Blog
/
Compliance
/
July 17, 2024

What you need to know about the new SEC Cybersecurity rules

In July 2023, the U.S. Securities and Exchange Commission (SEC) adopted new rules concerning cybersecurity incidents and disclosures. This blog describes the new rules and demonstrates how Darktrace can help organizations achieve compliance with these standards.
Written by
Kendra Gonzalez Duran
Principal Analyst
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Kendra Gonzalez Duran
Principal Analyst
Default blog image
17
Jul 2024

What is new in 2023 to SEC cybersecurity rules?

Form 8-K Item 1.05: Requiring the timely disclosure of material cybersecurity incidents.

Regulation S-K item 106: requiring registrants’ annual reports on Form 10-K to address cybersecurity risk management, strategy, and governance processes.

Comparable disclosures are required for reporting foreign private issuers on Forms 6-K and 20-F respectively.

What is Form 8-K Item 1.05 SEC cybersecurity rules?

Form 8-K Item 1.05 requires the following to be reported within four business days from when an incident is determined to be “material” (1), unless extensions are granted by the SEC under certain qualifying conditions:

“If the registrant experiences a cybersecurity incident that is determined by the registrant to be material, describe the material aspects of the nature, scope, and timing of the incident, and the material impact or reasonably likely material impact on the registrant, including its financial condition and results of operations.” (2, 3)

How does the SEC define cybersecurity incident?

Cybersecurity incident defined by the SEC means an unauthorized occurrence, or a series of related unauthorized occurrences, on or conducted through a registrant’s information systems that jeopardizes the confidentiality, integrity, or availability of a registrant’s information systems or any information residing therein. (4)

How can Darktrace assist in the process of disclosing incidents to the SEC?

Accelerate reporting

Darktrace’s Cyber AI Analyst generates automated reports that synthesize discrete data points potentially indicative of cybersecurity threats, forming reports that provide an overview of the evolution and impact of a threat.

Thus, when a potential threat is identified by Darktrace, AI Analyst can quickly compile information that organizations might include in their disclosure of an occurrence they determined to be material, including the following: incident timelines, incident events, incident summary, related model breaches, investigation process (i.e., how Darktrace’s AI conducted the investigation), linked incident events, and incident details. The figure below illustrates how Darktrace compiles and presents incident information and insights in the UI.

Overview of information provided in an ‘AI Analyst Report’ that could be relevant to registrants reporting a material cybersecurity incident to the SEC
Figure 1: Overview of information provided in an ‘AI Analyst Report’ that could be relevant to registrants reporting a material cybersecurity incident to the SEC

It should be noted that Instruction 4 to the new Form 8-K Item 1.05 specifies the “registrant need not disclose specific or technical information about its planned response to the incident or its cybersecurity systems, related networks and devices, or potential system vulnerabilities in such detail as would impede the registrant’s response or remediation of the incident” (5).

As such, the incident report generated by Darktrace may provide more information, including technical details, than is needed for the 8-K disclosure. In general, users should take appropriate measures to ensure that the information they provide in SEC reports meets the requirements outlined by the relevant regulations. Darktrace cannot recommend that an incident should be reported, nor report an incident itself.

Determine if a cybersecurity incident is material

Item 1.05 requires registrants to determine for themselves whether cybersecurity incidents qualify as ‘material’. This involves considerations such as ‘the nature scope and timing of the incident, and the material impact or reasonably likely material impact on the registrant, including its financial condition and results of operations.’

While it is up to the registrant to determine, consistent with existing legal standards, the materiality of an incident, Darktrace’s solution can provide relevant information which might aid in this evaluation. Darktrace’s Threat Visualizer user interface provides a 3-D visualization of an organization’s digital environment, allowing users to assess the likely degree to which an attack may have spread throughout their digital environment. Darktrace Cyber AI Analyst identifies connections among discrete occurrences of threatening activity, which can help registrants quickly assess the ‘scope and timing of an incident'.

Furthermore, in order to establish materiality it would be useful to understand how an attack might extend across recipients and environments. In the image below, Darktrace/Email identifies how a user was impacted across different platforms. In this example, Darktrace/Email identified an attacker that deployed a dual channel social engineering attack via both email and a SaaS platform in an effort to acquire login credentials. In this case, the attacker useding a legitimate SharePoint link that only reveals itself to be malicious upon click. Once the attacker gained the credentials, it proceeded to change email rules to obfuscate its activity.

