Darktrace introduces Adaptive Human Defense to personalize security training and protection across organizations. March 25, 2026 Darktrace announced the launch of Darktrace / Adaptive Human Defense, a new generation of security coaching that replaces static, scheduled security awareness training with adaptive real-time coaching and protection. Darktrace / Adaptive Human Defense applies behavioral AI to teach users during their work day, notifying them of risky behavior and providing short, relevant coaching on those risks before bad habits form. The platform uses the results of those micro-coaching sessions to fine-tune safeguards around each person's inbox, delivering personalized protection across the organization. The launch comes as new Darktrace research points to a gap between employee confidence from existing security awareness training and actual preparation for modern phishing attacks. While 80% of US office workers surveyed by Darktrace say they are confident they could spot a phishing email in their day-to-day work, in a test of realistic messages only 32% confidently identified an actual phishing email. The findings suggest that established training approaches may be building confidence faster than real-world phishing readiness. The challenge is not limited to employees. Darktrace's research suggests security professionals are not strongly convinced that conventional security awareness training is keeping pace with modern phishing. While 62% of security professionals surveyed agree it is effective at preparing employees to identify phishing attempts, only 11% strongly agree, and just 2% say they see no limitations in conventional training. The biggest limitations surveyed professionals identify are training being too one-size-fits all (31%); too focused on failure (27%); and too difficult to measure meaningfully beyond completion or click rates (23%). In 2025, Darktrace detected 32 million phishing emails targeting its customers, with more than a third (38%) using novel social engineering techniques, likely enabled by AI. As bad actors use AI tools to evolve their phishing to the limits of human detection and move beyond email into collaboration tools, organizations need an approach that both strengthens human judgment and the protections around them. Manasseh Tsekpo, Network Security Administrator at City of St. Catharine's, a Darktrace / Adaptive Human Defense early access customer, commented "While traditional security awareness training clearly helps with confidence, it often doesn't prepare people for modern phishing attacks. That's because it's usually generic and disconnected from what's really in people's inboxes. This is the first time we've had something that feels like it's really changing behavior. The coaching is brief, contextual, and it's helping people build better habits instead of just completing training and moving on. At the same time, we know that Darktrace / EMAIL is in the background giving them the best possible protection, based on that coaching." "Security awareness training has become an admin task for employees and a tick box for security teams, not a system that meaningfully reduces risk," added Jack Stockdale, Chief Technology Officer, Darktrace. "Darktrace / Adaptive Human Defense replaces generic modules and ever more generative AI content with adaptive coaching that meets people in the moment, built around how they actually communicate. And through its two-way connection with Darktrace / EMAIL, organizations can finally create a closed loop where human behavior and technical defenses continually and autonomously strengthen each other." As generative AI helps attackers create more visually convincing, fluent and targeted phishing attacks, it is unrealistic to expect humans to make perfect decisions every time, which is why Darktrace / Adaptive Human Defense creates a continuous feedback loop with Darktrace / EMAIL to ensure both human readiness and technical protection improve together. Its behavioral AI-based adaptive coaching approach personalizes training and protection to the individual and delivers coaching at the moment it's needed. At the same time, an industry-first link between each person's security training behavior and the protection around their inbox allows Darktrace / EMAIL to adapt its security posture to each individual based on their training signals. Consequently, organizations deploying Darktrace / Adaptive Human Defense can improve resilience against email threats at the source through contextual, real-time coaching. As soon as risks appear in a person's inbox, such as emails showing signs of a cryptocurrency scam or suspicious financial transfer activity, the platform inserts short, targeted coaching sessions directly into the thread. Each session is tailored to the specific email and prompts the user to pause before taking a potentially risky action, helping prevent unsafe behavior from becoming habitual. Configurable triggers and group policies ensure the right users are targeted, while lessons driven by live email events reduce administrative overhead and repeated risk. The platform also automatically adapts phishing simulations to each individual user, replacing generic testing with tailored scenarios. It dynamically adjusts difficulty based on user performance, generating increasingly sophisticated simulations as users progress. At higher levels, simulations are built from real inbox content and live activity, with the option for security teams to insert them directly into existing email threads. It further combines each user's email security signals and coaching outcomes to continuously refine protection. By linking engagement data, clicked links, and response accuracy with detection and response systems, protections evolve alongside user behavior. This creates a closed-loop workflow where training, observation, and