This blog examines how attackers abuse the Chinese-developed Nezha monitoring tool, a legitimate open-source platform with remote access capabilities. Darktrace analysis of a honeypot intrusion highlights malicious deployment via containers, demonstrating how dual-use software enables stealthy operations, trust inversion, and detection challenges in dynamic cloud and enterprise environments modern.

Healthcare organizations rely on OT and IoMT more than ever. Learn why OT cybersecurity expertise, visibility, and governance are critical to reducing operational risk and strengthening cyber resilience.

Security leaders from global organizations share how the SOC is being redefined under growing pressure. In this roundtable blog, they explore challenges facing today’s SOCs and how AI is transforming operations to drive resilience, efficiency, and business growth.

Núclea prevented a highly targeted phishing attack exploiting trusted relationships—avoiding financial loss, data exposure, and disruption. Darktrace stopped the threat at the point of risk, protecting business continuity and strengthening resilience across the financial ecosystem.

Buying AI cybersecurity tools requires more than evaluating features and marketing claims. This blog explores the challenges security teams face when assessing AI vendors, outlines five critical categories for AI evaluation, and explains how governance, transparency, model selection, and validation impact trust, adoption, and long-term security outcomes.

Manufacturing organizations are rapidly adopting AI agents and autonomous systems to improve efficiency, productivity, and operational resilience, but these technologies are also introducing new cyber and operational risks. This blog explores how AI-driven threats, limited visibility into agent activity, and evolving attack techniques are reshaping manufacturing security, and why visibility, behavioral context, and embedded guardrails are becoming essential foundations for securing both IT and OT environments.

CIP-015 is pushing utilities beyond perimeter security toward continuous internal network visibility. This blog explores what the standard requires, why anomaly detection and evidence retention matter, and how utilities can build a defensible INSM capability before the October 2028 compliance deadline.

Security leaders from global organizations across industries sat down with us to share their own front-line experiences and real-world perspectives on how modern attacks unfold, where hidden risks emerge, and how AI is reshaping the way organizations think about the role of security.

Modern data centers now operate as highly interconnected IT, OT, and IoT environments, creating new cybersecurity risks that traditional siloed security tools struggle to detect. This blog explores how IT/OT convergence expands the attack surface, why visibility gaps emerge, and how behavioral AI-driven security helps organizations detect and contain threats before operational disruption occurs.

Follow a malicious email as it moves through Darktrace / EMAIL’s multi-layered AI system, from raw data to final decision. Each layer works together to detect threats, understand intent, and take autonomous action.

Attackers abused a trojanized 7‑Zip installer distributed via a typo‑squatted domain to establish proxyware infections worldwide. This blog analyzes how social engineering, trusted open‑source software, and stealthy command‑and‑control activity enabled widespread compromise, highlighting the importance of software validation, user awareness, and proactive network‑level detection.

AI agents are transforming enterprise productivity, but they are also expanding the attack surface in new ways. This blog explores the benefits and challenges surrounding prompt security, where AI risk emerges across connected systems and autonomous actions, and how organizations can build a broader strategy to secure AI across the enterprise.

The blog examines how AI has changed the paradigm of understanding, and dealing with, insider threats. It also explores a defense-in-depth approach and discusses what CISOs and SOC leaders can do to protect their organization from AI insider threats.

Darktrace researchers identified a Twill Typhoon–linked China‑nexus campaign targeting APJ customers. The activity observed includes CDN impersonation, legitimate binaries, and DLL sideloading to deploy a modular .NET RAT.

AI is now embedded throughout the cybersecurity stack, but findings from the State of AI Cybersecurity 2026 show that adoption is growing much faster than trust or understanding. As vendors strive to capture market share, security leaders must learn how to distinguish the most valuable solutions from the hype.

AI-driven systems like Mythos are accelerating how quickly vulnerabilities are discovered, shrinking the gap between exposure and exploitation. This blog explores how security strategies need to adapt, shifting focus toward early detection, rapid containment, and limiting the impact of threats. It also outlines how a behavioral, AI-driven approach can help security teams identify subtle signs of compromise, respond in real time, and maintain control in an environment where attackers are moving faster than ever.

Software supply-chain attacks dominate the threat landscape in 2026, as adversaries exploit trusted build systems, CI/CD pipelines, and management tools to gain access to target environments. This blog examines Axios, Trivy and Quest Kace compromises observed in the Darktrace customer base, highlighting the need for anomaly detection, assumed breach and continuous visibility.

Darktrace has been named a Leader in the 2026 Gartner® Magic Quadrant™ for Network Detection and Response (NDR) for the second consecutive year. We believe this reflects continued execution in NDR, ongoing AI innovation, and strong outcomes delivered for customers globally.

Providing university students and faculty with broad access to information, platforms, and public databases is fundamental to learning and research. But that openness also creates greater exposure to cyber threats. In this blog, Irving Bruckstein shares why he deployed Darktrace at three institutions, how behavioral AI helped him achieve an A-rating security posture, and why autonomous detection is essential in an AI-driven threat landscape.

Prompt injection is a newly emerging threat, with only a handful of confirmed victims so far – targeting how AI systems use data rather than exploiting traditional software vulnerabilities. As agentic AI becomes embedded across enterprise environments, attackers may attempt to manipulate these systems through hidden instructions in everyday email content.

AI systems like Mythos are accelerating vulnerability discovery to the point where attackers can exploit weaknesses before they are ever disclosed, undermining the traditional model of CVE-driven defense. Learn how this shift is forcing security teams to move beyond patching and adopt behavioral detection to identify and contain threats before disclosure.

Darktrace analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the malware installs a multi-platform payload, evades detection, and launches UDP, TCP, and application-layer attacks, highlighting ongoing risks from opportunistic botnet activity across internet-facing environments.

Findings from our annual survey of 1,500+ cyber professionals reveal that security leaders are confronting a surge in AI-driven attacks, which are faster, more personalized, and harder to detect than anything they’ve seen before. As these threats scale, the challenge for defenders is in evolving their security programs in tandem to defend with confidence.

A former CISO shares his perspective on the challenge of securing the human layer, how existing security awareness training falls short, and how it can be improved to better prepare for high-volume, high-impact, human-centric threats.

A malicious eScan software update triggered a supply chain compromise that deployed multi‑stage malware and used blockchain‑based domains for resilient C2 communications. Darktrace identified rare, anomalous network activity across customer environments, helping organizations uncover the attack chain and strengthen defenses against increasingly sophisticated supply chain threats.