How AI Explains Cyberattacks for Security Training
This patent describes a cybersecurity training tool that uses a large language model to explain why machine learning identified a cyber threat, based on both fake and real attacks, for security teams and regular users.
Original patent title: “Cyber security training tool that uses a large language model”
This patent describes a cybersecurity training tool that uses a large language model to explain why machine learning identified a cyber threat, based on both fake and real attacks, for security teams and regular users. Owned by Darktrace Holdings with 23 claims and 13 forward citations, and it is expected to expire in 2044.
Key facts
Coverage
What does this patent actually cover?
The cyber security training tool uses a natural language processor and a large language model (LLM) to analyze cyberattacks. It can look at both a 'synthetic cyberattack' in a fake network that mirrors a real one, and a 'real cyberattack' happening in the actual network (ClaimclaimA numbered sentence at the end of a patent that legally defines what the inventor owns. The most important section.Read more → 1). The tool then provides an analysis and explanation, using the LLM, for why machine learning flagged these attacks as threats. This explanation is designed for training either regular users or cybersecurity team members. For example, it can use the LLM to highlight malicious parts of an email, like a phishing attempt, and explain immediately on screen why the email is dangerous (ClaimsclaimsThe numbered statements at the end of a patent that legally define what the inventor owns.Read more → 4, 5).
The gap
What does this patent NOT cover?
- Does not cover cybersecurity training that relies solely on human instructors without machine learning analysis of threats.
- Does not cover systems that only analyze real cyberattacks without also using a mimic network for synthetic attacks.
- Does not cover training tools that explain cyber threats without using a large language model.
- Does not cover general IT security awareness training that isn't specifically tied to machine learning's identification of a threat.
- Does not cover systems that only provide long-form reports days later, rather than immediate, on-the-spot feedback for users.
- Does not cover training that doesn't involve a user interface displaying the explanation and understanding of the machine learning.
These exclusions are unique to PatentBrief — derived from the actual claim language, not patent-office boilerplate.
What made this novel
The truly novel aspect is using a large language model not just to detect threats, but to translate complex machine learning detections and network data into understandable, natural language explanations for human training.
The Patent Drawing
Schematic visualization of the patent's claim structure. Hand-drawn diagrams in progress for each landmark patent.
Where you've seen this
Real-world examples
Darktrace's AI-driven security platforms
Security awareness training platforms with AI explainability
Phishing simulation and training tools that provide immediate feedback
AI-powered security operations center (SOC) tools
Why it matters
The bigger picture
Understanding complex cyber threats and the sophisticated machine learning models that detect them is a major challenge for both technical staff and everyday users. This patent addresses this by making the 'why' behind a threat detection accessible through AI-powered explanations. This can significantly improve how quickly and effectively people learn to identify and respond to cyber risks, reducing human error in a critical area.
Filed
May 30, 2024
Market context
Who's building on this
Companies in this space
Darktrace Holdings Ltd, the assigneeassigneeThe entity that owns the patent — usually the inventor's employer or a company.Read more →, is actively developing and deploying AI-driven cybersecurity solutions that align with this patent's scope. Other major cybersecurity vendors and startups are also integrating large language models into their threat detection, analysis, and training platforms to enhance explainability and user understanding.
Market impact
This patent reflects a growing trend in the cybersecurity market towards leveraging advanced AI, specifically large language models, to make complex security insights more digestible. It enables more effective training programs, potentially reducing the 'human factor' in security breaches. The focus on immediate, understandable feedback could set a new standard for security awareness tools, pushing competitors to integrate similar AI-powered explanation capabilities.
Claim 1 — Plain English
What this patent covers
The cyber security training tool uses a natural language processor and a large language model (LLM) to analyze cyberattacks. It can look at both a 'synthetic cyberattack' in a fake network that mirrors a real one, and a 'real cyberattack' happening in the actual network (Claim 1). The tool then provides an analysis and explanation, using the LLM, for why machine learning flagged these attacks as threats. This explanation is designed for training either regular users or cybersecurity team members. For example, it can use the LLM to highlight malicious parts of an email, like a phishing attempt, and explain immediately on screen why the email is dangerous (Claims 4, 5).
The clever bit
The truly novel aspect is using a large language model not just to detect threats, but to translate complex machine learning detections and network data into understandable, natural language explanations for human training.
What it does not cover
- Does not cover cybersecurity training that relies solely on human instructors without machine learning analysis of threats.
- Does not cover systems that only analyze real cyberattacks without also using a mimic network for synthetic attacks.
- Does not cover training tools that explain cyber threats without using a large language model.
- Does not cover general IT security awareness training that isn't specifically tied to machine learning's identification of a threat.
- Does not cover systems that only provide long-form reports days later, rather than immediate, on-the-spot feedback for users.
- Does not cover training that doesn't involve a user interface displaying the explanation and understanding of the machine learning.
Patent timeline
Application submitted to the patent office
Patent enters public domain
PatentBrief Score
Impact Score
Early stage
Citation count
23/40
Moderately cited
Claim breadth
15/20
Broad claimsclaimsThe numbered statements at the end of a patent that legally define what the inventor owns.Read more →
Recency
0/20
Older than 20 years
Assignee scale
0/20
Independent or smaller assigneeassigneeThe entity that owns the patent — usually the inventor's employer or a company.Read more →
PatentBrief Impact Score — based on citation count, claim breadth, recency, and assignee scale. Not a legal assessment.
