Blog
/
Network
/
June 19, 2023

Darktrace Detection of 3CX Supply Chain Attack

Explore how the 3CX supply chain compromise was uncovered, revealing key insights into the detection of sophisticated cyber threats.
Written by
Nahisha Nobregas
SOC Analyst
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Nahisha Nobregas
SOC Analyst
Default blog image
19
Jun 2023

Ever since the discovery of the SolarWinds hack that affected tens of thousands of organizations around the world in 2020, supply chain compromises have remained at the forefront of the minds of security teams and continue to pose a significant threat to their business operations. 

Supply chain compromises can have far-reaching implications, from disrupting an organization’s daily operations, incurring huge financial and reputational damage, to affecting the critical infrastructure of entire countries. As such, it is essential for organizations to have effective security measures in place able to identify and halt these attacks at the earliest possible stage.

In March 2023 the 3CX Desktop application became the latest victim of a supply chain compromise dubbed as the “SmoothOperator” by SentinelOne. This application is used by over 600,000 companies worldwide and the customer list contains high-profile customers across a variety of industries [2]. The 3CX Desktop application is a Voice over Internet Protocol (VoIP) communication software for enterprises that allows for chats, video calls, and voice calls. [3] The 3CX installers for both Windows and macOS systems were affected by information stealing malware. Researchers were able to discern that threat actors also known as UNC 4736 related to financially motivated North Korean operators also known as AppleJeus were responsible for the supply chain compromise.  Researchers have also linked it to another supply chain compromise that occurred prior on the Trading Technologies X_TRADER platform, making this the first known cascading software supply chain compromise used to distribute malware on a wide scale and still be able to align operator interests. [3] Customer reports following the compromise began to surface about the 3CX software being picked up as malicious by several cybersecurity vendors such as CrowdStrike, SentinelOne, and Palo Alto Networks. [6] 

By leveraging integrations with other security vendors like CrowdStrike and SentinelOne, Darktrace DETECT™ was able to identify activity from the “SmoothOperator” across the customer base at multiple stages of the kill chain in March 2023. Darktrace RESPOND™ was then able to autonomously intervene against these emerging threats, preventing significant disruption to customer networks. 

Background on the first known cascading supply chain attack 

Initial Access

In April 2023, security researchers identified the initial target in this story was not the 3CX desktop application, rather, it was another software application called X_TRADER by Trading Technologies. [3] Trading Technologies is a provider that offers high-performance financial trading packages, allowing financial professionals to analyze and trade assets within the stock market more efficiently. Unfortunately, a compromise already existed in the supply chain for this organization. The X_TRADER installer, which had been retired in 2020, still had its code signing certificate set to expire in October 2022. This code signing certificate was exploited by attackers to digitally sign the malicious software. [3] It also inopportunely led to 3CX when an employee unknowingly downloaded a trojanized installer for the X_TRADER software from Trading Technologies prior to the certificate’s expiration. [4]. This compromise of 3CX via X_TRADER was the first case of a cascading supply chain attack reported on within the wider threat landscape. 

Persistence and Privilege Escalation 

Following these findings, researchers were able to identify the likely kill chain that occurred on Windows systems, beginning with the download of the 3CX DesktopApp installer that executed an executable (.exe) file before dropping two trojanized Data Link Libraries (DLLs) alongside a benign executable that was used to sideload malicious DLLs. These DLLs contained and used SIGFLIP and DAVESHELL; both publicly available projects. [3] In this case, the DLLs were used to decrypt using an RC4 key and load a payload into the memory of a compromised system. [3] SIGFLIP and DAVESHELL also extract and decrypt the modular backdoor named VEILEDSIGNAL, which also contains a command and control (C2) configuration. This malware allowed the North Korean threat operators to gain administrative control to the 3CX employee’s device. [3] This was followed by access to the employee’s corporate credentials, ultimately leading to access to 3CX systems. [4] 

Lateral Movement and C2 activity

Security researchers were also able to identify other malware families that were mainly utilized in the supply chain attack to move laterally within the 3CX environment, and allow for C2 communication [3], these malware families are detailed below:

  • TaxHaul: when executed it decrypts shellcode payload, observed by Mandiant to persist via DLL search-order hijacking.
  • Coldcat: complex downloader, which also beacons to a C2 infrastructure.
  • PoolRat: collects system information and executes commands. This is the malware that was found to affect macOS systems.
  • IconicStealer: served as a third stage payload on 3CX systems to steal data or information.

