# How AI Explains Cyberattacks for Security Training

> This patent describes a cybersecurity training tool that uses a large language model to explain why machine learning identified a cyber threat, based on both fake and real attacks, for security teams and regular users.

- **Patent:** US 20240406210
- **Original title:** Cyber security training tool that uses a large language model
- **Owner:** Darktrace Holdings
- **Status:** Active
- **Times cited:** 13
- **Field:** cybersecurity, software, ai_ml, telecommunications, consumer_electronics

## What it does

The cyber security training tool uses a natural language processor and a large language model (LLM) to analyze cyberattacks. It can look at both a 'synthetic cyberattack' in a fake network that mirrors a real one, and a 'real cyberattack' happening in the actual network (Claim 1). The tool then provides an analysis and explanation, using the LLM, for why machine learning flagged these attacks as threats. This explanation is designed for training either regular users or cybersecurity team members. For example, it can use the LLM to highlight malicious parts of an email, like a phishing attempt, and explain immediately on screen why the email is dangerous (Claims 4, 5).

## What it does NOT cover

- Does not cover cybersecurity training that relies solely on human instructors without machine learning analysis of threats.
- Does not cover systems that only analyze real cyberattacks without also using a mimic network for synthetic attacks.
- Does not cover training tools that explain cyber threats without using a large language model.
- Does not cover general IT security awareness training that isn't specifically tied to machine learning's identification of a threat.
- Does not cover systems that only provide long-form reports days later, rather than immediate, on-the-spot feedback for users.
- Does not cover training that doesn't involve a user interface displaying the explanation and understanding of the machine learning.

## The clever bit

The truly novel aspect is using a large language model not just to detect threats, but to translate complex machine learning detections and network data into understandable, natural language explanations for human training.

## Real-world examples

1. Darktrace's AI-driven security platforms
2. Security awareness training platforms with AI explainability
3. Phishing simulation and training tools that provide immediate feedback
4. AI-powered security operations center (SOC) tools

## Why it matters

Understanding complex cyber threats and the sophisticated machine learning models that detect them is a major challenge for both technical staff and everyday users. This patent addresses this by making the 'why' behind a threat detection accessible through AI-powered explanations. This can significantly improve how quickly and effectively people learn to identify and respond to cyber risks, reducing human error in a critical area.

## Frequently asked questions

### What does How AI Explains Cyberattacks for Security Training cover?

This patent describes a cybersecurity training tool that uses a large language model to explain why machine learning identified a cyber threat, based on both fake and real attacks, for security teams and regular users.

### Who owns patent US 20240406210?

This patent is owned by Darktrace Holdings.

### When does this patent expire?

This patent is expected to expire on May 30, 2044, when the invention enters the public domain.

### What is patent US 20240406210 cited by?

This patent has been cited by 13 later patents that build on its ideas.

### What problem does this patent solve?

Understanding complex cyber threats and the sophisticated machine learning models that detect them is a major challenge for both technical staff and everyday users. This patent addresses this by making the 'why' behind a threat detection accessible through AI-powered explanations. This can significantly improve how quickly and effectively people learn to identify and respond to cyber risks, reducing human error in a critical area.

### What does this patent NOT cover?

Does not cover cybersecurity training that relies solely on human instructors without machine learning analysis of threats.

**Full plain-English explainer:** https://patentbrief.org/patent/us/20240406210/cyber-security-training-tool-that-uses-a-large-language-model

**Original patent:** https://patents.google.com/patent/US20240406210

---

_Source: PatentBrief — https://patentbrief.org. Patent facts are from public records; the plain-English explanation is PatentBrief's._


## Related patents

Semantically similar inventions in the PatentBrief corpus:

- [AI System That Learns Normal Email Use to Spot and Stop Cyber Threats](https://patentbrief.org/patent/us/11606373/cyber-threat-defense-system-protecting-email-networks-with-machine-learning-mode) — This 2023 patent describes an AI system that learns how your company normally uses email and then automatically takes action to stop cyber threats that behave unusually.
- [How Multiple AI Models Detect Unusual Behavior on Computer Networks](https://patentbrief.org/patent/us/12438891/anomaly-detection-based-on-ensemble-machine-learning-model) — This patent describes a computer system that uses several artificial intelligence models working together to spot unusual and potentially dangerous activity from users or devices on a computer network.
- [Using Non-AI Systems to Improve AI Text Generation](https://patentbrief.org/patent/us/12353827/computer-implemented-methods-for-the-automated-analysis-or-use-of-data-including) — This patent describes a method where a traditional, rule-based computer system helps a Large Language Model (LLM) generate more accurate and reliable text by providing it with better context and fact-checking.
- [How an AI System Answers Financial Questions Using Specialized Bots](https://patentbrief.org/patent/us/12307349/systems-and-methods-of-large-language-model-driven-orchestration-of-task-specifi) — This patent describes an AI system where a large language model (LLM) directs specialized machine learning agents to answer natural language questions about financial data, then refines the answers using an adversarial AI.
- [Training AI on Private Data Without Seeing It](https://patentbrief.org/patent/us/12518214/distributed-machine-learning-systems-including-generation-of-synthetic-data) — This patent describes a way to train artificial intelligence models using private data stored on many separate computers, by generating fake data that mimics the real data's patterns, so the private data itself never leaves its original location.