarization marketed as automation
- Rule engines labeled as AI
We also provide:
- Technical evaluation frameworks
- Questions to ask vendors
- POC testing strategies
- Red flags in demos and documentation
This session aims to provide practitioners with a practical, technical approach to evaluating AI claims in security tooling.
Security teams risk making major investments based on marketing claims. This talk helps practitioners evaluate AI claims with technical rigor.
AI Doesn't Need AGI to Change Society: Why Prediction May Matter More Than Intelligence
For years, the biggest question in AI has been: *When will machines become as intelligent as humans?*
But what if that's the wrong question?
The systems already reshaping society don't need human-level intelligence. They don't need consciousness, reasoning, or autonomy. They simply need to become better at predicting us.
Every day, AI models help determine what we see, what we buy, who we trust, what captures our attention, and increasingly, how we make decisions. These systems power everything from advertising and recommendation engines to fraud operations, political targeting, hiring systems, and financial services. Their influence doesn't come from understanding humans. It comes from predicting human behavior with increasing accuracy.
In this keynote, cybersecurity founder and TEDx speaker Catherine Karow explores the rise of the prediction economy: a world where decades of behavioral data collection, data brokerage, machine learning, and generative AI are converging into systems designed to forecast and influence human action at unprecedented scale.
Drawing on real-world examples from cybersecurity, fraud, social engineering, AI, and consumer technology, this session examines why prediction may matter more than intelligence, how influence is becoming the defining capability of modern AI systems, and what that means for trust, autonomy, privacy, and the future of human decision-making.
The future may not belong to machines that think like humans. It may belong to machines that know what humans are likely to do next.
Keynote, TED-style Talk, or General Session
Technology leaders, cybersecurity professionals, AI practitioners, founders, product leaders, policymakers, marketers, and anyone interested in the societal impact of AI.
Beginner to Advanced. No AI or cybersecurity background required.
30-45 minutes keynote format, with optional 10-15 minute Q&A.
* Understand why behavioral prediction is becoming one of AI's most powerful capabilities.
* Learn how data collection, machine learning, and AI systems combine to influence human decision-making.
* Explore the connections between recommendation systems, advertising, fraud, social engineering, and AI-driven persuasion.
* Gain a framework for evaluating the opportunities and risks of increasingly predictive technologies.
* Better understand how trust, autonomy, and human agency may be affected by the next generation of AI systems.
Cat Karow is the CEO and Technical Co-Founder of ZoraSafe, an AI-powered platform helping individuals identify and avoid scams, fraud, and digital manipulation. She is a TEDx speaker whose work focuses on human risk, social engineering, consumer protection, and the intersection of AI, cybersecurity, and human behavior.
New for 2026/2027.
Builds on themes explored in Catherine's TEDx talk, *The Invisible Machine*, while introducing original research and analysis focused on AI, prediction systems, and human influence.
Citizen or Inventory?
Most people know their data is being collected. Few realize they are being continuously assembled into digital versions of themselves that influence what they see, what they pay, what opportunities they receive, and increasingly, what they believe.
Behind targeted advertising, AI-powered recommendations, fraud prevention systems, hiring algorithms, and political messaging lies a vast ecosystem built on behavioral prediction. Data brokers, machine learning models, and AI systems don't just observe human behavior. They learn from it, score it, predict it, and increasingly shape it.
In this keynote, cybersecurity founder and TEDx speaker Catherine Karow explores how invisible systems have become a foundational layer of modern life. Drawing on real-world examples from data brokerage, cybersecurity, fraud, and AI, she examines how human beings became products in a marketplace built on prediction and influence.
Attendees will leave with a new framework for understanding digital power, the growing role of behavioral prediction in AI systems, and one of the defining questions of the AI era:
Are we still citizens, or have we become inventory?
