Blog
/
Network
/
April 8, 2024

Balada Injector: Darktrace’s Investigation into the Malware Exploiting WordPress Vulnerabilities

This blog explores Darktrace’s detection of Balada Injector, a malware known to exploit vulnerabilities in WordPress to gain unauthorized access to networks. Darktrace was able to define numerous use-cases within customer environments which followed previously identified patterns of activity spikes across multiple weeks.
Written by
Justin Torres
Cyber Analyst
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Justin Torres
Cyber Analyst
Default blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog image
08
Apr 2024

Introduction

With millions of users relying on digital platforms in their day-to-day lives, and organizations across the world depending on them for their business operations, they have inevitably also become a prime target for threat actors. The widespread exploitation of popular services, websites and platforms in cyber-attacks highlights the pervasive nature of malicious actors in today’s threat landscape.

A prime illustration can be seen within the content management system WordPress. Its widespread use and extensive plug-in ecosystem make it an attractive target for attackers aiming to breach networks and access sensitive data, thus leading to routine exploitation attempts. In the End of Year Threat Report for 2023, for example, Darktrace reported that a vulnerability in one WordPress plug-in, namely an authentication bypass vulnerability in miniOrange's Social Login and Register. Darktrace observed it as one of the most exploited vulnerabilities observed across its customer base in the latter half of 2023.

Between September and October 2023, Darktrace observed a string of campaign-like activity associated with Balada Injector, a malware strain known to exploit vulnerabilities in popular plug-ins and themes on the WordPress platform in order to inject a backdoor to provide further access to affected devices and networks. Thanks to its anomaly-based detection, Darktrace DETECT™ was able to promptly identify suspicious connections associated with the Balada Injector, ensuring that security teams had full visibility over potential post-compromise activity and allowing them to act against offending devices.

What is Balada Injector?

The earliest signs of the Balada Injector campaign date back to 2017; however, it was not designated the name Balada Injector until December 2022 [1]. The malware utilizes plug-ins and themes in WordPress to inject a backdoor that redirects end users to malicious and fake sites. It then exfiltrates sensitive information, such as database credentials, archive files, access logs and other valuable information which may not be properly secured [1]. Balada Injector compromise activity is also reported to arise in spikes of activity that emerge every couple of weeks [4].

In its most recent attack activity patterns, specifically in September 2023, Balada Injector exploited a cross-site scripting (XSS) vulnerability in CVE-2023-3169 associated with the tagDiv composer plug-in. Some of the injection methods observed included HTML injections, database injections, and arbitrary file injections. In late September 2023, a similar pattern of behavior was observed, with the ability to plant a backdoor that could execute PHP code and install a malicious WordPress plug-in, namely ‘wp-zexit’.

According to external security researchers [2], the most recent infection activity spikes for Balada Injector include the following:

Pattern 1: ‘stay.decentralappps[.]com’ injections

Pattern 2: Autogenerated malicious WordPress users

Pattern 3: Backdoors in the Newspaper theme’s 404.php file

Pattern 4: Malicious ‘wp-zexit’ plug-in installation

Pattern 5: Three new Balada Injector domains (statisticscripts[.]com, dataofpages[.]com, and listwithstats[.]com)

Pattern 6: Promsmotion[.]com domain

Darktrace’s Coverage of Balada Injector

Darktrace detected devices across multiple customer environments making external connections to the malicious Balada Injector domains, including those associated with aforementioned six infection activity patterns. Across the incidents investigated by Darktrace, much of the activity appeared to be associated with TLS/SSL connectivity, related to Balada Injector endpoints, which correlated with the reported infection patterns of this malware. The observed hostnames were all recently registered and, in most cases, had IP geolocations in either the Netherlands or Ukraine.

In the observed cases of Balada Injector across the Darktrace fleet, Darktrace RESPOND™ was not active on the affected customer environments. If RESPOND had been active and enabled in autonomous response mode at the time of these attacks, it would have been able to quickly block connections to malicious Balada Injector endpoints as soon as they were identified by DETECT, thereby containing the threat.

