资方入场估值 01
5300 USD M [CV001] 尽调报告
Darktrace
具备规模的网络安全平台,最后公开经济指标扎实,但资方控股期披露偏薄。
Darktrace 仍像一家有规模、具战略相关性的网络安全平台,但赞助方时期的债务、治理和当前经营表现不透明,使它更适合观察而不是买入。
封面要素
公司概况
Darktrace 是一家总部位于 Cambridge 的网络安全公司,创立于 2013 年,早期靠自学习网络检测建立声誉,如今销售更宽的 AI 安全平台,覆盖网络、邮件、云、身份、OT、端点、调查、取证和 AI 治理流程。October 2024 Thoma Bravo 私有化前的最后公开截面显示,公司已是有规模的软件业务:ARR 为 $782.2 million,收入至少 $689.5 million,客户 9,735 家;当前公司材料仍在宣传 110 个国家的 10,000 家客户。投资争议已经不再是 Darktrace 是否真实、是否有战略意义,而是外部投资者能否在如今薄得多的私有公司披露下判断资方控股期表现、杠杆和治理。
- 成立时间
- 2013-01-01
- 创始人
- Nicole Eagan, Jack Stockdale
- 创立地点
- Cambridge, UK
- 总部
- Cambridge, UK
- 产品
- Darktrace 销售一个 AI 安全平台,在网络、云、身份、邮件、OT、端点和 AI 智能体环境中检测、调查、响应威胁,并辅助恢复;模块覆盖自主响应、网络安全调查、取证、暴露面管理和安全 AI 治理。
- 客户
- 大型企业、关键基础设施运营方、公共部门机构、医疗机构、教育机构,以及运行混合 IT 资产、需要全天候检测和自动化响应的其他安全团队。
- 商业模式
- 经常性软件平台,通过直接企业关系和合作伙伴渠道销售,包括 VAR、MSP/MSSP、咨询公司和分销商路径;购买流程以演示、评估和销售主导的签约为核心,而不是透明自助定价。
- 阶段
- PE-backed private
- 融资情况
- Darktrace 于 1 October 2024 被 Thoma Bravo 私有化,估值约 $5.3 billion;December 2025 英国担保文件显示,公司与 Goldman Sachs Bank USA 存在有担保融资,但没有可读的债务本金、定价、到期日或契约细节。
执行摘要
主要优势
- 产品面已经从单一 NDR 切入口扩到网络、云、身份、邮件、OT、终端、取证和安全 AI 控制。
- 最后一次公开经营快照质量很高:$782.2M ARR、至少 $689.5M 收入、89.3% 毛利率、106.6% 净 ARR 留存率。
- 公司当前披露仍指向庞大装机基础:110 个国家 10,000 名客户,合作伙伴覆盖也有分量。
主要风险
- 公开文件显示有担保融资确实存在,但赞助方时期债务、契约余量和股权瀑布条款仍不透明。
- 高管更替叠加官网披露过期,使完整私有化第一阶段的治理噪音更大。
- 买方把安全预算并入更宽的套件后,大型网络安全平台可能挤压 Darktrace 的续约和定价权。
- 2023 年会计争议留下声誉和监管尾部风险,仍需要给披露质量打折。
未决问题
- 可读的 FY2025、FY2026 财务报表,以及从 2024 年 6 月公开快照进入私有化阶段的 ARR 和收入桥。
- Goldman Sachs 担保押记背后的债务本金、定价、期限、契约阈值和贷方报告细节。
- 当前股权结构表所有权、管理层激励结构,以及私有公司董事会和委员会构成。
- 私有化后客户数、员工数、留存和模块组合的清晰当期桥。
目录
01公司概况
1.1 身份、覆盖范围与运营模式
