Darktrace is a global AI cybersecurity company that pioneered the use of unsupervised machine learning for cyber defense. Founded in 2013 by mathematicians and intelligence experts from the University of Cambridge, Darktrace developed the concept of the “Enterprise Immune System,” an AI that learns the normal pattern of life for every user, device, and network within an organization and autonomously detects and responds to emerging threats in real time.
Originally publicly traded on the London Stock Exchange (LSE: DARK), Darktrace was taken private by Thoma Bravo in a $5.3 billion deal that completed in late 2024, making it one of the largest cybersecurity take-private transactions.
Platform
Self-Learning AI
Darktrace’s core technology uses unsupervised machine learning to build a dynamic understanding of normal behavior across an organization without relying on rules, signatures, or prior knowledge of threats. The AI continuously updates its model as the environment evolves, enabling detection of novel and insider threats.
Darktrace DETECT
The detection layer provides real-time anomaly detection across network traffic, email communications, cloud workloads, SaaS applications, and operational technology environments. DETECT identifies threats including zero-day exploits, insider threats, ransomware staging, cryptomining, data exfiltration, and supply chain compromise.
Darktrace RESPOND (Antigena)
This autonomous response capability takes targeted, proportionate action to contain threats without disrupting normal business operations. Actions range from slowing or blocking connections to enforcing normal patterns of life on compromised devices. RESPOND can operate in human-confirmation mode or run fully autonomously.
Darktrace PREVENT
A proactive security module that uses AI to identify and prioritize vulnerabilities before attackers exploit them. This includes attack surface management, attack path modeling, and penetration testing simulation.
Darktrace HEAL
Incident recovery capabilities that prepare organizations for and assist in remediating active attacks, including real-time incident reports and recommended recovery actions.
Coverage Areas
The platform provides full packet inspection and metadata analysis for east-west and north-south network traffic. Email security integrates with Microsoft 365 and Google Workspace using AI-powered detection. Native monitoring covers AWS, Azure, and GCP cloud environments, while specialized detection handles industrial control systems and SCADA environments. API-based monitoring extends to SaaS platforms including Salesforce, Slack, and Zoom.
Acquisitions
In January 2025, Darktrace acquired Cado Security, a cloud forensics and incident response platform that adds automated evidence collection and analysis across multi-cloud environments. The company followed this with the acquisition of Mira Security in July 2025, bringing security validation and breach simulation capabilities that strengthen Darktrace PREVENT with continuous security testing.
Market Position
Darktrace serves over 9,700 customers globally, ranging from mid-market enterprises to government agencies and critical infrastructure operators. The company is a recognized leader in network detection and response (NDR) and was an early mover in applying AI to cybersecurity.
Under Thoma Bravo’s ownership, Darktrace has accelerated its product roadmap and go-to-market execution, with a particular focus on expanding its cloud and OT coverage. The company competes with Vectra AI, ExtraHop, Cisco (acquired Splunk), and Palo Alto Networks in NDR, and with Abnormal Security, Proofpoint, and Microsoft in AI email security.
Leadership
Jill Popelka serves as CEO, appointed in 2024 after serving as President of SAP SuccessFactors. Max Sheridan is CFO. Nicole Eagan, a co-founder, serves as Chief Strategy Officer, while Jack Stockdale OBE is co-founder and CTO. Poppy Gustafsson OBE led the company as CEO from 2016 to 2024.