Looking within the aforementioned activity patterns, Darktrace identified a Balada Injector activity within a customer’s environment on October 16, 2023, when a device was observed making a total of 9 connection attempts to ‘sleep[.]stratosbody[.]com’, a domain that had previously been associated with the malware [2]. Darktrace recognized that the endpoint had never been seen on the network, with no other devices having connected to it previously, thus treated it as suspicious.

Figure 1: The connection details above demonstrate 100% rare external connections were made from the internal device to the ‘sleep[.]stratosbody[.]com’ endpoint.

Similarly, on September 21, 2023, Darktrace observed a device on another customer network connecting to an external IP that had never previously been observed on the environment, 111.90.141[.]193. The associated server name was a known malicious endpoint, ‘stay.decentralappps[.]com’, known to be utilized by Balada Injector to host malicious scripts used to compromise WordPress sites. Although the ‘stay.decentralappps[.]com’ domain was only registered in September 2023, it was reportedly used in the redirect chain of the aforementioned stratosbody[.com] domain [2]. Such scripts can be used to upload backdoors, including malicious plug-ins, and create blog administrators who can perform administrative tasks without having to authenticate [2].

Figure 2: Advance Search results displaying the metadata logs surrounding the unusual connections to ‘stay.decentralappps[.]com’. A total of nine HTTP CONNECT requests were observed, with status messages “Proxy Authorization Required” and “Connection established”.

Darktrace observed additional connections within the same customer’s environment on October 10 and October 18, specifically SSL connections from two distinct source devices to the ‘stay.decentralappps[.]com’ endpoint. Within these connections, Darktrace observed the normalized JA3 fingerprints, “473f0e7c0b6a0f7b049072f4e683068b” and “aa56c057ad164ec4fdcb7a5a283be9fc”, the latter of which corresponds to GitHub results mentioning a Python client (curl_cffi) that is able to impersonate the TLS signatures of browsers or JA3 fingerprints [8].

Figure 3: Advanced Search query results showcasing Darktrace’s detection of SSL connections to ‘stay.decentralappps[.]com over port 443.

On September 29, 2023, a device on a separate customer’s network was observed connecting to the hostname ‘cdn[.]dataofpages[.]com’, one of the three new Balada Injector domains identified as part of the fifth pattern of activity outlined above, using a new SSL certificate via port 443. Multiple open-source intelligence (OSINT) vendors flagged this domain as malicious and associated with Balada Injector malware [9].

Figure 4: The Model Breach Event Log detailing the Balada Injector-related connections observed causing the ‘Anomalous External Activity from Critical Network Device’ DETECT model to breach.

On October 2, 2023, Darktrace observed the device of another customer connecting to the rare hostname, ‘js.statisticscripts[.]com’ with the IP address 185.39.206[.]161, both of which had only been registered in late September and are known to be associated with the Balada Injector.

Figure 5: Model Breach Event Log detailing connections to the hostname ‘js.statisticscripts[.]com’ over port 137.

On September 13, 2023, Darktrace identified a device on another customer’s network connecting to the Balada Injector endpoint ‘stay.decentralappps[.]com’ endpoint, with the destination IP 1.1.1[.]1, using the SSL protocol. This time, however, Darktrace also observed the device making subsequent connections to ‘get.promsmotion[.]com’ a subdomain of the ‘promsmotion[.]com’ domain. This domain is known to be used by Balada Injector actors to host malicious scripts that can be injected into the WordPress Newspaper theme as potential backdoors to be leveraged by attackers.

In a separate case observed on September 14, Darktrace identified a device on another environment connecting to the domain ‘collect[.]getmygateway[.]com’ with the IP 88.151.192[.]254. No other device on the customer’s network had visited this endpoint previously, and the device in question was observed repeatedly connecting to it via port 443 over the course of four days. While this specific hostname had not been linked with a specific activity pattern of Balada Injector, it was reported as previously associated with the malware in September 2023 [2].

Figure 6: Model Breach Event Log displaying a customer device making repeated connections to the endpoint ‘collect[.]getmygateway[.]com’, breaching the DETECT model ‘Repeating Connections Over 4 Days’.

