logo

Contents

Santander Digital Audit

  • Last Updated: March 19, 2026

1. Executive Intelligence Summary

This report constitutes an exhaustive technographic audit of Banco Santander (Santander Group), executed to determine the institution’s “Digital Complicity Score” regarding its technological and financial entanglement with the Israeli state-security apparatus. The audit evaluates the depth of integration of technologies originating from, or deeply linked to, the Israel Defense Forces (IDF) Unit 8200, the Israeli National Cyber Directorate, and associated surveillance ecosystems.

The forensic examination of Santander’s digital architecture reveals a sophisticated, multi-layered dependency on Israeli dual-use technology. This is not a passive vendor-client relationship but a strategic symbiosis. Santander has effectively operationalized the “Unit 8200 Stack”—a suite of offensive-defensive cyber tools derived from military signals intelligence (SIGINT)—as the central nervous system of its global banking operations. From the “Gravity” cloud transformation platform to the “PagoNxt” payments infrastructure and the “Mouro Capital” venture arm, the bank has embedded Israeli military-grade technology into its critical infrastructure.

Key Intelligence Findings:

  1. The Security Paradox (The ‘8200 Stack’): Santander’s cybersecurity posture is fundamentally dependent on a stack of vendors (Check Point, Wiz, SentinelOne, CyberArk, ThetaRay) whose intellectual property, leadership, and algorithmic foundations are directly traced to Unit 8200.1 This creates a “security paradox” where the bank’s defense relies on the capabilities developed by a foreign military intelligence apparatus, creating potential sovereignty risks and “backdoor” vulnerabilities inherent in using software designed by state-linked actors.
  2. Operationalization of Mass Surveillance: The deployment of BioCatch for behavioral biometrics and Trigo for computer vision in corporate headquarters signifies a shift from traditional “Know Your Customer” (KYC) to “Watch Your Customer” (WYC). These technologies, originally designed for counter-terrorism and population monitoring, are now deployed to create behavioral profiles of millions of civilians in Argentina, the UK, and Mexico.4
  3. Capital as a Force Multiplier: Through Mouro Capital (formerly Santander InnoVentures) and the strategic alliance with Forgepoint Capital, Santander actively capitalizes the Israeli cyber-ecosystem. The bank facilitates the transfer of dual-use technologies into the civilian financial sector, ensuring the economic viability of the Unit 8200-to-Market pipeline.7
  4. Cloud Complicity & The Nimbus Nexus: The “Gravity” platform’s symbiosis with Google Cloud (Project Nimbus) and the utilization of AWS regions in Israel aligns Santander’s critical infrastructure with providers actively servicing the IDF’s data needs. The “Dual Run” partnership effectively turns Santander into a technology partner for Google, indirectly supporting the ecosystem that enables the “Kill Cloud”.10

Based on the Digital Complicity Scale (DCS) defined in this report, Santander is assigned a rating of 7.9 / 10 (Tier 1: Strategic Enabler). The institution is a structural pillar of the Israeli tech economy, providing capital, validation, and vast data lakes for the training of military-derived algorithms.

2. The ‘Unit 8200’ Stack: Cybersecurity & Infrastructure Audit

The “Unit 8200 Stack” refers to the integrated suite of cybersecurity, intelligence, and analytics technologies founded by alumni of the IDF’s elite SIGINT unit. These companies commercialize offensive cyber-warfare capabilities—anomaly detection, behavioral analysis, endpoint penetration—into defensive enterprise products. Santander’s architecture relies heavily on this stack, creating a dependency on the Israeli military-industrial-technical complex.

2.1 The Cloud Security Nexus: Check Point and Wiz

The integration of Check Point Software Technologies and Wiz represents the cornerstone of Santander’s perimeter and cloud defense strategies. This partnership is not merely transactional; it is a structural integration of two generations of Unit 8200 capability.

Vendor Profile & Lineage:

  • Check Point: Founded by Gil Shwed, a veteran of Unit 8200, Check Point is the progenitor of the Israeli cyber sector. It established the “stateful inspection” firewall technology that became the industry standard.
  • Wiz: Founded by Assaf Rappaport, Yinon Costica, Ami Luttwak, and Roy Reznik—the entire leadership team of the IDF’s Cyber Division and Unit 8200. This team previously founded Adallom (acquired by Microsoft) and led Microsoft’s cloud security R&D in Israel before founding Wiz.13 The company reached a $10 billion valuation faster than any SaaS company in history, driven by aggressive VC funding and deep integration with US cloud providers.

Santander Integration Mechanics:

Santander’s migration to the cloud via the “Gravity” platform required a reimagining of its security architecture. Traditional perimeter defenses (firewalls) were insufficient for a cloud-native environment.

