Threat Detection & DefensePress Release

Darktrace Introduces Darktrace / Adaptive Human Defense

A New Generation of Personalised, Real-Time Security Training and Protection

Darktrace, a global leader in Artificial Intelligence (AI) for cybersecurity, has announced the launch of Darktrace / Adaptive Human Defense™, a new generation of security coaching that replaces static, scheduled security awareness training with adaptive, real-time coaching and protection. Darktrace / Adaptive Human Defense applies behavioural AI to teach users during their workday, notifying them of risky behaviour and providing short, relevant coaching on those risks before bad habits form. The platform uses the results of those micro-coaching sessions to fine-tune safeguards around each person’s inbox, delivering personalised protection across the organisation.

The launch comes as new Darktrace research points to a gap between employee confidence from existing security awareness training and actual preparation for modern phishing attacks. While 80% of US office workers surveyed by Darktrace say they are confident they could spot a phishing email in their day-to-day work, in a test of realistic messages, only 32% confidently identified an actual phishing email. The findings suggest that established training approaches may be building confidence faster than real-world phishing readiness.

The challenge is not limited to employees. Darktrace’s research suggests security professionals are not strongly convinced that conventional security awareness training is keeping pace with modern phishing. While 62% of security professionals surveyed agree it is effective at preparing employees to identify phishing attempts, only 11% strongly agree, and just 2% say they see no limitations in conventional training. The biggest limitations surveyed professionals identify are training being too one-size-fits-all (31%); too focused on failure (27%); and too difficult to measure meaningfully beyond completion or click rates (23%).

In 2025, Darktrace detected 32 million phishing emails targeting its customers, with more than a third (38%) using novel social engineering techniques, likely enabled by AI1. As bad actors use AI tools to evolve their phishing to the limits of human detection and move beyond email into collaboration tools, organisations need an approach that both strengthens human judgment and the protections around them.

Manasseh Tsekpo, Network Security Administrator at City of St. Catharine’s, a Darktrace / Adaptive Human Defense early access customer, commented, “While traditional security awareness training clearly helps with confidence, it often doesn’t prepare people for modern phishing attacks. That’s because it’s usually generic and disconnected from what’s really in people’s inboxes. This is the first time we’ve had something that feels like it’s really changing behaviour. The coaching is brief, contextual, and it’s helping people build better habits instead of just completing training and moving on. At the same time, we know that Darktrace / EMAIL is in the background, giving them the best possible protection, based on that coaching.”

“Security awareness training has become an admin task for employees and a tick box for security teams, not a system that meaningfully reduces risk,” added Jack Stockdale, Chief Technology Officer at Darktrace. “Darktrace / Adaptive Human Defense replaces generic modules and ever more generative AI content with adaptive coaching that meets people in the moment, built around how they actually communicate. And through its two-way connection with Darktrace / EMAIL, organisations can finally create a closed-loop where human behaviour and technical defences continually and autonomously strengthen each other.”

Adaptive Human Defense

Darktrace / Adaptive Human Defense: Security That Learns With Your People

As generative AI helps attackers create more visually convincing, fluent, and targeted phishing attacks, it is unrealistic to expect humans to make perfect decisions every time, which is why Darktrace / Adaptive Human Defense creates a continuous feedback loop with Darktrace / EMAIL to ensure both human readiness and technical protection improve together. Its behavioural AI-based adaptive coaching approach personalises training and protection to the individual and delivers coaching at the moment it is needed. At the same time, an industry-first link between each person’s security training behaviour and the protection around their inbox allows Darktrace / EMAIL to adapt its security posture to each individual based on their training signals. Consequently, organisations deploying Darktrace / Adaptive Human Defense can:

