The AI security category exploded in 2025–2026 with USD 32B Wiz acquisition by Google, Cisco-Robust Intelligence, Palo Alto-Protect AI, SentinelOne-Prompt Security. Global incumbents dominate Fortune 500. NexSpire AI Security serves the LATAM + USA-Hispanic + Iberian mid-market they leave underserved — with native Spanish-language tooling, ISO 42001 readiness, AESIA / EU AI Act compliance, and AI-augmented banking-fraud defense aligned with the CipherLedger patent.
Each SKU integrates a top-tier global vendor (Lakera, HiddenLayer, Cisco AI Defense, TrojAI, Mend) and adds NexSpire's native Spanish corpus + LATAM/Iberia regulatory layer.
Single fixed-fee adversarial assessment. Spanish-language jailbreak corpus (Crescendo-ES, Persuasion-ES, ArtPrompt-ES). Mapped to OWASP LLM Top 10 + Agentic Top 10 + ATLAS v5.4. AESIA / EU AI Act gap-analysis annex.
USD 22k–180k · 2–8 week engagements
Recurring quarterly review: 5 production GenAI apps, AI-BOM regen, ATLAS-mapped threat updates, Spanish prompt-injection regression suite, SOC 2-style attestation, agentic + MCP coverage.
USD 6.5k–12k/month · USD 78k–144k/year
SaaS distributed by Spire AI SA. Native Spanish jailbreak detection covering es-ES, es-MX, es-AR, es-CO, es-CL dialects. PII detection: CURP/RFC/DNI/CUIT/RUT/RUN/RUC. AESIA Ley 28/2024 deepfake-label validation.
Free 25k req/mo · USD 0.49/1k req · USD 30k–120k/yr enterprise
CycloneDX + SPDX AI-BOM in Spanish. Model card library (AI Card schema). EU AI Act Annex IV technical documentation. Brazil PL 2338 risk-tier filings. Quarterly drift reports.
USD 28k discovery + USD 1.5k–4k/mo monitoring
Critical given April 2026 systemic MCP RCE (CVE-2026-30623, CVE-2026-30615). MCP server inventory, runtime guardrails, infinite-loop kill switches, max-iteration policies (15-step caps), 60s timeouts, dedup memory, Spanish IR playbooks.
USD 35k init + USD 8k–18k/month managed
OWASP LLM01:2025. Direct user-typed and indirect via web/email/RAG context. Multilingual bypass especially via Spanish dialects.
DAN, AIM, Crescendo (multi-turn), ArtPrompt (ASCII), persuasion-based, multilingual translation attacks.
Model checkpoint compromise (HuggingFace). CorruptRAG single-document poisoning (Jan 2026). Pickle deserialization.
Query-based theft. Training-data leakage via membership inference. Reconstruction of private training samples.
Malicious pip packages, compromised checkpoints, poisoned HuggingFace models, dependency confusion in MLOps pipelines.
April 2026 systemic RCE design flaw — Anthropic SDKs (Python, TypeScript, Java, Rust). CVE-2026-30623, CVE-2026-30615, CVE-2026-33224. ~7,000 public servers exposed.
Goal hijacking, tool misuse, identity abuse, memory poisoning, infinite-loop DoS in CrewAI/LangChain/AutoGen. OWASP Agentic Top 10 (Dec 2025).
AgentPoison: 80%+ ASR at <0.1% poison rate. eTAMP cross-session attacks against ChatGPT Atlas and Perplexity Comet (Apr 2026).
CEO/CFO impersonation scams. KYC bypass via JINKUSU CAM tooling on Telegram. Mar 2025 documented LATAM USD 494K fraud loss.
Spear phishing at scale, voice cloning, multi-channel coordinated attacks, BEC variants leveraging LLM for hyper-personalization.
OWASP LLM10:2025 Unbounded Consumption. High-token recursion, prompt-bombing, agentic resource exhaustion (infinite loops).
Image-encoded payloads, ArtPrompt ASCII art, audio steganography, video-frame instruction injection in vision-language models.
| Framework | Status (April 2026) | Coverage in NexSpire AI Security |
|---|---|---|
| ISO/IEC 42001 | Published Dec 2023 | Readiness assessment + AIMS implementation |
| NIST AI RMF + GenAI Profile | NIST-AI-600-1 (Jul 2024) | Map controls to risk categories; Critical Infrastructure profile drafting |
| EU AI Act | GPAI rules 2 Aug 2025; high-risk Annex III 2 Aug 2026; full 2 Aug 2027 | Annex IV technical documentation in Spanish; provider/distributor classification |
| OWASP LLM Top 10 (2025) | v2 includes LLM07 System Prompt Leakage, LLM08 Vector Weaknesses | Test plan core |
| OWASP Agentic Top 10 | Released Dec 2025 | SKU 5 retainer scope |
| MITRE ATLAS v5.4 | Feb 2026 — 16 tactics, 84+ techniques | Adversarial test plan mapping |
| AESIA (Spain) | Operational since Feb 2025; Ley 28/2024 sanctioning Aug 2025 | Compliance assistance for entidades obligadas |
| Brazil PL 2338/2023 | Vote 2025; full enforcement 2026 | Risk-tier filings + sandbox documentation |
| ENISA FAICP | 3-layer cyber framework EU | Iberia compliance bridge |
Lakera, HiddenLayer, Cisco have multilingual classifiers but Spanish dialects (Mexicano, Rioplatense, Andino, Caribeño) and Spanglish code-switching are under-represented. Native ES corpus is a defensible moat.
Wiz/Palo Alto/Cisco price out mid-cap LATAM banks (USD 100k–500k/yr). NexSpire wraps CipherLedger patent IP into AI-augmented banking-fraud + KYC-bypass package.
EU AI Act Annex IV, AESIA Ley 28/2024, Brazil PL 2338 — all need regional Spanish/Portuguese drafting. Mend, Cranium, Cisco AI Defense ship in English only.
Global incumbents target Fortune 500. Mid-market hispanohablante (250–2,500 employees) has no native Spanish-speaking option for OWASP Agentic Top 10 (2026) implementation.
After April 2026 systemic MCP design vulnerability affecting 200k+ servers, mid-market CISOs in LATAM/Iberia lack in-house expertise. NexSpire 90-day fixed-fee MCP Hardening (USD 35–65k) is timely and unmet.
We don't reinvent the wheel — we integrate the leaders with native Spanish tooling and LATAM/Iberia regulatory expertise.
Lakera blocks 98% of attacks in English. Spanish jailbreaks slip through. The Apr 2026 MCP RCE is unpatched in Windsurf, GPT Researcher, LangChain-Chatchat. Let's audit your stack.