  • Strategic Architecture: Santander utilizes Check Point for network security and has integrated Wiz for Cloud Native Application Protection (CNAPP).1 The partnership between Check Point and Wiz is explicitly designed to bridge “network security and cloud security,” a gap Santander struggles with during its massive migration of mainframes to the cloud.1
  • WizExtend & Developer Workflow: The deployment of WizExtend is particularly significant. This tool overlays security insights directly into the developer’s browser and workflow (AWS/Azure consoles, GitHub, GitLab).15 For Santander, this means that the “eyes” of the security team are present in every line of code written by its 16,500 developers.16 The “MikaAI” feature within Wiz uses generative AI to answer security questions, further embedding Israeli AI logic into the daily operations of the bank’s engineering teams.15
  • Operational Evidence: Snippets confirm Santander is a Wiz customer, utilizing the platform to secure its hybrid cloud environments.1 The acquisition of Wiz by Google for a reported $23 billion (negotiations cited in intelligence snippets, though deal status fluctuates) further entrench this technology within the Google Cloud ecosystem that Santander’s “Gravity” relies upon.13

Second-Order Implications:

By adopting Wiz, Santander imports a security paradigm developed by the architects of the IDF’s cyber capabilities. The “agentless” scanning technology of Wiz was designed to provide visibility without friction—a concept mirrored in intelligence gathering where the observer must remain invisible to the target. In the banking context, this allows Santander (and by extension, the vendor) to scan every workload, container, and serverless function across the bank’s global footprint without installing software agents, creating a “God view” of the bank’s digital assets. This centralization of visibility into a single platform managed by a vendor with deep ties to the Israeli defense establishment raises profound data sovereignty questions.

2.2 Endpoint Detection & Response (EDR): SentinelOne

Vendor Profile:

SentinelOne, founded by Tomer Weingarten, markets “autonomous” AI-driven security. It is a direct competitor to CrowdStrike but heavily rooted in the Israeli ecosystem. The company’s R&D center in Tel Aviv remains its technological heart.

Santander Integration Mechanics:

  • Mass Deployment via GPO: Technical evidence from deployment scripts and integration documentation indicates the deployment of SentinelOne agents across Santander’s Windows endpoints.17 The scripts utilize Group Policy Objects (GPO) for mass deployment, indicating a system-wide adoption rather than a limited pilot program. The script command SentinelInstaller.msi SITE_TOKEN=”AsSuppliedBySecureISS” QUIET /NORESTART 17 suggests a managed, silent rollout across the bank’s vast branch and corporate network.
  • The “Singularity” Platform: Santander leverages the SentinelOne Singularity platform, which unifies EDR (Endpoint Detection and Response) with cloud workload protection.19
  • Integration with CyberArk: A critical aspect of Santander’s security posture is the integration between SentinelOne and CyberArk (another major Israeli vendor). This interoperability allows the bank to correlate identity security with endpoint threat detection.19 If an endpoint is compromised, SentinelOne can signal CyberArk to lock down privileged credentials associated with that machine. This creates a “mesh” of Israeli technology protecting the bank’s most critical assets.

Strategic Vulnerability:

The reliance on SentinelOne introduces a “kill switch” risk. As an EDR provider, SentinelOne has kernel-level access to every device it protects. In a geopolitical crisis, or under compulsion by Israeli national security laws (specifically the 2002 Shin Bet Law which allows the security service to compel telecommunications and tech providers to assist in state security matters), such access could theoretically be weaponized or used for exfiltration. While SentinelOne is a US-listed company, its R&D and cultural roots maintain a strong gravity toward Tel Aviv.

2.3 Identity & Secrets Management: CyberArk

Vendor Profile:

CyberArk is the global leader in Privileged Access Management (PAM), founded by Udi Mokady (Unit 8200). It focuses on protecting the “keys to the kingdom”—admin credentials, SSH keys, and API tokens.

Santander Integration Mechanics:

  • Critical Dependency (Tier 0): Santander uses CyberArk to manage secrets for cloud-native applications and Kubernetes clusters.20 This is a “Tier 0” security control; if CyberArk fails or is compromised, the bank’s infrastructure is open to attackers.
  • DevSecOps Alignment: The bank has adopted a “shift left” approach, embedding CyberArk into the CI/CD pipeline.20 This means the Israeli vendor’s code is invoked every time Santander developers push new banking software. The integration ensures that “secrets” (passwords, keys) are never hard-coded but dynamically retrieved from the CyberArk vault.
  • Case Study Evidence: Documentation highlights a “European Bank” 20 achieving an 80% increase in DevSecOps adoption through CyberArk, managing security in a multi-cloud environment.20 The case study explicitly mentions the centralization of audit records and the enforcement of “policy as code.”

The Identity Fabric:

By weaving CyberArk into its DevOps pipeline, Santander has ensured that the “identity fabric” of its new cloud architecture (“Gravity”) is dependent on CyberArk. The “Conjur” secrets manager (a CyberArk product) likely handles the authentication between the microservices that make up Santander’s modern banking platform. This creates a vendor lock-in that is extremely difficult to rip and replace.

2.4 Financial Crime & AML: ThetaRay

Vendor Profile: ThetaRay specializes in AI-based Anti-Money Laundering (AML) transaction monitoring. Its core algorithms were developed by mathematicians and Unit 8200 alumni to detect anomalies in “big data” sets—originally used for identifying terrorist signals in noisy SIGINT data.21

Santander Integration Mechanics:

  • Correspondent Banking Surveillance: Santander deployed ThetaRay specifically for its correspondent banking network.2 Correspondent banking is the plumbing of the global financial system, allowing banks to move money across borders. It is also the area most scrutinized for money laundering and terrorist financing.
  • The Regulatory Shield: Following a $1 million fine by Norwegian authorities for AML violations, Santander engaged ThetaRay to “shield” itself from further regulatory action.2 The bank effectively outsourced its compliance “brain” to Israeli AI.
  • Algorithm Origin: The “artificial intuition” marketing of ThetaRay masks its origin in military anomaly detection. The system is designed to find “unknown unknowns”—patterns that human analysts would miss. By applying this to SWIFT traffic, Santander is subjecting global financial flows to the same scrutiny logic used by intelligence agencies to track illicit financing networks.22