Darktrace/Email presents this information in one location, making such investigations easier for the end user.

Darktrace/Email indicating a threat across SaaS and email
Figure 2: Darktrace/Email indicating a threat across SaaS and email

What is regulation S-K item 106 of the SEC cybersecurity rules?

The new rules add Item 106 to Regulation S-K requiring registrants to disclose certain information regarding their risk management, strategy, and governance relating to cybersecurity in their annual reports on Form 10-K. The new rules add Item 16K to Form 20-F to require comparable disclosure by [foreign private issuers] in their annual reports on Form 20-F. (6)

SEC cybersecurity rules: Risk management

Specifically, with respect to risk management, Item 106(b) and Item 16K(b) require registrants to describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats, as well as whether any risks from cybersecurity threats, including as a result of any previous cybersecurity incidents, have materially affected or are reasonably likely to materially affect them. The new rules include a non-exclusive list of disclosure items registrants should provide based on their facts and circumstances. (6)

SEC cybersecurity rules: Governance

With respect to governance, Item 106 and Item 16K require registrants to describe the board of directors’ oversight of risks from cybersecurity threats (including identifying any board committee or subcommittee responsible for such oversight) and management’s role in assessing and managing material risks from cybersecurity threats. (6)

How can Darktrace solutions aid in disclosing their risk management, strategy, and governance related to cybersecurity?

Impact scores

Darktrace End-to-End (E2E) leverages AI to understand the complex relationships across users and devices to model possible attack paths, giving security teams a contextual understanding of risk across their digital environments beyond isolated CVEs or CVSS scores. Additionally, teams can prioritize risk management actions to increase their cyber resilience through the E2E Advisory dashboard.

Attack paths consider:

  • Potential damages: Both the potential consequences if a given device was compromised and its immediate implications on other devices.
  • Exposure: Devices' level of interactivity and accessibility. For example, how many emails does a user get via mailing lists and from what kind of sources?
  • Impact: Where a user or asset sits in terms of the IT or business hierarchy and how they communicate with each other. Darktrace can simulate a range of possible outcomes for an uncertain event.
  • Weakness: A device’s patch latency and difficulty, a composite metric that looks at attacker MITRE methods and our own scores to determine how hard each stage of compromise is to achieve.

Because the SEC cybersecurity rules require “oversight of risks from cybersecurity threats” and “management’s role in assessing and managing material risks from cybersecurity threats” (6), the scores generated by Darktrace E2E can aid end-user’s ability to identify risks facing their organization and assign responsibilities to address those risks.

E2E attack paths leverage a deep understanding of a customer’ digital environment and highlight potential attack routes that an attacker could leverage to reach critical assets or entities. Difficulty scores (see Figure 5) allow security teams to measure potential damage, exposure, and impact of an attack on a specific asset or entity.

An example of an attack path in a digital environment
Figure 3: An example of an attack path in a digital environment

Automatic executive threat reports

Darktrace’s solution automatically produces Executive Threat Reports that present a simple visual overview of model breaches (i.e., indicators of unusual and threatening behaviors) and activity in the network environment. Reports can be customized to include extra details or restricted to high level information.

These reports can be generated on a weekly, quarterly, and yearly basis, and can be documented by registrants in relation to Item 106(b) to document parts of their efforts toward assessing, identifying, and managing material risks from cybersecurity threats.

Moreover, Cyber AI Analyst incident reports (described above) can be leveraged to document key details concerning significant previous incidents identified by the Darktrace solution that the registrant determined to be ‘material’.

While the disclosures required by Item 106(c) relate to the governance processes by which the board of directors, the management, and other responsible bodies within an organization oversee risks resulting from cybersecurity threats, the information provided by Darktrace’s Executive Threat Reports and Cyber AI Analyst incident reports can also help relevant stakeholders communicate more effectively regarding the threat landscape and previous incidents.

