The Darktrace / Adaptive Human Defence is a behavioural AI solution designed to deliver personalised, real‑time security coaching integrated directly with email protection. The launch marks a shift from static awareness modules toward adaptive micro‑coaching tailored to individual behaviour and inbox activity.
The announcement follows new Darktrace research highlighting a gap between employee confidence and phishing readiness. Among US office workers surveyed, 80% believed they could identify phishing attempts, yet scored only 43% when tested against realistic examples. The findings suggest current awareness methods may create confidence faster than competence.
“Security awareness training has become an admin task for employees and a tick box for security teams, not a system that meaningfully reduces risk,” said Jack Stockdale, chief technology officer at Darktrace.
Jack Stockdale
“Darktrace / Adaptive Human Defence replaces generic modules with adaptive coaching that meets people in the moment, built around how they actually communicate. Through its two-way integration with Darktrace / EMAIL, organisations can finally create a closed loop where human behaviour and technical defences continually and autonomously strengthen each other.” Jack Stockdale
Unlike traditional scheduled sessions, Adaptive Human Defence delivers short, contextual training in response to real‑time risk, such as suspicious financial requests or phishing indicators in live conversations. Feedback from these micro‑training moments dynamically refines both individual coaching and technical controls.
Complementing the platform is a major update to Darktrace / EMAIL, extending its coverage beyond email to Microsoft Teams, Slack, and Zoom. This “cross‑channel, full‑message analysis” enables detection of social engineering attempts migrating between collaboration tools—a tactic increasingly employed by AI‑enabled attackers.
Darktrace has also introduced the first DMARC solution integrated with attack surface management and email security, allowing teams to reduce impersonation risk at the source.
“Attackers do not care which app your company uses to communicate,” added Stockdale. “They exploit people, context, and trust—then move across channels until they find a moment to succeed. The future of protection is unified and adaptive.”