In addition to DETECT’s identification of this suspicious activity, Darktrace’s Cyber AI Analyst™ also launched its own autonomous investigation into the connections. AI Analyst was able to recognize that these separate connections that took place over several days were, in fact, connected and likely represented command-and-control (C2) beaconing activity that had been taking place on the customer networks.

By analyzing the large number of external connections taking place on a customer’s network at any one time, AI Analyst is able to view seemingly isolated events as components of a wider incident, ensuring that customers maintain full visibility over their environments and any emerging malicious activity.

Figure 7: Cyber AI Analyst investigation detailing the SSL connectivity observed, including endpoint details and overall summary of the beaconing activity.

Conclusion

While Balada Injector’s tendency to interchange C2 infrastructure and utilize newly registered domains may have been able to bypass signature-based security measures, Darktrace’s anomaly-based approach enabled it to swiftly identify affected devices across multiple customer environments, without needing to update or retrain its models to keep pace with the evolving iterations of WordPress vulnerabilities.

Unlike traditional measures, Darktrace DETECT’s Self-Learning AI focusses on behavioral analysis, crucial for identifying emerging threats like those exploiting commonly used platforms such as WordPress. Rather than relying on historical threat intelligence or static indicators of compromise (IoC) lists, Darktrace identifies the subtle deviations in device behavior, such as unusual connections to newly registered domains, that are indicative of network compromise.

Darktrace’s suite of products, including DETECT+RESPOND, is uniquely positioned to proactively identify and contain network compromises from the onset, offering vital protection against disruptive cyber-attacks.

Credit to: Justin Torres, Cyber Analyst, Nahisha Nobregas, Senior Cyber Analyst

Appendices

Darktrace DETECT Model Coverage

  • Anomalous Server Activity / Anomalous External Activity from Critical Network Device
  • Anomalous Connection / Anomalous SSL without SNI to New External
  • Anomalous Connection / Rare External SSL Self-Signed
  • Compliance / Possible DNS Over HTTPS/TLS
  • Compliance / External Windows Communications
  • Compromise / Repeating Connections Over 4 Days
  • Compromise / Beaconing Activity To External Rare
  • Compromise / SSL Beaconing to Rare Destination
  • Compromise / HTTP Beaconing to Rare Destination
  • Compromise / Suspicious TLS Beaconing To Rare External
  • Compromise / Large DNS Volume for Suspicious Domain
  • Anomalous Server Activity / Outgoing from Server
  • Anomalous Server Activity / Rare External from Server
  • Device / Suspicious Domain

List of IoCs

IoC - Type - Description + Confidence

collect[.]getmygateway[.]com - Hostname - Balada C2 Endpoint

cdn[.]dataofpages[.]com - Hostname - Balada C2 Endpoint

stay[.]decentralappps[.]com - Hostname - Balada C2 Endpoint

get[.]promsmotion[.]com - Hostname - Balada C2 Endpoint

js[.]statisticscripts[.]com - Hostname - Balada C2 Endpoint

sleep[.]stratosbody[.]com - Hostname - Balada C2 Endpoint

trend[.]stablelightway[.]com - Hostname - Balada C2 Endpoint

cdn[.]specialtaskevents[.]com - Hostname - Balada C2 Endpoint

88.151.192[.]254 - IP Address - Balada C2 Endpoint

185.39.206[.]160 - IP Address - Balada C2 Endpoint

111.90.141[.]193 - IP Address - Balada C2 Endpoint

185.39.206[.]161 - IP Address - Balada C2 Endpoint

2.59.222[.]121 - IP Address - Balada C2 Endpoint

80.66.79[.]253 - IP Address - Balada C2 Endpoint

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) - User Agent - Observed User Agent in Balada C2 Connections

Gecko/20100101 Firefox/68.0 - User Agent - Observed User Agent in Balada C2 Connections

Mozilla/5.0 (Windows NT 10.0; Win64; x64) - User Agent - Observed User Agent in Balada C2 Connections

AppleWebKit/537.36 (KHTML, like Gecko) - User Agent - Observed User Agent in Balada C2 Connections

