Blog
/
Proactive Security
/
November 15, 2022

Early-Adopter Customers on Darktrace PREVENT

Discover crucial insights from early adopters of Darktrace Prevent and how this cybersecurity tool is making a huge difference for organizations.
Written by
Mariana Pereira
VP, Field CISO
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Mariana Pereira
VP, Field CISO
Default blog image
15
Nov 2022

Darktrace PREVENT™

PREVENT empowers the CISO and the security team to reduce cyber risk by continuously monitoring the organization’s internal and external attack surface, highlighting and prioritizing risks, and then autonomously hardening defenses as part of Darktrace’s Cyber AI Loop. PREVENT, which is now generally available, is already proving its value to early-adopter customers. 

“We know that the bad guys are gaining knowledge every day. We need to as well. And I think that this type of proactive approach is a requirement now. I don’t think it is an option,” said Jim Davies, the Director of IT at US supply chain management company Ongweoweh.

PREVENT brings together several capabilities, including attack surface management, attack path modeling, breach and attack emulation, and pentest augmentation. By combining these into one end-to-end solution, the system and the humans who use it benefit from a full understanding of which countermeasures will mitigate risk to the greatest extent. 

While the security team works on these countermeasures, PREVENT feeds its findings into Darktrace’s DETECTTM and RESPONDTM capabilities, which in turn harden defenses by heightening their sensitivity around risky assets. This happens autonomously, so the human security team can prioritize other work while the AI continuously hardens the security stack.

Surfacing Risks on the External Attack Surface

The Darktrace PREVENT product family currently consists of two interconnected modules: PREVENT/Attack Surface ManagementTM (ASM) and PREVENT/End-to-EndTM (E2E). 

PREVENT/ASM uses AI to distinguish the company’s external assets on the internet, while only requiring the company’s brand name as input. Early adopters saw it reveal 30-50% more assets than they realized they had. 

“As early as the proof of concept, there was demonstrated value with PREVENT which revealed some attack surface opportunities that none of our other security providers had come across.” said Jenny Moshea, Direct of Technology for Sellen Construction.

PREVENT/ASM is now being adopted by organizations large and small across a number of industries, revealing a wide range of surprising risks and vulnerabilities the security team was not previously aware of. 

In one trial at a utilities organization, PREVENT/ASM identified unexpected access to a control system that was mission critical and could potentially impact the water facilities. Another customer was testing a new project in a cloud environment that was not meant to be publicly visible, let alone accessible. After PREVENT/ASM revealed that sensitive data was exposed and at risk of falling into the wrong hands, the security team was able to proactively get ahead of this risk by reconfiguring the system. 

A Level Deeper: An Internal View of Risk

While PREVENT/ASM examines a company’s external assets, PREVENT/E2E leverages the AI understanding of a company’s internal digital infrastructure. This industry-first product consolidates and optimizes several risk management capabilities, including attack path modeling, pentest augmentation, breach and attack simulation, security awareness training, and cyber risk prioritization. 

One early adopter benefited from PREVENT/E2E’s evolving insights, finding that it filled in the gaps of unknown risk between pentests.   

“We’ve run pentests maybe four times a year, that’s at that point in time. We go correct those issues and then we’re basically waiting for the next one before we dig into it. As soon as we saw the tool, we were like wow this is a continual test every day, we’re able to go take a quick peek, see what’s going on out in the environment,” said Mike Sherwood, the Chief Information Officer for the City of Las Vegas.

After assessing the exposure, likelihood, and potential damage of every single device and attack path in the organization, PREVENT/E2E uncovered a major risk in one customer’s environment:  a patch had failed to install on the disaster recovery domain controller – a vulnerability which the security team had not previously been aware of. With PREVENT’s findings, the team was able to quickly address and close this significant risk. 

Another customer deployed PREVENT/E2E and discovered that the building’s air conditioning system was accessed by an account that had domain admin privileges. PREVENT/E2E informed the security team of this configuration, which would have allowed a threat actor easy lateral movement after targeting the IoT device. 

An End-to-End Solution

Having established the most critical attack paths, PREVENT/E2E enables customers to test the validity of these attack paths through emulated attack campaigns. One customer was amazed to discover that the technology had learned the idiosyncrasies of a user’s communication patterns and launched an emulated social engineering attack that reflected the common spelling mistakes of the user being impersonated. 

