AI System That Learns Normal Email Use to Spot and Stop Cyber Threats
This 2023 patent describes an AI system that learns how your company normally uses email and then automatically takes action to stop cyber threats that behave unusually.
Original patent title: “Cyber threat defense system protecting email networks with machine learning models”
This 2023 patent describes an AI system that learns how your company normally uses email and then automatically takes action to stop cyber threats that behave unusually. Granted to Darktrace Holdings in 2023 with 23 claims and 3 forward citations, and it is expected to expire in 2039.
Key facts
Coverage
What does this patent actually cover?
This patent is about a smart computer system designed to protect email networks from cyberattacks. It uses artificial intelligence, specifically machine learning models, that first learn what 'normal' looks like for both email activity and how people use their email within an organization. Then, a 'cyber-threat module' compares incoming emails and user actions against this learned normal behavior. It calculates a 'threat risk parameter' based on how unusual the activity is and if it looks like a known cyber threat pattern. If the risk gets high enough, an 'autonomous response module' automatically takes action to stop the threat, like isolating the suspicious email, without waiting for a person to step in. This system collects activity data using 'probes' and can even analyze the email's content and metadata for malicious signs.
The gap
What does this patent NOT cover?
- Systems that require a human to manually review every suspicious email before taking action.
- Cyber threat detection that only looks at email content and ignores user activity patterns.
- Systems that cannot automatically take containment actions when a threat is detected.
- Threat detection that doesn't learn and adapt to the specific 'normal' behavior of an organization or user.
- Cyber threat defense systems that are not specifically designed for email networks.
These exclusions are unique to PatentBrief — derived from the actual claim language, not patent-office boilerplate.
What made this novel
The key innovation is combining the learning of 'normal' email and user behavior with specific cyber threat detection models. This allows the system to spot subtle deviations that might indicate a threat, even if it's a new type of attack, by comparing it against a continuously updated baseline of what's typical for that specific environment.
The Patent Drawing
Schematic visualization of the patent's claim structure. Hand-drawn diagrams in progress for each landmark patent.
Where you've seen this
Real-world examples
Darktrace Email Security
Automated cyber threat response platforms
AI-powered email filtering solutions
Why it matters
The bigger picture
As cyberattacks become more sophisticated, relying solely on human analysts to detect and respond to threats is too slow. This patent represents a move towards automated, AI-driven defense systems that can react at machine speed. It's part of the broader trend of using machine learning to enhance cybersecurity, particularly for protecting critical communication channels like email.
Filed
February 19, 2019
Granted
March 14, 2023
Market context
Who's building on this
Companies in this space
Darktrace Holdings Ltd, the assigneeassigneeThe entity that owns the patent — usually the inventor's employer or a company.Read more →, is actively developing and marketing solutions based on this technology. Other cybersecurity firms are also investing heavily in AI and machine learning for automated threat detection and response in email and network security.
Market impact
This patent contributes to the growing market for AI-driven cybersecurity solutions. It highlights the shift from signature-based threat detection to behavioral analysis, enabling faster and more adaptive defenses against evolving cyber threats, particularly in protecting enterprise email systems.
Claim 1 — Plain English
What this patent covers
This patent is about a smart computer system designed to protect email networks from cyberattacks. It uses artificial intelligence, specifically machine learning models, that first learn what 'normal' looks like for both email activity and how people use their email within an organization. Then, a 'cyber-threat module' compares incoming emails and user actions against this learned normal behavior. It calculates a 'threat risk parameter' based on how unusual the activity is and if it looks like a known cyber threat pattern. If the risk gets high enough, an 'autonomous response module' automatically takes action to stop the threat, like isolating the suspicious email, without waiting for a person to step in. This system collects activity data using 'probes' and can even analyze the email's content and metadata for malicious signs.
The clever bit
The key innovation is combining the learning of 'normal' email and user behavior with specific cyber threat detection models. This allows the system to spot subtle deviations that might indicate a threat, even if it's a new type of attack, by comparing it against a continuously updated baseline of what's typical for that specific environment.
What it does not cover
- Systems that require a human to manually review every suspicious email before taking action.
- Cyber threat detection that only looks at email content and ignores user activity patterns.
- Systems that cannot automatically take containment actions when a threat is detected.
- Threat detection that doesn't learn and adapt to the specific 'normal' behavior of an organization or user.
- Cyber threat defense systems that are not specifically designed for email networks.
Patent timeline
Application submitted to the patent office
Application published, typically 18 months after filing
Patent officially issued
Patent enters public domain
PatentBrief Score
Impact Score
Moderate
Citation count
12/40
Early citations
Claim breadth
15/20
Broad claimsclaimsThe numbered statements at the end of a patent that legally define what the inventor owns.Read more →
Recency
20/20
Granted within 5 years
Assignee scale
0/20
Independent or smaller assigneeassigneeThe entity that owns the patent — usually the inventor's employer or a company.Read more →
PatentBrief Impact Score — based on citation count, claim breadth, recency, and assignee scale. Not a legal assessment.