Furthermore, it was also reported early on by Kaspersky that a backdoor named Gopuram, routinely used by the North Korean threat actors Lazarus and typically used against cryptocurrency companies, was also used as a second stage payload on a limited number of 3CX’s customers compromised systems. [5]

3CX detections observed by Darktrace

CrowdStrike and SentinelOne, two of the major detection platforms with which Darktrace partners through security integrations, initially revealed that their platforms had identified the campaign appeared to be targeting 3CXDesktopApp customers in March 2023. 

At this time, Darktrace was also observing this activity and alerting customers to unusual behavior on their networks. [1][7] Darktrace DETECT identified activity related to the supply chain compromise primarily through host-level alerts associated with CrowdStrike and SentinelOne integrations, as well as model breaches related to lateral movement and C2 activity. 

Some of the activity related to the 3CX supply chain compromise that Darktrace detected was observed solely via integration models picking up executable and Microsoft Software Installer (msi) file downloads for the 3CXDesktopApp, suggesting the compromise likely was stopped at the endpoint device. 

CrowdStrike integration model breach identifying 3CXDesktopApp[.]exe as possible malware
Figure 1: CrowdStrike integration model breach identifying 3CXDesktopApp[.]exe as possible malware on March 30, 2023.
showcases the Model Breach Event Log for the CrowdStrike integration model breach
Figure 2: The above figure, showcases the Model Breach Event Log for the CrowdStrike integration model breach shown in Figure 1.

In another case highlighted in Figure 3 and 4, security platforms were associating 3CX as malicious. The device in these figures was observed downloading a 3CXDesktopApp executable followed by an msi file about an hour later. This pattern of activity correlates with the compromise process that had been on reported, where the “SmoothOperator” malware that affected 3CX systems was able to persist through DLL side-loading of malicious DLL files delivered with benign executable files, making it difficult for traditional security tools to detect. [2][3][7]

The activity in this case was detected by the DETECT integration model, ‘High Severity Integration Malware Detection’ and was later blocked by the Darktrace RESPOND/Network model, ‘Antigena Significant Anomaly from Client Block’ which applied the “Enforce Pattern of Life” action to intercept the malicious download that was taking place. Darktrace RESPOND uses AI to learn every devices normal pattern of life and act autonomously to enforce its normal activity. In this event, RESPOND would not only intercept the malicious download that was taking place on the device, but also not allow the device to significantly deviate from its normal pattern of activity.

The Model Breach Event log for the device displays the moment in which the SentinelOne integration model breached for the 3CXDesktopApp.exe file
Figure 3: The Model Breach Event log for the device displays the moment in which the SentinelOne integration model breached for the 3CXDesktopApp.exe file followed subsequently by the RESPOND model, ‘Antigena Significant Anomaly from Client Block’, on March 29, 2023.
Another ‘High Severity Integration Malware Detection’ breached
Figure 4: Another ‘High Severity Integration Malware Detection’ breached for the same device in Figure 3 approximately one hour later because of the msi file, 3CXDesktopApp-18.12.416.msi, which also led to the Darktrace RESPOND model, ‘Antigena Significant Anomaly from Client Block’, on March 29, 2023.

In a separate case, Darktrace also detected a device performing unusual SMB drive writes for the file ‘3CXDesktopApp-18.10.461.msi’. This breached the DETECT model ‘SMB Drive Write’. This model detects when a device starts writing files to another internal device it does not usually communicate with via the SMB protocol using the admin$ or drive shares.

This Model Breach Event log highlights the moment Darktrace captured the msi application file for the 3CXDesktopApp being transferred internally on this customer’s network
Figure 5: This Model Breach Event log highlights the moment Darktrace captured the msi application file for the 3CXDesktopApp being transferred internally on this customer’s network, this was picked up as new activity for the device on March 28, 2023. 

In a couple of other cases observed by Darktrace, connections detected were made from affected devices to 3CX compromise related endpoints. In Figure 6, the device in question was detected connecting to the endpoint, journalide[.]org. This breached the model, ‘Suspicious Self-Signed SSL’, which looks for connections being made to an endpoint with a self-signed SSL certificate which is designed to look legitimate, as self-signed certificates are often used in malware communication.