By learning how susceptible users are to social engineering attacks, the system gains an even better idea of how likely a particular attack path is, and factors this into the prioritization of its risk mitigation advice. This is yet another indicator of how combining different preventative cyber security measures into one solution gives the security team the insights they need to take practical, effective action to reduce cyber risk. 

PREVENT has already boosted the cyber security postures of its early adopters, surfacing misconfigurations, brand abuse, shadow IT, and other significant risks. 

“PREVENT is an incredibly helpful way to understand risk, particularly when comparing changes over time,” said Klint Price, the Head of Technology & Cybersecurity at facilities management company Vixxo. “Understanding vulnerabilities is one thing, but actually being able to digest and prioritize them is even better.”

Written by
Mariana Pereira
VP, Field CISO
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Mariana Pereira
VP, Field CISO

Hola VPN Abuse: From Proxy Traffic to Malware and Cryptomining

Network
June 15, 2026
Min Kim
Cyber Security Analyst
Watch the NIS2 Webinar
Trending blogs
1
Prompt Security in Enterprise AI: Strengths, Weaknesses, and Common Approaches
May 20, 2026
2
What the Darktrace Annual Threat Report 2026 Means for Security Leaders
Feb 26, 2026
3
Journey of a Threat: How Multi-Layered AI Works in Darktrace / EMAIL
May 26, 2026
4
How to Evaluate AI Vendors: 5 Key categories for AI Adoption
May 27, 2026
5
Darktrace Unites Human Behavior and Threat Detection Across Email, Slack, Teams, and Zoom
Mar 24, 2026

More in this series

No items found.
Continue reading
Proactive Security
June 2, 2026

Stopping Stealth Attacks with Precision: How Núclea Prevented a Breach Without Disruption

Núclea prevented a highly targeted phishing attack exploiting trusted relationships—avoiding financial loss, data exposure, and disruption. Darktrace stopped the threat at the point of risk, protecting business continuity and strengthening resilience across the financial ecosystem.
Mariana Pereira
VP, Field CISO
Read more
Proactive Security
June 1, 2026

Defend What You Trust: Stories from the Front Lines of Modern Cyber Defense

Security leaders from global organizations across industries sat down with us to share their own front-line experiences and real-world perspectives on how modern attacks unfold, where hidden risks emerge, and how AI is reshaping the way organizations think about the role of security.
Read more
Proactive Security
March 31, 2026

AI-powered security for a rapidly growing grocery enterprise

By combining AI-driven detection and autonomous response, this leading grocery holding group has built a security model that delivers continuous protection, accelerates growth, and empowers a small, highly efficient team to safeguard a complex retail ecosystem.
Read more

Blog

/

AI

/

June 24, 2026

A New Security Challenge: The Curious Case of Prompt Language Analysis

Default blog imageDefault blog image

Why prompt analysis is emerging as a key AI security challenge

If securing AI has been one of the defining cybersecurity conversations of the past year, prompt analysis is quickly becoming one of its most interesting frontiers.

Security leaders are under pressure to understand how AI is being used across the business. In some organizations, that means governing employee use of chatbots. In others, it means overseeing copilots embedded into SaaS platforms, monitoring coding assistants, or assessing the growing footprint of autonomous agents. However different these use cases may appear on the surface, they share a common factor: humans and machines are usually interacting with enterprise systems through language.  

How prompt language differs from traditional security telemetry

For years, defenders have become used to working with familiar forms of telemetry: email traffic, network connections, API calls, endpoint processes, authentication events. Prompt language is different. It is not simply another log source. It is an expression of intent, instruction, curiosity, urgency, and sometimes manipulation. It reflects the end-goal of a user or agent, but not always with enough surrounding context to interpret the risk correctly.

Why existing security approaches only partially explain prompt risk

A growing number of vendors are approaching the task of securing AI from the angle they know best. Perimeter vendors are extending web or browser controls into AI usage. Identity vendors are emphasizing agent permissions and access governance. Data security and DLP providers are focusing on content inspection and exfiltration risk. All of these perspectives matter, but individually can’t fully explain the problem.

The challenge with securing AI is not just that a new application category has emerged. It is that language has become a new operating layer in the enterprise.