DISCLAIMER

The material above is provided for informational purposes only. This summary does not constitute legal or compliance advice, recommendations, or guidance. Darktrace encourages you to verify the contents of this summary with your own advisors.

References

  1. Note that the rule does not set forth any specific timeline between the incident and the materiality determination, but the materiality determination should be made without unreasonable delay.
  2. https://www.sec.gov/files/form8-k.pdf
  3. https://www.sec.gov/news/press-release/2023-139
  4. https://www.ecfr.gov/current/title-17/chapter-II/part-229
  5. https://www.sec.gov/files/form8-k.pdf
  6. https://www.sec.gov/corpfin/secg-cybersecurity

Written by
Kendra Gonzalez Duran
Principal Analyst
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Kendra Gonzalez Duran
Principal Analyst

Chinese APT Campaign Targets Entities with Updated FDMTP Backdoor

Network
May 14, 2026
Tara Gould
Malware Research Lead
Watch the NIS2 Webinar
Trending blogs
1
Darktrace Recognized as the Only Visionary in the 2026 Gartner® Magic Quadrant™ for CPS Protection Platforms
Mar 20, 2026
2
How Empowering End Users can Improve Your Email Security and Decrease the Burden on the SOC
May 8, 2024
3
Elevating Network Security: Confronting Trust, Ransomware, & Novel Attacks
Jun 21, 2024
4
The State of AI in Cybersecurity: Unveiling Global Insights from 1,800 Security Practitioners
Apr 9, 2024
5
The State of AI in Cybersecurity: The Impact of AI on Cybersecurity Solutions
May 13, 2024

More in this series

No items found.
Continue reading
Compliance
May 22, 2026

The CIP-015 Countdown: What Utilities Should Be Doing Before October 2028

CIP-015 is pushing utilities beyond perimeter security toward continuous internal network visibility. This blog explores what the standard requires, why anomaly detection and evidence retention matter, and how utilities can build a defensible INSM capability before the October 2028 compliance deadline.
Jeffrey Macre
Principal Industrial Security Solutions Architect
Read more
Compliance
September 22, 2025

Understanding the Canadian Critical Cyber Systems Protection Act

The Canadian federal Government introduced Bill C-8 which would enact the Critical Cyber Systems Protection Act (CCSPA). The CCSPA will formalize baseline cybersecurity duties for operators in federally regulated critical sectors.
The Darktrace Community
Read more
Compliance
September 8, 2025

Cyber Assessment Framework v4.0 Raises the Bar: 6 Questions every security team should ask about their security posture

A practical guide to the key detection and response updates in CAF v4.0, including anomaly-based detection, machine-led threat hunting, and proactive security posture requirements.
Read more

Blog

/

/

May 28, 2026

From Efficiency to Exposure: How AI Adoption Is Creating Unseen Vulnerabilities on the Factory Floor

AI in manufacturingDefault blog imageDefault blog image

How AI agents impact the manufacturing industry

Security teams and IT personnel across the manufacturing industry are under constant pressure to protect production, maintain uptime, and safeguard critical assets but the rise of AI is bringing huge new opportunities alongside new cyber risks. Across manufacturing, AI is embedded into workflows, decision-making, and increasingly, autonomous AI agents are acting on behalf of employees and systems.  

Agentic systems are powerful because they can act independently, but that same autonomy also creates cyber and operational risk. Agents have extensive permissions and are capable of carrying out complex tasks, making decisions, and interacting with tools or external systems with little to no human intervention.

Unlike traditional AI models that perform predefined tasks, AI agents use advanced techniques to mimic human decision-making processes, dynamically adapting to new challenges, making decision and taking action based on their own judgement. They look like employees operationally but lack judgment, ethics, or fear of consequences like humans do. This means they can be easily manipulated by cybercriminals, and an AI agent embedded across an OT network creates threats that extend well beyond data exposure. For example, at BMW, AI identifies faults in welding processes as they occur. At its Spartanburg plant, AI monitors the weld of 300-400 metal studs onto every SUV frame to detect misplaced or faulty studs and correct them instantly. Corruption of BMW’s AI system could lead to catastrophic quality control errors.