Model Breach Event log for connections to the 3CX C2 related endpoint
Figure 6: Model Breach Event log for connections to the 3CX C2 related endpoint, journalide[.]org, these connections breached the model Suspicious Self-Signed SSL on April 24, 2023.

On another Darktrace customer environment, a 3CX C2 endpoint, pbxphonenetwork[.]com, had already been added to the Watched Domains list around the time reports of the 3CX application software being malicious had been reported. The Watched Domains list allows Darktrace to detect if any device on the network makes connections to these domains with more scrutiny and breach a model for further visibility of threats on the network. Activity in this case was detected and subsequently blocked by a Darktrace RESPOND action, “Block connections to 89.45.67[.]160 port 443 and pbxphonenetwork[.]com on port 443”, blocking the device from connecting to this 3CX C2 endpoints on the spot (see Figure 7). This activity subsequently breached the RESPOND model, ‘Antigena Watched Domain Block’. 

Figure 7: History log of the Darktrace RESPOND action applied to the device breaching the Darktrace RESPOND model, Antigena Watched Domain Block and applying the action, “Block connections to 89.45.67[.]160 port 443 and pbxphonenetwork[.]com on port 443” on March 31, 2023.

Darktrace Coverage 

Utilizing integrations with Darktrace such as those with CrowdStrike and SentinelOne, Darktrace was able to detect and respond to activity identified as malicious 3CX activity by CrowdStrike and SentinelOne as seen in Figures 1, 2, 3, and 4. This activity breached the following Darktrace DETECT models: 

  • Integration / CrowdStrike Alert
  • Security Integration / High Severity Integration Malware Detection

Darktrace was also able to identify lateral movement activity such as in the case illustrated in Figure 5.

  • Compliance / SMB Drive Write

Lastly, C2 beaconing activity from malicious endpoints associated with the 3CX compromise was also detected as seen in Figure 6, this activity breached the following Darktrace DETECT model:

  • Anomalous Connection / Suspicious Self-Signed SSL

For customers with Darktrace RESPOND configured in autonomous response mode, Darktrace RESPOND models also breached to activity related to the 3CX supply chain compromise as seen in Figures 3, 4, and 7. Below are the models that breached and the following autonomous actions that were applied:

  • Antigena / Network / Significant Anomaly / Antigena Significant Anomaly from Client Block, “Enforce pattern of life”
  • Antigena / Network / External Threat / Antigena Watched Domain Block, “Block connections to 89.45.67[.]160 port 443 and pbxphonenetwork[.]com on port 443”

Conclusion 

The first known cascading supply chain compromise occurred inopportunely for 3CX but conveniently for UNC 4736 North Korean threat actors. This “SmoothOperator” compromise was detected by endpoint security platforms such as CrowdStrike who was at the cusp of this discovery when it became one of the first platforms to report on malicious activity related to the 3CX DesktopApp supply chain compromise.  

Although still novel at the time and largely without reported indicators of compromise, Darktrace was able to capture and identify activity related to the 3CX compromise across its customer base, as well as respond autonomously to contain it. Darktrace was able to amplify security integrations with CrowdStrike and SentinelOne, and via anomaly-based model breaches, contribute unique insights by highlighting activity in varied parts of the 3CX supply chain compromise kill chain. The “SmoothOperator” supply chain attack proves that the Darktrace suite of products, including DETECT and RESPOND, can not only act autonomously to identify and respond to novel threats, but also work with security integrations to further amplify intervention and prevent cyber disruption on customer networks. 

Credit to Nahisha Nobregas, SOC Analyst and Trent Kessler, SOC Analyst.

Appendices

MITRE ATT&CK Framework

Resource Development

  • T1588 Obtain Capabilities  
  • T1588.004 Digital Certificates
  • T1608 Stage Capabilities  
  • T1608.003 Install Digital Certificate

Initial Access

  • T1190 Exploit Public-Facing Application
  • T1195 Supply Chain Compromise  
  • T1195.002 Compromise Software Supply Chain

Persistence

  • T1574 Hijack Execution Flow
  • T1574.002 DLL Side-Loading

Privilege Escalation

  • T1055 Process Injection
  • T1574 Hijack Execution Flow  
  • T1574.002 DLL Side-Loading