enforcement continuously reinforce each other without manual intervention. In addition, the platform provides actionable risk and trend analytics that go beyond simple completion metrics. Security teams gain visibility into individual and organizational risk, allowing them to identify repeat offenders and prioritize high-risk users based on real behavior and events rather than participation alone. Finally, organizations can meet compliance requirements while enabling their workforce through customizable e-learning courses. Security teams can develop and deliver training aligned with internal policies, ensuring awareness programs are both relevant and adaptable to evolving threats. As social engineering increasingly starts in one channel and escalates in another, Darktrace also announced that Darktrace / EMAIL provides cross-channel, full-message analysis across email, Microsoft Teams, Slack and Zoom. With the addition of Slack and Zoom to existing protections for email and Microsoft Teams, Darktrace / EMAIL now brings unified security across the channels employees use most to communicate at work for the first time, helping security teams identify blended campaigns and subtle, context-driven manipulation wherever it appears. As a result, Darktrace / EMAIL eliminates the cross-channel blind spots attackers exploit for pretexting, escalation, and account takeover by detecting phishing, malware, and conversational manipulation with consistent behavioral depth everywhere that workers are communicating. Dedicated models also surface emerging prompt-injection threats targeting corporate AI assistants, helping reduce the risk of silent compromise earlier. Alongside increasingly sophisticated phishing attacks, AI is enabling bad actors to more effectively impersonate established brands and exploit the trust placed in them. DMARC provides an established standard to help organizations prove that emails sent in their name are authentic and Darktrace is today introducing the first DMARC solution with two-way, first-party integration to attack surface management and leading email security to help teams reduce impersonation risk at the source. Most organizations still treat domain protection as two separate tasks: DMARC tools validate whether messages claiming to be from your domain are authenticated, while attack surface management maps exposed internet-facing assets and configuration risks. By connecting DMARC, attack surface management, and email security with signals flowing between all three, Darktrace helps teams move faster from inbox events to the underlying fixes. Teams can unify SPF, DKIM, and DMARC configuration with external exposure and DNS-level insights to identify and correct weaknesses before attackers exploit them, and pivot between Darktrace / EMAIL and Darktrace / EMAIL-DMARC to streamline triage. "Attackers do not care which app your company uses to communicate. They exploit people, context, and trust, then move across channels until they find a moment to succeed," said Stockdale. "That is why the future of protection is unified and adaptive. If your human layer is trained in isolation, and your security controls are tuned in isolation, you are leaving gaps. With Darktrace / Adaptive Human Defense and expanded cross-channel coverage in Darktrace / EMAIL, we are closing those gaps with a single self-learning AI architecture." Earlier this month, Darktrace announced that Ed Jennings has been appointed President and Chief Executive Officer (CEO). Jennings will join Darktrace on March 23. Industrial Cyber News Desk

Darktrace expands MSSP offering with AI-driven managed email security. Darktrace has launched its managed security service for MSSPs, enabling partners to deliver AI-native email security with real-time detection, investigation, and response across the email ecosystem. The launch is supported by updates to the Darktrace Defenders Partner Program designed to provide flexibility and scalability for partners at every stage of their services maturity, helping them expand security offerings and deliver AI-native protection to customers around the world. Email threats continue to grow in sophistication as attackers leverage generative AI to craft more convincing and personalized social engineering campaigns. Analysis of 32 million phishing emails detected across Darktrace's global customer fleet in 2025 shows AI-assisted phishing techniques increased from 32% to 38% year-over-year, highlighting a shift toward longer, more targeted attacks designed to evade traditional defenses. On average, Darktrace research shows that approximately 17% of email threats bypass Secure Email Gateways but are detected by Darktrace's AI. As email threats become harder to detect and faster to execute, many organizations, particularly smaller businesses with limited security resources, are increasingly turning to managed security service providers for support, seeking more flexible ways to consume security and the ability to outsource complex operations. MSSPs play a critical role in extending advanced cybersecurity capabilities to these organizations, but protecting multiple customer environments at scale introduces operational challenges as analysts must investigate large volumes of alerts while maintaining consistent detection and response. By enabling MSSP partners to deliver Darktrace-powered protection as a managed service, the new offering helps make enterprise-grade AI email security accessible to a broader range of organizations. "As organizations face increasingly sophisticated and automated cyber threats, security operations must evolve beyond traditional alert monitoring," said Feras Tappuni, CEO of SecurityHQ, a global managed security service provider. "At SecurityHQ, we focus on engineering security performance for our customers - combining global threat intelligence, advanced