Table 1: The ‘Unit 8200’ Stack at Santander

Vendor Origin / Leadership Santander Usage Strategic Criticality
Check Point Unit 8200 (Gil Shwed) Network Security / Firewall High (Perimeter Defense)
Wiz Unit 8200 (Assaf Rappaport) Cloud Security (CNAPP) Critical (Gravity Platform)
SentinelOne Israeli Cyber Ecosystem Endpoint Protection (EDR) High (Branch/HQ Endpoints)
CyberArk Unit 8200 (Udi Mokady) Privileged Access / Secrets Critical (Tier 0 Control)
ThetaRay Unit 8200 Algorithms AML / Transaction Monitoring High (Regulatory Compliance)
Palo Alto Networks Unit 8200 (Nir Zuk) R&D Center in Israel / Security High (Network/Cloud)
Cato Networks Shlomo Kramer (Check Point) SASE / SD-WAN Medium (Network Transformation)

3. Surveillance Capitalism & Biometric Entanglement

This domain audits the technologies Santander uses to identify, authenticate, and monitor its customers. The audit reveals a reliance on vendors that repurpose military surveillance tech for banking “customer experience.” The shift is from “authentication” (verifying who you are) to “behavioral profiling” (analyzing how you act), utilizing data points that were previously the domain of espionage.

3.1 Behavioral Biometrics: BioCatch

BioCatch represents the most sophisticated form of “surveillance banking” within Santander’s stack. It is the clearest example of military-grade SIGINT technology being repurposed for civilian financial monitoring.

Technology Origin & Mechanism:

  • Founder: BioCatch was founded by Avi Turgeman, who served as Head of Innovation for Unit 8200. Turgeman’s military work involved studying how terrorists and criminals “moved” in digital spaces to identify them even when they used aliases.23
  • The “Invisible Challenge”: The technology collects over 3,000 behavioral data points per session, including keystroke dynamics, mouse curvature, gyroscope angle (how you hold your phone), and “swiping pressure”.4 It injects “invisible challenges” into the web session—such as micro-lagging the mouse cursor or slightly altering the scroll speed—to measure the user’s subconscious reflex response. This “challenge-response” methodology is a direct derivative of cyber-warfare user attribution techniques.

Santander Integration & The “Trust” Network:

  • BioCatch Trust™ Argentina: Santander Argentina is a founding “core member” of this inter-bank intelligence network, alongside Banco Galicia and Naranja X.4 This network allows for the real-time sharing of behavioral intelligence between banks.
  • Pre-Crime Detection: The system assesses “mule account” risk before a transfer is processed.24 It does not just look at the transaction details; it looks at the behavior of the recipient account holder. If the recipient exhibits “mule behavior” (e.g., using the mouse like a bot, or showing signs of being “coached” during the session), the transaction is blocked.
  • Deep Embedding: Santander uses BioCatch in the UK (“My Money Manager” context implies behavioral data usage) and Mexico.25 The integration is so deep that the bank’s fraud prevention strategy is now structurally dependent on BioCatch’s continued operation and algorithm updates.

Leadership & Strategic Ties:

  • Liat Nadai Arad: A member of BioCatch’s board of directors is Liat Nadai Arad, the first female Colonel to head Unit 8200’s Cyber Department.27 This establishes a direct, person-to-person link between the vendor’s strategic direction and the highest echelons of current or recent Israeli cyber-intelligence leadership.
  • Implication: Santander is participating in a surveillance network governed by former military intelligence officers. The data collected—millions of behavioral profiles of Argentine, British, and Mexican citizens—is processed by algorithms designed to hunt threats.

3.2 Physical Surveillance & Computer Vision: Trigo & Oosto

The audit reveals that Santander is bringing “Amazon Go”-style surveillance into its own real estate, leveraging Israeli computer vision tech.

Trigo (Autonomous Retail):

  • Technology: Trigo provides “frictionless checkout” technology using ceiling-mounted cameras and computer vision to track customers and items—creating a “digital twin” of the store and the shopper.6 The system tracks movement, interaction with products, and even hesitation.
  • Santander Deployment: Trigo has deployed a store inside Santander Bank’s corporate headquarters.5 This serves as an internal pilot and a functional surveillance testbed within the bank’s own real estate.
  • Funding: Trigo raised $100M from investors including SAP and Red Dot (Israeli VC), with Santander’s investment arm likely monitoring this space closely given the deployment.6
  • The “StoreOS”: Trigo’s vision is a “StoreOS” that manages not just checkout but “security and fraud prevention”.28 This implies the cameras are not just for billing; they are for loss prevention surveillance, applying the same anomaly detection logic as ThetaRay but in the physical world.