Command and Control

  • T1071 Application Layer Protocol
  • T1071.001 Web Protocols
  • T1071.004 DNS  
  • T1105 Ingress Tool Transfer
  • T1573 Encrypted Channel

List of IOCs

C2 Hostnames

  • journalide[.]org
  • pbxphonenetwork[.]com

Likely C2 IP address

  • 89.45.67[.]160

References

  1. https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
  2. https://www.bleepingcomputer.com/news/security/3cx-confirms-north-korean-hackers-behind-supply-chain-attack/
  3. https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
  4. https://www.securityweek.com/cascading-supply-chain-attack-3cx-hacked-after-employee-downloaded-trojanized-app/
  5. https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
  6. https://www.bleepingcomputer.com/news/security/3cx-hack-caused-by-trading-software-supply-chain-attack/
  7. https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/

Written by
Nahisha Nobregas
SOC Analyst
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Nahisha Nobregas
SOC Analyst

Chinese APT Campaign Targets Entities with Updated FDMTP Backdoor

Network
May 14, 2026
Tara Gould
Malware Research Lead
Watch the NIS2 Webinar
Trending blogs
1
Darktrace Recognized as the Only Visionary in the 2026 Gartner® Magic Quadrant™ for CPS Protection Platforms
Mar 20, 2026
2
What the Darktrace Annual Threat Report 2026 Means for Security Leaders
Feb 26, 2026
3
State of AI Cybersecurity 2026: 92% of security professionals concerned about the impact of AI agents
Mar 26, 2026
4
Inside ZionSiphon: Darktrace’s Analysis of OT Malware Targeting Israeli Water Systems
Apr 16, 2026
5
Darktrace Unites Human Behavior and Threat Detection Across Email, Slack, Teams, and Zoom
Mar 24, 2026

More in this series

No items found.
Continue reading
Network
May 21, 2026

Darktrace named a Leader in the 2026 Gartner® Magic Quadrant™ for Network Detection and Response (NDR) For the Second Consecutive Year

Darktrace has been named a Leader in the 2026 Gartner® Magic Quadrant™ for Network Detection and Response (NDR) for the second consecutive year. We believe this reflects continued execution in NDR, ongoing AI innovation, and strong outcomes delivered for customers globally.
Mikey Anderson
Product Marketing Manager, Network Detection & Response
Read more
Network
May 19, 2026

When Open Source Is Weaponized: Analysis of a Trojanized 7 Zip Installer

Attackers abused a trojanized 7‑Zip installer distributed via a typo‑squatted domain to establish proxyware infections worldwide. This blog analyzes how social engineering, trusted open‑source software, and stealthy command‑and‑control activity enabled widespread compromise, highlighting the importance of software validation, user awareness, and proactive network‑level detection.
Justin Torres
Cyber Analyst
Read more
Network
May 14, 2026

Chinese APT Campaign Targets Entities with Updated FDMTP Backdoor

Darktrace researchers identified a Twill Typhoon–linked China‑nexus campaign targeting APJ customers. The activity observed includes CDN impersonation, legitimate binaries, and DLL sideloading to deploy a modular .NET RAT.
Tara Gould
Malware Research Lead
Read more

Blog

/

AI

/

May 28, 2026

From Efficiency to Exposure: How AI Adoption Is Creating Unseen Vulnerabilities on the Factory Floor

AI in manufacturingDefault blog imageDefault blog image

How AI agents impact the manufacturing industry

Security teams and IT personnel across the manufacturing industry are under constant pressure to protect production, maintain uptime, and safeguard critical assets but the rise of AI is bringing huge new opportunities alongside new cyber risks. Across manufacturing, AI is embedded into workflows, decision-making, and increasingly, autonomous AI agents are acting on behalf of employees and systems.  

Agentic systems are powerful because they can act independently, but that same autonomy also creates cyber and operational risk. Agents have extensive permissions and are capable of carrying out complex tasks, making decisions, and interacting with tools or external systems with little to no human intervention.

Unlike traditional AI models that perform predefined tasks, AI agents use advanced techniques to mimic human decision-making processes, dynamically adapting to new challenges, making decision and taking action based on their own judgement. They look like employees operationally but lack judgment, ethics, or fear of consequences like humans do. This means they can be easily manipulated by cybercriminals, and an AI agent embedded across an OT network creates threats that extend well beyond data exposure. For example, at BMW, AI identifies faults in welding processes as they occur. At its Spartanburg plant, AI monitors the weld of 300-400 metal studs onto every SUV frame to detect misplaced or faulty studs and correct them instantly. Corruption of BMW’s AI system could lead to catastrophic quality control errors.

