PatentBrief
← Back to patent
PatentBrief · Patent BriefUS 11606373

AI System That Learns Normal Email Use to Spot and Stop Cyber Threats

This 2023 patent describes an AI system that learns how your company normally uses email and then automatically takes action to stop cyber threats that behave unusually.

Patent Number

US 11606373

Status

Active

Filing Date

February 19, 2019

Grant Date

March 14, 2023

Expiration

February 19, 2039

Claims

23

Assignee

Darktrace Holdings

Inventors

Matthew Sherwin, Matthew Dunn, Matthew Ferguson

Citations

3 forward · 133 backward

What it covers

This patent is about a smart computer system designed to protect email networks from cyberattacks. It uses artificial intelligence, specifically machine learning models, that first learn what 'normal' looks like for both email activity and how people use their email within an organization. Then, a 'cyber-threat module' compares incoming emails and user actions against this learned normal behavior. It calculates a 'threat risk parameter' based on how unusual the activity is and if it looks like a known cyber threat pattern. If the risk gets high enough, an 'autonomous response module' automatically takes action to stop the threat, like isolating the suspicious email, without waiting for a person to step in. This system collects activity data using 'probes' and can even analyze the email's content and metadata for malicious signs.

What it doesn't cover

  • Systems that require a human to manually review every suspicious email before taking action.
  • Cyber threat detection that only looks at email content and ignores user activity patterns.
  • Systems that cannot automatically take containment actions when a threat is detected.
  • Threat detection that doesn't learn and adapt to the specific 'normal' behavior of an organization or user.
  • Cyber threat defense systems that are not specifically designed for email networks.

The clever bit

The key innovation is combining the learning of 'normal' email and user behavior with specific cyber threat detection models. This allows the system to spot subtle deviations that might indicate a threat, even if it's a new type of attack, by comparing it against a continuously updated baseline of what's typical for that specific environment.

Why it matters

As cyberattacks become more sophisticated, relying solely on human analysts to detect and respond to threats is too slow. This patent represents a move towards automated, AI-driven defense systems that can react at machine speed. It's part of the broader trend of using machine learning to enhance cybersecurity, particularly for protecting critical communication channels like email.

Real-world examples

  • 1.Darktrace Email Security
  • 2.Automated cyber threat response platforms
  • 3.AI-powered email filtering solutions

Generated by PatentBrief · Not legal advice · patentbrief.org

US 11606373 · 2026