Darktrace Antigena

Book a Free Trial

Darktrace Antigena is the world’s first Autonomous Response solution. Powered by award-winning Cyber AI, it responds to cyber-attacks in a matter of seconds — when security teams are overwhelmed or simply aren’t around.

The technology works like a digital antibody, intelligently generating a targeted and proportionate response whenever a threatening incident arises in network, email or cloud environments.

Every 3 seconds, Darktrace Antigena responds to a cyber-threat.

Autonomous Response AI Decision-Making

Darktrace Antigena takes action against in-progress cyber-threats, stopping them in their tracks before any damage is done. Crucial for defending against fast-moving threats such as ransomware, Antigena reacts in seconds, giving your security team time to catch up without interrupting daily business operations. Its autonomous decisions are:

  • made in real time
  • repeatedly updated by continued observation of threats as they unfold
  • informed by combined behavior, not single data points
  • based on the broadest understanding of devices and people in the organization

Antigena is an intelligent decision-making engine that uses your existing security investments and capabilities in order to take action. This results in a step change improvement in ROI from your existing security stack.

Key Benefits

Surgical Response
No disruption to your organization
Reacts in seconds
Stops an attack spreading in real-time
You choose where it acts, and how
Full oversight
Mobile alerts when Antigena steps in
The next phase in our journey towards autonomous security is autonomous response decision-making.
Lawrence Pingree, Research VP, Gartner
Mobile phone displaying a prioritized list of threats to the organization.
Darktrace Antigena can autonomously and precisely contain in-progress attacks far quicker than our human team can, and ensures our operations stay on track.
Shane Silcox, Information Systems Manager at Layton Construction

Hear more from our customers

Your journey to AI decision-making

Every organization’s journey to Autonomous Response AI is different. But building trust in Antigena is easy — our Mobile App gives you direct oversight and control over any actions taken. You can even start using Antigena during the evenings and the weekend, and build it up from there.

Antigena Use Cases

Human Confirmation Mode
Security team confirms Antigena actions
Active Mode Outside Business Hours
Takes actions when security teams are sleeping or on weekends
High Risk Users
Fights back against threats from new hires and employees who have given notice
Digital Transformation Projects
Neutralizes threats to the cloud, IoT devices, and other innovation projects
Mitigates attacks from impersonation and malicious emails


Available as easy-to-deploy modules, Antigena can react to emerging threats across your digital infrastructure


Antigena Cloud provides 24/7 autonomous protection of your crown jewels and sensitive data in the cloud. It stops insider threats, account takeovers, and critical misconfigurations.

As a cloud-native solution powered by AI, it can continuously analyze behaviors and relationships across diverse cloud platforms and services, from AWS and Azure, to Salesforce, Dropbox, and Office 365. This enterprise-wide context enables the system to only take action on high-confidence threats as they emerge within ephemeral workloads and diverse multi-cloud environments.

Darktrace’s cyber AI technology extends beyond the security that native controls and third-party tools can provide by learning the ‘pattern of life’ for every user, device, and container – without relying on prior assumptions or manual input of known threats.

This evolving understanding of ‘normal’ allows the platform to autonomously respond to never-before-seen external attacks and insider threats in real time.


Antigena Network delivers Autonomous Response AI across the enterprise and Internet of Things. Like a digital antibody, it generates measured and proportionate responses when a significantly threatening incident arises.

Within seconds of detecting a threat, Antigena surgically enforces a device’s normal ‘pattern of life’. It can also integrate with your firewalls or network devices if appropriate.

This autonomous response effectively fights against machine-speed attacks, initiating a range of actions according to the nature and severity of the threat. Antigena can initiate the following actions in just seconds, keeping the digital infrastructure protected even when security teams are out of office:

  • Interrupting unusual connections
  • Changing and editing permissions
  • Temporarily freezing accounts
  • Stopping unusually large amounts of data being sent

In every case, the system works by neutralizing threats while sustaining normal operations. Based on its deep understanding of what ‘normal’ looks like, Darktrace Antigena only interrupts threatening activity, giving the security team time to catch up.


Antigena Email allows Darktrace’s cyber AI to neutralize malicious emails in Office 365.

Introducing intelligent autonomous response into the flow of inbound and outbound email traffic, Antigena Email defends the network against malicious emails that evade the email gateway.

Darktrace’s rich understanding of user relationships, communications, and network activity allows Antigena Email to quickly contextualize events, and respond only to genuine threats, stopping them before they reach the user.

Email-borne attacks that Antigena stops include:

  • Advanced spear phishing
  • Impersonation attempts
  • Data loss
  • High-risk user behaviors

Crucially, the ability of Antigena to analyze email traffic alongside network traffic gives it a holistic understanding of the digital environment, enabling it to analyze individual emails in context, and initiate proportionate, targeted responses to threatening activity.

Proven to Protect

Antigena Prevents IoT Data Exfiltration

At an amusement park in North America, a threat actor attempted to steal sensitive customer data via a vulnerable IoT device: a ‘smart’ locker used by visitors to store personal belongings. This ‘low and slow’ attack successfully evaded rules-based security defenses, but Antigena spotted an unusual quantity of unencrypted data being sent to a rare external site and blocked all outgoing connections from the compromised device.

CEO Spoofing Attempt Blocked by AI

While the CFO of a company was active and operating in the UK, a successful login to his Salesforce account occurred from Ecuador. Recognizing this unusual login location and the sensitive nature of the files, Antigena stepped in. It killed the active login session of the attacker, blocked geographic access to Salesforce from the region, and enforced a strict login policy globally against all of the CFO’s corporate accounts.

Antigena Blocks Hijacked Account

At an electricity distributor, Darktrace’s AI detected a convincing spoof attempt allegedly from the company’s CEO, requesting that a member of the payroll department update the CEO’s direct deposit information. Since the email successfully mimicked the CEO’s typical writing style as well, it could have easily succeeded, but a number of subtle anomalies led Antigena to take action, locking its links and clearly marking it as a spoof.

AI Responds to Office 365 Takeover

Darktrace’s AI caught a supply chain attack targeting a film production studio in LA, after the Office 365 credentials of a trusted supplier had been compromised. From the suppliers account, the attacker sent a plausible email to an employee at the studio which included a malicious link. Understanding the email in its full context, Darktrace revealed this ‘trusted contact’ to be a hijacked account controlled by an attacker and neutralized the malicious payload.