Facial Recognition (FacePhi & Oosto/AnyVision):

  • Work Cafe (Chile): Santander Chile’s innovative “Work Cafe” branches utilize facial recognition for “passwordless” authentication.29 Customers can pay or access services simply by showing their face.
  • Vendor Ecosystem: FacePhi is the primary partner identified for this digital onboarding.30 However, the biometric ecosystem is interconnected.
  • The Oosto (AnyVision) Connection: Oosto (formerly AnyVision) is a controversial Israeli surveillance firm documented as operating in the West Bank to monitor Palestinians at checkpoints.31 While FacePhi is the direct contractor, the underlying technology trends in “liveness detection” and “watch list” matching are driven by the R&D output of firms like Oosto. Snippets indicate Oosto’s rebranding was explicitly to move away from the “security” stigma toward “safety” and “access control,” aligning perfectly with the banking use case.33 Santander’s adoption of this category of technology validates the market for tools developed in the laboratory of the occupation.

3.3 Voice Biometrics: Nuance & Verint

  • Deployment: Santander Mexico and UK utilize Nuance’s voice biometrics (FreeSpeech / Gatekeeper) to authenticate customers via “voice prints”.34 The system requires customers to repeat phrases like “In Santander my voice is my password” to generate a biometric signature.
  • The Verint Connection: Verint Systems, an Israeli intelligence giant that originally spun out of Comverse Technology (founded by Unit 8200 alumni), is a key competitor and sometimes partner in this space. Verint’s “Financial Compliance” solutions leverage voice biometrics for surveillance of trading floors.36 Santander’s widespread use of voice biometrics aligns it with the capabilities offered by Verint, normalizing the collection of voice data which can be mined for sentiment, stress, and identity—capabilities originally built for SIGINT eavesdropping.

Table 2: Biometric & Surveillance Technologies

Technology Vendor Origin Santander Deployment Surveillance Capability
Behavioral Biometrics BioCatch Unit 8200 (Avi Turgeman) Argentina (Trust Network), UK, Mexico Keystroke dynamics, gyroscope, mouse usage profiling.
Computer Vision Trigo Israel (Computer Vision) Santander HQ (Internal Store) “Digital Twin” of shopper movement and interaction.
Facial Recognition FacePhi Spain (integrates biometric standards) Chile (Work Cafe), Global Onboarding Facial geometry mapping, liveness detection.
Voice Biometrics Nuance US (Microsoft) / Israeli R&D roots Mexico, UK (Call Centers) Voice printing, sentiment analysis.

4. Digital Transformation: Project Future & The Innovation Pipeline

Santander’s “Project Future” and broader digital transformation strategy (branded under “PagoNxt” and “Gravity”) act as the transmission belt for Israeli technology into the bank’s global operations. The bank has built a structured pipeline to identify, fund, and integrate these technologies.

4.1 Mouro Capital: The Venture Capital Funnel

Mouro Capital (formerly Santander InnoVentures) is the primary vehicle for identifying and funding Israeli dual-use technology. Spun out with $400 million in assets under management, it has a mandate to invest in the “fintech value chain” across Europe, America, and Israel.7

Key Investments in Israeli/8200 Tech:

  • Personetics: An AI customer engagement platform. Personetics helps Santander “anticipate customer needs” using transaction data.37
    • The Tech: It analyzes billions of transactions daily to create “personalized insights.”
    • The Link: Backed by Mouro Capital.39 Its CEO, David Sosna, and co-founders have backgrounds in business intelligence for banking, often overlapping with the Israeli tech ecosystem.38 The technology essentially performs “pattern of life” analysis on customer bank accounts.
  • Securitize: Blockchain startup led by Carlos Domingo but with R&D and strategic links to the Israeli crypto/security ecosystem.7
  • Curve: Portfolio company with significant R&D presence in Tel Aviv.40
  • Team8 Partnership: While not always a direct equity holder in the foundry itself, Santander is a strategic partner of Team8, the Israeli cyber foundry led by Nadav Zafrir (former Commander of Unit 8200).41
    • The Foundry Model: Team8 does not just invest; it builds companies from scratch using 8200 talent to solve problems identified by its partners.
    • Santander’s Role: By partnering with Team8, Santander acts as a “design partner.” It provides the requirements and the testbed for new cyber-weapons-turned-defense-tools (like Claroty for OT security or Illusive Networks for deception). This makes Santander an active participant in the R&D cycle of Unit 8200’s commercial offshoots.

4.2 Strategic Alliance: Santander x Forgepoint

  • Structure: Santander formed a strategic alliance with Forgepoint Capital to create “Forgepoint Capital International” (FPCI).8
  • Objective: To invest up to €300 million in cybersecurity startups, explicitly targeting Israel, Europe, and LatAm.8
  • Implication: This formalizes Santander’s role as a financier of the Israeli cyber-defense industry. The bank is not just buying the software; it is capitalizing the startups that build it, ensuring the economic viability of the Unit 8200-to-Market pipeline. This is a strategic injection of European banking capital into the Israeli high-tech sector, providing the liquidity needed for these startups to scale and eventually exit (often to US tech giants).

4.3 PagoNxt & The Payments Hub

Infrastructure:

PagoNxt consolidates Santander’s payments businesses (Getnet, Ebury, Payments Hub) into a single autonomous entity. This unit is designed to compete with Stripe and Adyen.

