Buying AI cybersecurity tools requires more than evaluating features and marketing claims. This blog explores the challenges security teams face when assessing AI vendors, outlines five critical categories for AI evaluation, and explains how governance, transparency, model selection, and validation impact trust, adoption, and long-term security outcomes.

Manufacturing organizations are rapidly adopting AI agents and autonomous systems to improve efficiency, productivity, and operational resilience, but these technologies are also introducing new cyber and operational risks. This blog explores how AI-driven threats, limited visibility into agent activity, and evolving attack techniques are reshaping manufacturing security, and why visibility, behavioral context, and embedded guardrails are becoming essential foundations for securing both IT and OT environments.

CIP-015 is pushing utilities beyond perimeter security toward continuous internal network visibility. This blog explores what the standard requires, why anomaly detection and evidence retention matter, and how utilities can build a defensible INSM capability before the October 2028 compliance deadline.

Modern data centers now operate as highly interconnected IT, OT, and IoT environments, creating new cybersecurity risks that traditional siloed security tools struggle to detect. This blog explores how IT/OT convergence expands the attack surface, why visibility gaps emerge, and how behavioral AI-driven security helps organizations detect and contain threats before operational disruption occurs.

Follow a malicious email as it moves through Darktrace / EMAIL’s multi-layered AI system, from raw data to final decision. Each layer works together to detect threats, understand intent, and take autonomous action.

Attackers abused a trojanized 7‑Zip installer distributed via a typo‑squatted domain to establish proxyware infections worldwide. This blog analyzes how social engineering, trusted open‑source software, and stealthy command‑and‑control activity enabled widespread compromise, highlighting the importance of software validation, user awareness, and proactive network‑level detection.

AI agents are transforming enterprise productivity, but they are also expanding the attack surface in new ways. This blog explores the benefits and challenges surrounding prompt security, where AI risk emerges across connected systems and autonomous actions, and how organizations can build a broader strategy to secure AI across the enterprise.

The blog examines how AI has changed the paradigm of understanding, and dealing with, insider threats. It also explores a defense-in-depth approach and discusses what CISOs and SOC leaders can do to protect their organization from AI insider threats.

Darktrace researchers identified a Twill Typhoon–linked China‑nexus campaign targeting APJ customers. The activity observed includes CDN impersonation, legitimate binaries, and DLL sideloading to deploy a modular .NET RAT.

AI is now embedded throughout the cybersecurity stack, but findings from the State of AI Cybersecurity 2026 show that adoption is growing much faster than trust or understanding. As vendors strive to capture market share, security leaders must learn how to distinguish the most valuable solutions from the hype.

AI-driven systems like Mythos are accelerating how quickly vulnerabilities are discovered, shrinking the gap between exposure and exploitation. This blog explores how security strategies need to adapt, shifting focus toward early detection, rapid containment, and limiting the impact of threats. It also outlines how a behavioral, AI-driven approach can help security teams identify subtle signs of compromise, respond in real time, and maintain control in an environment where attackers are moving faster than ever.

Software supply-chain attacks dominate the threat landscape in 2026, as adversaries exploit trusted build systems, CI/CD pipelines, and management tools to gain access to target environments. This blog examines Axios, Trivy and Quest Kace compromises observed in the Darktrace customer base, highlighting the need for anomaly detection, assumed breach and continuous visibility.

Darktrace has been named a Leader in the 2026 Gartner® Magic Quadrant™ for Network Detection and Response (NDR) for the second consecutive year. We believe this reflects continued execution in NDR, ongoing AI innovation, and strong outcomes delivered for customers globally.

Providing university students and faculty with broad access to information, platforms, and public databases is fundamental to learning and research. But that openness also creates greater exposure to cyber threats. In this blog, Irving Bruckstein shares why he deployed Darktrace at three institutions, how behavioral AI helped him achieve an A-rating security posture, and why autonomous detection is essential in an AI-driven threat landscape.

Prompt injection is a newly emerging threat, with only a handful of confirmed victims so far – targeting how AI systems use data rather than exploiting traditional software vulnerabilities. As agentic AI becomes embedded across enterprise environments, attackers may attempt to manipulate these systems through hidden instructions in everyday email content.

AI systems like Mythos are accelerating vulnerability discovery to the point where attackers can exploit weaknesses before they are ever disclosed, undermining the traditional model of CVE-driven defense. Learn how this shift is forcing security teams to move beyond patching and adopt behavioral detection to identify and contain threats before disclosure.

Darktrace analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the malware installs a multi-platform payload, evades detection, and launches UDP, TCP, and application-layer attacks, highlighting ongoing risks from opportunistic botnet activity across internet-facing environments.

Findings from our annual survey of 1,500+ cyber professionals reveal that security leaders are confronting a surge in AI-driven attacks, which are faster, more personalized, and harder to detect than anything they’ve seen before. As these threats scale, the challenge for defenders is in evolving their security programs in tandem to defend with confidence.

A former CISO shares his perspective on the challenge of securing the human layer, how existing security awareness training falls short, and how it can be improved to better prepare for high-volume, high-impact, human-centric threats.

A malicious eScan software update triggered a supply chain compromise that deployed multi‑stage malware and used blockchain‑based domains for resilient C2 communications. Darktrace identified rare, anomalous network activity across customer environments, helping organizations uncover the attack chain and strengthen defenses against increasingly sophisticated supply chain threats.

AI is accelerating cyberattacks beyond the pace of patching, exposing a growing gap between vulnerability discovery and remediation. This blog explores why prevention-first security can no longer keep up with AI-driven threats. It also outlines how Darktrace’s behavioral AI enables organizations to detect and contain attacks instantly even when vulnerabilities are unknown or unpatched.

Darktrace analysis reveals ZionSiphon, an OT‑focused malware targeting Israeli water treatment and desalination systems. The malware combines privilege escalation, persistence, USB propagation, and ICS scanning with sabotage capabilities aimed at chlorine and pressure controls, highlighting growing experimentation with politically motivated critical ‑infrastructure attacks against industrial operational technologies globally.

As Model Context Protocol (MCP) becomes the control plane for autonomous AI agents, it creates a new and largely ungoverned security attack surface. This article outlines the key MCP risks CISOs must address and why governance and visibility are now essential.

As AI adoption accelerates, security teams face growing risk across interconnected systems. This blog explores why siloed tools fall short, how lifecycle thinking helps, and how to ensure your security functions work together.

Incident response often breaks down after detection due to fragmented tools and limited visibility. Darktrace unifies detection and investigation across cloud and on-premises environments, enabling automated evidence capture and faster, clearer response.