Blog
/
AI
/
February 3, 2026

Introducing Darktrace / SECURE AI: Complete AI Security Across Your Enterprise

Darktrace introduces a new product for securing AI across the enterprise. Darktrace / SECURE AI marks the next chapter in securing organizations from cyber threats and emerging risks. By combining full visibility, intelligent behavioral oversight, and real-time control, Darktrace is enabling enterprises to safely adopt, manage, and build AI within their business.
Written by
Brittany Woodsmall
Product Marketing Manager, AI
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Brittany Woodsmall
Product Marketing Manager, AI
Darktrace Secure AIDefault blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog imageDefault blog image
03
Feb 2026

Why securing AI can’t wait

AI is entering the enterprise faster than IT and security teams can keep up, appearing in SaaS tools, embedded in core platforms, and spun up by teams eager to move faster.  

As this adoption accelerates, it introduces unpredictable behaviors and expands the attack surface in ways existing security tools can’t see or control, startup or platform, they all lack one trait. These new types of risks command the attention of security teams and boardrooms, touching everything from business integrity to regulatory exposure.

Securing AI demands a fundamentally different approach, one that understands how AI behaves, how it interacts with data and users, and how risk emerges in real time. That shift is at the core of how organizations should be thinking about securing AI across the enterprise.

What is the current state of securing AI?

In Darktrace’s latest State of AI in Cybersecurity Report research across 1,500 cybersecurity professionals shows that the percentage of organizations without an AI adoption policy grew from 55% last year to 63% this year.

More troubling, the percentage of organizations without any plan to create an AI policy nearly tripled from 3% to 8%. Without clear policies, businesses are effectively accelerating blindfolded.

When we analyzed activity across our own customer base, we saw the same patterns playing out in their environments. Last October alone, we saw a 39% month-over-month increase in anomalous data uploads to generative AI services, with the average upload being 75MB. Given the size and frequency of these uploads, it's almost certain that much of this data should never be leaving the enterprise.

Many security teams still lack visibility into how AI is being used across their business; how it’s behaving, what it’s accessing, and most importantly, whether it’s operating safely. This unsanctioned usage quietly expands, creating pockets of AI activity that fall completely outside established security controls. The result is real organizational exposure with almost no visibility, underscoring just how widespread AI use has already become desipite the existence of formal policies.

This challenge doesn’t stop internally. Shadow AI extends into third-party tools, vendor platforms, and partner systems, where AI features are embedded without clear oversight.

Meanwhile, attackers are now learning to exploit AI’s unique characteristics, compounding the risks organizations are already struggling to manage.

The leader in AI cybersecurity now secures AI

Darktrace brings more than a decade of behavioral AI expertise built on an enterprise‑wide platform designed to operate in the complex, ambiguous environments where today’s AI now lives.  

Other cybersecurity technologies try to predict each new attack based on historical attacks. The problem is AI operates like humans do. Every action introduces new information that changes how AI behaves, its unpredictable, and historical attack tactics are now only a small part of the equation, forcing vendors to retrofit unproven acquisitions to secure AI.  

Darktrace is fundamentally different. Our Self‑Learning AI learns what “normal” looks like for your unique business: how your users, systems, applications, and now AI agents behave, how they communicate, and how data flows. This allows us to spot even the smallest shifts when something changes in meaningful ways. Long before AI agents were introduced, our technology was already interpreting nuance, detecting drift, uncovering hidden relationships, and making sense of ambiguous activity across networks, cloud, SaaS, email, OT, identities, and endpoints.

As AI introduces new behaviors, unstructured interactions, invisible pathways, and the rise of Shadow AI, these challenges have only intensified. But this is exactly the environment our platform was built for. Securing AI isn’t a new direction for Darktrace — it’s the natural evolution of the behavioral intelligence we’ve delivered to thousands of organizations worldwide.

Introducing Darktrace / SECURE AI – Complete AI security across your enterprise

We are proud to introduce Darktrace / SECURE AI, the newest product in the Darktrace ActiveAI Security Platform designed to secure AI across the whole enterprise.

This marks the next chapter in our mission to secure organizations from cyber threats and emerging risks. By combining full visibility, intelligent behavioral oversight, and real-time control, Darktrace is enabling enterprises to safely adopt, manage, and build AI within their business. This ensures that AI usage, data access, and behavior remain aligned to security baselines, compliance, and business goals.