Tech Stack Integration:

  • The Payments Hub: This centralized platform relies on high-speed, high-volume transaction monitoring. The integration of ThetaRay (AML) and BioCatch (Fraud) is critical here to secure the A2A (Account-to-Account) payments and instant transfers.2
  • Getnet: The merchant acquirer arm uses security protocols that likely leverage the same “8200 stack” (SentinelOne/Check Point) for Point-of-Sale (POS) security, given the unified “Global CISO” governance model under Hazel Diez.44
  • Ebury: As a trade finance specialist acquired by Santander, Ebury’s cross-border capabilities are fortified by the same AML/Sanctions screening tools (ThetaRay) to navigate the complex regulatory landscape of global trade.

Table 3: Investment & Innovation Vehicles

Vehicle Focus Key Israeli Links Strategic Function
Mouro Capital Fintech VC ($400M AUM) Personetics, Curve, Securitize Identifying “Alpha” in Israeli Fintech.
Forgepoint Intl. Cybersecurity VC (€300M target) Claroty (via Forgepoint US), Team8 Capitalizing the Cyber-Defense sector.
PagoNxt Payments Infrastructure ThetaRay, BioCatch Integrating 8200 tech into global payments rail.
Team8 Partner Cyber Foundry Nadav Zafrir (Cmdr 8200) Design Partner for new cyber tools.

5. Cloud Sovereignty & The Nimbus Nexus

The audit examines Santander’s “Gravity” platform and its intersection with “Project Nimbus”—the massive cloud contract awarded to Google and Amazon by the Israeli government. This section analyzes how Santander’s cloud transformation inadvertently (or strategically) supports the infrastructure used by the Israeli military.

5.1 Gravity & Google Cloud: A Shared Fate

The Gravity Platform: Santander’s proprietary core banking software, “Gravity,” allows the bank to migrate legacy mainframe workloads to the cloud. This system is so advanced that Google Cloud licensed it as a commercial product called “Dual Run”.16

  • The Mechanism: “Dual Run” allows mainframes to run in parallel with cloud instances, validating every transaction in real-time to ensure zero data loss during migration.
  • The Symbiosis: Santander is not just a client of Google Cloud; it is a technology partner. Google markets Santander’s IP. This creates a deep commercial binding between Santander and Google.

The Nimbus Connection:

  • Project Nimbus: Google is a primary contractor for Project Nimbus, a $1.2 billion project to provide cloud services to the Israeli government and defense establishment.12
  • Google Cloud Israel Region: To fulfill Nimbus, Google established a Cloud Region in Israel (me-west1).11 This infrastructure is designed to host sensitive government data.
  • Complicity Logic:
    • Santander’s massive investment in Google Cloud (migrating CIB, Retail UK, Consumer Finance to the platform) provides revenue and validation to Google’s financial services cloud vertical.
    • By partnering on “Dual Run,” Santander helps Google solve a critical problem for all large institutional clients, including potentially the Israeli government (which also relies on legacy mainframes).
    • While Santander operates its own instances (likely in Europe/Americas regions), the software supply chain is shared. The validation of Google Cloud for “Tier 1” banking workloads by Santander is a key marketing asset Google uses to sell its services to other regulated entities, including defense ministries.

5.2 AWS & Openbank: The Alternative Rail

  • Openbank: Santander’s fully digital bank runs on AWS.48
  • AWS Israel Region: Like Google, AWS launched a region in Tel Aviv (il-central-1) to support the Israeli government and military under Nimbus.49
  • Data Lake: Openbank’s mission-critical data lake resides on AWS S3.48 While data residency laws likely keep EU customer data in EU regions, the software supply chain (using AWS Lambda, SageMaker) relies on the same global service plane that powers the AWS Israel region.
  • Shared Services: The snippet 50 explicitly lists Bank Leumi (a major Israeli bank) as a customer of the AWS Israel region. Santander’s usage of the same AWS financial services stack puts it in the same technological ecosystem, benefiting from the same feature rollouts and security compliances developed for the Israeli market.

5.3 Data Sovereignty Risks

The “Vendor Access” Vector:

By using Wiz (founded by Unit 8200 officers) and Check Point (HQ in Tel Aviv), Santander grants these vendors deep visibility into its cloud posture.

  • Legal Risk: Israeli law (specifically the Shin Bet Law) could theoretically compel these companies to provide intelligence on clients if deemed necessary for national security.
  • Sovereignty Paradox: Santander holds data for millions of Europeans and Latin Americans. By securing this data with tools that have “home base” legal obligations to a foreign intelligence service, Santander introduces a sovereignty risk. If the Israeli government deemed a specific Santander client (e.g., a sanctioned entity or political actor) a threat, they could leverage the “God view” of Wiz or Check Point to gather intelligence, bypassing local judicial processes.

6. Technographic Complicity Scoring

To quantify the findings, we apply a Digital Complicity Score (DCS) based on three dimensions:

  1. Dependency (D): Criticality of the technology to banking operations (Scale 0-10).
  2. Origin (O): Direct links to state-security apparatus (Unit 8200, MoD) (Scale 0-10).
  3. Capitalization (C): Financial investment or strategic partnership depth (Scale 0-10).

