Catherine (Cat) Karow
Cat Karow built security for Apple, the White House, and Fortune 100s. Then her mom got scammed, and she stopped building for institutions and started building for people.
Gainesville, Florida, United States
Actions
Catherine (Cat) Karow is the CEO and Technical Co-Founder of ZoraSafe, a mobile app that protects people from scams, fraud, and digital manipulation in real time - before the damage is done.
She previously led and contributed to security and infrastructure efforts supporting systems at Apple Inc., the White House Office of the CIO, GuidePoint Security, and the University of Florida’s HiPerGator program.
After two decades securing institutions, Cat shifted her focus to protecting individuals after her mother, herself a former Capitol Hill consumer protection advocate, was targeted by sophisticated scams. That experience now drives her work at ZoraSafe, where she is building technology designed for the moment people are most vulnerable.
Cat is a TEDx speaker, a founding member of Hack The Box, and a Global Startup Awards North America Regional Finalist. She writes The Shield, a cybersecurity and fraud analysis publication, and is the forthcoming author of SOLD: How America Built a Legal Market for Human Beings, an examination of the data broker economy.
A self-taught, disabled founder with a background in theater, Cat brings a unique perspective to cybersecurity - one that centers human behavior, manipulation, and the real-world impact of technology.
Area of Expertise
Topics
The Industrialization of Human Manipulation: AI, Fraud, and the New Social Engineering Stack
For years, social engineering has been treated as a human problem: train users, improve awareness, reduce phishing clicks. But AI is changing the economics of manipulation itself.
Attackers are now combining:
- Data broker intelligence for hyper-targeting
- Voice cloning and identity simulation
- AI-generated urgency and emotional persuasion
- Behavioral timing optimization
- Multi-channel orchestration across phone, SMS, email, and messaging
- Fraud-as-a-service infrastructure
The result is not just better scams - it is the industrialization of human manipulation.
This talk breaks down the emerging social engineering stack from end to end:
- Data acquisition and enrichment
- Target selection and vulnerability profiling
- Identity simulation and trust exploitation
- Persuasion optimization and urgency engineering
- Multi-channel attack orchestration
- Payment coercion and monetization
We also examine:
- What has actually changed due to AI
- What remains unchanged but accelerated
- Where current enterprise security tools fail
- Why traditional awareness training is insufficient
This session provides a practitioner-focused framework for understanding AI-enabled manipulation and preparing for the next phase of social engineering attacks.
Security teams are still defending against phishing while attackers are building persuasion pipelines. AI is shifting social engineering from opportunistic scams to structured operations. This talk helps practitioners understand the system-level change underway.
Synthetic Trust: Voice Cloning, AI Urgency, and the New Architecture of Elder Fraud
Elder fraud is often framed as a consumer awareness problem. But modern fraud operations are evolving into structured systems designed to exploit trust, timing, and cognitive vulnerability.
AI is enabling attackers to:
- Clone voices of family members or trusted contacts
- Generate emotionally persuasive narratives
- Optimize timing using behavioral data
- Personalize attacks using data broker intelligence
- Conduct real-time adaptive social engineering
These attacks are not random. They are increasingly engineered.
This talk examines:
- The architecture of AI-enabled elder fraud
- Voice cloning and identity simulation workflows
- Cognitive vulnerability patterns attackers exploit
- Data sources used for targeting
- Multi-channel impersonation techniques
- Failure points in current telecom and mobile defenses
We also examine why traditional security tooling often fails to address these attacks and what defenders should be doing differently.
Elder fraud is rising rapidly, but most discussions remain at a surface level. This talk provides a technical analysis of how AI is reshaping trust-based attacks - and why current defenses are not keeping up.
AI Theater in Security: How to Tell What’s Real, Rebranded, and Useless
Security teams are being sold AI-powered everything: AI SOC analysts, AI threat detection, AI automation, AI copilots. But how much of this represents genuine capability?
This talk examines:
- Common AI-washing patterns in security products
- Rebranded classical ML
- LLM wrappers around existing workflows
- AI summarization marketed as automation
- Rule engines labeled as AI
We also provide:
- Technical evaluation frameworks
- Questions to ask vendors
- POC testing strategies
- Red flags in demos and documentation
This session aims to provide practitioners with a practical, technical approach to evaluating AI claims in security tooling.
Security teams risk making major investments based on marketing claims. This talk helps practitioners evaluate AI claims with technical rigor.
Simply Cyber Con 2025 Sessionize Event
BSides St. Pete 2025 Sessionize Event
BSides Orlando 2025 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top