Adopting agentic AI systems across manufacturing raises some concerns across security teams. New data from our State of AI Cybersecurity survey shows that 78% of manufacturing security professionals are worried about employee use of AI agents – their top concern. That’s followed by employee use of generative AI tools like CoPilot and ChatGPT, a worry for 76% of security professionals at manufacturing organizations. As these tools gain more access to business data and processes, and more autonomy within organizations, security teams, who today have minimal visibility of agent activity in their environments, increasingly have sensitive data exposure (a worry for 60%) and accidental policy and regulatory violations (59%) on their minds.

External AI-powered threats are evolving just as quickly

The same capabilities transforming manufacturing are also reshaping cyberattacks.

AI is enabling attackers to automate reconnaissance, refine targeting, and adapt in real time. What once required time and manual effort can now be executed continuously and at scale. Manufacturers are already seeing the impact. According to manufacturing security professionals we surveyed, 76% are already being impacted by AI-powered threats and 90% see AI increasing the success of social engineering attacks.

And the techniques themselves are evolving. Concerns across the manufacturing sector show growing anxiety about the range of AI-powered attack routes, most pressingly of adaptive malware that evolves in real-time – a prospect half (49%) of manufacturing security professionals we surveyed are worried by, a full 9% more than the average across industries. AI adaptive malware is followed by:

  • Automated vulnerability scanning and exploit chaining (48%) which has become even more pressing as Anthropic’s new Mythos AI Model supercharges vulnerability discovery
  • Hyper-personalized phishing campaigns (46%), which remain a mainstay in hackers’ arsenals, and AI has amplified their effectiveness by making phishing emails more convincing and harder to detect.

This is not just an increase in volume, it is a shift toward threats that evolve as they unfold - often faster than static defenses can respond.

Despite rising awareness, many manufacturers are not yet equipped to manage this shift. More than half (51%) say they are not adequately prepared for AI-driven threats, and only 37% have formal policies governing AI deployment.  

Securing AI through visibility, context, and guardrails

Addressing this challenge does not require manufacturers to slow innovation. It requires a different approach to security, one that can operate at the same speed and scale as AI. Three specific priorities are emerging for manufacturers looking to take advantage of the power of AI.

Visibility is foundational.  

Organizations need to understand where AI is being used, what it can access, and how it behaves across both IT and OT environments. Without that, risk cannot be measured or managed. It is no surprise that Darktrace’s research found that 91% of manufacturing security professionals said that they need to understand how AI makes decisions before trusting it. This is even more critical in operational settings where disruption has safety, environmental, financial, and reputational impacts.

Context is what turns visibility into action.  

In environments shaped by AI, normal behavior is constantly shifting. Detecting threats requires a behavioral approach; understanding patterns of life across the organization and identifying subtle deviations in real time – a step change in organizations’ traditional approach to security and risk management.

Guardrails ensure that agency does not become exposure  

As AI systems take on greater responsibility, organizations need clear boundaries around what they can do and when they can act independently. These controls must be embedded into systems themselves, not applied after the fact.  

Securing AI Agents Across Manufacturing IT and OT

The rise of agentic AI is transforming manufacturing - powering next-generation operations while reshaping the security landscape. This is not just an increase in threats, but a shift to autonomous systems, continuously evolving behaviors, and risks moving at machine speed. For organizations trying to grapple with the challenge of enabling AI while managing the risk, visibility, context and guardrails should be foundational.

Darktrace helps manufacturers build secure AI approaches by making those foundations possible. It provides visibility and real-time detection and response to unusual activity across IT and OT environments and allows organizations to understand AI activity from the prompts employees use and the agents they build to how those agents are behaving across the environment. For manufacturers scaling AI, this delivers a foundation for innovation without sacrificing control.

Continue reading
About the author
Oakley Cox
Director of Product

Blog

/

AI

/

May 28, 2026

How to Evaluate AI Vendors: 5 Key categories for AI Adoption

Default blog imageDefault blog image

Understanding the AI buyers’ market

AI adoption has become a central topic of discussion in boardrooms, drawing growing interest from business leaders. Ultimately, organizations hope that an investment in AI technology will have tremendous returns. However, the process of buying an AI solution is not as straight forward as it appears on the surface.  