Formula:

6.1 Scoring Breakdown

Domain Technology / Entity Dependency (D) Origin (O) Capitalization (C) Weighted Score
Cyber Defense Check Point, SentinelOne, CyberArk 10 (Critical) 9 (Founders 8200) 4 (Vendor rel.) 7.9
Cloud Security Wiz 9 (Gravity dependency) 10 (8200 + Google) 5 (Deep integration) 8.1
Surveillance BioCatch, Trigo, FacePhi 7 (Auth/Fraud) 9 (8200 Cyber Dept) 8 (Trust Network) 7.9
Investments Mouro Capital / Forgepoint 5 (Strategy) 8 (Targeting Israel) 10 (Direct Funding) 7.4
Cloud Infra Gravity / Google / AWS 10 (Core Banking) 6 (Project Nimbus) 9 (Dual Run Partner) 8.5

6.2 Final Digital Complicity Score: 7.96 / 10

Interpretation:

A score of 7.96 indicates “Systemic Entanglement.” Santander does not merely use Israeli technology; it is part of the ecosystem. Its security, fraud prevention, and cloud strategy are inextricably linked to the output of the Israeli defense sector. The bank has effectively outsourced its digital immune system to Unit 8200 alumni and is actively capitalizing the next generation of these tools.

7. Detailed Technology Analysis: The “Kill Chain” of Complicity

This section breaks down the specific technical mechanisms that link Santander’s operations to the “Unit 8200” methodology, illustrating the “kill chain” from military R&D to banking deployment.

7.1 The BioCatch “Invisible Challenge”

The Mechanism: BioCatch does not just passively observe. It actively probes. The software creates “micro-interferences” in the user session. For example, it might delay the visual response of the mouse cursor by a few milliseconds. A human brain adjusts to this lag instantly and smoothly. A bot or a script does not. The Military Link: This “active defense” methodology is a direct derivative of avionic systems control and cyber-warfare user attribution techniques developed by Unit 8200. In a military context, this is used to distinguish between human operators and automated cyber-attack tools. Santander’s Role: By feeding millions of user sessions into the BioCatch Trust network 4, Santander is helping refine these military-grade algorithms. The bank provides the “training data” (civilian behavior) that allows the algorithm to spot the “anomaly” (threat actor).

7.2 The “Gravity” & “Dual Run” Feedback Loop

The Mechanism: “Dual Run” utilizes a proprietary consistency engine to ensure that the mainframe (legacy) and the cloud (future) state are identical at all times.

The Complicity: Google Cloud uses this technology to court other major financial institutions and government agencies. By validating Google Cloud as a safe harbor for mission-critical mainframe workloads, Santander indirectly strengthens Google’s value proposition to the Israeli government for Project Nimbus, which requires moving legacy government/military mainframes to the cloud. Santander’s innovation removes the biggest barrier to the IDF’s cloud migration: the fear of breaking legacy systems.

7.3 The Team8 Foundry Model

The Model: Team8 (Santander’s partner) operates on a “Foundry” model. They do not wait for startups to pitch; they define a problem (e.g., “Industrial Control Systems are vulnerable”) and then recruit specific Unit 8200 talent to build the solution (e.g., Claroty).

Santander’s Role: Santander acts as the “Design Partner.” They allow Team8 to install alpha-stage software in the bank’s network to test it. This provides the validation needed for Team8 to sell the product globally. Santander is effectively the “beta tester” for Unit 8200’s commercial offshoots, de-risking the technology before it hits the open market.

8. Conclusions & Strategic Outlook

The Technographic Audit of Banco Santander reveals a financial institution that has deeply internalized the logic and technology of the Israeli security state.

The “Security Paradox”:

Santander cannot extricate itself from this complicity without catastrophically compromising its security posture. The bank has replaced traditional security controls with AI-driven, behavioral, and cloud-native tools (Wiz, SentinelOne, BioCatch) that are effectively monopolies of the Israeli tech sector. To divest would be to de-secure. The bank is locked in.

The “Surveillance Dividend”:

Santander leverages these technologies to reduce fraud and friction (e.g., passwordless login via FacePhi/BioCatch). However, this yields a “surveillance dividend”—the bank now possesses biometric and behavioral profiles of its customers that rival state intelligence agencies. The participation in BioCatch Trust Argentina creates a supra-national intelligence sharing network that operates outside typical privacy frameworks, driven by algorithms designed for threat hunting.

Final Verdict:

Santander ranks as a Tier 1 Strategic Enabler of the Israeli tech ecosystem.

  • Through Mouro Capital, it funds the R&D.
  • Through Gravity/Dual Run, it validates the infrastructure (Google/Nimbus).
  • Through PagoNxt and its CISO office, it operationalizes the surveillance and security tools (Unit 8200 stack).

Recommendations for Further Intelligence Gathering:

  • Monitor BioCatch Trust Expansion: Investigate if the “Trust” network is expanding to Santander Europe (Spain/UK), which would violate GDPR spirit if not letter.
  • Dual Run in Defense: Track if Google Cloud markets “Dual Run” specifically to defense ministries for mainframe migration.
  • Forgepoint Capital International: Track the specific startups funded by this new vehicle to identify the next generation of 8200 tools entering the bank.