Chrome/117.0.0.0 - User Agent - Observed User Agent in Balada C2 Connections

Safari/537.36 - User Agent - Observed User Agent in Balada C2 Connections

Edge/117.0.2045.36 - User Agent - Observed User Agent in Balada C2 Connections

MITRE ATT&CK Mapping

Technique - Tactic - ID - Sub Technique

Exploit Public-Facing Application

INITIAL ACCESS

T1190

Web Protocols

COMMAND AND CONTROL

T1071.001

T1071

Protocol Tunneling

COMMAND AND CONTROL

T1572


Default Accounts

DEFENSE EVASION, PERSISTENCE, PRIVILEGE ESCALATION, INITIAL ACCESS

T1078.001

T1078

Domain Accounts

DEFENSE EVASION, PERSISTENCE, PRIVILEGE ESCALATION, INITIAL ACCESS

T1078.002

T1078

External Remote Services

PERSISTENCE, INITIAL ACCESS

T1133

NA

Local Accounts

DEFENSE EVASION, PERSISTENCE, PRIVILEGE ESCALATION, INITIAL ACCESS

T1078.003

T1078

Application Layer Protocol

COMMAND AND CONTROL

T1071

NA

Browser Extensions

PERSISTENCE

T1176

NA

Encrypted Channel

COMMAND AND CONTROL

T1573

Fallback Channels

COMMAND AND CONTROL

T1008

Multi-Stage Channels

COMMAND AND CONTROL

T1104

Non-Standard Port

COMMAND AND CONTROL

T1571

Supply Chain Compromise

INITIAL ACCESS ICS

T0862

Commonly Used Port

COMMAND AND CONTROL ICS

T0885

References

[1] https://blog.sucuri.net/2023/04/balada-injector-synopsis-of-a-massive-ongoing-wordpress-malware-campaign.html

[2] https://blog.sucuri.net/2023/10/balada-injector-targets-unpatched-tagdiv-plugin-newspaper-theme-wordpress-admins.html

[3] https://securityboulevard.com/2021/05/wordpress-websites-redirecting-to-outlook-phishing-pages-travelinskydream-ga-track-lowerskyactive/

[4] https://thehackernews.com/2023/10/over-17000-wordpress-sites-compromised.html

[5] https://www.bleepingcomputer.com/news/security/over-17-000-wordpress-sites-hacked-in-balada-injector-attacks-last-month/

[6]https://nvd.nist.gov/vuln/detail/CVE-2023-3169

[7] https://www.geoedge.com/balda-injectors-2-0-evading-detection-gaining-persistence/

[8] https[:]//github[.]com/yifeikong/curl_cffi/blob/master/README.md

[9] https://www.virustotal.com/gui/domain/cdn.dataofpages.com

Written by
Justin Torres
Cyber Analyst
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Justin Torres
Cyber Analyst

Beyond MFA: Detecting Adversary-in-the-Middle Attacks and Phishing with Darktrace

Email
December 15, 2025
David Ison
Cyber Analyst
Watch the NIS2 Webinar
Trending blogs
1
Securing Generative AI: Managing Risk in Amazon Bedrock with Darktrace / CLOUD
Nov 19, 2025
2
The 17% of email threats SEGs miss – and how Darktrace catches them
Dec 4, 2025
3
Darktrace Named as a Leader in 2025 Gartner® Magic Quadrant™ for Email Security Platforms
Dec 3, 2025
4
From Amazon to Louis Vuitton: How Darktrace Detects Black Friday Phishing Attacks
Nov 27, 2025
5
Pre-CVE Threat Detection: 10 Examples Identifying Malicious Activity Prior to Public Disclosure of a Vulnerability
Jul 2, 2025

More in this series

No items found.
Continue reading
Network
December 10, 2025

React2Shell: How Opportunist Attackers Exploited CVE-2025-55182 Within Hours

Darktrace observed opportunistic exploitation of the React2Shell vulnerability within minutes of honeypot deployment. Attackers leveraged shell scripts, HTTP beaconing, and cryptomining activity, highlighting rapid adaptation to unpatched flaws.
Nathaniel Bill
Malware Research Engineer
Read more
Network
December 4, 2025

