Call a Specialist Today! 800-886-5369

Darktrace Cyber AI Analyst
Augmenting Your Security Team with AI-Driven Investigations

Darktrace Cyber AI Analyst

Cyber AI Analyst is Darktrace’s AI investigation technology, which automatically triages, interprets, and reports on the full scope of security incidents.

Key Benefits

  • Automatically investigates every security event detected by the Enterprise Immune System, 24/7
  • Highlights the most critical issues at any one time for advanced incident prioritization
  • Pulls together related events and behaviors into an Incident Report that can be read in minutes and actioned even by non-technical users
  • Reduces triage time by up to 92%, buying back time so teams can focus on strategic work

Get a Quote


Cyber AI Analyst is Darktrace’s AI investigation technology, which automatically triages, interprets, and reports on the full scope of security incidents.

Automates investigations at speed and scale

Mimics analyst intuition and continually investigates 100% of threats detected

Prioritizes the most relevant incidents

Surfaces and summarizes every urgent incident as it emerges

Writes reports in the form of a digestible narrative

Generates Incident Reports that immediately put teams in a position to take action

The myriad of security tools used by businesses today creates massive quantities of data and surfaces too many alerts for analysts to effectively manage. As threats become increasingly sophisticated and the cyber security industry continues to face a skills shortage, over-worked and under-resourced teams urgently need augmentation.

Cyber AI Analyst, the product of a research initiative from Darktrace’s R&D Center in Cambridge, was built to augment security teams and optimize threat investigation. It continuously examines every event that arises in Darktrace’s Enterprise Immune System, emulating expert human thought processes for autonomous triaging and reporting.

The technology combines expert analyst intuition with the consistency, speed, and scalability of AI. It illuminates the highest priority threats at any one time and rapidly synthesizes all of the context around an attack into a human-readable report.

By applying a combination of supervised and unsupervised machine learning, as well as deep learning methods and advanced mathematics, Cyber AI Analyst can do much of the heavy lifting a human would otherwise have to do. It leverages insights collected from Darktrace’s world-class experts over years of threat investigation to make highly accurate decisions and offers this wealth of knowledge to the public for the first time.

With Cyber AI Analyst, time-to-meaning and time-to-response are dramatically reduced – allowing your team the time to use their expertise where it really matters.

A key feature of the immune system approach and enabled by artificial intelligence, Cyber AI Analyst can sift through large volumes of data at a speed and scale, augmenting human teams and buying back time to focus on strategic work.

Its investigations are enterprise-wide, allowing the technology to piece together disparate anomalies before settling on a high-level conclusion about the nature, root cause, and extent of the wider security incident. This powerful analytical capability has been found to reduce triage time by up to 92%.

Cyber AI Analyst applies various forms of artificial intelligence, including deep learning, as well as supervised machine learning on the ever-growing data set that captures how Darktrace’s human analysts investigate threats.

With this knowledge, Cyber AI Analyst is able to understand which threats are most crucial for investigation, which events constitute a connected incident, and how an attack should be managed.

This is a powerful capability considering that the Enterprise Immune System often surfaces advanced and novel threats that legacy tools cannot identify. Cyber AI Analyst delivers expert analysis of all types of cyber-threats, even those characterized by innovative attack techniques that would be impossible to detect and respond to with pre-defined playbooks.

Cyber AI Analyst is a key technology grounding Darktrace’s Cyber AI Platform.

The technology can communicate valuable contextual information and response recommendations in the form of a concise, meaningful narrative that security experts can then apply their own insight to.

These “Incident Reports” are easily actioned by technical staff and executives alike and can be translated into any language at the click of a button. The reports take an average of three minutes to read, allowing even a non-technical responder to review and remediate sophisticated attacks in minutes.

While Incident Reports are always created for the most critical threats at any one time, investigations can be applied on-demand to any event of interest.

Cyber AI Analyst technology can also be integrated with tools across your security stack, allowing investigations to be triggered based on data from third-party sources like CrowdStrike or Carbon Black. The rich context and insights of Incident Reports can additionally be exported to SIEM, SOAR, or ticketing systems to enhance your existing workflows.

Mimicking a cyber security analyst’s intuition with AI

Every time any model is breached in Darktrace, it triggers the AI Analyst to launch an investigation. The AI forms hypotheses, starts asking the relevant questions and then begins to gather data – at machine speed – in order to find answers. These answers will prompt new hypotheses, and the process continues until a conclusion is formed.

Cyber AI Analyst begins its analysis as soon as the Enterprise Immune System detects a Model Breach or pattern of anomalous activity, which serves as the ‘lead’ of the investigation.

Just like a human analyst, Cyber AI Analyst starts with this lead and then asks questions to generate a plausible hypothesis about the nature of the potential threat and the potential underlying cause.

It then pivots across the enterprise to query data that may confirm, deny, or refine its hypothesis. This process is repeated continuously until Cyber AI Analyst settles on a high-level description of the nature and root cause of the wider security incident.

Cyber AI Analyst’s supervised machine learning does not use historical attack data, but rather learns on a dataset of human analyst behavior that has been accumulating over the past four years. The AI monitors Darktrace’s own experts’ behavior as they investigate threats from across our customer base, mining every action for implicit knowledge on how analysts triage threatening and suspicious activity.

Crucially, Cyber AI Analyst is able to adapt to new and unique situations on the fly, automating thoughtful examinations rather than pre-defined playbooks or encoded human knowledge.

Incident Reports can be downloaded in PDF format to be shared with relevant shareholders, enabling easy reporting for compliance or management requirements.

Generally, an Incident Report includes:

  • A high-level narrative summary of the incident
  • A detailed timeline pulling together all events related to the incident
  • A list of related breaches and devices
  • Attack phases involved in the incident (e.g. initial infection, established foothold, privilege escalation)
  • Details around connections, endpoints, files, beaconing activity, and other relevant data

Cyber AI Analyst continuously builds and tests hypotheses, reasoning to conclusions at machine speed and scale.

Questions? We're here to help.

From offering expert advice to solving complex problems, we've got you covered. Get in touch with a Darktrace Solutions Specialist today to learn more!