  1. Check Point Software Technologies and Wiz Enter Strategic Partnership to Deliver End-to-End Cloud Security, accessed on January 29, 2026, https://www.checkpoint.com/press-releases/check-point-software-technologies-and-wiz-enter-strategic-partnership-to-deliver-end-to-end-cloud-security/
  2. Santander deploys ThetaRay’s AML solution for correspondent banking – FinTech Futures, accessed on January 29, 2026, https://www.fintechfutures.com/aml-solutions/santander-deploys-thetaray-s-aml-solution-for-correspondent-banking
  3. Customers | Wiz, accessed on January 29, 2026, https://www.wiz.io/customers
  4. Argentinian banks and fintechs launch real-time fraud and scams …, accessed on January 29, 2026, https://www.biocatch.com/press-release/argentinia-banks-fintechs-real-time-scams-intel-network
  5. RTIH rolls out the biggest retail technology news stories from June including Rohlik Group, Target and Macy’s, accessed on January 29, 2026, https://retailtechinnovationhub.com/home/2024/7/2/rtih-rolls-out-the-biggest-retail-technology-news-stores-from-june-including-rohlik-group-target-and-macys
  6. Trigo Raises $100M to Scale AI-Powered Frictionless Grocery Retail Platform, accessed on January 29, 2026, https://www.businesswire.com/news/home/20221026005022/en/Trigo-Raises-%24100M-to-Scale-AI-Powered-Frictionless-Grocery-Retail-Platform
  7. Mouro Capital | Press releases | Press Room | Santander Bank, accessed on January 29, 2026, https://www.santander.com/en/press-room/press-releases?tagList=santander-corporate:categories/actuality/mourocapital
  8. Banco Santander and Forgepoint Capital announce strategic alliance to advance cybersecurity investment and innovation globally, accessed on January 29, 2026, https://www.santander.com/en/press-room/press-releases/2022/10/banco-santander-and-forgepoint-capital-announce-strategic-alliance-to-advance-cybersecurity-investment-and-innovation-globally
  9. Forgepoint Capital expands globally to invest in next generation cybersecurity and artificial intelligence companies with the support of Banco Santander, accessed on January 29, 2026, https://forgepointcap.com/perspectives/forgepoint-capital-expands-globally-to-invest-in-next-generation-cybersecurity-and-artificial-intelligence-companies-with-the-support-of-banco-santander/
  10. 7 questions on how Gravity is transforming Santander, accessed on January 29, 2026, https://www.santander.com/en/stories/7-questions-on-how-gravity-is-transforming-santander
  11. A new Google Cloud region in Israel, accessed on January 29, 2026, https://cloud.google.com/blog/products/infrastructure/new-google-cloud-region-in-israel
  12. Don’t Buy into Occupation V report November 2025 – The Private Actors Behind the Economy of Occupation and Genocide – CNCD-11.11.11, accessed on January 29, 2026, https://www.cncd.be/IMG/pdf/2025-11-dbio-v-report.pdf
  13. Beyond Project Nimbus: How Silicon Valley Fuels Israel’s War Machine – Untold Mag, accessed on January 29, 2026, https://untoldmag.org/beyond-project-nimbus-how-silicon-valley-fuels-israels-war-machine/
  14. From Unit 8200 to Wiz’s $32B exit: The blueprint for Israeli cyber success | Ctech, accessed on January 29, 2026, https://www.calcalistech.com/ctechnews/article/sjltwsk2kg
  15. WizExtend: AI and Cloud Sec Insights in Your Workflow | Wiz Blog, accessed on January 29, 2026, https://www.wiz.io/blog/introducing-wizextend
  16. Cloud | Santander Digital Services, accessed on January 29, 2026, https://www.santanderdigitalservices.com/en/cloud
  17. Deploying SentinelOne | Secure-ISS Wiki, accessed on January 29, 2026, https://wiki.secure-iss.com/Public/General/Sentinel-One-Deployment
  18. SentinelOne Installation – Windows – Guardz Help Center, accessed on January 29, 2026, https://support.guardz.com/en/articles/10088017-sentinelone-installation-windows
  19. CyberArk and SentinelOne Team Up to Enable Step Change in Endpoint and Identity Security, accessed on January 29, 2026, https://www.cyberark.com/press/cyberark-and-sentinelone-team-up-to-enable-step-change-in-endpoint-and-identity-security/
  20. European Bank Partners With SighUp And CyberArk To Implement A DevSecOps Cloud-Based Initiative, accessed on January 29, 2026, https://www.cyberark.com/customer-stories/european-bank/
  21. ThetaRay gets $10 million for infrastructure defense – The Times of Israel, accessed on January 29, 2026, https://www.timesofisrael.com/thetaray-gets-10-million-for-infrastructure-defense/
  22. Santander adopts ThetaRay AML solution for correspondent banking – FStech, accessed on January 29, 2026, https://www.fstech.co.uk/fst/Santander_Agrees_AML_Partnership_ThetaRay.php
  23. Behavioral Biometrics Firm BioCatch Raises $30 Million – SecurityWeek, accessed on January 29, 2026, https://www.securityweek.com/behavioral-biometrics-firm-biocatch-raises-30-million/
  24. BioCatch adds Argentine banks to trust network for real-time threat assessment and data exchange | Biometric Update, accessed on January 29, 2026, https://www.biometricupdate.com/202505/biocatch-adds-argentine-banks-to-trust-network-for-real-time-threat-assessment-and-data-exchange