Darktrace 是一家总部位于 Cambridge, United Kingdom 的网络安全公司。公司称自己自 2013 年起就在构建 AI 原生安全模型。当前公司页面把业务定位为全球网络安全 AI 厂商,并列出主要运营足迹:Cambridge、New York、London 和 Singapore;核心研究在 Cambridge,第二个 R&D 中心设在 The Hague。英国研究根基叠加全球销售落地很关键,因为这同时锚定了 Darktrace 的技术身份,也支撑了它长期声称自己是差异化的欧洲网络安全 AI 平台,而不是单一产品设备商。 当前平台叙事很宽:Darktrace 称 ActiveAI Security Platform 覆盖云、邮件、身份、运营技术、端点和网络安全,并由 200 多项专利和待批申请支撑。同一页面还称公司服务 110 个国家的 10,000 家客户,与数百家合作伙伴合作,并与 AWS 和 Microsoft 建立深度联盟。这些规模标记说明,Darktrace 已不只是 NDR 专家;它现在把自己包装成一个多攻击面、企业级 AI 安全平台,拥有全球客户基础,也对齐超大规模云厂商。 另一层重要背景是披露姿态。Darktrace 的投资者关系网站现在明确表示,公司是 Thoma Bravo 持有的历史档案,而不是活跃的公开市场报告界面。这意味着,当前运营事实更多来自公司营销页面和最后一次公开交易更新,而不是持续的上市公司文件。尽调层面,Darktrace 的核心身份强且一致,但 October 2024 私有化之后,当前指标的证据基础明显变薄。[CO001, CO003, CO004, CO005, CO006, CO007]
| 指标 | 数值 / 状态 | 日期 | 置信度 | 尽调缺口 |
|---|---|---|---|---|
| 成立 | 2013 | 2013 | 高 | 完整创始人名单在公开来源中仍有部分争议 |
| 总部 | 英国剑桥 | 2026-05 | 高 | 无;Companies House 通讯地址也支持 |
| 当前所有权 | 私有,由 Thoma Bravo 基金持有 | 2024-10 起 | 高 | 具体所有权比例和滚存条款未公开 |
| 私有化估值 | $5.3B | 2024-10-01 | 高 | 未披露交割后的公允价值更新 |
| 每股对价 | $7.75 现金 | 2024-10-01 | 高 | 未披露管理层滚存或保留股权细节 |
| FY2024 年 ARR | $782.2M | 2024-06-30 | 高 | 私有化前最近一次广泛公开 ARR 披露 |
| FY2024 收入 | $689.5M+ | 2024-06-30 | 高 | 私有化后没有 FY2025 或 FY2026 收入披露 |
| FY2024 客户数 | 9,735 | 2024-06-30 | 高 | 公开的类审计口径客户数是历史值,不是当前值 |
| 当前官网客户数 | 10,000 | 2026-05 | 中 | 公司声称的当前指标;没有独立验证 |
| 员工数 | 官网 2,300+;Tracxn 估计 2,591 | 2026-04 至 2026-05 | 低 | 核对当前 FTE 定义及是否纳入被收购团队 |
| 地域覆盖 | 110 个国家 | 2026-05 | 中 | 公司声称;不清楚指客户、办公室还是覆盖范围 |
| 创新足迹 | 200+ 项专利 / 申请中;剑桥 + 海牙研发 | 2026-05 | 中 | 本章未独立审计专利数量 |
当前运营指标混合了公司官网声称数据、最后一次公开 FY2024 交易更新和一个第三方估计;私人公司股权结构表和当前财务数据未披露。
[CO001, CO003, CO004, CO006, CO007, CO018]Darktrace 的研究根基、平台范围、客户基础、私募控股和转型风险如何连接。
[CO004, CO005, CO006, CO008, CO018, CO021]1.2 创始人、领导层与治理交接
Darktrace 公开确认最扎实的创始团队,是 Nicole Eagan 和 Jack Stockdale,两人仍出现在官方简介页面上。Nicole Eagan 的头衔是联合创始人兼战略顾问;Jack Stockdale 是创始 CTO,负责支撑平台的贝叶斯模型和 AI 算法。把这两份简介与 Summit Partners 对 Cambridge 信号处理能力、GCHQ 相关起源的历史叙述放在一起,可以支撑一个真实的技术创始故事;不过,公开来源仍未完全厘清完整创始人名单或初始股权分配。 当前更大的问题是领导层连续性。