Atomic Stealer: Darktrace’s Investigation of a Growing macOS Threat

Atomic Stealer is rapidly emerging as a significant macOS threat, using infostealing and backdoor capabilities to target Apple users worldwide. Darktrace observed campaigns in 24 countries, detecting activity across multiple kill chain stages and providing recommended actions to contain attacks.
Isabel Evans
Cyber Analyst
Read more
Network
November 26, 2025

CastleLoader & CastleRAT: Behind TAG150’s Modular Malware Delivery System

TAG-150, a MaaS operator active since March 2025, uses CastleLoader and CastleRAT in multi-stage attacks. CastleLoader acts as a loader that retrieves and executes additional malware through deceptive domains and malicious GitHub repositories, while CastleRAT functions as a remote access trojan providing attackers with system control, command execution, and data theft capabilities. Darktrace detected and blocked early attack activity, leveraging Autonomous Response to prevent further compromise and protect enterprise networks.
Ahmed Gardezi
Cyber Analyst
Read more

Blog

/

AI

/

December 22, 2025

The Year Ahead: AI Cybersecurity Trends to Watch in 2026

2026 cyber threat trendsDefault blog imageDefault blog image

Introduction: 2026 cyber trends

Each year, we ask some of our experts to step back from the day-to-day pace of incidents, vulnerabilities, and headlines to reflect on the forces reshaping the threat landscape. The goal is simple:  to identify and share the trends we believe will matter most in the year ahead, based on the real-world challenges our customers are facing, the technology and issues our R&D teams are exploring, and our observations of how both attackers and defenders are adapting.  

In 2025, we saw generative AI and early agentic systems moving from limited pilots into more widespread adoption across enterprises. Generative AI tools became embedded in SaaS products and enterprise workflows we rely on every day, AI agents gained more access to data and systems, and we saw glimpses of how threat actors can manipulate commercial AI models for attacks. At the same time, expanding cloud and SaaS ecosystems and the increasing use of automation continued to stretch traditional security assumptions.

Looking ahead to 2026, we’re already seeing the security of AI models, agents, and the identities that power them becoming a key point of tension – and opportunity -- for both attackers and defenders. Long-standing challenges and risks such as identity, trust, data integrity, and human decision-making will not disappear, but AI and automation will increase the speed and scale of the cyber risk.  

Here's what a few of our experts believe are the trends that will shape this next phase of cybersecurity, and the realities organizations should prepare for.  

Agentic AI is the next big insider risk

In 2026, organizations may experience their first large-scale security incidents driven by agentic AI behaving in unintended ways—not necessarily due to malicious intent, but because of how easily agents can be influenced. AI agents are designed to be helpful, lack judgment, and operate without understanding context or consequence. This makes them highly efficient—and highly pliable. Unlike human insiders, agentic systems do not need to be socially engineered, coerced, or bribed. They only need to be prompted creatively, misinterpret legitimate prompts, or be vulnerable to indirect prompt injection. Without strong controls around access, scope, and behavior, agents may over-share data, misroute communications, or take actions that introduce real business risk. Securing AI adoption will increasingly depend on treating agents as first-class identities—monitored, constrained, and evaluated based on behavior, not intent.

-- Nicole Carignan, SVP of Security & AI Strategy

Prompt Injection moves from theory to front-page breach

We’ll see the first major story of an indirect prompt injection attack against companies adopting AI either through an accessible chatbot or an agentic system ingesting a hidden prompt. In practice, this may result in unauthorized data exposure or unintended malicious behavior by AI systems, such as over-sharing information, misrouting communications, or acting outside their intended scope. Recent attention on this risk—particularly in the context of AI-powered browsers and additional safety layers being introduced to guide agent behavior—highlights a growing industry awareness of the challenge.  

-- Collin Chapleau, Senior Director of Security & AI Strategy

Humans are even more outpaced, but not broken

When it comes to cyber, people aren’t failing; the system is moving faster than they can. Attackers exploit the gap between human judgment and machine-speed operations. The rise of deepfakes and emotion-driven scams that we’ve seen in the last few years reduce our ability to spot the familiar human cues we’ve been taught to look out for. Fraud now spans social platforms, encrypted chat, and instant payments in minutes. Expecting humans to be the last line of defense is unrealistic.

