# AI System That Learns Normal Email Use to Spot and Stop Cyber Threats > This 2023 patent describes an AI system that learns how your company normally uses email and then automatically takes action to stop cyber threats that behave unusually. - **Patent:** US 11606373 - **Original title:** Cyber threat defense system protecting email networks with machine learning models - **Owner:** Darktrace Holdings - **Granted:** 2023 - **Status:** Active - **Times cited:** 3 - **Field:** cybersecurity, software, ai_ml, telecommunications ## What it does This patent is about a smart computer system designed to protect email networks from cyberattacks. It uses artificial intelligence, specifically machine learning models, that first learn what 'normal' looks like for both email activity and how people use their email within an organization. Then, a 'cyber-threat module' compares incoming emails and user actions against this learned normal behavior. It calculates a 'threat risk parameter' based on how unusual the activity is and if it looks like a known cyber threat pattern. If the risk gets high enough, an 'autonomous response module' automatically takes action to stop the threat, like isolating the suspicious email, without waiting for a person to step in. This system collects activity data using 'probes' and can even analyze the email's content and metadata for malicious signs. ## What it does NOT cover - Systems that require a human to manually review every suspicious email before taking action. - Cyber threat detection that only looks at email content and ignores user activity patterns. - Systems that cannot automatically take containment actions when a threat is detected. - Threat detection that doesn't learn and adapt to the specific 'normal' behavior of an organization or user. - Cyber threat defense systems that are not specifically designed for email networks. ## The clever bit The key innovation is combining the learning of 'normal' email and user behavior with specific cyber threat detection models. This allows the system to spot subtle deviations that might indicate a threat, even if it's a new type of attack, by comparing it against a continuously updated baseline of what's typical for that specific environment. ## Real-world examples 1. Darktrace Email Security 2. Automated cyber threat response platforms 3. AI-powered email filtering solutions ## Why it matters As cyberattacks become more sophisticated, relying solely on human analysts to detect and respond to threats is too slow. This patent represents a move towards automated, AI-driven defense systems that can react at machine speed. It's part of the broader trend of using machine learning to enhance cybersecurity, particularly for protecting critical communication channels like email. ## Frequently asked questions ### What does AI System That Learns Normal Email Use to Spot and Stop Cyber Threats cover? This 2023 patent describes an AI system that learns how your company normally uses email and then automatically takes action to stop cyber threats that behave unusually. ### Who owns patent US 11606373? Darktrace Holdings owns this patent, granted in 2023. ### When does this patent expire? This patent is expected to expire on February 19, 2039, when the invention enters the public domain. ### What is patent US 11606373 cited by? This patent has been cited by 3 later patents that build on its ideas. ### What problem does this patent solve? As cyberattacks become more sophisticated, relying solely on human analysts to detect and respond to threats is too slow. This patent represents a move towards automated, AI-driven defense systems that can react at machine speed. It's part of the broader trend of using machine learning to enhance cybersecurity, particularly for protecting critical communication channels like email. ### What does this patent NOT cover? Systems that require a human to manually review every suspicious email before taking action. **Full plain-English explainer:** https://patentbrief.org/patent/us/11606373/cyber-threat-defense-system-protecting-email-networks-with-machine-learning-mode **Original patent:** https://patents.google.com/patent/US11606373 --- _Source: PatentBrief — https://patentbrief.org. Patent facts are from public records; the plain-English explanation is PatentBrief's._ ## Related patents Semantically similar inventions in the PatentBrief corpus: - [How Multiple AI Models Detect Unusual Behavior on Computer Networks](https://patentbrief.org/patent/us/12438891/anomaly-detection-based-on-ensemble-machine-learning-model) — This patent describes a computer system that uses several artificial intelligence models working together to spot unusual and potentially dangerous activity from users or devices on a computer network. - [How to Automatically Detect and Fix Changes in AI Model Data](https://patentbrief.org/patent/us/10599957/systems-and-methods-for-detecting-data-drift-for-data-used-in-machine-learning-m) — This patent describes a system that automatically notices when the real-world data an AI model sees changes, causing its predictions to become less accurate, and then fixes the model. - [Training AI on Private Data Without Seeing It](https://patentbrief.org/patent/us/12518214/distributed-machine-learning-systems-including-generation-of-synthetic-data) — This patent describes a way to train artificial intelligence models using private data stored on many separate computers, by generating fake data that mimics the real data's patterns, so the private data itself never leaves its original location. - [Smart Ranking of Emails and Files Based on How You Click](https://patentbrief.org/patent/us/6370526/google-adwords-pay-per-click) — IBM's 1999 patent on automatically sorting lists of items, like emails, by watching which ones you click first and updating a mathematical model of your preferences in the background. - [How AI Learns to Control Game Characters Based on Their Surroundings](https://patentbrief.org/patent/us/10607134/artificially-intelligent-systems-devices-and-methods-for-learning-andor-using-an-avatars-circumstances-for-autonomous-avatar-operation) — A system that allows digital characters to automatically perform actions by matching their current environment to previously learned experiences stored in a database.