Skip to content
AtalayaAtalaya

Multi-vector detection engine · email · links · QR

Phishing is still the #1 way attackers get into companies.

And it no longer arrives only by email: it comes through links shared in chats and through QR codes stuck on physical posters. Atalaya covers all three surfaces with one consistent standard: a 0-100 verdict, P1-P4 priority and the evidence chain that backs it.

68%of breaches involve the human element (Verizon DBIR 2024)
$2.9Bin reported BEC losses in 2023 (FBI IC3)
3 surfacesemail · links · QR — covered in a single tool

Coverage

Three surfaces, one standard

01 · Surface

Email (.eml / .msg)

Manipulated headers, SPF/DKIM/DMARC, domain impersonation and Business Email Compromise (BEC) patterns, with a verdict and auditable evidence.

02 · Surface

Links

Pre-click analysis: follows redirects with SSRF guards, captures the destination in an isolated sandbox and detects look-alike domains. It tells you if the URL is safe without you opening it.

03 · Surface

QR codes

Quishing detection with live scanning from the phone camera and a real-time risk light. Point, the system decides, and you never open a malicious URL. It even detects nested QR codes.

The edge

The differentiator: it learns who your organization is

  atalaya · org-context

Atalaya lets you register your corporate domains, your key people (CEO, CFO…), your usual vendors and your internal payment rules. When an email pretends to be from your CEO using a look-alike domain, the AI ALREADY knows it's BEC. Every verdict becomes specific to your company, not generic.

corporate domainskey people (CEO/CFO)trusted vendorsinternal payment rules

Trust

Built for environments that answer to auditors

01

Auditable evidence

Every analysis returns a score, severity and the rules that fired. Traceable, exportable to Markdown/JSON/PDF and defensible to an auditor without reprocessing.

02

Privacy-first by design

Every external service call and the AI validation are explicit operator decisions, never hidden defaults. Compatible with ISO 27001 and ENS.

03

SOC priority P1-P4

A verdict aligned with standard SOC prioritization, to triage the suspicious queue in seconds instead of minutes.

See a real report (with sample data)

Verdict, evidence, IOCs and recommended actions — the full case file.