The findings in this blog are taken from Darktrace's annual State of AI Cybersecurity Report 2026.

AI is already embedded in day-to-day enterprise activity, with 78% of participants in one recent survey reporting that their organizations are using generative AI in at least one business function. Generative AI now acts as an always-on assistant, researcher, creator, and coach across an expanding array of departments and functions. Autonomous agents are performing multi-step operational workflows from end to end. AI features have been layered on top of every SaaS application. And vibe coding is making it possible for employees without deep technical expertise to build their own AI-powered automations.

According to Gartner, more than 80% of enterprises will have deployed GenAI models, applications, or APIs in production environments by the end of this year, up from less than 5% in 2023. Companies report a 130% increase in spending on AI over the same period, with 72% of business leaders using AI tools at least weekly. The outsized efficiency and productivity gains that were once a future vision are quickly becoming everyday reality.

AI is currently driving business growth and innovation, and organizations risk falling behind peers if they don’t keep up with the pace of adoption, but it is also quietly expanding the enterprise attack surface. The modern CISO is challenged to both enable innovation and protect the business from these emerging threats.

AI agents introduce new risks and vulnerabilities

AI agents are playing growing roles in enterprise production environments. In many cases, these agents act with broad permissions across multiple software systems and platforms. This means they’re granted far-reaching access – to sensitive data, business-critical applications, tokens and APIs, and IT and security tools. With this access comes risk for security leaders – 92% are concerned about the use of AI agents across the workforce and their impact on security.

These agents must be governed as identities, with least-privilege access and ongoing monitoring. They can’t be thought of as invisible aspects of the application estate. Understanding how AI agents behave, and how to manage their permissions, control their behavior, and limit their data access will be a top security priority throughout 2026.

Generative AI prompts: The next frontier

Prompts are how users – both human and agentic – interact with AI systems, and they’re where natural language gets translated into model behavior. Natural language is infinite in its potential combinations and permutations, making this aspect of the attack surface open-ended and far more complex than traditional CVEs. With carefully crafted prompts, bad actors may be able to coax models into disclosing sensitive data, bypassing guardrails, or initiating undesirable actions.

Among security leaders, the biggest worries about AI usage in their environments all involve ways that systems might be manipulated to bypass traditional controls.

• 61% are most concerned about the exposure of sensitive data
• 56% are most concerned about potential data security and policy violations
• 51% are most concerned about the misuse or abuse of AI tools

The more employees rely on AI in their day-to-day workflows, the more critical it becomes for security teams to understand how prompt behavior determines model behavior – and where that behavior could go wrong.

What does “securing AI” mean in practice?

AI adoption opens new security risks that blur the boundaries between traditional security disciplines. A single malicious interaction with an AI model could involve identity misuse, sensitive data exposure, application logic abuse, and supply chain risk – all within a single workflow. Protecting this dynamic and rapidly evolving attack surface requires an approach that spans identity security, cloud security, application security, data security, software development security, and more.

The task for security leaders is to implement the tools, policies, and frameworks to mitigate these novel, expansive, and cross-disciplinary risks.

However, within most enterprises, AI policy creation remains in its infancy. Just 37% of security leaders report that their organization has a formal AI policy, representing a small but worrisome decrease from last year. Conversations about AI abound: in 52% of organizations, there’s discussion about an AI policy. Still, talk is cheap, and leaders will need to take action if they’re to successfully enable secure AI innovation.

To govern and protect their AI systems, organizations must take a multi-pronged approach. This requires building out policies, but it also demands that they are able to:

• Monitor the prompts driving GenAI assistants and agents in real time. Organizations must be able to inspect prompts, sessions, and responses across enterprise GenAI tools, low- and high-code environments, and SaaS and SASE so that they can detect clever conversational prompt attacks and malicious chaining.
• Secure all business AI agent identities. Security teams need to identify all the agents acting within their environment and supply chain, map their connections and interactions via MCP and services like Amazon S3, and audit their behavior across the cloud, SaaS environments, and on the network and endpoint devices.
• Maintain centralized, comprehensive visibility. Understanding intent, assessing risks, and enforcing policies all require that security teams have a single view that spans AI interactions across the entire business.
• Discover and control shadow AI. Teams need to be able to identify unsanctioned AI activities, distinguish the misuse of legitimate tools from their appropriate use, and apply policies to protect data, while guiding users towards approved solutions.