  • Improve resilience against email threats at the source with contextual, real-time coaching: As soon as risks appear in a person’s inbox, like emails with warning signs of a cryptocurrency scam or suspicious indicators in a discussion of financial transfers, Darktrace / Adaptive Human Defense inserts bite-sized micro-coaching sessions into the thread. Each digestible session is tailored to that email and designed to make the user pause and think twice before taking a potentially dangerous action, and stop the behaviour before it becomes a habit. Configurable triggers and group policies target the right users, and lessons are driven by live email events, cutting rework for admins and reducing repeated risky behaviour.
  • Automatically adapt phishing simulations to each individual user: Darktrace / Adaptive Human Defense replaces one-size-fits-all tests with simulations tailored to each user. The system dynamically adjusts difficulty based on user performance and creates increasingly difficult-to-spot simulations as each person progresses through the levels. At its highest level of difficulty, phishing simulations are built directly based on the content in your inbox, and phishing simulations are dynamically crafted based on live inbox activity, even giving security teams the option to insert simulations into existing email chains.
  • Combine each person’s email security and coaching signals to continuously adapt protections: Connect engagement, links clicked, and question success signals in coaching with Darktrace / EMAIL so detection and response can automatically adapt as people learn. For the first time, security teams can create a closed-loop workflow that is continuously and autonomously training, observing, and tightening controls.
  • Track actionable risk and trend analytics beyond completion rates: Darktrace / Adaptive Human Defense provides combined risk analytics and trends for every user, enabling security leaders to prioritise repeat offenders, and better protect high-risk users with evidence tied to real behaviour and events. Organisations gain access to metrics that reflect exposure to the business and individuals, not just attendance.
  • Achieve compliance and enable their workforce with e-learning courses: Human-generated e-learning content allows security teams to build their security awareness course according to their needs, according to their own policies.

Industry-First Cross-Channel Full-Message Analysis for Email, Slack, Teams, and Zoom

As social engineering increasingly starts in one channel and escalates in another, Darktrace also today announced that Darktrace / EMAIL is the first solution to provide cross-channel, full-message analysis across email, Microsoft Teams, Slack, and Zoom. With the addition of Slack and Zoom to existing protections for email and Microsoft Teams, Darktrace / EMAIL now brings unified security across the channels employees use most to communicate at work for the first time, helping security teams identify blended campaigns and subtle, context-driven manipulation wherever it appears.

As a result, Darktrace / EMAIL eliminates the cross-channel blind spots attackers exploit for pretexting, escalation, and account takeover by detecting phishing, malware, and conversational manipulation with consistent behavioural depth everywhere that workers are communicating. Dedicated models also surface emerging prompt-injection threats targeting corporate AI assistants, helping reduce the risk of silent compromise earlier.

Adaptive Human Defense

DMARC Upgrades: Reducing Impersonation Risk at the Source With Attack Surface Management Integration

Alongside increasingly sophisticated phishing attacks, AI is enabling bad actors to more effectively impersonate established brands and exploit the trust placed in them. DMARC provides an established standard to help organisations prove that emails sent in their name are authentic, and Darktrace is today introducing the first DMARC solution with two-way, first-party integration to attack surface management and leading email security to help teams reduce impersonation risk at the source.

Most organisations still treat domain protection as two separate tasks: DMARC tools validate whether messages claiming to be from your domain are authenticated, while attack surface management maps exposed internet-facing assets and configuration risks. By connecting DMARC, attack surface management, and email security with signals flowing between all three, Darktrace helps teams move faster from inbox events to the underlying fixes. Teams can unify SPF, DKIM, and DMARC configuration with external exposure and DNS-level insights to identify and correct weaknesses before attackers exploit them, and pivot between Darktrace / EMAIL and Darktrace / EMAIL-DMARC to streamline triage.

“Attackers do not care which app your company uses to communicate. They exploit people, context, and trust, then move across channels until they find a moment to succeed,” said Stockdale. “That is why the future of protection is unified and adaptive. If your human layer is trained in isolation, and your security controls are tuned in isolation, you are leaving gaps. With Darktrace / Adaptive Human Defense and expanded cross-channel coverage in Darktrace / EMAIL, we are closing those gaps with a single self-learning AI architecture.”

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *