
Email Security
Darktrace / EMAIL
Self-learning AI email security for advanced threats, BEC, and GenAI-powered attacks.
Darktrace / EMAIL Overview
What it does
Darktrace / EMAIL is a cloud-native email security platform that uses Self-Learning AI to detect and respond to advanced threats through behavioral analysis rather than static rules or threat intelligence feeds. Deployed via API to Microsoft 365 and Google Workspace, the platform baselines normal communication for every user and detects novel BEC, phishing, account takeover, and generative AI social engineering attacks without relying on known signatures.
How it works
Antigena autonomous response quarantines suspicious messages, rewrites links, and disables compromised accounts at machine speed. Cyber AI Analyst produces natural language investigation narratives, while label-free behavioral DLP monitors outbound email and Microsoft Teams chat for data loss. The Mailbox Security Assistant gives analysts a unified remediation console, and multi-domain correlation links signals across email, identity, and SaaS to expose full attack chains.
Credentials and traction
Darktrace / EMAIL is certified to ISO/IEC 27001, ISO/IEC 27018, and ISO/IEC 42001 (BSI AI management system) standards. Darktrace was named a Leader in the 2025 Gartner Magic Quadrant for Email Security Platforms and a Gartner Peer Insights Customers' Choice for Email Security Platforms. Named customers include Aston Martin, McLaren, and West Ham United, part of an installed base of more than 10,000 organizations worldwide.
Key Capabilities
mapped to solution categoriesConnects to Microsoft 365 or Google Workspace via native APIs for visibility into internal and delivered mail, enabling post-delivery clawback without changing MX records.
Separates newsletters and bulk mail from threats by routing them to dedicated folders, refining classification from how each user files messages.
Automates the intake, deduplication, and triage of user-submitted suspicious emails, cross-references against in-flight campaigns and triggers retroactive remediation across all recipients.
Builds per-user and per-vendor communication baselines from historical email patterns to detect anomalous content, timing, or sender behavior without relying on signatures or blocklists.
Analyzes email body text semantically to detect social engineering, pretexting, and urgency manipulation in messages that contain no malicious attachments or URLs.
Detects compromised or spoofed third-party supplier accounts by analyzing communication pattern deviations, domain aging, and content signals, targeting invoice fraud and payment redirection attacks.
Assesses the email communication risk posture of external supplier domains, flagging suppliers with poor email authentication, recent domain registration, or anomalous communication patterns.
Detects signs of internal mailbox compromise (anomalous login geography, mail forwarding rule creation, unusual send volume), and can trigger automated session revocation.
Inserts dynamic banners into delivered messages flagging risk signals such as first-time senders, lookalike domains, or unusual payment requests at read time.
Compliance
certificationsIntegrations
compatible toolsImplementation & support
Info last updated on May 27, 2026
Vendors
Is this your product?
Claim your profile to connect with the teams looking for your solutions.