Darktrace unveils new AI models in Cyber AI Analyst to enhance proactive security

    April 16, 2025
    Cyber AI Analyst is an agentic AI system that mirrors the human investigative process—it can question data, test hypotheses, and reach conclusions without human intervention.
    Related To:
    67ffebb1a32a68a2dcf3b2bf 662fa151c9b9f19973ee0410 Dt Thoma Thumbnail

    Darktrace today announced enhanced capabilities for Cyber AI Analyst, a patented AI system that autonomously performs end-to-end investigations of all relevant alerts and prioritizes incidents. The latest innovations, including the introduction of new proprietary advanced machine learning models, will enhance threat detection, investigation, and alert prioritization, arming security teams with deeper, more granular insights for faster decision-making.

    First introduced in 2019, Cyber AI Analyst is an agentic AI system that mirrors the human investigative process—it can question data, test hypotheses, and reach conclusions without human intervention. Using a combination of advanced AI techniques, including unsupervised machine learning, models trained on expert cyber analysts, and custom security-specific language models, Cyber AI Analyst autonomously investigates and triages alerts at machine speed and scale, mimicking human reasoning to form hypotheses, correlate seemingly unrelated events, and generate transparent and interpretable AI insights with complete incident reports within minutes.

    By investigating all relevant alerts from Darktrace and third-party security tools and surfacing only the most impactful threats, Cyber AI Analyst dramatically streamlines the alert triage and prioritization process, giving security teams more time to focus on what matters. Cyber AI Analyst provides SOCs with the equivalent of up to 30 additional full-time employees performing Level 2 analysis and written reporting annually.

    Introducing Next-Generation AI Models for Cybersecurity

    The continued growth of cybercrime-as-a-service models, combined with the rising use of offensive AI, is increasing the speed, scale, and sophistication of cyberattacks. Security teams are facing a relentless flood of alerts—leaving incidents uninvestigated, increasing alert fatigue, and heightening the risk of missed threats. With the shortage of skilled cyber professionals continuing to grow, organizations are increasingly turning to AI-powered tools to enhance efficiency in the SOC; 88% of security professionals believe that the use of AI is critical to freeing up time for teams to become more proactive, according to Darktrace’s 2025 State of AI Cybersecurity report. To further help uplift security teams, Darktrace is introducing two next-generation AI models for cybersecurity within Cyber AI Analyst, including:

    • Darktrace Incident Graph Evaluation for Security Threats (DIGEST): Using graph neural networks, this new model predicts which security incidents are most likely to escalate into major compromises by analyzing the structure and progression of attacks to spot early indicators of high-risk threats. DIGEST enables security teams to detect critical threats sooner and prioritize the incidents that matter most.

    • Darktrace Embedding Model for Investigation of Security Threats—Version 2 (DEMIST-2): This proprietary language model is specifically trained for cybersecurity use cases. It has a deeper contextual understanding of security data and is able to perform multiple, distinct, complex tasks like accurately assessing hostnames, understanding the sensitivity of file names, and precisely tracking users and entities across multiple domains. This automates complex security tasks, reduces manual analysis time, and improves incident correlation—helping SOC teams respond faster. DEMIST-2 can be deployed anywhere and outperforms comparable models that are much larger in size, delivering resource efficiency with superior performance.

    Uplifting Teams While Improving Productivity and Cyber Resilience

    Customers in a variety of industries across the globe rely on Darktrace’s Cyber AI Analyst to scale security operations, taking on time-consuming tasks to free team members for more strategic work.

    Michael Toland, CISO for the State of Oklahoma, said, “Having Cyber AI Analyst has helped the State of Oklahoma triage and prioritize all relevant alerts, even those from third-party security tools, empowering the lean IT team to 'clear the table' of critical alerts every day.” Over a 30-day period, Cyber AI Analyst analyzed 3,142 alerts into 162 incidents, identifying only 18 as critical and providing a potential 2,561 hours in investigation time.

    For Meridian Cooperative, a developer of innovative software serving utility providers across the US, Cyber AI Analyst has taken on most of the level one and level two analysis that Meridian’s analysts used to perform manually, providing the equivalent of 500 analyst hours on investigations in just 13 days. Darktrace Cyber AI Analyst has helped Meridian reduce false positive alerts by 90%.

    Middle River Power operates 34 power plants across the United States, making operational resiliency of its systems a top priority for its security team. “Prior to Darktrace, it could have taken several hours before a threat was even detected, much less investigated and triaged. Using Darktrace, the entire detection and response process happens within a matter of minutes, if not seconds,” said Ahmed Ibrahim, Director of Operations, Middle River Power. Within the first 19 days of December 2024 alone, Darktrace provided 94 investigation hours for Ibrahim’s team.

    The security team at South Coast Water District, a critical infrastructure organization in California, reports that while it would previously have taken three hours to figure out the severity of an alert, Cyber AI Analyst has decreased that time to merely 20 minutes. With water system access for the public on the line, that’s a critical time saving. “Instead of looking at all the data everywhere, Cyber AI Analyst tells you where the issues might be so you can figure it out,” said Bryon Black, IT manager, South Coast Water District.

    “Security teams are increasingly overwhelmed—facing not just a surge in alerts, but adversaries that are faster, stealthier, and more sophisticated. To meet this challenge, we’ve augmented Cyber AI Analyst with two additional machine learning models. Unlike the foundational LLMs that underlie many generative and agentic systems, these models are purpose-built for cybersecurity and bring greater precision and depth of analysis into the SOC. By understanding how attacks evolve and predicting which threats are most likely to escalate, these models enable earlier detection, sharper prioritization, and faster, more confident decision-making,” said Tim Bazalgette, Chief AI Officer, Darktrace. “Empowering defenders with AI has never been more critical, and we remain committed to driving innovation that helps our customers proactively reduce risk, strengthen their security posture, and uplift their teams.”

    Additional Resources:

    CISOs report increase in AI-powered cyber threats impacting their organizations
    Darktrace's Annual Threat Report reveals increase in MaaS threats, evasion tactics