Adopting agentic AI systems across manufacturing raises some concerns across security teams. New data from our State of AI Cybersecurity survey shows that 78% of manufacturing security professionals are worried about employee use of AI agents – their top concern. That’s followed by employee use of generative AI tools like CoPilot and ChatGPT, a worry for 76% of security professionals at manufacturing organizations. As these tools gain more access to business data and processes, and more autonomy within organizations, security teams, who today have minimal visibility of agent activity in their environments, increasingly have sensitive data exposure (a worry for 60%) and accidental policy and regulatory violations (59%) on their minds.

External AI-powered threats are evolving just as quickly

The same capabilities transforming manufacturing are also reshaping cyberattacks.

AI is enabling attackers to automate reconnaissance, refine targeting, and adapt in real time. What once required time and manual effort can now be executed continuously and at scale. Manufacturers are already seeing the impact. According to manufacturing security professionals we surveyed, 76% are already being impacted by AI-powered threats and 90% see AI increasing the success of social engineering attacks.

And the techniques themselves are evolving. Concerns across the manufacturing sector show growing anxiety about the range of AI-powered attack routes, most pressingly of adaptive malware that evolves in real-time – a prospect half (49%) of manufacturing security professionals we surveyed are worried by, a full 9% more than the average across industries. AI adaptive malware is followed by:

  • Automated vulnerability scanning and exploit chaining (48%) which has become even more pressing as Anthropic’s new Mythos AI Model supercharges vulnerability discovery
  • Hyper-personalized phishing campaigns (46%), which remain a mainstay in hackers’ arsenals, and AI has amplified their effectiveness by making phishing emails more convincing and harder to detect.

This is not just an increase in volume, it is a shift toward threats that evolve as they unfold - often faster than static defenses can respond.

Despite rising awareness, many manufacturers are not yet equipped to manage this shift. More than half (51%) say they are not adequately prepared for AI-driven threats, and only 37% have formal policies governing AI deployment.  

Securing AI through visibility, context, and guardrails

Addressing this challenge does not require manufacturers to slow innovation. It requires a different approach to security, one that can operate at the same speed and scale as AI. Three specific priorities are emerging for manufacturers looking to take advantage of the power of AI.

Visibility is foundational.  

Organizations need to understand where AI is being used, what it can access, and how it behaves across both IT and OT environments. Without that, risk cannot be measured or managed. It is no surprise that Darktrace’s research found that 91% of manufacturing security professionals said that they need to understand how AI makes decisions before trusting it. This is even more critical in operational settings where disruption has safety, environmental, financial, and reputational impacts.

Context is what turns visibility into action.  

In environments shaped by AI, normal behavior is constantly shifting. Detecting threats requires a behavioral approach; understanding patterns of life across the organization and identifying subtle deviations in real time – a step change in organizations’ traditional approach to security and risk management.

Guardrails ensure that agency does not become exposure  

As AI systems take on greater responsibility, organizations need clear boundaries around what they can do and when they can act independently. These controls must be embedded into systems themselves, not applied after the fact.  

Securing AI Agents Across Manufacturing IT and OT

The rise of agentic AI is transforming manufacturing - powering next-generation operations while reshaping the security landscape. This is not just an increase in threats, but a shift to autonomous systems, continuously evolving behaviors, and risks moving at machine speed. For organizations trying to grapple with the challenge of enabling AI while managing the risk, visibility, context and guardrails should be foundational.

Darktrace helps manufacturers build secure AI approaches by making those foundations possible. It provides visibility and real-time detection and response to unusual activity across IT and OT environments and allows organizations to understand AI activity from the prompts employees use and the agents they build to how those agents are behaving across the environment. For manufacturers scaling AI, this delivers a foundation for innovation without sacrificing control.

Continue reading
About the author
Oakley Cox
Director of Product

Blog

/

/

May 28, 2026

How to Evaluate AI Vendors: 5 Key categories for AI Adoption

Default blog imageDefault blog image

Understanding the AI buyers’ market

AI adoption has become a central topic of discussion in boardrooms, drawing growing interest from business leaders. Ultimately, organizations hope that an investment in AI technology will have tremendous returns. However, the process of buying an AI solution is not as straight forward as it appears on the surface.  