Darktrace / SECURE AI can bring every AI interaction into a single view, helping teams understand intent, assess risk, protect sensitive data, and enforce policy across both human and AI Agent activity. Now organizations can embrace AI with confidence, with visibility to ensure it is operating safely, responsibly, and in alignment with their security and compliance needs.  

Because securing AI spans multiple areas and layers of complexity, Darktrace / SECURE AI is built around four foundational use cases that ensure your whole enterprise and every AI use affecting your business, whether owned or through third parties, is protected, they are:

  • Monitoring the prompts driving GenAI agents and assistants
  • Securing business AI agent identities in real time
  • Evaluating AI risks in development and deployment
  • Discovering and controlling Shadow AI

Monitoring the prompts driving GenAI agents and assistants

For AI systems, prompts are one of the most active and sensitive points of interaction—spanning human‑AI exchanges where users express intent and AI‑AI interactions where agents generate internal prompts to reason and coordinate. Because prompt language effectively is behavior, and because it relies on natural language rather than a fixed, finite syntax, the attack surface is open‑ended. This makes prompt‑driven risks far more complex than traditional API‑based vulnerabilities tied to CVEs.

Whether an attacker is probing for weaknesses, an employee inadvertently exposes sensitive data, or agents generate their own sub‑tasks to drive complex workflows, security teams must understand how prompt behavior shapes model behavior—and where that behavior can go wrong. Without that behavioral understanding, organizations face heightened risks of exploitation, drift, and cascading failures within their AI systems.

Darktrace / SECURE AI brings together all prompt activity across enterprise AI systems, including Microsoft Copilot and ChatGPT Enterprise, low‑code environments like Microsoft Copilot Studio, SaaS providers like Salesforce and Microsoft 365, and high‑code platforms such as AWS Bedrock and SageMaker, into a single, unified layer of visibility.  

Beyond visibility, Darktrace applies behavioral analytics to understand whether a prompt is unusual or risky in the context of the user, their peers, and the broader organization. Because AI attacks are far more complex and conversational than traditional exploits against fixed APIs – sharing more in common with email and Teams/Slack interactions, —this behavioral understanding is essential. By treating prompts as behavioral signals, Darktrace can detect conversational attacks, malicious chaining, and subtle prompt‑injection attempts, and where integrations allow, intervene in real time to block unsafe prompts or prevent harmful model actions as they occur.

Securing business AI agent identities in real time

As organizations adopt more AI‑driven workflows, we’re seeing a rapid rise in autonomous and semi‑autonomous agents operating across the business. These agents operate within existing identities, with the capability to access systems, read and write data, and trigger actions across cloud platforms, internal infrastructure, applications, APIs, and third‑party services. Some identities are controlled, like users, others like the ones mentioned, can appear anywhere, with organizations having limited visibility into how they’re configured or how their permissions evolve over time.  

Darktrace / SECURE AI gives organizations a real‑time, identity‑centric understanding of what their AI agents are doing, not just what they were designed to do. It automatically discovers live agent identities operating across SaaS, cloud, network, endpoints, OT, and email, including those running inside third‑party environments.  

The platform maps how each agent is configured, what systems it accesses, and how it communicates, including activity such as MCP usage or interactions with storage services where sensitive data may reside.  

By continuously observing agent behavior across all domains, Darktrace / SECURE AI highlights when unnecessary or risky permissions are granted, when activity patterns deviate, or when agents begin chaining together actions in unintended ways. This real‑time audit trail allows organizations to evaluate whether agent actions align with intended operational parameters and catch anomalous or risky behavior early.    

Evaluating AI risks in development and deployment

In the build phase, new identities are created, entitlements accumulate, components are stitched together across SaaS, cloud, and internal environments, and logic starts taking shape through prompts and configurations.  

It’s a highly dynamic and often fragmented process, and even small missteps here, such as a misconfiguration in a created agent identity, can become major security issues once the system is deployed. This is why evaluating AI risk during development and deployment is critical.

Darktrace / SECURE AI brings clarity and control across this entire lifecycle — from the moment an AI system starts taking shape to the moment it goes live. It allows you to gain visibility into created identities and their access across hyperscalers, low‑code SaaS, and internal labs, supported by AI security posture management that surfaces misconfigurations, over‑entitlement, and anomalous building events. Darktrace/ SECURE AI then connects these development insights directly to prompt oversight, connecting how AI is being built to how it will behave once deployed.  The result is a safer, more predictable AI lifecycle where risks are discovered early, guardrails are applied consistently, and innovations move forward with confidence rather than guesswork.