Defense must assume human fallibility and design accordingly. Automated provenance checks, cryptographic signatures, and dual-channel verification should precede human judgment. Training still matters, but it cannot close the gap alone. In the year ahead, we need to see more of a focus on partnership: systems that absorb risk so humans make decisions in context, not under pressure.

-- Margaret Cunningham, VP of Security & AI Strategy

AI removes the attacker bottleneck—smaller organizations feel the impact

One factor that is currently preventing more companies from breaches is a bottleneck on the attacker side: there’s not enough human hacker capital. The number of human hands on a keyboard is a rate-determining factor in the threat landscape. Further advancements of AI and automation will continue to open that bottleneck. We are already seeing that. The ostrich approach of hoping that one’s own company is too obscure to be noticed by attackers will no longer work as attacker capacity increases.  

-- Max Heinemeyer, Global Field CISO

SaaS platforms become the preferred supply chain target

Attackers have learned a simple lesson: compromising SaaS platforms can have big payouts. As a result, we’ll see more targeting of commercial off-the-shelf SaaS providers, which are often highly trusted and deeply integrated into business environments. Some of these attacks may involve software with unfamiliar brand names, but their downstream impact will be significant. In 2026, expect more breaches where attackers leverage valid credentials, APIs, or misconfigurations to bypass traditional defenses entirely.

-- Nathaniel Jones, VP of Security & AI Strategy

Increased commercialization of generative AI and AI assistants in cyber attacks

One trend we’re watching closely for 2026 is the commercialization of AI-assisted cybercrime. For example, cybercrime prompt playbooks sold on the dark web—essentially copy-and-paste frameworks that show attackers how to misuse or jailbreak AI models. It’s an evolution of what we saw in 2025, where AI lowered the barrier to entry. In 2026, those techniques become productized, scalable, and much easier to reuse.  

-- Toby Lewis, Global Head of Threat Analysis

Conclusion

Taken together, these trends underscore that the core challenges of cybersecurity are not changing dramatically -- identity, trust, data, and human decision-making still sit at the core of most incidents. What is changing quickly is the environment in which these challenges play out. AI and automation are accelerating everything: how quickly attackers can scale, how widely risk is distributed, and how easily unintended behavior can create real impact. And as technology like cloud services and SaaS platforms become even more deeply integrated into businesses, the potential attack surface continues to expand.  

Predictions are not guarantees. But the patterns emerging today suggest that 2026 will be a year where securing AI becomes inseparable from securing the business itself. The organizations that prepare now—by understanding how AI is used, how it behaves, and how it can be misused—will be best positioned to adopt these technologies with confidence in the year ahead.

Learn more about how to secure AI adoption in the enterprise without compromise by registering to join our live launch webinar on February 3, 2026.  

Continue reading
About the author
The Darktrace Community

Blog

/

Email

/

December 22, 2025

Why Organizations are Moving to Label-free, Behavioral DLP for Outbound Email

Man at laptopDefault blog imageDefault blog image

Why outbound email DLP needs reinventing

In 2025, the global average cost of a data breach fell slightly — but remains substantial at USD 4.44 million (IBM Cost of a Data Breach Report 2025). The headline figure hides a painful reality: many of these breaches stem not from sophisticated hacks, but from simple human error: mis-sent emails, accidental forwarding, or replying with the wrong attachment. Because outbound email is a common channel for sensitive data leaving an organization, the risk posed by everyday mistakes is enormous.

In 2025, 53% of data breaches involved customer PII, making it the most commonly compromised asset (IBM Cost of a Data Breach Report 2025). This makes “protection at the moment of send” essential. A single unintended disclosure can trigger compliance violations, regulatory scrutiny, and erosion of customer trust –consequences that are disproportionate to the marginal human errors that cause them.