Session Type: Keynote / TED-style Talk
Audience: General technology audiences, AI practitioners, cybersecurity professionals, policymakers, founders, product leaders, and executives
Technical Level: Beginner-friendly
Preferred Length: 30-45 minutes
Key Takeaways:
• Understand how data brokers, AI systems, and behavioral prediction intersect
• Learn how digital profiles influence decisions and opportunities
• Explore the societal implications of predictive technologies
• Gain practical frameworks for evaluating trust, privacy, and influence in the AI era
Based on and expands themes introduced in Catherine Karow's TEDx talk, The Invisible Machine.
Human Risk: Why Influence Is the New Attack Vector
For decades, cybersecurity has treated people as the problem.
Users click links.
Employees make mistakes.
Victims fall for scams.
But what if we've been looking at it backwards?
While defenders focused on technology, entire industries evolved around understanding, predicting, and influencing human behavior. Today's attackers combine behavioral data, AI-generated persuasion, social engineering, and psychological targeting to exploit trust at scale.
This session challenges one of cybersecurity's oldest assumptions and introduces a new framework for understanding human risk. Rather than viewing people as security failures, we'll explore how humans have become the primary target of increasingly sophisticated influence systems.
Through examples drawn from fraud, social engineering, AI, and behavioral manipulation, attendees will gain a deeper understanding of how trust is exploited and what defenders can do about it.
Session Type: Keynote, General Session, Security Conference
Audience: Security professionals, risk leaders, fraud teams, executives, product teams
Technical Level: Beginner to Intermediate
Preferred Length: 30-60 minutes
Key Takeaways:
• Reframe human behavior as an attack surface
• Understand modern influence and manipulation techniques
• Learn why traditional awareness programs struggle
• Explore new approaches to human-centered security
The Wrong User: What My Mother's Scam Taught Me About Building Technology
For most of my career, I built security for institutions.
Apple. The White House. Fortune 100 companies.
We designed systems for administrators, analysts, security teams, and highly trained professionals. We optimized for efficiency, scale, and technical capability. We assumed users would read warnings, recognize threats, and make rational decisions.
Then my mother got targeted by a sophisticated scam.
Suddenly, decades of security expertise collided with a much harder reality: the people most affected by technology are often the people technology was never designed for.
Seniors. Caregivers. Disabled users. People under stress. People overwhelmed by complexity. People making decisions while scared, distracted, grieving, or exhausted.
In this talk, cybersecurity founder and TEDx speaker Catherine Karow shares how that experience fundamentally changed the way she thinks about product design, security, AI, and innovation. Drawing from her journey building ZoraSafe, she explores why so many products fail the people who need them most, how attackers exploit those gaps, and what it means to design technology for real humans instead of ideal users.
Because the most vulnerable users are not edge cases.
They're often the people we're building for.
Session Type: Founder Story, Product Leadership, Keynote, General Session
Target Audience: Founders, product managers, designers, AI builders, cybersecurity professionals, startup leaders, innovation teams, and executives.
Technical Level: All Levels
Preferred Duration: 30-45 minutes, with optional Q&A
Audience Takeaways:
• Learn why many products unintentionally exclude the people who need them most
• Understand how stress, cognitive load, trust, and vulnerability affect technology adoption and security outcomes
• Explore practical frameworks for designing products that work in real-world conditions
• Learn how human-centered design can improve safety, usability, and trust
• Gain a new perspective on who the "user" actually is and how product decisions shape real lives
Themes: Product Design, Human-Centered Design, AI, Cybersecurity, Accessibility, Consumer Technology, Entrepreneurship, Leadership
Session History: New for 2026/2027. Based on lessons learned transitioning from enterprise cybersecurity to building consumer-focused technology designed to protect individuals from scams, fraud, and digital manipulation.
The Human Attack Surface: How Behavioral Data Became Critical Infrastructure
For decades, cybersecurity focused on protecting computers.
We built firewalls for networks, EDR for endpoints, IAM for identities, and entire industries dedicated to defending digital infrastructure.
But while security teams were protecting machines, another infrastructure was quietly being built.