Discovering and controlling Shadow AI

Shadow AI has now appeared across every corner of the enterprise. It’s not just an employee pasting internal data into an external chatbot; it includes unsanctioned agent builders, hidden MCP servers, rogue model deployments, and AI‑driven workflows running on devices or services no one expected to be using AI.  

Darktrace / SECURE AI brings this frontier into view by continuously analyzing interactions across cloud, networks, endpoints, OT, and SASE environments. It surfaces unapproved AI usage wherever it appears and distinguishes legitimate activity in sanctioned tools from misuse or high‑risk behavior. The system identifies hidden AI components and rogue agents, reveals unauthorized deployments and unexpected connections to external AI systems, and highlights risky data flows that deviate from business norms.

When the behavior warrants a response, Darktrace / SECURE AI enables policy enforcement that guides users back toward sanctioned options while containing unsafe or ungoverned adoption. This closes one of the fastest‑expanding security gaps in modern enterprises and significantly reduces the attack surface created by shadow AI.

Conclusion

What’s needed now along with policies and frameworks for AI adoption is the right tooling to detect threats based on AI behavior across shadow use, prompt risks, identity misuse, and AI development.  

Darktrace is uniquely positioned to secure AI, we’ve spent over a decade building AI that learns your business – understanding subtle behavior across the entire enterprise long before AI agents arrived. With over 10,000 customers relying on Darktrace as the last line of defense to capture threats others cannot, Securing AI isn’t a pivot for us, it's not an acquisition; it’s the natural extension of the behavioral expertise and enterprise‑wide intelligence our platform was built on from the start.  

To learn more about how to secure AI at your organization we curated a readiness program that brings together IT and security leaders navigating this responsibility, providing a forum to prepare for high-impact decisions, explore guardrails, and guide the business amid growing uncertainty and pressure.

Sign up for the Secure AI Readiness Program here: This gives you exclusive access to the latest news on the latest AI threats, updates on emerging approaches shaping AI security, and insights into the latest innovations, including Darktrace’s ongoing work in this area.

Ready to talk with a Darktrace expert on securing AI? Register here to receive practical guidance on the AI risks that matter most to your business, paired with clarity on where to focus first across governance, visibility, risk reduction, and long-term readiness.  

Written by
Brittany Woodsmall
Product Marketing Manager, AI
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Brittany Woodsmall
Product Marketing Manager, AI

CVE-2026-1731: How Darktrace Sees the BeyondTrust Exploitation Wave Unfolding

Network
February 13, 2026
Emma Foulger
Global Threat Research Operations Lead
Watch the NIS2 Webinar
Trending blogs
1
Securing Generative AI: Managing Risk in Amazon Bedrock with Darktrace / CLOUD
Nov 19, 2025
2
The 17% of email threats SEGs miss – and how Darktrace catches them
Dec 4, 2025
3
Darktrace Named as a Leader in 2025 Gartner® Magic Quadrant™ for Email Security Platforms
Dec 3, 2025
4
From Amazon to Louis Vuitton: How Darktrace Detects Black Friday Phishing Attacks
Nov 27, 2025
5
Pre-CVE Threat Detection: 10 Examples Identifying Malicious Activity Prior to Public Disclosure of a Vulnerability
Jul 2, 2025

More in this series

No items found.
Continue reading
AI
February 13, 2026

How AI is redefining cybersecurity and the role of today’s CIO

Cybersecurity is no longer just an IT concern, but a business imperative shaped by AI-driven threats and accelerating risk. In this blog, Amel Edmond, CIO at the advisory, tax, and audit firm Withum, discusses his perspective on why AI is essential to modern cybersecurity and how he is building a security program designed for resilience, visibility, and scale with the help of Darktrace.
Amel Edmond
Chief Information Officer
Read more
AI
February 3, 2026

The State of AI Cybersecurity 2026: Unveiling insights from over 1,500 security leaders

This year, organizations have been racing to implement generative and agentic AI tools at a breakneck pace. Darktrace asked over 1,500 security leaders about how they’re navigating these rapid technology shifts – and the challenges and opportunities enterprise AI presents.
The Darktrace Community
Read more
AI
December 23, 2025

How to Secure AI in the Enterprise: A Practical Framework for Models, Data, and Agents

AI is accelerating faster than governance can keep up, expanding attack surfaces and creating unseen risks. From data and models to AI agents and integrations, security starts by knowing what to protect. Discover how to identify AI-driven risks, so you can establish governance frameworks and controls that secure innovation without exposing the enterprise to new attack surfaces. 
Brittany Woodsmall
Product Marketing Manager, AI
Read more

Blog

/

Network

/

February 19, 2026

CVE-2026-1731: How Darktrace Sees the BeyondTrust Exploitation Wave Unfolding

Default blog imageDefault blog image

Note: Darktrace's Threat Research team is publishing now to help defenders. We will continue updating this blog as our investigations unfold.

