Press Release
Updated statement regarding LockBit claims
We have completed a thorough security investigation following yesterday’s tweets by LockBit claiming they had compromised Darktrace’s internal systems. We can confirm that there has been no compromise of our systems or any of our affiliate systems. Our service to our customers remains uninterrupted and is operating as normal and no further action is required.
Press Release
Statement regarding LockBit claims
Earlier this morning we became aware of tweets from LockBit, the cyber-criminal gang, claiming that they had compromised Darktrace’s internal security systems and had accessed our data. Our security teams have run a full review of our internal systems and can see no evidence of compromise. None of the LockBit social media posts link to any compromised Darktrace data. We will continue to monitor the situation extremely closely, but based on our current investigations we are confident that our systems remain secure and all customer data is fully protected.
Press Release
Darktrace Unveils New AI Models in Cyber AI Analyst™ to Enhance Proactive Security Operations
- Building on six years of innovation since its 2019 launch, the sophisticated AI system conducted 90 million investigations in 2024 alone resulting in fewer than 500,000 incidents deemed critical. This provided customers with the equivalent of 42 million hours of additional security analyst investigation time needed for relevant security alerts that could pose a risk to the business.
- New AI models provide deeper insights, richer context and enhanced predictions for sharper prioritization and faster threat response.
Darktrace, a global leader in AI for cybersecurity, today announced enhanced capabilities for Cyber AI Analyst™, a patented AI system that autonomously performs end-to-end investigations of all relevant alerts and prioritizes incidents. The latest innovations, including the introduction of new proprietary advanced machine learning models, will enhance threat detection, investigation and alert prioritization, arming security teams with deeper, more granular insights for faster decision-making.
First introduced in 2019, Cyber AI Analyst is a pioneering agentic AI system that mirrors the human investigative process – it can question data, test hypotheses, and reach conclusions without human intervention. Using a combination of advanced AI techniques including unsupervised machine learning, models trained on expert cyber analysts, and custom security-specific language models, Cyber AI Analyst autonomously investigates and triages alerts at machine speed and scale, mimicking human reasoning to form hypotheses, correlate seemingly unrelated events, and generate transparent and interpretable AI insights with complete incident reports within minutes. By investigating all relevant alerts from Darktrace and third-party security tools, and surfacing only the most impactful threats, Cyber AI Analyst dramatically streamlines the alert triage and prioritization process, giving security teams more time to focus on what matters. Cyber AI Analyst provides SOCs with the equivalent of up to 30 additional full time employees performing Level 2 analysis and written reporting annually.
Introducing Next-Generation AI Models for Cybersecurity
The continued growth of cybercrime-as-a-service models, combined with the rising use of offensive AI, is increasing the speed, scale and sophistication of cyber attacks. Security teams are facing a relentless flood of alerts—leaving incidents uninvestigated, increasing alert fatigue, and heightening the risk of missed threats. With the shortage of skilled cyber professionals continuing to grow, organizations are increasingly turning to AI-powered tools to enhance efficiency in the SOC; 88% of security professionals believe that the use of AI is critical to freeing up time for teams to become more proactive according to Darktrace’s 2025 State of AI Cybersecurity report. To further help uplift security teams, Darktrace is introducing two next-generation AI models for cybersecurity within Cyber AI Analyst, including:
- Darktrace Incident Graph Evaluation for Security Threats (DIGEST): Using graph neural networks, this new model predicts which security incidents are most likely to escalate into major compromises by analyzing the structure and progression of attacks to spot early indicators of high-risk threats. DIGEST enables security teams to detect critical threats sooner and prioritize the incidents that matter most.
- Darktrace Embedding Model for Investigation of Security Threats - Version 2 (DEMIST-2): This proprietary language model is specifically trained for cybersecurity use cases. It has deeper contextual understanding of security data, and is able to perform multiple, distinct complex tasks like accurately assessing hostnames, understanding the sensitivity of file names, and precise tracking of users and entities across multiple domains. This automates complex security tasks, reduces manual analysis time and improves incident correlation – helping SOC teams respond faster. DEMIST-2 can be deployed anywhere and outperforms comparable models that are much larger in size, delivering resource efficiency with superior performance
Uplifting Teams While Improving Productivity and Cyber Resilience
Customers in a variety of industries across the globe rely on Darktrace’s Cyber AI Analyst to scale security operations, taking on time consuming tasks to free team members for more strategic work.
Michael Toland, CISO for the State of Oklahoma said, “Having Cyber AI Analyst has helped the State of Oklahoma triage and prioritize all relevant alerts, even those from third party security tools, empowering the lean IT team to 'clear the table' of critical alerts every day.” Over a 30-day period, Cyber AI Analyst analyzed 3,142 alerts into 162 incidents, identifying only 18 as critical and providing a potential 2,561 hours in investigation time.