Employees now use prompts to summarize documents, generate code, analyze spreadsheets, query internal knowledge, and trigger multi-step actions through agents. In each case, prompt language acts as the interface between human intent and machine execution. That makes prompts incredibly valuable from a security perspective as they can hint at misuse, policy violations, data exposure, or attempts to circumvent controls. However, they can also be deeply ambiguous when viewed in isolation. That ambiguity is the heart of the issue.

Prompts as behavioral signals, not just text to classify

A prompt by itself tells you what was asked. It does not necessarily tell you whether the request is expected, risky, accidental, or entirely legitimate in context. Two nearly identical prompts can carry very different meanings depending on the role and function of who issued them, what systems they can access, and what actions followed. In other words, prompts are not just text to classify. They are behavioral signals to interpret.

Example: How context changes prompt risk entirely

Consider a common enterprise scenario. An employee is pulled into a new project with an aggressive deadline. Almost overnight, their use of AI tools spikes. They begin prompting more frequently, working across unfamiliar documents, querying new data sources, and interacting with more systems than usual to accelerate delivery. Viewed narrowly, this may look suspicious. Prompt volume increases, file access patterns change, API and SaaS activity rise. From some vantage points, it may resemble insider risk or unmanaged AI usage.

But now add context. Imagine that, earlier that day, the employee received instructions from a senior leader asking them to support a time-sensitive initiative. Their communication history shows that this leader is a legitimate reporting-line superior. Their recent collaboration patterns align with the new project team. Their subsequent activity, while unusual for that individual’s baseline, is consistent with the business task they were assigned.

What initially looked like a risk event may actually be a normal response to business pressure. Without the surrounding context of communication, organizational relationships, and broader behavioral patterns, prompt activity alone could generate more noise than insight.

The reverse is also true. A prompt may appear benign on the surface while the context around it suggests elevated risk. A request that seems routine could originate from a compromised user, a newly connected external agent, a shadow AI workflow, or a user acting outside their normal role. The language itself may not contain anything obviously malicious, but the surrounding conditions may tell a very different story.

What security teams need to analyze prompts effectively

The future of prompt analysis is not just about understanding language. It is about understanding language in context.

To do that well, security teams need more than prompt inspection. They need to understand:

  • Who is issuing the prompt, whether human or agent
  • How that identity normally behaves across the enterprise
  • What systems, data, and workflows are connected to the interaction
  • Which relationships and communications explain the surrounding activity
  • Whether the downstream actions align with expected business behavior

When those layers are absent, prompt analysis can become another isolated control surface: useful in theory, but limited in practice. Security teams may detect unusual wording but miss the operational function behind it, overreact to benign changes in behavior, or miss subtle misuse because the prompt itself did not appear dangerous.

How organizations should think about prompt analysis going forward

Security teams have seen this pattern before. In the cloud, posture without runtime context left important gaps. In identity, access control without behavioral understanding missed misuse that looked legitimate on paper. In data security, content inspection without business context often created friction without resolving risk. AI is exposing the same lesson again: controls are strongest when they are coordinated, not isolated. As organizations work to secure AI and identify gaps across their security operations, prompt analysis will become an increasingly important source of insight, but only as part of a broader strategy.

Prompt analysis will undoubtedly become more common, as prompts are one of the clearest windows into how people and agents are using AI systems. However, what matters most is not simply collecting prompts or filtering dangerous phrases, but being able to place that language inside a wider behavioral and operational picture.

Organizations that already have a broader understanding of how work gets done across the enterprise will be better positioned to make sense of prompt language as this category matures. They will be better able to distinguish urgency from abuse, experimentation from exfiltration, and productive AI adoption from hidden risk.

Figure 1: Darktrace / SECURE AI reconstructs the full sequence of events, showing every user and agent interaction in context, with risky prompts highlighted and categorized, including PII, sensitive data, and other policy violations.

At Darktrace, this is the key lesson emerging from the market: prompt language does matter, but it does not stand alone. It is most valuable when treated as a new behavioral input that can enrich understanding across the enterprise, not as a self-contained source of truth.

Why prompts become less useful when analyzed in isolation

The curious case of prompt language analysis, then, is this: the more important prompts become, the less useful they are in a vacuum.

The real opportunity is not just to see what was asked. It is to understand why it was asked, what it meant in that moment, and what happened next.

For a deeper look at how organizations are approaching this challenge from the strengths of prompt analysis to its limitations in isolation see Prompt Security in Enterprise AI: Strengths, Weaknesses, and Common Approaches, which expands on the role prompt-level controls play within a broader, context-driven security strategy.