Scaling AI safely and responsibly

The approach that most cybersecurity vendors have taken – using historical patterns to predict future threats – doesn’t work well for AI systems. Because AI changes its behavior in response to the information it encounters while taking action, previous patterns don’t indicate what it will do next. Looking at past attacks can’t tell you how complex models will behave in your individual business.

Securing AI requires interpreting ambiguous interactions, uncovering subtleties that reveal intent within extended conversations, understanding how access accumulates over time, and recognizing when behavior – both human and machine – begins to drift towards areas of risk. To do this, you need to understand what “normal” looks like in each unique organization: how users, systems, applications, and AI agents behave, how they communicate, and how data flows between them.

Darktrace has spent more than a decade designing AI-powered solutions that can understand and adapt to evolving behavior in complex environments. This technology learns directly from the environment it protects, identifying malicious actions that deviate from normal operations, so that it can stop AI-related threats on the very first encounter.

As AI adoption reshapes enterprise operations, humans and machines will collaborate more and more often. This collaboration might dramatically expand the attack surface, but it also has the potential to be a force multiplier for defenders.

‍

Explore the full State of AI Cybersecurity 2026 report for deeper insights into how security leaders are responding to AI-driven risks.

Learn more about securing AI in your enterprise.

‍

‍

The communication attack surface is expanding

Modern attackers no longer focus solely on inboxes, they target people and the productivity systems where work actually happens. Meanwhile, the boundary between internal and external usage of tools is becoming blurrier everyday – turning the entire workplace into the attack surface. In 2025, identity compromise emerged as the single most consistent threat across the global threat landscape, as observed by Darktrace research across our entire customer base. Over 70% of incidents in the US involved SaaS/M365 account compromise and phishing or email-based social engineering, making credential abuse the single most effective initial access vector.

Despite this upward trend, investment in existing security awareness training (SAT) isn’t moving the needle on reducing risk. 84% of organizations still measure success through completion rates¹, even though completion of standard training correlates with less than 2% real improvement in risky behavior.² By prioritizing completion, organizations reward time spent rather than meaningful engagement, yet time in training doesn’t translate to retention or real-world decision-making. This compliance-first approach has left the workforce unprepared for the threats they actually face.

At the same time, attacks have evolved. Highly personalized, AI-generated campaigns now move fluidly across email, Slack, Teams, Zoom, and beyond, blending channels and even targeting systems directly through techniques like prompt injection. This new reality demands a different approach: one that treats people and the tools they use as a single ecosystem, where behavior and detection continuously inform and strengthen each other.

Only an adaptive communication security system can keep pace with the speed, creativity, and cross channel nature of today’s threats. 

Ushering in the adaptive era of workplace security

With this release, Darktrace brings together our new behavior-driven training solution with email detection, cross-channel visibility, and platform-level insights. Powered by Self-Learning AI, it delivers protection across both people and the communication tools they rely on every day, including email, Slack, Teams, and Zoom.

Each component learns from the others – training adapts to real user behavior, detection evolves across channels, and response is continuously refined – creating a powerful feedback loop that strengthens resilience and improves accuracy against today’s AI-driven threats.

Introducing: Unified training and email security for a self-improving email defense

Our brand new product, Darktrace / Adaptive Human Defense, closes the gap between human behavior and email security to continuously strengthen both people and defenses. Each user receives personalized training that adapts to their own inbox activity and skill level, with learning delivered directly within the flow of their day-to-day email interactions.

By learning from each user’s interactions with security training, it adapts security responses, creating a closed-loop system where training reinforces detection and detection informs training. Let’s look at some of the benefits.

• Reduce successful phishing at the source with contextual Just in Time coaching: Contextual coaching appears directly in real email threads the moment risky behavior is detected, so habits change where mistakes actually happen. Configurable triggers and group policies target the right users, reducing repeated errors and administrative overhead.
• Adaptive phishing simulations that progress automatically with each user: Embedded simulations vary in their degree of realism, from generic phishing to generative AI-enabled spear phishing. Users progress through the difficulty levels based on their performance to give an accurate picture of their phishing preparedness.  
• Native email security integration turns human behavior into quantified risk: The native email security integration allows engagement, links clicked, and question success signals to flow back into / EMAIL recipes and models, so detection and response adapt automatically as users learn.  
• Actionable risk and trend analytics beyond completion rates: Analytics that surface repeat offenders, high-value targets, and measurable exposure, moving beyond completion metrics to give leaders actionable insights tied to real behavior.