Investegate 和 Business Chief 确认,联合创始人 Poppy Gustafsson 于 September 2024 卸任 CEO,由 Jill Popelka 接任。随后 Darktrace 和 Thoma Bravo 又在 27 January 2026 确认第二次交接:Popelka 卸任,董事会主席 Charles Goodman 出任临时 CEO,董事会启动正式 CEO 搜索。约十六个月内压缩了两次 CEO 更替,第一轮完整 PE 持有周期里的治理和执行敏感度因此上升。 Companies House 记录显示,董事变动一直延续到 March 2026,但公开来源仍无法给出完全透明的私有公司董事会和委员会图景。这一点重要,因为 Darktrace 现在要按资方支持下的执行能力来评判,而不是按公开市场叙事管理来评判。直接结论是:Darktrace 保留了强技术创始连续性,但最上层运营领导班子正在交接,继任规划、决策权和资方董事会对齐都需要直接尽调。[CO010, CO011, CO012, CO013, CO014, CO015]
| 人员 | 角色 / 状态 | 背景或职能覆盖 | 创始人-市场匹配 / 覆盖 | 关键人依赖 |
|---|---|---|---|---|
| Nicole Eagan | 联合创始人兼战略顾问 | 官方资料强调战略、客户关系和产品创新 | 公开确认的创始商业 / 战略负责人 | 中 — 仍是创始人信号,但已不再担任日常 CEO |
| Jack Stockdale | 创始 CTO | 负责贝叶斯模型和 AI 算法;长期任职的技术架构师 | 围绕 AI 网络安全引擎的核心技术创始人-市场匹配 | 高 — 对技术连续性和 IP 叙事至关重要 |
| Poppy Gustafsson | 联合创始人;前 CEO;2024 年 9 月过渡后任非执行董事 | 带领 Darktrace 穿越公开市场阶段和出售流程并实现规模化 | 面向公众的创始人 / 经营者,连接市场可信度 | 中 — 不再担任运营 CEO,但仍是象征性利益相关方 |
| Jill Popelka | 前 CEO(2024-09 至 2026-01);离任后任顾问 | 在 Thoma Bravo 所有权下领导 Gustafsson 之后的第一阶段运营 | 带来运营规模化视角,而不是原始创始 IP | 中 — 离任带来过渡成本,而非技术 IP 流失 |
| Charles Goodman | 董事会主席,2026 年 1 月起任临时 CEO | PE 持有期治理负责人和当前临时经营者 | 代表董事会在 CEO 搜索期间的控制权 | 高 — 临时 CEO 角色在过渡期集中战略权力 |
| Mike Lynch 相关创始资本 | 历史创始投资人影响力,不是当前运营角色 | 与 Darktrace 早期历史中的 Invoke Capital 和更广 Autonomy 网络有关 | 对来源脉络和声誉背景重要 | 当前运营层面低,但对声誉历史仍重要 |
本表覆盖官方资料和公告中可见的公开具名创始人及过渡期领导者;私人公司董事会委员会和完整独立董事名单未公开。
[CO010, CO011, CO012, CO013, CO014, CO015]1.3 资本结构与私有市场重估
Darktrace 的决定性资本事件,是 Thoma Bravo 的私有化收购。Darktrace 和 Thoma Bravo 均表示,交易于 1 October 2024 完成,公司估值约 $5.3 billion,并以每股 $7.75 现金支付股东。Thoma Bravo 还表示,Darktrace 停止在 London Stock Exchange 交易,并将从 FTSE 100 退市。这笔交易是目前最干净的估值锚,也给今天的阶段分类提供了正确参照:Darktrace 现在是一家 PE 支持的私有网络安全平台公司。 私有化前最后一次宽口径公开运营截面来自 FY2024 经营更新。Financial Times Markets 和 Quartr 都复现了关键数字:截至 30 June 2024,ARR 为 $782.2 million,收入至少 $689.5 million,客户 9,735 家,总 ARR 流失率为 6.3%,ARR 净留存率为 106.6%。