Data brokers collected behavioral data. Advertising platforms optimized engagement. Recommendation engines learned attention patterns. Social media platforms refined persuasion systems. Together, these industries created an unprecedented capability: the ability to predict, influence, and target human behavior at scale.
AI did not create this system.
AI plugged into it.
Today, attackers can leverage behavioral intelligence, identity simulation, voice cloning, emotional optimization, and hyper-targeted persuasion in ways that were previously impossible. The result is a fundamental shift in the threat landscape. Human behavior itself is becoming an attack surface.
This session examines how decades of data collection, behavioral analytics, advertising technology, and machine learning converged to create what may be the largest human-targeting infrastructure ever assembled. Drawing from cybersecurity, fraud operations, social engineering, and AI systems, we will explore how influence became programmable and why defenders need to rethink what it means to secure people in the age of prediction.
The next major attack surface may not be networks, endpoints, or identities.
It may be human behavior itself.
Session Type: Conference Session / Security Research / Emerging Threats
Target Audience:
Security researchers, threat intelligence teams, fraud investigators, red teams, blue teams, AI practitioners, privacy researchers, and security leaders.
Technical Level:
Intermediate
Preferred Length:
45 minutes
Topics Covered:
Behavioral targeting
Data brokers
Human risk
Social engineering
AI-enabled manipulation
Fraud infrastructure
Trust systems
Security strategy
Originality:
This talk presents a novel framework connecting behavioral data ecosystems, AI systems, social engineering operations, and cybersecurity threat models. It introduces the concept of the Human Attack Surface as an emerging category of security risk and examines how behavioral infrastructure is increasingly being leveraged for offensive operations.
Media Availability:
Yes
Village Track Suitability:
Yes, particularly for AI, Privacy, Human Risk, Social Engineering, or Threat Intelligence-focused tracks.
The Persuasion Engine: How Human Influence Became Computable
For decades, cybersecurity focused on protecting information.
At the same time, an entirely different industry was solving a different problem.
Advertising platforms learned how to capture attention.
Data brokers learned how to profile behavior.
Recommendation systems learned how to optimize engagement.
Machine learning learned how to predict decisions.
Then generative AI arrived.
Suddenly, the ability to understand people, predict people, target people, and persuade people began converging into a single operational stack.
This session argues that we are witnessing a fundamental shift in the threat landscape: persuasion itself is becoming computable.
Modern attackers no longer need to guess who to target, what to say, when to say it, or how to build trust. Increasingly, those decisions can be informed by behavioral data, optimized by machine learning, generated by AI, and delivered across coordinated channels at scale.
Drawing on examples from fraud operations, social engineering campaigns, data brokerage, behavioral targeting, and AI-enabled deception, this talk examines how influence is evolving from an art into an engineering discipline.
The result is not simply better scams.
It is the emergence of programmable persuasion as a security problem.
Attendees will leave with a new framework for understanding how behavioral intelligence, AI systems, and influence infrastructure are reshaping both offensive and defensive security.
Session Type:
Security Research / AI Security / Human Risk / Emerging Threats
Technical Level:
Intermediate
Audience:
Security researchers, threat intelligence teams, fraud investigators, red teams, blue teams, AI practitioners, security architects, and cybersecurity leaders.
Topics Covered:
Social engineering
Behavioral targeting
Data brokers
AI-enabled persuasion
Human risk
Threat modeling
Fraud operations
Influence systems
Original Contribution:
This talk introduces the concept of computable persuasion as an emerging security paradigm. Rather than treating fraud, social engineering, behavioral targeting, AI-generated content, and influence operations as separate domains, it presents them as components of a unified persuasion stack that increasingly functions as an operational capability.
Preferred Length:
45 minutes
Village Track Suitability:
AI, Threat Intelligence, Human Risk, Social Engineering, Privacy, an
Simply Cyber Con 2025 Sessionize Event
BSides St. Pete 2025 Sessionize Event
BSides Orlando 2025 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top