While business leaders may be eager to improve productivity across their operations, practitioners responsible for evaluating and selecting AI solutions may not always have the visibility or technical understanding needed to make the right decisions for their business. What is typically marketed as a holistic solution to their most critical problems is usually followed by uncertainty when AI tools are finally operationalized in real environments.

This guide is intended to support security leaders who are under growing pressure to adopt AI tools while navigating complex terminology, vendor claims, and increasingly crowded buying cycles. Ultimately, the goal is to help organizations evaluate and adopt AI in a safe, effective, and well-governed way. To support this, we’ve structured the evaluation framework across five key categories:

  1. Governance, safety, and data controls
  1. Data gathering and training
  1. Model and technique choice
  1. Performance and accuracy validation    
  1. Interpretability, adjustability, and transparency    

What buying AI looks like in cybersecurity

While investing in AI can bring immense benefits to your security team, first-time buyers of AI cybersecurity solutions may not know where to start. They will have to determine the type of tool they want, know the options available, and evaluate vendors. Research and understanding are critical to ensure purchases are worth the investment.  

With acceleration in AI adoption, accompanied by the recent boom in agentic AI and autonomous agents, CISOs must look “beneath the hood" of these tools to understand how they work, how they are governed, and to ensure the system is secure and compliant with internal policies.

Challenges in the AI buyers’ marketplace  

The AI security software market is buzzing with hype and flashy promises, which, understandably, needs to be addressed with due diligence. Potential buyers, especially in the cybersecurity space, are hesitant when it comes to allowing AI autonomous capabilities across their workflows, and a lack of vendor transparency can exacerbate those feelings.  

Reinforcing this sentiment, research from this year's Darktrace’s State of AI Cybersecurity report shows where confidence and hesitancy emerge amongst potential buyers. On the one hand, security professionals agree that they have good visibility into the logic and reasoning processes their AI solutions use. However, they lack the explainability and trust to allow AI to take independent remedial action.

  • 89% say they have good visibility into the reasoning behind the outputs generated by AI solutions
  • 92% say they need to understand how a defensive AI tool makes decisions before they can trust it
  • Only 14% say they allow AI to act independently, performing autonomous actions without human approval
  • 74% say they are limiting the autonomy of AI taking action in their SOC until explainability improves

Given the desire for trust and explainability we are seeing from buyers, it's important for them to be equipped with the right questions to ask vendors during an assessment or POV of AI tools in order to demystify marketing hype from real operational outcomes.

Below is a list of categories in which buyers can assess AI vendors or AI Service Providers (AISPs) to help reach safe adoption and maximize their ROI.  

5 categories of AI vendor assessment

Darktrace groups these AI-related questions into 5 categories: governance, data and training, model and technique choice, performance validation, and interpretability and adjustability. By asking questions regarding each of these 5 categories, buyers can gain a deeper understanding of how an AISP’s systems work and whether they suit their business requirements.

Governance, safety, and data controls

Governance of AI systems is critical for all AISPs. Whether their platform is based around a single model, or is a more complex, composite AI solution, strong governance is essential to ensure the system is safe, robust, and reliable.

A simple question you could ask is:

What AI governance policies and frameworks do you follow, and/or certifications do you currently maintain?

For more questions you can ask vendors, download the full guide here.

Darktrace is certified to the ISO/IEC 42001 standard, the world’s first AI Management System (AIMS) standard. ISO/IEC 42001 addresses the unique ethical and technical challenges AI poses by setting out a structured way to manage risks such as transparency, accuracy, and misuse. This includes a commitment to ethical AI development, and effective management and monitoring of AI systems both prior to and continually after release.

Data gathering and training

Accurate, meaningful, and unbiased data gathering is the first important step in producing any AI system. An AI model trained using inaccurate, unbalanced, or poor-quality training data will fail to perform optimally.

To alleviate concerns regarding training data quality, a question you could ask is:

What steps do you take to prevent bias in your AI models and training data?

For more questions, download the full guide here.

AISPs should be able to provide information about the steps taken, workflows followed, and auditing performed to reduce AI bias where appropriate. While it’s sometimes impossible to fully remove bias from an AI model, appropriate actions should be taken to mitigate or reduce bias where relevant.