这些指标说明,Darktrace 进入私有所有权时,是一个具备规模、走向盈利增长的软件资产,客户广度实质存在,留存经济性也在改善。 公开来源没有给出的部分同样重要:交割后的准确股权结构表、Thoma Bravo 持股比例、管理层滚存,以及累计新股融资额均未在本次审阅材料中披露。IR 网站已经成为档案,新融资披露大概率要等下一次交易才会出现。尽调视角下,Darktrace 因此像是一家高质量、资方持有的平台公司,最后公开截面很强;但所有权机制和当前现金生成细节现在都藏在私有墙之后。[CO018, CO019, CO020, CO021, CO022, CO023]
| 利益相关方 | 角色 / 关系 | 控制权或经济重要性 | 已确认来源 | 尽调要求 |
|---|---|---|---|---|
| Thoma Bravo / Luke Bidco | 2024 年 10 月私有化后的收购方和当前所有者 | 控股所有者;设定赞助方治理和资本结构 | Darktrace 和 Thoma Bravo 交割公告 | 索取交割后股权结构表、所有权比例、债务包和滚存股权细节 |
| Darktrace 董事会 / Charles Goodman | 2026 年 CEO 搜索期间的董事会监督和临时 CEO 权限 | 对领导层选择和运营优先级拥有即时治理控制 | Darktrace 2026 年 1 月公告;Companies House 文件 | 索取完整董事会名单、委员会结构和 CEO 搜索流程 |
| Poppy Gustafsson | 联合创始人、前 CEO、继续担任非执行董事 | 历史战略影响力和外部可信度 | Investegate 和 Business Chief 过渡报道 | 澄清当前董事会职责,以及任何保留股权或特殊权利 |
| Jill Popelka | 前 CEO;2026 年 1 月离任后继续担任顾问 | 覆盖第一个 PE 年度的过渡运营知识 | Darktrace 和 Thoma Bravo 2026 年 1 月公告 | 澄清顾问期限、范围和交接状态 |
| Nicole Eagan | 联合创始人兼战略顾问 | 客户、战略和 AI 治理连续性 | Nicole Eagan 官方资料 | 澄清其参与产品路线图、客户留存和 AI 治理举措的程度 |
| Jack Stockdale | 创始 CTO | 技术架构和 IP 连续性 | Jack Stockdale 官方资料 | 评估技术领导层的留任风险、继任梯队和所有权激励 |
具体所有权比例和管理层滚存经济性未公开;本图展示的是从公开材料可见、在控制权、连续性或尽调意义上重要的利益相关方。
[CO014, CO016, CO017, CO018, CO019, CO020]用记分卡视角看 Darktrace 的经营规模、质量、创新深度和当前披露限制。
本 KPI 图刻意混合规模指标、不透明度和所有权标记,使其作为成熟度记分卡,而不是原始快照表的重复。
[CO018, CO019, CO020, CO021, CO022, CO023]1.4 从创立到平台扩张的里程碑
Darktrace 的公开里程碑记录显示,公司走过三个清晰阶段:Cambridge 技术形成期、公开市场扩张期,以及私有化之后的平台扩展期。当前公司材料强调长期 R&D 投入、超过 200 项申请构成的专利资产,以及多攻击面安全平台,而不是单一网络产品。Summit Partners 的历史叙述进一步说明,最初切入点是一种新型 AI 方法,来自 Cambridge 信号处理人才和接近政府情报体系的专业能力。 目前披露的私有化后最重要战略动作,是 January 2025 拟收购 Cado Security。Darktrace 称,Cado 将把云调查和响应覆盖扩展到多云、容器、无服务器、SaaS 和本地环境。到 September 2025,Darktrace 推出了自动化取证能力,并明确把该发布与 Cado 收购相连,称调查时间可从数天降至数分钟。这在战略上重要,因为它显示 Thoma Bravo 时代的资本正投向更深的云调查流程,而不只是增量模块刷新。 私有化后,负责任 AI 信息也继续更新。Darktrace 在 2025 年发布白皮书,描述其负责任 AI 框架,并称该框架与 NIST AI RMF、EU AI Act 和 OECD AI principles 对齐。这不能消除商业或治理风险,但确实说明 Darktrace 仍在投入企业 AI 采用所需的制度脚手架。总体看,里程碑图景是一家公司借私有所有权加深平台深度,同时试图守住公开市场时期建立的 AI 可信度。[CO007, CO009, CO013, CO027, CO028, CO029]