While business leaders may be eager to improve productivity across their operations, practitioners responsible for evaluating and selecting AI solutions may not always have the visibility or technical understanding needed to make the right decisions for their business. What is typically marketed as a holistic solution to their most critical problems is usually followed by uncertainty when AI tools are finally operationalized in real environments.

This guide is intended to support security leaders who are under growing pressure to adopt AI tools while navigating complex terminology, vendor claims, and increasingly crowded buying cycles. Ultimately, the goal is to help organizations evaluate and adopt AI in a safe, effective, and well-governed way. To support this, we’ve structured the evaluation framework across five key categories:

  1. Governance, safety, and data controls
  1. Data gathering and training
  1. Model and technique choice
  1. Performance and accuracy validation    
  1. Interpretability, adjustability, and transparency    

What buying AI looks like in cybersecurity

While investing in AI can bring immense benefits to your security team, first-time buyers of AI cybersecurity solutions may not know where to start. They will have to determine the type of tool they want, know the options available, and evaluate vendors. Research and understanding are critical to ensure purchases are worth the investment.  

With acceleration in AI adoption, accompanied by the recent boom in agentic AI and autonomous agents, CISOs must look “beneath the hood" of these tools to understand how they work, how they are governed, and to ensure the system is secure and compliant with internal policies.

Challenges in the AI buyers’ marketplace  

The AI security software market is buzzing with hype and flashy promises, which, understandably, needs to be addressed with due diligence. Potential buyers, especially in the cybersecurity space, are hesitant when it comes to allowing AI autonomous capabilities across their workflows, and a lack of vendor transparency can exacerbate those feelings.  

Reinforcing this sentiment, research from this year's Darktrace’s State of AI Cybersecurity report shows where confidence and hesitancy emerge amongst potential buyers. On the one hand, security professionals agree that they have good visibility into the logic and reasoning processes their AI solutions use. However, they lack the explainability and trust to allow AI to take independent remedial action.

  • 89% say they have good visibility into the reasoning behind the outputs generated by AI solutions
  • 92% say they need to understand how a defensive AI tool makes decisions before they can trust it
  • Only 14% say they allow AI to act independently, performing autonomous actions without human approval
  • 74% say they are limiting the autonomy of AI taking action in their SOC until explainability improves

Given the desire for trust and explainability we are seeing from buyers, it's important for them to be equipped with the right questions to ask vendors during an assessment or POV of AI tools in order to demystify marketing hype from real operational outcomes.

Below is a list of categories in which buyers can assess AI vendors or AI Service Providers (AISPs) to help reach safe adoption and maximize their ROI.  

5 categories of AI vendor assessment

Darktrace groups these AI-related questions into 5 categories: governance, data and training, model and technique choice, performance validation, and interpretability and adjustability. By asking questions regarding each of these 5 categories, buyers can gain a deeper understanding of how an AISP’s systems work and whether they suit their business requirements.

Governance, safety, and data controls

Governance of AI systems is critical for all AISPs. Whether their platform is based around a single model, or is a more complex, composite AI solution, strong governance is essential to ensure the system is safe, robust, and reliable.

A simple question you could ask is:

What AI governance policies and frameworks do you follow, and/or certifications do you currently maintain?

For more questions you can ask vendors, download the full guide here.

Darktrace is certified to the ISO/IEC 42001 standard, the world’s first AI Management System (AIMS) standard. ISO/IEC 42001 addresses the unique ethical and technical challenges AI poses by setting out a structured way to manage risks such as transparency, accuracy, and misuse. This includes a commitment to ethical AI development, and effective management and monitoring of AI systems both prior to and continually after release.

Data gathering and training

Accurate, meaningful, and unbiased data gathering is the first important step in producing any AI system. An AI model trained using inaccurate, unbalanced, or poor-quality training data will fail to perform optimally.

To alleviate concerns regarding training data quality, a question you could ask is:

What steps do you take to prevent bias in your AI models and training data?

For more questions, download the full guide here.

AISPs should be able to provide information about the steps taken, workflows followed, and auditing performed to reduce AI bias where appropriate. While it’s sometimes impossible to fully remove bias from an AI model, appropriate actions should be taken to mitigate or reduce bias where relevant.