Model and technique choice

Different AI techniques are optimal for different tasks. For example, research from Gartner suggests that relying on a single “one-size-fits-all" model can lead to data gaps, especially in highly specialized domains.

To achieve more accurate and robust AI solutions, AI leaders should move beyond using just one model or technique, embrace composite AI practices, and adopt a holistic AI system perspective.

A straightforward question you could ask is simply:

What type(s) of AI model(s) do you utilize in your solution?

For more questions, download the full guide here.

While specific detailed information about custom systems used by AISPs is likely proprietary, buyers should expect vendors to be able to provide an overview of the broad techniques used. This will allow you as a buyer to determine if the type of model is appropriate for your use case.

Performance and accuracy validation  

Testing and evaluation of performance is essential for all AI systems. Performance analysis should be performed both before release and continually after release to identify potential data or model drift.  

A question you could ask to understand an AISPs testing workflow is:

How do you audit, test, evaluate, verify, and validate your AI model outputs?

For more questions, download the full guide here.

Testing workflows will likely vary depending on the type of model – measurements relevant to one system may not always be relevant to others. Assessment of systems should also extend beyond these standard accuracy and robustness tests, and should also feature physical performance, such as latency and resource consumption.  

Interpretability, adjustability, and transparency  

AI systems are typically a black box, simply providing an output without an explanation of how that output was attained. Interpretability and transparency are critical to ensure that both SOC teams and end-users trust the outputs of a system to be accurate and meaningful.

A question you could ask is:

How do you promote a trust relationship between human analysts and AI outputs?

For more questions, download the full guide here.

In the context of cybersecurity, trust and interpretability are even more essential. This is particularly relevant for generative AI-based systems (including most AI Agents), where the risk of hallucination can reduce trust in responses.

Cybersecurity systems often need to perform autonomous actions to block incoming threats – an email filtering system may hold potentially dangerous emails; a firewall may block malicious inbound connections. If SOC teams can’t trust these systems to perform accurately, these systems may be limited or disabled, critically reducing their defensive power.

Darktrace as an AI-native cybersecurity vendor

Darktrace has been building and applying AI in cybersecurity for over a decade, developing its capabilities alongside an increasingly complex and fast‑moving threat landscape. This experience has resulted in a mature, multi-layered approach to AI, which continuously learns the normal patterns of each organization to understand behavior, interpret context, and identify meaningful deviations — without relying on predefined rules or known attack signatures. Over time, this has enabled a proven behavioral understanding that helps uncover subtle signals of risk that may otherwise be missed.

With the backing of our ISO/IEC 42001 certification, stakeholders, customers, and partners can be confident that Darktrace is responsibly, ethically, and safely developing its AI systems, and managing the use of AI in day-to-day operations in a compliant and secure manner.  

Explore the principles behind Darktrace’s responsible AI approach, informed by collaboration with global experts in academia and governments, detailing how accountability, explainability, and continuous validation are built into its cybersecurity technology.

How Darktrace secures AI systems

Darktrace now brings these capabilities to monitor and respond to risk generated from AI systems across organizations with Darktrace / SECURE AI. This solution analyzes how prompts, agents, and systems are used within the context of each organization, bringing every AI interaction into a single view. This unique approach helps teams understand intent, assess risk, protect sensitive data, and enforce policy across both human and AI agent activity.

Stay up to date

Sign up for the Secure AI Readiness Program here: This gives you exclusive access to the latest news on the latest AI threats, updates on emerging approaches shaping AI security, and insights into the latest innovations, including Darktrace’s ongoing work in this area.

Ready to talk with a Darktrace expert on securing AI? Register here to receive practical guidance on the AI risks that matter most to your business, paired with clarity on where to focus first across governance, visibility, risk reduction, and long-term readiness.  

Further Reading on AI in cybersecurity

When deciding to invest in an AI solution, it’s important to understand what this means for you and your organization. The questions presented here are only a starting point in understanding an AI solution and whether it is appropriate for your use case.  

Gain deeper knowledge on applications of AI in cybersecurity and Darktrace’s multi-layered AI in the AI Arsenal White Paper.

[related-resource]

Continue reading
About the author
Jamie Bali
Technical Author (AI) Developer
Your data. Our AI.
Elevate your network security with Darktrace AI