Learn more about / Adaptive Human Defense in the product solution brief.

Industry-first cross-channel full-message analysis for email, Slack, Teams, and Zoom

Darktrace now brings full-message analysis to Email, Slack, Teams, Zoom, and even generative AI prompts. The same leading behavioral analysis from EMAIL extends to every message, tracing intent, tone, relationships, and conversation flow across all communication activity for a complete understanding of every user interaction.

By correlating messaging and collaboration activity with email and account environments, cross-channel analysis reveals multi-domain attack paths and follows both users and threats as a single, continuous narrative – delivering better context to improve detection across the entire organization.

• Eliminate cross-channel blind spots: Detect phishing, malware, account takeovers, and conversational manipulation across email and collaboration platforms, so attackers can’t exploit Slack, Teams, or Zoom as a new entry point. Unified behavioral analysis gives security teams a coherent, single view, for no more fragmented, channel-specific gaps.
• Spot generative AI prompt injection attacks before they manipulate assistants: Dedicated models surface threats targeting corporate AI assistants – like ShadowLeak and Hashjack – before they can silently manipulate workflows, reducing risk before static filters catch up.

Learn more about Darktrace’s messaging security offering in the product solution brief.

Industry-first DMARC with bi-directional ASM and email security integration

Darktrace transforms domain protection by linking DMARC, attack surface intelligence, and email security into a single, continuously evolving workflow. Instead of treating domain authentication and exposure as separate tasks, this unified approach shows not just where domains are vulnerable, but how attackers are actively exploiting them.

• Fix authentication weaknesses faster: SPF, DKIM, DMARC configurations, and external exposure data are analyzed together, giving teams clear guidance to correct weaknesses before they can be abused. Deep bidirectional integration with attack surface intelligence reduces impersonation risk at the source.
• Accelerate email investigations: DMARC context is embedded directly into email workflows, enriching triage with authentication posture, internal/external sender lists, and seamless pivots between email and domain intelligence for faster, more accurate investigations.

Committed to innovation

These updates are part of a broader Darktrace release, which also includes:

• Innovations in cloud security with continuous Kubernetes posture management, as well as native integrations with Proactive Exposure Management (PEM) and Attack Surface Management (ASM).
• Innovations to Darktrace / Forensic Acquisition & Investigation, including faster cloud incident investigations, automated and on-demand forensic data capture across hybrid environments, and open forensic coverage for third-party endpoint and XDR ecosystems.
• Introduction of a new Alerts Dashboard in the ActiveAI Security Portal, enabling unified alert triage, AI-driven incident correlation, and coordinated investigations across multiple deployments to reduce response times and operational complexity.‍
• Innovations in OT security, including Operational Overview Architecture diagrams, Operational Overview reporting, expanded ICS & IoMT device classification, and expanded OT & IIoT Protocol Coverage.
• Further updates to / NETWORK, / ENDPOINT, Cyber AI Analyst, and cross-platform products.

‍

Join our Live Launch Event on April 14, 2026.

Join us for an exclusive announcement event where Darktrace, the leader in AI-native cybersecurity, will be announcing our latest innovations, including  a demo of our new product / Adaptive Human Defense, an exclusive conversation with a Darktrace customer, and a deep dive into the Darktrace ActiveAI Security Portal.  

Register here.

‍

‍References

[1] 84% of organizations still measure security awareness training success through completion rates, a vanity metric with no correlation to behavior change. (Source:  NIST Awareness Effectiveness Study, Forrester 2025)

[2] 'Limited benefit from embedded phishing training. Using randomized controlled trials and statistical modeling, embedded training provides a statistically-significant reduction in average failure rate, but of only 2%.' Ho, G., Mirian, A., Luo, E., Tong, K., Lee, E., Liu, L., Longhurst, C. A., Dameff, C., Savage, S., & Voelker, G. M. (2025). Understanding the Efficacy of Phishing Training in Practice. Proceedings of the 2025 IEEE Symposium on Security and Privacy.