The human factor: the real attack surface
People are often described as "the weakest link" in cybersecurity. That framing is a mistake: the human being is above all the main attack surface, because it is on people that decisions, access and trust rest. Attackers understood this long ago (phishing, fraudulent transfer orders, impersonation of authority, manipulation of urgency): social engineering exploits normal psychological mechanisms, not individual failings. Turning people into culprits protects no one; it even encourages hiding mistakes instead of reporting them. The useful path is the opposite: building a culture where someone can say "I think I got fooled" without fear, where good reflexes are made easy, and where awareness is not reduced to an annual module forgotten as soon as it is over. That requires understanding how attention, trust and pressure work, then aligning processes so that the safe decision is also the simplest one. This guide brings together the analyses on the human factor, social engineering, phishing and awareness, to treat the subject for what it is: less a matter of tools than a matter of people, organisation and culture.
Artificial IntelligenceAttachment to an AI is not a quirk, it is a vulnerabilityAn AI director at Disney speaks to his software assistant as if to his son, and has handed it the rights to act in his place. The debate mocked the feeling and never saw the rights. Yet both vulnerabilities are dangerous, each in its own way.
CybersecurityThe most cautious company in AI does not secure its own shared Claude chats.Anthropic denies public access to Mythos because it is too dangerous. Meanwhile, its own claude.ai domain serves as a phishing page through shared chats. The AI industry invests in spectacular risk and neglects the mundane risk.
CybersecurityAI and chatbots tell you you're right. That's the worst service they can do you.Chatbots are built to tell you you're right. Researchers at MIT have shown that even a perfectly rational reasoner falls into the trap. When your job is to spot what's wrong, that's a problem.
SocietyThe European Commission hacked: when the regulator becomes proof of what it denounces340 GB of data exfiltrated, 30 European entities hit, DKIM keys in the wild. The European Commission that drafts NIS 2, the Cyber Resilience Act and the cybersolidarity regulation has just proven, at its own expense, that directives do not…
SocietyReCyF, backdoors and USB sticks: France in cybersecurity, between clarity and anachronismFrance produces a cyber framework of international quality while being incapable of passing the law that makes it applicable, because the DGSI wants to read your Signal messages. And the framework itself illustrates human risk with a USB stick in 2026.
CybersecurityA fake Google Meet button, and your PC no longer belongs to youGoogle Meet tells you an update is required to keep using the service. The page is clean, in Google's colors, with a clearly visible "Update now" button. You click. No file downloads.
CybersecurityWhen a prayer app becomes a weapon: the psychological cyberwar at the heart of the Iran-US-Israel conflictOn February 28, 2026, the United States and Israel launched massive joint strikes against Iran. Since then, daily life for millions of Iranians has come down to sirens, explosions, power cuts and a near-total internet blackout, against a backdrop…
CybersecurityFICOBA: 1.2 million bank accounts exposed. So now what?FICOBA is the national register of bank and similar accounts. Created in 1971, it lists every account opened at French banking institutions: current accounts, savings accounts, securities accounts, rented safe-deposit boxes.
SpiritualityYoga and cybersecurity: attention as the first line of defenseWe have grown used to talking about cybersecurity as a technical subject. And of course it is technical; but what if we learned to talk about it like yoga?
CybersecurityNew year: what are your cybersecurity resolutions?The new year gives us a chance to ask ourselves a simple, honest question about cybersecurity: am I ready for the digital world as it is today, or as I wish it were?
SocietyFree transport, stolen data: the scammers travel first classIt is yet another Facebook scam, but one that works far too well. For several weeks now, hundreds of French people have been falling for a tempting promise: a free or heavily discounted pass for public transport. And the catch?
PoliticsAmine Kessaci: a cry from the heart of the northern districts, a call to collective conscienceIn the narrow streets of Frais-Vallon, where the tarmac still seems to carry the echoes of a shared childhood, I grew up just a few metres from where Amine Kessaci was born.
CybersecurityBlack Friday, Christmas, Sales: Cybercriminals Are Waiting for YouEvery year, at the same time, the queues move to virtual carts. Promotions explode, ads flash, "must-have" deals multiply... and in the shadows, cybercriminals are rubbing their hands.
CybersecurityCybersecurity: small businesses are not ready. And it will cost them.Talk to five owners of small businesses and you get the picture: cybersecurity is still a vague, distant, almost abstract idea. As long as no ransomware freezes the screen of Chantal in accounting, everyone carries on as before.
CybersecurityInfostealers: the silent threat you feed without knowing itThere are cyberattacks you never see coming. No flashy virus, no ransom messages, no brutal crash. Just a simple infostealer
PoliticsUSB stick and state silence: digital complacency has struck againSalah Abdeslam, convicted for the November 13 attacks, was taken into police custody for illegally possessing... a USB stick in prison.
EconomyAI doesn't replace us, it weakens us... if we let itWhat if AI didn't make us stupid... but forced us to become smarter?
LeadershipIt's not a question of motivation. It's a question of decision.People often ask me how I manage so many things at once. Work, family, music, sport, talks, articles, public speaking, threat watch, reading, meetings, passing it on…, And the answer almost always disappoints…
CybersecurityTraining executives in cybersecurity? Fine. But not like this.Today, some top business schools pride themselves on adding a cybersecurity module to their management programmes. EM Lyon, HEC, ESCP: they have all understood that digital security is now a strategic subject. Good.
CybersecurityWhy French SMEs are still stuck in 1980 (and why that's partly their own fault)Let me be blunt: you can't ask cybersecurity to move forward if some companies refuse to leave the minitel behind. And that's exactly what we still see today in most French SMEs. Yes, threats are evolving.
CybersecurityWhat If We Trained Hackers to Defend the Republic?In France, we train engineers, lawyers, police officers, diplomats and teachers. But we still do not train, at scale, the very people already fighting the battles of the 21st century: hackers.
PsychologyClear brain, dense life: toward a mental hygiene for the 21st centuryWe complain of being tired, distracted, overwhelmed. But look closely and we treat ourselves like machines. Notifications in bursts. Task switching every 12 seconds.
Artificial IntelligenceBack from Barcelona: AI, crisis and leadershipI spent a few days in Barcelona running a workshop on AI and crisis management in cybersecurity. A packed room, very different profiles, and one shared observation: the fog. Too much information, too many tools, not enough bearings.
LeadershipLeadership and chaos: 5 mistakes we always see in a cyber crisisThere are moments when everything speeds up. An alert goes off. A service collapses. Nothing responds anymore. And then everyone turns to "management".
CybersecurityCyberpsychology and power: how emotions are manipulatedNot a week goes by without talk of "manipulation": in the media, on social networks, through AI, in political campaigns or information crises.
Don't miss the next analysis