Darktrace

Darktrace is an AI-native cybersecurity company delivering the Darktrace ActiveAI Security Platform to help organizations improve cyber resilience across network, email, cloud, identities, OT, endpoints, and emerging AI use cases. Its approach centers on Self-Learning AI that models the normal behavior of each customer’s environment rather than relying only on historical attack data, enabling real-time detection, investigation, and autonomous response to known and novel threats.

The company combines preventive exposure management, live threat detection, AI-led investigation, and response workflows within a unified operating model. Darktrace also extends the platform with managed and expert services, giving security teams additional 24/7 support for triage, investigation, and incident handling across complex hybrid environments.

Offerings, Capabilities, and Integrations

Darktrace’s offerings span preemptive risk reduction, continuous monitoring, automated investigation, and proportionate response across the digital estate. The platform correlates activity across communications, users, devices, cloud resources, SaaS applications, and industrial systems to help teams understand attack paths, prioritize material exposures, and act faster during active incidents.

Darktrace supports hybrid and multi-cloud environments and connects with major enterprise ecosystems such as AWS, Microsoft, and Google. Its integration model extends into identity, endpoint, SIEM, SOAR, collaboration, and cloud tooling so customers can enrich detections, operationalize investigations, and coordinate response actions alongside existing security investments. Darktrace also provides follow-the-sun SOC support through managed and expert service offerings.

Products and Services

• Darktrace ActiveAI Security Platform: Darktrace’s flagship AI-native cybersecurity platform, unifying exposure management, real-time detection, automated investigation, and autonomous response across the enterprise.
• Darktrace / NETWORK: Network detection and response offering that provides visibility across on-premises, virtual, cloud, and hybrid networks and analyzes both encrypted and decrypted traffic for anomalous behavior.
• Darktrace / EMAIL: Cloud-native email security that analyzes intent, content, and context to stop phishing, impersonation, and other social-engineering attacks across the messaging environment.
• Darktrace / CLOUD: Cloud security offering for hybrid and multi-cloud environments that provides real-time visibility into cloud assets and architecture while detecting threats across cloud infrastructure and workloads.
• Darktrace / SECURE AI: AI security offering that brings enterprise AI interactions into a single view to assess risk, protect sensitive data, govern AI use, and monitor human and AI agent activity.
• Darktrace / OT: Purpose-built operational technology security offering that provides visibility, risk management, threat detection, and response across converged IT, OT, IoT, and industrial environments.
• Darktrace / IDENTITY: Identity security offering focused on account takeover, user compromise, and lateral movement, with correlation across identity, email, and network activity.
• Darktrace / ENDPOINT: Endpoint security offering that combines endpoint process telemetry with wider enterprise context and works alongside existing EDR tools to improve investigation and response.
• Darktrace / Cyber AI Analyst: Purpose-built agentic AI investigation capability that autonomously investigates alerts, prioritizes incidents, and generates actionable incident context across Darktrace and third-party signals.
• Darktrace / Proactive Exposure Management: Exposure management offering that uses cross-stack attack path modeling and AI-driven risk scoring to identify exploitable assets, weaknesses, and likely business impact.
• Darktrace / Attack Surface Management: External attack surface management capability that continuously discovers internet-facing assets and shadow IT exposure to help teams identify and remediate digital risk.
• Darktrace / Forensic Acquisition & Investigation: Automated cloud forensics capability that accelerates evidence collection and investigation for compromised cloud servers and environments.
• Darktrace / Incident Readiness & Recovery: Incident readiness and recovery offering that uses simulations and AI-assisted recovery playbooks to improve preparedness and guide teams during live incidents.
• Darktrace Managed Detection & Response: Managed service in which Darktrace analysts monitor and investigate alerts across domains such as network, cloud, SaaS, and OT to help customers detect and respond faster.
• Darktrace Security Operations Support: On-demand expert support service that provides customers with direct access to Darktrace analysts for guidance, collaboration, and in-platform investigation support.

Target Customers

Darktrace serves organizations of all sizes, with strong fit for mid-market and enterprise security teams managing distributed users, hybrid infrastructure, SaaS applications, cloud estates, and converged IT/OT environments. Its platform is designed for teams that need broader visibility across siloed controls and faster investigation and response without scaling headcount linearly.

The company serves customers across a wide range of sectors, including critical infrastructure, public sector, healthcare, financial services, education, media, and manufacturing. Darktrace is especially relevant for organizations with high operational continuity, regulatory, or data protection requirements and for teams defending against ransomware, phishing, account takeover, insider risk, cloud compromise, and supply chain exposure.

Cloud Integrations and Marketplace

• AWS Marketplace: Darktrace has a verified AWS Marketplace presence for the Darktrace ActiveAI Security Platform and supports AWS-focused monitoring and response use cases across cloud environments.
• Azure Marketplace: Darktrace has a verified Azure Marketplace presence for the Darktrace ActiveAI Security Platform and integrates with Microsoft cloud and security services used across Azure and Microsoft 365 environments.
• Google Cloud Platform: Darktrace provides verified integrations with Google Cloud Platform and Google Workspace to monitor cloud resources, Gmail activity, and administrative events within Google environments.

Key People

• Ed Jennings: President and CEO
• Suman Raju: Chief Financial Officer
• Jack Stockdale OBE FREng: Chief Technology Officer
• Hein Hellemons: Chief Revenue Officer
• Bryce Coté: Chief Customer Officer
• Terry Doyle: Chief Information Officer
• Mike Beck: Global CISO
• Phil Pearson: Chief Strategy Officer
• David Smith: Chief People Officer
• Chris Kozup: Chief Marketing Officer
• Dan Monahan: Chief Partner and Transformation Officer

Key Facts

• Headquarters: Cambridge, Cambridgeshire, United Kingdom
• Employees: Approximately 2,300-2,400
• Annual Revenue: $691.4M
• Parent Company: Funds managed and/or advised by Thoma Bravo, LP
• Subsidiaries: Includes Darktrace Federal Inc., Cado Security, and Mira Security.
• Publicly Listed: Private

Analyst Recognitions

• Gartner: 2026 Gartner Magic Quadrant for Cyber-Physical Systems Protection Platforms: Visionary. 2025 Gartner Magic Quadrant for Network Detection and Response: Leader. 2025 Gartner Magic Quadrant for Email Security Platforms: Leader. 2025 Gartner Peer Insights Voice of the Customer for Network Detection and Response: Customers’ Choice. 2025 Gartner Peer Insights Voice of the Customer for Email Security Platforms: Customers’ Choice.
• IDC: 2024 IDC MarketScape: Worldwide Network Detection and Response Vendor Assessment: Leader.