Model and technique choice

Different AI techniques are optimal for different tasks. For example, research from Gartner suggests that relying on a single “one-size-fits-all" model can lead to data gaps, especially in highly specialized domains.

To achieve more accurate and robust AI solutions, AI leaders should move beyond using just one model or technique, embrace composite AI practices, and adopt a holistic AI system perspective.

A straightforward question you could ask is simply:

What type(s) of AI model(s) do you utilize in your solution?

For more questions, download the full guide here.

While specific detailed information about custom systems used by AISPs is likely proprietary, buyers should expect vendors to be able to provide an overview of the broad techniques used. This will allow you as a buyer to determine if the type of model is appropriate for your use case.

Performance and accuracy validation  

Testing and evaluation of performance is essential for all AI systems. Performance analysis should be performed both before release and continually after release to identify potential data or model drift.  

A question you could ask to understand an AISPs testing workflow is:

How do you audit, test, evaluate, verify, and validate your AI model outputs?

For more questions, download the full guide here.

Testing workflows will likely vary depending on the type of model – measurements relevant to one system may not always be relevant to others. Assessment of systems should also extend beyond these standard accuracy and robustness tests, and should also feature physical performance, such as latency and resource consumption.  

Interpretability, adjustability, and transparency  

AI systems are typically a black box, simply providing an output without an explanation of how that output was attained. Interpretability and transparency are critical to ensure that both SOC teams and end-users trust the outputs of a system to be accurate and meaningful.

A question you could ask is:

How do you promote a trust relationship between human analysts and AI outputs?

For more questions, download the full guide here.

In the context of cybersecurity, trust and interpretability are even more essential. This is particularly relevant for generative AI-based systems (including most AI Agents), where the risk of hallucination can reduce trust in responses.

Cybersecurity systems often need to perform autonomous actions to block incoming threats – an email filtering system may hold potentially dangerous emails; a firewall may block malicious inbound connections. If SOC teams can’t trust these systems to perform accurately, these systems may be limited or disabled, critically reducing their defensive power.

Darktrace as an AI-native cybersecurity vendor

Darktrace has been building and applying AI in cybersecurity for over a decade, developing its capabilities alongside an increasingly complex and fast‑moving threat landscape. This experience has resulted in a mature, multi-layered approach to AI, which continuously learns the normal patterns of each organization to understand behavior, interpret context, and identify meaningful deviations — without relying on predefined rules or known attack signatures. Over time, this has enabled a proven behavioral understanding that helps uncover subtle signals of risk that may otherwise be missed.

With the backing of our ISO/IEC 42001 certification, stakeholders, customers, and partners can be confident that Darktrace is responsibly, ethically, and safely developing its AI systems, and managing the use of AI in day-to-day operations in a compliant and secure manner.  

Explore the principles behind Darktrace’s responsible AI approach, informed by collaboration with global experts in academia and governments, detailing how accountability, explainability, and continuous validation are built into its cybersecurity technology.

How Darktrace secures AI systems

Darktrace now brings these capabilities to monitor and respond to risk generated from AI systems across organizations with Darktrace / SECURE AI. This solution analyzes how prompts, agents, and systems are used within the context of each organization, bringing every AI interaction into a single view. This unique approach helps teams understand intent, assess risk, protect sensitive data, and enforce policy across both human and AI agent activity.

Stay up to date

Sign up for the Secure AI Readiness Program here: This gives you exclusive access to the latest news on the latest AI threats, updates on emerging approaches shaping AI security, and insights into the latest innovations, including Darktrace’s ongoing work in this area.

Ready to talk with a Darktrace expert on securing AI? Register here to receive practical guidance on the AI risks that matter most to your business, paired with clarity on where to focus first across governance, visibility, risk reduction, and long-term readiness.  

Further Reading on AI in cybersecurity

When deciding to invest in an AI solution, it’s important to understand what this means for you and your organization. The questions presented here are only a starting point in understanding an AI solution and whether it is appropriate for your use case.  

Gain deeper knowledge on applications of AI in cybersecurity and Darktrace’s multi-layered AI in the AI Arsenal White Paper.

[related-resource]

Continue reading
About the author
Jamie Bali
Technical Author (AI) Developer
Your data. Our AI.
Elevate your network security with Darktrace AI