For Meridian Cooperative, a developer of innovative software serving utility providers across the US, Cyber AI Analyst has taken on most of the level one and level two analysis that Meridian’s analysts used to perform manually, providing the equivalent of 500 analyst hours on investigations in just 13 days. Darktrace Cyber AI Analyst has helped Meridian reduce false positive alerts by 90%.
Middle River Power operates 34 power plants across the United States, making operational resiliency of its systems a top priority for its security team. “Prior to Darktrace, it could have taken several hours before a threat was even detected, much less investigated and triaged. Using Darktrace the entire detection and response process happens within a matter of minutes, if not seconds,” said Ahmed Ibrahim, Director of Operations, Middle River Power. Within the first19 days of December 2024 alone, Darktrace provided 94 investigation hours for Ibrahim’s team.
The security team at South Coast Water District, a critical infrastructure organization in California, reports that while it would previously have taken three hours to figure out the severity of an alert, Cyber AI Analyst has decreased that time to merely 20 minutes. With water system access for the public on the line, that’s a critical time saving. “Instead of looking at all the data everywhere, Cyber AI Analyst tells you where the issues might be so you can figure it out,” said Bryon Black, IT manager, South Coast Water District.
“Security teams are increasingly overwhelmed — facing not just a surge in alerts, but adversaries that are faster, stealthier, and more sophisticated. To meet this challenge, we’ve augmented Cyber AI Analyst with two additional machine learning models. Unlike the foundational LLMs that underlie many generative and agentic systems, these models are purpose-built for cybersecurity and bring greater precision and depth of analysis into the SOC. By understanding how attacks evolve and predicting which threats are most likely to escalate, these models enable earlier detection, sharper prioritization, and faster, more confident decision-making,” said Tim Bazalgette, Chief AI Officer, Darktrace. “Empowering defenders with AI has never been more critical and we remain committed to driving innovation that helps our customers proactively reduce risk, strengthen their security posture, and uplift their teams.”
Additional Resources:
- For more information on Cyber AI Analyst, download the solution brief here.
- Learn more about Darktrace’s unique approach to AI by downloading “The AI Arsenal: Understanding the Tools Shaping Cybersecurity.”
- Connect with Darktrace at RSAC 2025 in San Francisco April 28– May 1st at Booth S-2227 or book a one-on-one meeting with Darktrace experts on-site here.
- Discover the principles guiding Darktrace’s development of responsible AI by downloading “Towards Responsible AI in Cybersecurity.”
About Darktrace
Darktrace is a global leader in AI for cybersecurity that keeps organizations ahead of the changing threat landscape every day. Founded in 2013, Darktrace provides the essential cybersecurity platform protecting organizations from unknown threats using its proprietary AI that learns from the unique patterns of life for each customer in real-time. The Darktrace ActiveAI Security Platform™ delivers a proactive approach to cyber resilience to secure the business across the entire digital estate – from network to cloud to email. It provides pre-emptive visibility into the security posture as well as real-time threat detection and autonomous response. Breakthrough innovations from our R&D teams in Cambridge, UK, and The Hague, Netherlands have resulted in over 200 patent applications filed. Darktrace’s platform and services are supported by over 2,400 employees around the world who protect nearly 10,000 customers across all major industries globally. To learn more, visit http://www.darktrace.com.
Darktrace Unveils New AI Models in Cyber AI Analyst™ to Enhance Proactive Security Operations
cv
Darktrace named a Challenger in first Gartner® Magic Quadrant™ for Email Security Platforms · Evaluated on Completeness of Vision and Ability to Execute Darktrace, a global leader in AI for cybersecurity,today announces that Darktrace / EMAIL™, has been recognized in thefirst ever Gartner Magic Quadrant™ for Email Security Platforms (ESP) as a Challenger. Chris Kozup, Chief Marketing Officer, Darktrace, said of therecognition: “We are extremely proud to have been recognized in the first MagicQuadrant for ESP. We believe the factthat wehave seen such wide scale adoption is testament to the unique way in which wedevelop products to keep our customers safe from even the most sophisticated emailcompromises. We believe our placement reaffirms our dedication to deliveringexceptional customer service, and innovations that safeguard against the emailchallenges of today—and tomorrow.” Darktrace customers consistently acknowledge its exceptional customersupport, delivered by an award-winning[1]service team. Darktrace has the highest percentage of 5-star ratings with a 4.8rating on Gartner® Peer Insights™ out of 249 reviews as on[MW1] 19th December. We feel this unwavering commitment to customersatisfaction is evident in strong renewal rates and accelerated growth inDarktrace / EMAIL over the past few years, gaining almost 5,000 customers sinceits launch in 2019. Darktrace / EMAIL, one of the fastest-growing emailsecurity products on the market, is built on Darktrace’s unique Self-LearningAI, a multi-layered AI engine that leverages different types of AI includingNLP and behavioral analysis to detect threats, instead of traditional securitymeasures such as signatures and sandboxing. This approach enables Darktrace todetect and stop threats like business email compromise attacks and