Heuristic Value Estimate
What this patent might be worth
$94K – $300K
Midpoint $187K · 12.7 yr remaining · industry ×1.6
Heuristic only — blends forward/backward citation counts, claim scope, time remaining, litigation history, and CPC-derived industry baseline. Real valuations need a professional appraisal.
The original legal language
Original claims
23 claims as filed with the patent office.
Concepts involved
Citations
Patent lineage
Cite this patent
Sherwin, M., Dunn, M., & Ferguson, M. (2023). AI System That Learns Normal Email Use to Spot and Stop Cyber Threats (U.S. Patent No. 11,606,373). U.S. Patent and Trademark Office. https://patentbrief.org/patent/us/11606373/cyber-threat-defense-system-protecting-email-networks-with-machine-learning-mode
Auto-generated from the patent record. Double-check author order and the issue date against the official USPTO document before submitting.
Embed
Add this patent to your site
Drop this plain-English patent card into any blog post or article — free, no signup. It always links back to the full breakdown here.
<div data-patentlens-widget data-patent-number="US11606373"></div> <script src="https://patentbrief.org/embed.js" async></script>
Stay in the loop
Get a weekly digest of new patents.
One email per week. No spam. Unsubscribe anytime.
Keep exploring
Related patents you should know
US 4683195 · 1987
How to Make Billions of Copies of a DNA Segment
This patent describes the Polymerase Chain Reaction (PCR), a method to rapidly create many copies of a specific piece of DNA or RNA, enabling its detection and analysis.
Cetus Corp
US 8697359 · 2014
How to Edit Genes in Human Cells Using an Engineered CRISPR System
This patent describes an engineered CRISPR-Cas9 system for precisely cutting DNA in eukaryotic cells to change how genes work, opening the door for gene editing in complex organisms.
Massachusetts Institute of Technology
US 7657849 · 2010
How the iPhone's Slide-to-Unlock Gesture Works
Apple's 2010 patent describes unlocking a device by dragging a specific graphical image across the touchscreen along a predefined path, a gesture that became iconic with the original iPhone.
Apple Inc
US 4733665 · 1988
How Doctors Implant a Permanent Stent Using a Balloon
This patent describes the method for placing a permanent, expandable wire mesh tube inside a blood vessel or other body tube using a balloon-tipped catheter to widen it and keep it open.
Expandable Grafts Partnership
US 4405829 · 1983
How RSA Public-Key Encryption Keeps Digital Messages Secret
This patent describes the foundational RSA algorithm, a method for securely sending messages where anyone can encrypt a message using a public key, but only the intended recipient can decrypt it using a secret private key.
Massachusetts Institute of Technology
US 4575330 · 1986
How 3D Printers Build Objects Layer by Layer from Liquid
This patent describes the foundational method for 3D printing, where a machine builds a three-dimensional object layer by layer by hardening a liquid material with light or other energy.
UVP Inc
Semantically similar
You might also find these interesting
US 12438891 · 2025 · Cisco Technology
How Multiple AI Models Detect Unusual Behavior on Computer Networks
US 10599957 · 2020 · Capital One Services
How to Automatically Detect and Fix Changes in AI Model Data
US 12518214 · 2026 · Nant Holdings IP
Training AI on Private Data Without Seeing It
US 6370526 · 2002 · International Business Machines Corp
Smart Ranking of Emails and Files Based on How You Click
More to explore
More in Software & Internet
US 4405829 · 1983 · Massachusetts Institute of Technology
How RSA Public-Key Encryption Keeps Digital Messages Secret
US 6285999 · 2001 · Leland Stanford Junior University
How Websites Get Ranked by Importance
US 5960411 · 1999 · Amazon com Inc
How Amazon's One-Click Ordering Works for Online Purchases
US 7669123 · 2010 · Facebook Inc
Displaying Friends' Activities in a Social Network Feed
New to patents?
Common Questions
Frequently Asked Questions
What does AI System That Learns Normal Email Use to Spot and Stop Cyber Threats cover?
This 2023 patent describes an AI system that learns how your company normally uses email and then automatically takes action to stop cyber threats that behave unusually.
Who owns patent US 11606373?
Darktrace Holdings owns this patent, granted in 2023.
When does this patent expire?
This patent is expected to expire on February 19, 2039, when the invention enters the public domain.
What is patent US 11606373 cited by?
This patent has been cited by 3 later patents that build on its ideas.
What problem does this patent solve?
As cyberattacks become more sophisticated, relying solely on human analysts to detect and respond to threats is too slow. This patent represents a move towards automated, AI-driven defense systems that can react at machine speed. It's part of the broader trend of using machine learning to enhance cybersecurity, particularly for protecting critical communication channels like email.
What does this patent NOT cover?
Systems that require a human to manually review every suspicious email before taking action.
Patent monitoring