Traditional DLP has long attempted to mitigate these impacts, but it relies heavily on perfect labelling and rigid pattern-matching. In reality, data loss rarely presents itself as a neat, well-structured pattern waiting to be caught – it looks like everyday communication, just slightly out of context.

How data loss actually happens

Most data loss comes from frustratingly familiar scenarios. A mistyped name in auto-complete sends sensitive data to the wrong “Alex.” A user forwards a document to a personal Gmail account “just this once.” Someone shares an attachment with a new or unknown correspondent without realizing how sensitive it is.

Traditional, content-centric DLP rarely catches these moments. Labels are missing or wrong. Regexes break the moment the data shifts formats. And static rules can’t interpret the context that actually matters – the sender-recipient relationship, the communication history, or whether this behavior is typical for the user.

It’s the everyday mistakes that hurt the most. The classic example: the Friday 5:58 p.m. mis-send, when auto-complete selects Martin, a former contractor, instead of Marta in Finance.

What traditional DLP approaches offer (and where gaps remain)

Most email DLP today follows two patterns, each useful but incomplete.

  • Policy- and label-centric DLP works when labels are correct — but content is often unlabeled or mislabeled, and maintaining classification adds friction. Gaps appear exactly where users move fastest
  • Rule and signature-based approaches catch known patterns but miss nuance: human error, new workflows, and “unknown unknowns” that don’t match a rule

The takeaway: Protection must combine content + behavior + explainability at send time, without depending on perfect labels.

Your technology primer: The three pillars that make outbound DLP effective

1) Label-free (vs. data classification)

Protects all content, not just what’s labeled. Label-free analysis removes classification overhead and closes gaps from missing or incorrect tags. By evaluating content and context at send time, it also catches misdelivery and other payload-free errors.

  • No labeling burden; no regex/rule maintenance
  • Works when tags are missing, wrong, or stale
  • Detects misdirected sends even when labels look right

2) Behavioral (vs. rules, signatures, threat intelligence)

Understands user behavior, not just static patterns. Behavioral analysis learns what’s normal for each person, surfacing human error and subtle exfiltration that rules can’t. It also incorporates account signals and inbound intel, extending across email and Teams.

  • Flags risk without predefined rules or IOCs
  • Catches misdelivery, unusual contacts, personal forwards, odd timing/volume
  • Blends identity and inbound context across channels

3) Proprietary DSLM (vs. generic LLM)

Optimized for precise, fast, explainable on-send decisions. A DSLM understands email/DLP semantics, avoids generative risks, and stays auditable and privacy-controlled, delivering intelligence reliably without slowing mail flow.

  • Low-latency, on-send enforcement
  • Non-generative for predictable, explainable outcomes
  • Governed model with strong privacy and auditability

The Darktrace approach to DLP

Darktrace / EMAIL – DLP stops misdelivery and sensitive data loss at send time using hold/notify/justify/release actions. It blends behavioral insight with content understanding across 35+ PII categories, protecting both labeled and unlabeled data. Every action is paired with clear explainability: AI narratives show exactly why an email was flagged, supporting analysts and helping end-users learn. Deployment aligns cleanly with existing SOC workflows through mail-flow connectors and optional Microsoft Purview label ingestion, without forcing duplicate policy-building.

Deployment is simple: Microsoft 365 routes outbound mail to Darktrace for real-time, inline decisions without regex or rule-heavy setup.

A buyer’s checklist for DLP solutions

When choosing your DLP solution, you want to be sure that it can deliver precise, explainable protection at the moment it matters – on send – without operational drag.  

To finish, we’ve compiled a handy list of questions you can ask before choosing an outbound DLP solution:

  • Can it operate label free when tags are missing or wrong? 
  • Does it truly learn per user behavior (no shortcuts)? 
  • Is there a domain specific model behind the content understanding (not a generic LLM)? 
  • Does it explain decisions to both analysts and end users? 
  • Will it integrate with your label program and SOC workflows rather than duplicate them? 

For a deep dive into Darktrace’s DLP solution, check out the full solution brief.

[related-resource]

Continue reading
About the author
Carlos Gray
Senior Product Marketing Manager, Email
Your data. Our AI.
Elevate your network security with Darktrace AI