noveltechniques, including some 56% of which passed through customers’ other emailsecurity layers. This pioneering approach has enabled Darktrace to introduce industry-leadingcapabilities such as QR code analysis and automated incident investigations, alongsidedifferentiated functionality to help teams add new depth to their emailsecurity, including: Account take over and Lateral mail account compromise protection. Contributing yet another layer to the AI behavioural profile for each user, security teams can now spot early symptoms of account compromise or malicious insiders before a link or attachment payload is sent, and exfiltration occur Microsoft Teams security with advanced messaging analysis: Advancing beyond simple text analysis to behavioral and natural language content analysis that tracks context across both email and instant messaging to identify the approximately 38% of phishing, sophisticated social engineering and novel insider threats other solutions fail to capture · Drastically improveend user reporting with Cyber AI Analyst narratives: Real-time awareness training capabilities reduce falsepositives in phishing investigations by up to 60% by providing context specificanalysis of each received email to each employee as they interact with their mail.· MailboxSecurity Assistant to increase security team operational efficiency: All forms ofsecondary investigations can now automatically perform advanced behavioralbrowser analysis and stop malicious links within webpages, reducing manualeffort of security analysts to detecting phishing links, and allowing them to remediateup to 70% more malicious phishing links than before.· AI based,autonomous data loss prevention: to immediately protect organizations from misdirected emails,insider threats, and data loss—both classified and unclassified – using userbehavior and dynamic content analysis to determine sensitivity, removing administrativeoverhead from manual expressions and labeling.Marco Cavallo, IT Manager at Darktrace / EMAIL customer Arpa Industries comments:“During the POV, Darktrace / EMAIL showed how specific attacks weresurgically blocked. We realized that other tools wouldn’t have detected thesethreats.” Darktrace / EMAIL is part of Darktrace’s ActiveAI Security Platform™,offering network, cloud, endpoint, identity and operational technologyprotection from a single shared architecture, all built on Darktrace’s uniqueAI engine – providing a strong, integrated approach to threat prevention,detection and response across an organization’s entire digital footprint. Darktrace’s global presence supports a diverse and varied customer base,and adapts proactively to customer pain points of all kinds. Darktrace’sadaptability across all market segments, from SMBs to large enterprisessupports both first time email security buyers and mature email securitystacks. It is able to meet varied security needs with lower setuprequirements, includes capability for advanced depth in configuration and,particularly for mature organizations, can augment existing security providerswith additional protections. Download the fullMagic Quadrant for Email Security Platforms here Resources:· Read more onthe Darktrace Blog· Read more abouthow business email compromise attacks are evolving on The Inference Gartner disclaimersGartner, Magic Quadrant for EmailSecurity Platforms, Max Taggett, Nikul Patel, Franz Hinner, Deepak Mishra, 16December 2024 GARTNER is a registered trademarkand service mark of Gartner and Magic Quadrant and Peer Insights are aregistered trademark, of Gartner, Inc. and/or its affiliates in the U.S. andinternationally and are used herein with permission. All rights reserved.
Gartner Peer Insights content consists of the opinions of individual endusers based on their own experiences with the vendors listed on the platform,should not be construed as statements of fact, nor do they represent the viewsof Gartner or its affiliates. Gartner does not endorse any vendor, product orservice depicted in this content nor makes any warranties, expressed orimplied, with respect to this content, about its accuracy or completeness,including any warranties of merchantability or fitness for a particularpurpose. Gartner does not endorse any vendor,product or service depicted in its research publications and does not advisetechnology users to select only those vendors with the highest ratings or otherdesignation. Gartner research publications consist of the opinions of Gartner’sresearch organization and should not be construed as statements of fact.Gartner disclaims all warranties, expressed or implied, with respect to thisresearch, including any warranties of merchantability or fitness for aparticular purpose. About DarktraceDarktrace is a global leader in AI for cybersecurity that keepsorganizations ahead of the changing threat landscape every day. Founded in2013, Darktrace provides the essential cybersecurity platform protectingorganizations from unknown threats using its proprietary AI that learns fromthe unique patterns of life for each customer in real-time. The DarktraceActiveAI Security Platform™ delivers a proactive approach to cyber resiliencewith pre-emptive visibility into security posture, real-time threat detection,and autonomous response – securing the business across cloud, email,identities, operational technology, endpoints, and network. Breakthroughinnovations from our R&D teams in Cambridge, UK, and The Hague, Netherlandshave resulted in over 200 patent applications filed. Darktrace’s platform andservices are supported by over 2,400 employees around the world who protectnearly 10,000 customers across all major industries globally. To learn more,visit http://www.darktrace.com. ----
[1] Darktrace wins two Globeeawards for excellent customer service [PressRelease] [MW1]shouldthis be 'of'
About Darktrace