Background

On February 6, 2026, the Identity & Access Management solution BeyondTrust announced patches for a vulnerability, CVE-2026-1731, which enables unauthenticated remote code execution using specially crafted requests.  This vulnerability affects BeyondTrust Remote Support (RS) and particular older versions of Privileged Remote Access (PRA) [1].

A Proof of Concept (PoC) exploit for this vulnerability was released publicly on February 10, and open-source intelligence (OSINT) reported exploitation attempts within 24 hours [2].

Previous intrusions against Beyond Trust technology have been cited as being affiliated with nation-state attacks, including a 2024 breach targeting the U.S. Treasury Department. This incident led to subsequent emergency directives from  the Cybersecurity and Infrastructure Security Agency (CISA) and later showed attackers had chained previously unknown vulnerabilities to achieve their goals [3].

Additionally, there appears to be infrastructure overlap with React2Shell mass exploitation previously observed by Darktrace, with command-and-control (C2) domain  avg.domaininfo[.]top seen in potential post-exploitation activity for BeyondTrust, as well as in a React2Shell exploitation case involving possible EtherRAT deployment.

Darktrace Detections

Darktrace’s Threat Research team has identified highly anomalous activity across several customers that may relate to exploitation of BeyondTrust since February 10, 2026. Observed activities include:

Outbound connections and DNS requests for endpoints associated with Out-of-Band Application Security Testing; these services are commonly abused by threat actors for exploit validation.  Associated Darktrace models include:

  • Compromise / Possible Tunnelling to Bin Services

Suspicious executable file downloads. Associated Darktrace models include:

  • Anomalous File / EXE from Rare External Location

Outbound beaconing to rare domains. Associated Darktrace models include:

  • Compromise / Agent Beacon (Medium Period)
  • Compromise / Agent Beacon (Long Period)
  • Compromise / Sustained TCP Beaconing Activity To Rare Endpoint
  • Compromise / Beacon to Young Endpoint
  • Anomalous Server Activity / Rare External from Server
  • Compromise / SSL Beaconing to Rare Destination

Unusual cryptocurrency mining activity. Associated Darktrace models include:

  • Compromise / Monero Mining
  • Compromise / High Priority Crypto Currency Mining

And model alerts for:

  • Compromise / Rare Domain Pointing to Internal IP

IT Defenders: As part of best practices, we highly recommend employing an automated containment solution in your environment. For Darktrace customers, please ensure that Autonomous Response is configured correctly. More guidance regarding this activity and suggested actions can be found in the Darktrace Customer Portal.  

Appendices

Potential indicators of post-exploitation behavior:

·      217.76.57[.]78 – IP address - Likely C2 server

·      hXXp://217.76.57[.]78:8009/index.js - URL -  Likely payload

·      b6a15e1f2f3e1f651a5ad4a18ce39d411d385ac7  - SHA1 - Likely payload

·      195.154.119[.]194 – IP address – Likely C2 server

·      hXXp://195.154.119[.]194/index.js - URL – Likely payload

·      avg.domaininfo[.]top – Hostname – Likely C2 server

·      104.234.174[.]5 – IP address - Possible C2 server

·      35da45aeca4701764eb49185b11ef23432f7162a – SHA1 – Possible payload

·      hXXp://134.122.13[.]34:8979/c - URL – Possible payload

·      134.122.13[.]34 – IP address – Possible C2 server

·      28df16894a6732919c650cc5a3de94e434a81d80 - SHA1 - Possible payload

References:

1.        https://nvd.nist.gov/vuln/detail/CVE-2026-1731

2.        https://www.securityweek.com/beyondtrust-vulnerability-targeted-by-hackers-within-24-hours-of-poc-release/

3.        https://www.rapid7.com/blog/post/etr-cve-2026-1731-critical-unauthenticated-remote-code-execution-rce-beyondtrust-remote-support-rs-privileged-remote-access-pra/

Continue reading
About the author
Emma Foulger
Global Threat Research Operations Lead

Blog

/

AI

/

February 19, 2026

How AI is redefining cybersecurity and the role of today’s CIO

Default blog imageDefault blog image

Why AI is essential to modern security

As attackers use automation and AI to outpace traditional tools and people, our approach to cybersecurity must fundamentally change. That’s why one of my first priorities as Withum's CIO was to elevate cybersecurity from a technical function to a business enabler.

