Cuatroochenta, through its Applied Innovation department and cybersecurity subsidiary Sofistic, has developed an advanced artificial intelligence model for classifying cybersecurity alerts according to their risk level. The development is part of a project with the National Cybersecurity Institute (INCIBE), an entity under Spain’s Ministry for Digital Transformation and the Civil Service, through the State Secretariat for Telecommunications and Digital Infrastructure. The solution, which combines the latest deep learning and language analysis technologies (LLM), has demonstrated 95% accuracy in assigning alert criticality compared to manual human analyses.

«With this initiative, we position ourselves in the technological race driven by the growing need in Spain and Europe for solutions that minimize technological dependence on third parties.»
This model is part of the Strategic Initiative for Innovative Public Procurement (IECPI), within the framework of the Recovery, Transformation and Resilience Plan, funded by the Next Generation EU program. The new tool is fed and trained daily with a consistent, anonymized database from Sofistic’s Security Operations Center (SOC), distributed across two continents and backed by 18 years of experience in Spain and Latin America, particularly in the banking and critical infrastructure sectors. The system evaluates incoming alerts from unstructured data, identifies relevant correlations, and automates classification according to severity.
The solution prioritizes high- and critical-risk alerts so that analysts can focus on them, thus reducing response times. This was the goal pursued by the Cuatroochenta and Sofistic professionals involved in the project: Jaume Barrios (Head of AI), Nicolás Betancourt (Data Scientist), Sergi Fuster (Data Scientist), Nicolás Manero (Head of Applied Innovation), Manuel Ginés (Head of R&D at Sofistic), and Abel Herrero (SOC Team Leader). The team also collaborated with the Temporal Knowledge Bases Group (TKGB) research team from the Universitat Jaume I de Castelló, led by Professor Rafael Berlanga.
A Solution to Speed Up Cybersecurity Incident Response
For years, leading global cybersecurity software vendors have used AI behavior analysis systems to detect and respond to threats in real time. These are also solutions systematically used by Sofistic as a trusted partner. This means that alerts already undergo an initial screening when they reach the SOC. The new AI model is designed to complement and accelerate the classification process, optimizing analysts’ workloads. The ultimate goal is for the system to propose actions in response to alerts and assist in guiding responses to cyberattacks.
This model is part of the AI4CYBERSOC project, which Cuatroochenta is developing in collaboration with INCIBE to implement an intelligent alert management system. Thanks to machine learning and natural language processing, AI4CYBERSOC will be an innovative tool that integrates data from different sources to predict potential cyberattacks and guide organizations in investigating and responding to incidents.
The project exemplifies the value AI brings to cybersecurity solutions — not only in preventing and detecting threats, but also in enhancing alert and incident response and management. Furthermore, it helps optimize operations amid the shortage of specialized technical profiles, particularly in the public sector.

From left to right: Nicolás Betancourt (Data Scientist), Sergi Fuster (Data Scientist), Jaume Barrios (Head of AI), Nicolás Manero (Head of Applied Innovation), and Manuel Ginés (Head of R&D at Sofistic).
«Our model is not intended to replace existing platforms, but to complement them. After passing the first filter when they reach the SOC, the alerts are classified by our system in a way that facilitates and optimizes analysts’ work. Response time is key in managing cybersecurity alerts to minimize potential impact.»
Strategic Initiative for Innovative Public Procurement (IECPI)
Innovative Public Procurement (CPI) has become a highly useful tool for promoting innovation and competitiveness through public institutions, using the public demand for products, services, and supplies as a means to implement public policies and fulfill the mandates of purchasing entities. The IECPI by INCIBE is endowed with a total budget of €224 million, within the framework of the Recovery, Transformation and Resilience Plan (PRTR), funded by the Next Generation EU program
This initiative, implemented under Ciberinnova, is associated with Component 15, Investment 7: Cybersecurity – Strengthening the capacities of citizens, SMEs, and professionals, and boosting the sector.
The IECPI contributes to the realization of the Global Security Innovation Program, included in the PRTR through Component 15, Investment 7. It acts particularly in one of the six key industrial areas identified in milestones 245 and 453 of the PRTR: Development of high value-added solutions and services in cybersecurity.
The National Cybersecurity Institute (INCIBE), as a public entity for the development of cybersecurity — a driver of social transformation and an opportunity for innovation — decided in 2021 to explore how strategic public procurement could be used to advance national cybersecurity policies while fulfilling its mandate to promote innovation and industry. The IECPI is the result of that reflection and of a consensus reached with other public actors in the cybersecurity ecosystem. Its purpose is to implement a series of actions aimed at promoting R&D&I and fostering the creation of products and solutions in the field of cybersecurity.