Continue reading
About the author
Nabil Zoldjalali
VP, Field CISO

Blog

/

AI

/

June 23, 2026

Advancing the Use of Frontier AI in Cybersecurity: Darktrace Joins the OpenAI Daybreak Cyber Partner Program to Explore Defensive AI Integrations

Default blog imageDefault blog image

Darktrace joins the OpenAI Daybreak Cyber Partner Program

Today, we announced that Darktrace is joining the OpenAI Daybreak Cyber Partner Program. We’ll be partnering with OpenAI to explore how their cyber capabilities can be integrated within Darktrace products and services to bring new capabilities to our customers.

This partnership is an exciting opportunity to bring together Darktrace’s behavioral AI modelling of the organization with OpenAI’s advanced contextual capabilities to create a new level of understanding for security teams. To understand the impact, it’s helpful to start with how we think about the problem.  

At Darktrace, we built our AI in support of the core belief that cybersecurity needs to understand the business it is defending. That's why our Self-Learning AI is designed to help organizations understand normal and abnormal behavior for each organization across their digital environment, including users and identities, networks and cloud, email and collaboration tools, and now AI systems and agents with the rollout of Darktrace / SECURE AI™.  

Our goal was never simply to spot known attacks faster. It was to help defenders understand how their organization behaves, potential risks and impact, and where disruption could take hold so they could prepare for the unknown threats that they may not have seen or even imagined before.  

That’s exactly what is happening across the threat landscape today. Attacks keep changing; techniques shift, infrastructure evolves, and attackers move with more speed, precision, and context. And now they have even more AI and automation on their side. Attackers are exploiting identities, trusted services, SaaS applications, and business workflows. They are not always breaking in; often, the threat may come from within the organization in the form of insider threat or even rogue agents.  

In this reality, defenders need a combination of deep AI modelling of the organization and AI that can connect identified threats to concrete business context, translating this information into real world value, and allow action before risk becomes disruption.

That is the opportunity we see in partnering with OpenAI.  

What is the OpenAI Daybreak Cyber Partner Program and why is Darktrace joining

The OpenAI Daybreak Cyber Partner Program is focused on advancing the safe use of AI for cybersecurity. As part of the program’s next phase, OpenAI is working with a select group of trusted partners including Darktrace on scoped product integrations, managed services, and partner-delivered defensive capabilities. We’ll be exploring how OpenAI’s advanced frontier AI capabilities can support defenders in the tools and workflows they already use each day.

For Darktrace, this is a natural extension of our expertise and the work we have been doing for a decade: safely and securely applying the most effective AI techniques in combination to understand organizations, detecting malicious activity at the earliest indicators, and helping cyber defenders act faster.  

By using the advanced models and more precise safeguards available in the OpenAI Daybreak Cyber Partner Program, Darktrace and OpenAI will combine Darktrace’s real-time behavioral understanding of an organization's digital estate with OpenAI's ability to interpret wider business context.  

This is a unique and powerful combination of insights that could give organizations deeper context on technical risk and help them prioritize workloads and investigations based on potential impact to revenue, operations, and resilience. It can also provide security teams and executives with intelligence into which events matter most to the business, why they matter, and what action to take. Not just finding, for instance, that an agent is compromised, but highlighting that the compromised agent could shut down order fulfilment within the next three hours.  

Why the Darktrace and OpenAI partnership matters for defenders

Security teams today have more attack surface, more complex environments to protect, and an increasing volume of threats. The ability to act quickly is critical, but they also need to be able to focus on the risks that could have the greatest business impact.

That is especially important as attackers use AI to scale phishing, automate reconnaissance, find weaknesses, and blend into normal business activity. At the same time, organizations and their employees are using AI to innovate, which introduces an even broader attack surface and new set of risks. Defenders need AI that can operate across the same complexity, but safely, transparently, and in service of building more resilience. And they need a way to safely adopt, govern, and defend AI across their organizations.

Joining the OpenAI Daybreak Cyber Partner Program is another step in that direction. We are still early in this work, and we will take a careful, disciplined approach. But the direction is clear: protecting organizations requires AI that understands the business, not just the attack.

At Darktrace, that is exactly where we remain focused and why we are so excited about this partnership with OpenAI.  

[related-resource]

Continue reading
About the author
Your data. Our AI.
Elevate your network security with Darktrace AI