AI-driven detection, and human expertise to reduce noise and accelerate response. Technologies like those offered by Darktrace help strengthen that capability by enabling faster detection and deeper investigation across complex environments. By integrating these capabilities into our global security operations, we're helping organizations improve protection while giving security teams the clarity and confidence they need to respond effectively," Tappuni continued. To help MSSPs meet this growing demand while maintaining effective protection at scale, Darktrace today introduces a new AI-native managed email security capability built on its industry-leading Darktrace / EMAIL solution, extending protection across the entire email ecosystem, collaboration platforms like Microsoft Teams, identities, and sensitive data. Darktrace / EMAIL has been widely recognized as a leading email security solution, including being named a Leader in the 2025 Gartner(R) Magic Quadrant for Email Security Platforms and a 2025 Gartner Peer Insights Customers' Choice for Email Security Platforms. Introducing AI-native managed email protection. Darktrace's new managed email security offering enables MSSPs to deliver AI-native protection across email, collaboration platforms, and user identities powered by Self-Learning AI, which continuously learns the normal communication patterns of every user and organization it protects. Instead of relying on traditional static rules or lists, the system dynamically adapts to each environment, identifying subtle behavioral anomalies that may signal early-stage threats such as phishing, business email compromise (BEC), or account takeover (ATO). The service allows partners to deliver Darktrace's advanced messaging and identity security capabilities, including AI-driven threat detection across email, Microsoft Teams, and user identities, integrated data loss prevention (DLP) and DMARC monitoring to prevent sensitive data loss and domain impersonation, as well as behavior-driven security training with Darktrace / Adaptive Human Defense. Together, these capabilities detect and contain advanced threats, prevent data exfiltration, stop spoofing and impersonation attacks, and strengthen user resilience against social engineering. Through this MSSP-ready model, partners can: * Deliver continuous, real-time detection and containment of advanced email threats * Automate investigation and prioritization with AI to reduce manual triage * Maintain consistent protection across multiple customer environments "As a longstanding Darktrace customer and partner, we've seen firsthand how effective its AI-driven approach can be in stopping advanced threats," said Bob Keblusek, Chief Innovation and Technology Officer at Sentinel Technologies, a premier IT services provider and industry leading MSSP. "Darktrace has consistently pushed the boundaries of innovation in cybersecurity, delivering solutions that provide real, long-term value for organizations. That track record made it a natural fit to build a managed security practice around their technology. With this new managed services model, we're able to bring Darktrace's advanced capabilities to more customers, helping them strengthen protection against evolving threats while reducing operational burden," Keblusek added. To support partners operating across multiple customer environments and enable service delivery at scale, Darktrace has also introduced enhancements to its ActiveAI Security Portal, which unifies control, configuration, and visibility across all Darktrace deployments. The newly introduced SOC Alert Triage Dashboard provides multi-tenant visibility and AI-driven alert investigation and triage across multiple customer environments. The portal enables analysts to investigate incidents, manage workloads, and coordinate response across clients from a single interface, helping service providers streamline SOC operations and accelerate response times. "Customers today prioritize outcomes over additional standalone security tools," said Mathias Schick, Business Manager Security at Bechtle. "Especially in the mid-market, organizations often lack the capacity, both financially and operationally, to manage complex security environments themselves. By integrating Darktrace's technology into our managed services portfolio, we can deliver a complete, automated security offering that reduces friction for customers while strengthening protection against increasingly sophisticated threats." Expanding the Darktrace Defenders Partner Program. Darktrace is expanding support for MSSPs within the Darktrace Defenders Partner Program, providing partners with greater flexibility to build and scale security services. The program introduces a flexible framework designed around partner needs, allowing organizations to engage as resellers, service providers, or fully managed security providers. Key features of the program include: * Flexible commercial models designed for MSSP business structures * Scalable deployment paths that accelerate time-to-value * Co-selling, enablement, and go-to-market support to help partners expand services * Unified management capabilities that simplify operations across customer environments This flexible model allows partners to grow their services business at their own pace while unlocking new recurring revenue opportunities. "Our partners are at the forefront of helping organizations defend against increasingly sophisticated cyber threats," said Dan Monahan, Chief Partner Officer, Darktrace. "By expanding MSSP capabilities within the Darktrace Defenders Partner Program and introducing AI-native email security services, we're enabling partners to bring innovative AI-powered protection to market as managed services, helping them protect customers, scale their operations, and unlock new revenue opportunities." More about