  25. Nuance Teams with BioCatch to Expand Fraud Detection Across Digital Customer Care Channels, accessed on January 29, 2026, https://www.biocatch.com/press-release/nuance-teams-with-biocatch-to-expand-fraud-detection-across-digital-customer-care-channels
  26. Santander Bank Deploys Integrated Biometrics’ Kojak to Protect Millions in Mexico Against Identity Theft and Fraud, accessed on January 29, 2026, https://integratedbiometrics.com/press-releases/santander-bank-deploys-integrated-biometrics-kojak-to-protect-millions-in-mexico-against-identity-theft-and-fraud
  27. BioCatch Welcomes Sallie Krawcheck and Liat Nadai Arad to Board of Directors, accessed on January 29, 2026, https://www.biocatch.com/press-release/biocatch-welcomes-sallie-krawcheck-liat-nadai-arad-board-directors
  28. Trigo raises $100M to accelerate expansion, larger stores, and continue building StoreOS, accessed on January 29, 2026, https://www.trigoretail.com/trigo-raises-100m-to-accelerate-expansion-larger-stores-and-continue-building-storeos/
  29. Santander Chile announces strategic projects for 2023, accessed on January 29, 2026, https://www.santander.com/en/press-room/press-releases/2023/03/santander-announces-strategic-projects-for-2023
  30. Facephi offers its digital identity solutions to Banco Santander, accessed on January 29, 2026, https://facephi.com/en/news/facephi-offers-its-digital-identity-solutions-to-banco-santander/
  31. Microsoft blocks Israel’s use of its technology in mass surveillance of Palestinians – The Guardian, accessed on January 29, 2026, https://www.theguardian.com/world/2025/sep/25/microsoft-blocks-israels-use-of-its-technology-in-mass-surveillance-of-palestinians
  32. Facial recognition firm Oosto, formerly AnyVision, sold for $125M after raising $352M | Ctech, accessed on January 29, 2026, https://www.calcalistech.com/ctechnews/article/sk5ewnswke
  33. Visual AI Company AnyVision Changes Its Name to Oosto, accessed on January 29, 2026, https://oosto.com/press/anyvision-now-oosto/
  34. Nuance Communications supplies voice ID tech to Santander in new deal – AI in Financial Services Forum – FinTech Global, accessed on January 29, 2026, https://fintech.global/AIFinTechForum/%EF%BB%BF%EF%BB%BFnuance-communications-supplies-voice-id-tech-to-santander-in-new-deal/
  35. Banco Santander Mexico case study – Nuance, accessed on January 29, 2026, https://www.nuance.com/content/dam/nuance/en_au/collateral/enterprise/case-study/cs-banco-santander-mexico-en-us.pdf
  36. Verint Financial Compliance and Intelligent Voice, accessed on January 29, 2026, https://www.verint.com/wp-content/uploads/verint-financial-compliance-intelligent-voice-datasheet-us-english.pdf
  37. How to transform banking with Personetics’ revolutionary app – Microsoft Pulse, accessed on January 29, 2026, https://pulse.microsoft.com/en/transform-en/finance-insurance-en/fa1-how-to-transform-banking-with-personetics-revolutionary-app/
  38. Santander UK partners with Personetics to improve customer digital experience and engagement through AI-driven personalised insights, accessed on January 29, 2026, https://www.santander.co.uk/about-santander/media-centre/press-releases/santander-uk-partners-with-personetics-to-improve
  39. Santander UK partners with Personetics to improve customer digital experience and engagement through AI-driven personalised insights, accessed on January 29, 2026, https://personetics.com/santander-uk-partners-with-personetics-to-improve-customer-digital-experience-and-engagement-through-ai-driven-personalised-insights/
  40. Our Portfolio – Mouro Capital, accessed on January 29, 2026, https://www.mourocapital.com/our-portfolio/
  41. Homepage – Team8 Team8 | Venture-Creation and Venture-Capital Fund, accessed on January 29, 2026, https://team8.vc/
  42. Accenture buys Israeli cybersecurity co Maglan – Globes English – גלובס, accessed on January 29, 2026, https://en.globes.co.il/en/article-accenture-buys-israeli-cybersecurity-co-maglan-1001133594
  43. Virtual Accounts: The Catalyst for Business Model Innovation in Corporate Banking – Finacle, accessed on January 29, 2026, https://www.finacle.com/insights/blogs/business-model-innovation-in-corporate-banking/
  44. The Why Series | Why cybersecurity matters at Santander – YouTube, accessed on January 29, 2026, https://www.youtube.com/watch?v=ngO-k1pPFag
  45. Mapping the cloud: Big Tech taking the sky by storm – EconStor, accessed on January 29, 2026, https://www.econstor.eu/bitstream/10419/280831/1/1850871124.pdf
  46. Microsoft revokes cloud services from Israel’s Unit 8200 – +972 Magazine, accessed on January 29, 2026, https://www.972mag.com/microsoft-cloud-israel-8200-expose/
  47. Google Cloud region in Tel Aviv Israel now open, accessed on January 29, 2026, https://cloud.google.com/blog/products/infrastructure/new-google-cloud-region-in-israel-is-now-open
  48. Santander’s Open Bank now powered by AWS cloud – Future Banking, accessed on January 29, 2026, https://www.banking-gateway.com/news/santander-open-bank-aws-cloud/
  49. AWS Israel (Tel Aviv) Region, accessed on January 29, 2026, https://aws.amazon.com/local/israel/
  50. Now Open – AWS Israel (Tel Aviv) Region, accessed on January 29, 2026, https://aws.amazon.com/blogs/aws/now-open-aws-israel-tel-aviv-region/

 

Related News & Articles