New Darktrace features help guard against email attacks

Modern social engineering attacks no longer begin and end in the email inbox. They move across identity platforms, SaaS tools, and collaboration apps, exploiting gaps between disconnected security products, and employing increasingly sophisticated techniques to evade traditional defenses and reach end users.

To address these threats AI cybersecurity specialist Darktrace is launching a series of enhancements to Darktrace / EMAIL designed to detect and stop attacks spanning communications channels, strengthen outbound email protections and streamline SOC integrations.

Attacks targeting users across their communications channels, like email bombing campaigns, are on the rise. Between April and July 2025, the volume of email bombing messages surged 100 times, growing from 200,000 emails to more than 20 million observed across Darktrace’s email customer base. These campaigns are designed to create confusion, allowing attackers to target other channels. Because these emails often originate from legitimate services and contain no malicious payloads, traditional email tools struggle to detect them until the attack is already well underway, leaving organizations exposed.

“Email is the starting point for attacks that quickly expand into other parts of the digital ecosystem and can escalate into compromised identities, cloud access abuse, or manipulation of collaboration tools -- well beyond what traditional email defenses are built to handle,” says Connie Stride, SVP of product at Darktrace. “With our latest Darktrace / EMAIL innovations, we extend multi-domain detection by linking behavioral signals across email, identity, and SaaS to uncover advanced attacks that move across channels, while strengthening safeguards on outbound messages. These capabilities give security teams the visibility and precision to stop modern attacks before they progress and preserve trust in every interaction.”

Darktrace / EMAIL now integrates with Darktrace / IDENTITY to increase sensitivity around the targeted user and more quickly spot attempted account takeovers or impersonation to stop attacks from progressing.

The update has also strengthened detection accuracy by layering its behavioral insights with traditional threat intelligence, using integrated antivirus verdicts and structured feeds to enrich alerts with deeper context and enable faster, more confident triage.

To help organizations tackle brand abuse and reinforce trust in their outbound messages, Darktrace / EMAIL–DMARC now includes full Brand Indicators for Message Identification (BIMI) support. This allows businesses to display a verified brand logo directly in recipients’ inboxes, making legitimate communications easier to recognize.

There’s also label-free behavioral data loss prevention (DLP) powered by a proprietary domain-specific language model. This can now automatically identify over 35 new categories of Personally Identifiable Information (PII) and Protected Health Information (PHI) across emails and attachments including personal, financial, and health data. By learning how each user typically handles sensitive information, and intervening when outbound behavior deviates from expected patterns, this behavioral approach adds a real-time, contextual safeguard against misaddressed messages and unintended data sharing.

You can find out more on the Darktrace site.

Image credit: jpkirakun/depositphotos.com