Heuristic Value Estimate
What this patent might be worth
$120K – $383K
Midpoint $240K · 18.0 yr remaining · industry ×1.6
Heuristic only — blends forward/backward citation counts, claim scope, time remaining, litigation history, and CPC-derived industry baseline. Real valuations need a professional appraisal.
The original legal language
Original claims
23 claims as filed with the patent office.
Concepts involved
Citations
Patent lineage
Cite this patent
Humphrey, D., Boyer, J., Sellars, P., Bazalgette, T., & Lal, J. How AI Explains Cyberattacks for Security Training (U.S. Patent No. 20,240,406,210). U.S. Patent and Trademark Office. https://patentbrief.org/patent/us/20240406210/cyber-security-training-tool-that-uses-a-large-language-model
Auto-generated from the patent record. Double-check author order and the issue date against the official USPTO document before submitting.
Embed
Add this patent to your site
Drop this plain-English patent card into any blog post or article — free, no signup. It always links back to the full breakdown here.
<div data-patentlens-widget data-patent-number="US20240406210"></div> <script src="https://patentbrief.org/embed.js" async></script>
Stay in the loop
Get a weekly digest of new patents.
One email per week. No spam. Unsubscribe anytime.
Keep exploring
Related patents you should know
US 4683195 · 1987
How to Make Billions of Copies of a DNA Segment
This patent describes the Polymerase Chain Reaction (PCR), a method to rapidly create many copies of a specific piece of DNA or RNA, enabling its detection and analysis.
Cetus Corp
US 8697359 · 2014
How to Edit Genes in Human Cells Using an Engineered CRISPR System
This patent describes an engineered CRISPR-Cas9 system for precisely cutting DNA in eukaryotic cells to change how genes work, opening the door for gene editing in complex organisms.
Massachusetts Institute of Technology
US 7657849 · 2010
How the iPhone's Slide-to-Unlock Gesture Works
Apple's 2010 patent describes unlocking a device by dragging a specific graphical image across the touchscreen along a predefined path, a gesture that became iconic with the original iPhone.
Apple Inc
US 4733665 · 1988
How Doctors Implant a Permanent Stent Using a Balloon
This patent describes the method for placing a permanent, expandable wire mesh tube inside a blood vessel or other body tube using a balloon-tipped catheter to widen it and keep it open.
Expandable Grafts Partnership
US 4965188 · 1990
How to Make Many Copies of a DNA Piece with Heat
This patent describes the Polymerase Chain Reaction (PCR) method, a technique to make millions of copies of a specific DNA segment using a heat-resistant enzyme and repeated temperature changes.
Cetus Corp
US 4235871 · 1980
How to Encapsulate Active Materials in Lipid Bubbles Efficiently
This patent describes a method for trapping biologically active substances inside tiny, multi-layered fat bubbles called liposomes, using a specific water-in-oil emulsion and gel-forming process to improve how much material gets captured.
Individual
Semantically similar
You might also find these interesting
US 11606373 · 2023 · Darktrace Holdings
AI System That Learns Normal Email Use to Spot and Stop Cyber Threats
US 12438891 · 2025 · Cisco Technology
How Multiple AI Models Detect Unusual Behavior on Computer Networks
US 12353827 · 2025 · Unlikely Artificial Intelligence
Using Non-AI Systems to Improve AI Text Generation
US 12307349 · 2025 · Broadridge Financial Solutions
How an AI System Answers Financial Questions Using Specialized Bots
More to explore
More in Software & Internet
US 4405829 · 1983 · Massachusetts Institute of Technology
How RSA Public-Key Encryption Keeps Digital Messages Secret
US 6285999 · 2001 · Leland Stanford Junior University
How Websites Get Ranked by Importance
US 5960411 · 1999 · Amazon com Inc
How Amazon's One-Click Ordering Works for Online Purchases
US 7669123 · 2010 · Facebook Inc
Displaying Friends' Activities in a Social Network Feed
New to patents?
Common Questions
Frequently Asked Questions
What does How AI Explains Cyberattacks for Security Training cover?
This patent describes a cybersecurity training tool that uses a large language model to explain why machine learning identified a cyber threat, based on both fake and real attacks, for security teams and regular users.
Who owns patent US 20240406210?
This patent is owned by Darktrace Holdings.
When does this patent expire?
This patent is expected to expire on May 30, 2044, when the invention enters the public domain.
What is patent US 20240406210 cited by?
This patent has been cited by 13 later patents that build on its ideas.
What problem does this patent solve?
Understanding complex cyber threats and the sophisticated machine learning models that detect them is a major challenge for both technical staff and everyday users. This patent addresses this by making the 'why' behind a threat detection accessible through AI-powered explanations. This can significantly improve how quickly and effectively people learn to identify and respond to cyber risks, reducing human error in a critical area.
What does this patent NOT cover?
Does not cover cybersecurity training that relies solely on human instructors without machine learning analysis of threats.
Same assignee
More from Darktrace Holdings
Patent monitoring