What used to be “IT’s problem” is now a boardroom conversation – and for good reason. Protecting our data, our people, and our clients directly impacts revenue, reputation and competitive positioning.  

As CIOs / CISOs, our responsibilities aren’t just keeping systems running, but enabling trust, protecting our organization's reputation, and giving the business confidence to move forward even as the digital world becomes less predictable. To pull that off, we need to know the business inside-out, understand risk, and anticipate what's coming next. That's where AI becomes essential.

Staying ahead when you’re a natural target

With more than 3,100 team members and over 1,000 CPAs (Certified Public Accountant), Withum’s operates in an industry that naturally attracts attention from attackers. Firms like ours handle highly sensitive financial and personal information, which puts us squarely in the crosshairs for sophisticated phishing, ransomware, and cloud-based attacks.

We’ve built our security program around resilience, visibility, and scale. By using Darktrace’s AI-powered platform, we can defend against both known and unknown threats, across email and network, without slowing our teams down.

Our focus is always on what we’re protecting: our clients’ information, our intellectual property, and the reputation of the firm. With Darktrace, we’re not just keeping up with the massive volume of AI-powered attacks coming our way, we’re staying ahead. The platform defends our digital ecosystem around the clock, detecting potential threats across petabytes of data and autonomously investigating and responding to tens of thousands of incidents every year.

Catching what traditional tools miss

Beyond the sheer scale of attacks, Darktrace ActiveAI Security PlatformTM is critical for identifying threats that matter to our business. Today’s attackers don’t use generic techniques. They leverage automation and AI to craft highly targeted attacks – impersonating trusted colleagues, mimicking legitimate websites, and weaving in real-world details that make their messages look completely authentic.

The platform, covering our network, endpoints, inboxes, cloud and more is so effective because it continuously learns what’s normal for our business: how our users typically behave, the business- and industry-specific language we use, how systems communicate, and how cloud resources are accessed. It picks up on minute details that would sail right past traditional tools and even highly trained security professionals.

Freeing up our team to do what matters

On average, Darktrace autonomously investigates 88% of all our security events, using AI to connect the dots across email, network, and cloud activity to figure out what matters. That shift has changed how our team works. Instead of spending hours sorting through alerts, we can focus on proactive efforts that actually strengthen our security posture.

For example, we saved 1,850 hours on investigating security issues over a ten-day period. We’ve reinvested the time saved into strengthening policies, refining controls, and supporting broader business initiatives, rather than spending endless hours manually piecing together alerts.

Real confidence, real results

The impact of our AI-driven approach goes well beyond threat detection. Today, we operate from a position of confidence, knowing that threats are identified early, investigated automatically, and communicated clearly across our organization.

That confidence was tested when we withstood a major ransomware attack by a well-known threat group. Not only were we able to contain the incident, but we were able to trace attacker activity and provided evidence to law enforcement. That was an exhilarating experience! My team did an outstanding job, and moments like that reinforce exactly why we invest in the right technology and the right people.

Internally, this capability has strengthened trust at the executive level. We share security reporting regularly with leadership, translating technical activity into business-relevant insights. That transparency reinforces cybersecurity as a shared responsibility, one that directly supports growth, continuity, and reputation.

Culturally, we’ve embedded security awareness into daily operations through mandatory monthly training, executive communication, and real-world industry examples that keep cybersecurity top of mind for every employee.

The only headlines we want are positive ones: Withum expanding services, Withum growing year over year. Security plays a huge role in making sure that’s the story we get to tell.

What’s next

Looking ahead, we’re expanding our use of Darktrace, including new cloud capabilities that extend AI-driven visibility and investigation into our AWS and Azure environments.

As I continue shaping our security team, I look for people with passion, curiosity, and a genuine drive to solve problems. Those qualities matter just as much as formal credentials in my view. Combined with AI, these attributes help us build a resilient, engaged security function with low turnover and high impact.

For fellow technology leaders, my advice is simple: be forward-thinking and embrace change. We must understand the business, the threat landscape, and how technology enables both. By augmenting human expertise rather than replacing it, AI allows us to move upstream by anticipating risk, advising the business, and fostering stronger collaboration across teams.

Continue reading
About the author
Amel Edmond
Chief Information Officer
Your data. Our AI.
Elevate your network security with Darktrace AI