• The first solution that uses an understanding of each individual’s behavior to integrate email security controls with personalized security awareness training; training is personalized based on your inbox activity, and its outcomes used to further strengthen the email security controls in place
• Unique adaptive coaching tailors the difficulty and content of phishing simulations to each person and provides in-the-moment coaching as risks arise
• New Darktrace research points to a gap between employees’ confidence and real-world phishing readiness, with 80% of US office workers saying they could spot phishing day to day, but scoring just 43% on average when tested on whether realistic emails were legitimate or phishing
• New Darktrace / EMAIL™ innovation delivers industry-first cross-channel, full-message analysis across email, Microsoft Teams, Slack, and Zoom to detect social engineering campaigns that move across collaboration tools
• First of its kind two-way, first-party integration between DMARC, attack surface management and email security reduces impersonation risk at the source

CAMBRIDGE, UK – March 24, 2026 – Today, Darktrace, a global leader in AI for cybersecurity, announced the launch of Darktrace / Adaptive Human Defense™, a new generation of security coaching that replaces static, scheduled security awareness training with adaptive real-time coaching and protection. Darktrace / Adaptive Human Defense applies behavioral AI to teach users during their work day, notifying them of risky behavior and providing short, relevant coaching on those risks before bad habits form. The platform uses the results of those micro-coaching sessions to fine-tune safeguards around each person’s inbox, delivering personalized protection across the organization.

The launch comes as new Darktrace research points to a gap between employee confidence from existing security awareness training and actual preparation for modern phishing attacks. While 80% of US office workers surveyed by Darktrace say they are confident they could spot a phishing email in their day-to-day work, in a test of realistic messages only 32% confidently identified an actual phishing email. The findings suggest that established training approaches may be building confidence faster than real-world phishing readiness.

The challenge is not limited to employees. Darktrace’s research suggests security professionals are not strongly convinced that conventional security awareness training is keeping pace with modern phishing. While 62% of security professionals surveyed agree it is effective at preparing employees to identify phishing attempts, only 11% strongly agree, and just 2% say they see no limitations in conventional training. The biggest limitations surveyed professionals identify are training being too one-size-fits all (31%); too focused on failure (27%); and too difficult to measure meaningfully beyond completion or click rates (23%).

In 2025, Darktrace detected 32 million phishing emails targeting its customers, with more than a third (38%) using novel social engineering techniques, likely enabled by AI^[1]. As bad actors use AI tools to evolve their phishing to the limits of human detection and move beyond email into collaboration tools, organizations need an approach that both strengthens human judgment and the protections around them.

Manasseh Tsekpo, Network Security Administrator at City of St. Catharine’s, a Darktrace / Adaptive Human Defense early access customer, commented “While traditional security awareness training clearly helps with confidence, it often doesn’t prepare people for modern phishing attacks. That’s because it’s usually generic and disconnected from what’s really in people’s inboxes. This is the first time we’ve had something that feels like it’s really changing behavior. The coaching is brief, contextual, and it’s helping people build better habits instead of just completing training and moving on. At the same time, we know that Darktrace / EMAIL is in the background giving them the best possible protection, based on that coaching.”

“Security awareness training has become an admin task for employees and a tick box for security teams, not a system that meaningfully reduces risk,” added Jack Stockdale, Chief Technology Officer, Darktrace. “Darktrace / Adaptive Human Defense replaces generic modules and ever more generative AI content with adaptive coaching that meets people in the moment, built around how they actually communicate. And through its two-way connection with Darktrace / EMAIL, organizations can finally create a closed loop where human behavior and technical defenses continually and autonomously strengthen each other.”

Darktrace / Adaptive Human Defense: Security That Learns With Your People

As generative AI helps attackers create more visually convincing, fluent and targeted phishing attacks, it is unrealistic to expect humans to make perfect decisions every time, which is why Darktrace / Adaptive Human Defense creates a continuous feedback loop with Darktrace / EMAIL to ensure both human readiness and technical protection improve together. Its behavioral AI-based adaptive coaching approach personalizes training and protection to the individual and delivers coaching at the moment it's needed. At the same time, an industry-first link between each person’s security training behavior and the protection around their inbox allows Darktrace / EMAIL to adapt its security posture to each individual based on their training signals. Consequently, organizations deploying Darktrace / Adaptive Human Defense can:

• Improve resilience against email threats at the source with contextual, real-time coaching: As soon as risks appear in a person’s inbox, like emails with warning signs of a cryptocurrency scam or suspicious indicators in a discussion of financial transfers, Darktrace / Adaptive Human Defense inserts bite-sized micro coaching sessions into the thread. Each digestible session is tailored to that email and designed to make the user pause and think twice before taking a potentially dangerous action and stop the behavior before it becomes a habit. Configurable triggers and group policies target the right users, and lessons are driven by live email events, cutting rework for admins and reducing repeated risky behavior.
• Automatically adapt phishing simulations to each individual user: Darktrace / Adaptive Human Defense replaces one-size-fits-all tests with simulations tailored to each user. The system dynamically adjusts difficulty based on user performance and creates increasingly difficult to spot simulations as each person progresses through the levels. At its highest level of difficulty, phishing simulations are built directly based on the content in your inbox and phishing simulations are dynamically crafted based on live inbox activity, even giving security teams the option to insert simulations into existing email chains.
• Combine each person’s email security and coaching signals to continuously adapt protections: Connect engagement, links clicked, and question success signals in coaching with Darktrace / EMAIL so detection and response can automatically adapt as people learn. For the first time, security teams can create a closed loop workflow that is continuously and autonomously training, observing, and tightening controls.
• Track actionable risk and trend analytics beyond completion rates: Darktrace / Adaptive Human Defense provides combined risk analytics and trends for every user, enabling security leaders to prioritize repeat offenders, and better protect high risk users with evidence tied to real behavior and events. Organizations gain access to metrics that reflect exposure to the business and individuals, not just attendance.
• Achieve compliance and enable their workforce with e-learning courses: Human generated e-learning content allows security teams to build their security awareness course according to their needs, according to their own policies.

Industry First Cross Channel Full-Message Analysis for Email, Slack, Teams, and Zoom

As social engineering increasingly starts in one channel and escalates in another, Darktrace also today announced that Darktrace / EMAIL is the first solution to provide cross-channel, full-message analysis across email, Microsoft Teams, Slack and Zoom. With the addition of Slack and Zoom to existing protections for email and Microsoft Teams, Darktrace / EMAIL now brings unified security across the channels employees use most to communicate at work for the first time, helping security teams identify blended campaigns and subtle, context-driven manipulation wherever it appears.

As a result, Darktrace / EMAIL eliminates the cross-channel blind spots attackers exploit for pretexting, escalation, and account takeover by detecting phishing, malware, and conversational manipulation with consistent behavioral depth everywhere that workers are communicating. Dedicated models also surface emerging prompt-injection threats targeting corporate AI assistants, helping reduce the risk of silent compromise earlier.

DMARC Upgrades: Reducing Impersonation Risk At The Source With Attack Surface Management Integration

Alongside increasingly sophisticated phishing attacks, AI is enabling bad actors to more effectively impersonate established brands and exploit the trust placed in them. DMARC provides an established standard to help organizations prove that emails sent in their name are authentic and Darktrace is today introducing the first DMARC solution with two-way, first-party integration to attack surface management and leading email security to help teams reduce impersonation risk at the source.

Most organizations still treat domain protection as two separate tasks: DMARC tools validate whether messages claiming to be from your domain are authenticated, while attack surface management maps exposed internet-facing assets and configuration risks. By connecting DMARC, attack surface management, and email security with signals flowing between all three, Darktrace helps teams move faster from inbox events to the underlying fixes. Teams can unify SPF, DKIM, and DMARC configuration with external exposure and DNS-level insights to identify and correct weaknesses before attackers exploit them, and pivot between Darktrace / EMAIL and Darktrace / EMAIL-DMARC to streamline triage.

“Attackers do not care which app your company uses to communicate. They exploit people, context, and trust, then move across channels until they find a moment to succeed,” said Stockdale. “That is why the future of protection is unified and adaptive. If your human layer is trained in isolation, and your security controls are tuned in isolation, you are leaving gaps. With Darktrace / Adaptive Human Defense and expanded cross-channel coverage in Darktrace / EMAIL, we are closing those gaps with a single self-learning AI architecture.”

Additional resources

• Learn more about Darktrace / Adaptive Human Defense: www.darktrace.com/products/email/adaptive-human-defense
• Learn more about Darktrace / EMAIL coverage for Slack and Zoom: www.darktrace.com/products/email/messaging-and-collaboration-apps

About Darktrace

Darktrace is a global leader in AI for cybersecurity that keeps organizations ahead of the changing threat landscape every day. Founded in 2013, Darktrace provides the essential cybersecurity platform protecting organizations from unknown threats using its proprietary AI that learns from the unique patterns of life for each customer in real-time. The Darktrace ActiveAI Security Platform™ delivers a proactive approach to cyber resilience to secure the business across the entire digital estate – from network to cloud to email. It provides pre-emptive visibility into the customer’s security posture, transforms operations with a Cyber AI Analyst™, and detects and autonomously responds to threats in real-time. Breakthrough innovations from our R&D teams in Cambridge, UK, and The Hague, Netherlands have resulted in over 200 patent applications filed. Darktrace’s platform and services are supported by over 2,300 employees around the world who protect nearly 10,000 customers across all major industries globally.

Notes to editor on research methodology (US)

Findings based on survey of 1,000 office workers and 250 IT and security decision-makers and influencers based in the US, working in companies of 250 employees or more. The survey was fielded between March 12^th and March 18^th 2026 by independent market research agency, Opinion Matters

^[1] Darktrace Threat Report 2026

‍