| 日期 | 事件 | 类型 | 金额 / 估值 / 状态 | 参与方 | 含义 |
|---|---|---|---|---|---|
| 2013 | Darktrace 在剑桥成立,并围绕 AI 原生网络防御定位 | 创立 | — | Darktrace 创始团队 | 确立剑桥技术起源故事和 AI 优先差异化 |
| 2024-07-18 | 发布 FY2024 Q4 交易更新 | 规模 | $782.2M ARR;$689.5M+ 收入;9,735 家客户 | Darktrace | 完全私有化前最后一次广泛公开运营快照 |
| 2024-09-06 | Poppy Gustafsson 卸任;Jill Popelka 被任命为 CEO | 治理 | 领导层过渡 | Darktrace 董事会;Poppy Gustafsson;Jill Popelka | 公开来源可见的公司历史上第一次 CEO 过渡 |
| 2024-10-01 | Thoma Bravo 收购完成,Darktrace 退市 | 融资 | $5.3B 企业价值;$7.75/股 | Thoma Bravo;Darktrace 股东 | Darktrace 成为 PE 支持的私人公司 |
| 2025-01-09 | Darktrace 宣布拟收购 Cado Security | 产品 | 待监管批准 | Darktrace;Cado Security | 释放收购后扩展到云调查与响应的信号 |
| 2025 | 发布负责任 AI 白皮书 | 监管 | 与 NIST / EU AI Act / OECD 对齐的框架 | Darktrace | 显示面向企业客户的持续 AI 治理定位 |
| 2025-09-25 | 在 ActiveAI 平台推出自动化取证能力 | 产品 | 调查从数天降至数分钟的主张 | Darktrace | 将源自 Cado 的云取证在平台内运营化 |
| 2026-01-27 | Jill Popelka 卸任;Charles Goodman 被任命为临时 CEO | 治理 | 启动常任 CEO 搜索 | Darktrace 董事会;Charles Goodman | 十六个月内第二次 CEO 更替提高执行敏感度 |
| 2026-02-02 | Gatekeeper Solutions 诉讼据报被终局驳回 | 反向 | 双方各自承担费用 | Gatekeeper Solutions;Darktrace | 正面法律结果,但提醒投资者尽调 IP 暴露 |
| 2026-05 | Darktrace 官网显示 10,000 家客户、110 个国家、2,300+ 名员工 | 规模 | 当前官网快照 | Darktrace | 展示私人所有权下仍在延续的规模主张 |
本时间线优先列出私有化后仍可验证的公开运营、治理、融资、产品和反向里程碑。2021 年 IPO 等更早公开市场里程碑在此省略,因为本章审阅的来源集没有提供足够详细的直接一手引用。
[CO001, CO006, CO014, CO016, CO018, CO019]以日期串起 Darktrace 从创立到私募支持的私有化阶段的公开转折点。
时间线只纳入本章直接保留引用的事件;它不打算覆盖完整公司史。
[CO001, CO009, CO014, CO015, CO016, CO017]1.5 反向检查、诉讼与披露缺口
即使已经私有化,Darktrace 仍背着需要重视的声誉包袱。City A.M. 记录了 2023 年重新出现的做空压力;Yahoo Finance 则报道,Mike Lynch 于 2024 年去世后,由于其与 Darktrace 的历史关联和更广泛的 Autonomy 事件,公司再次受到审视。CNBC 另报道称,EY 审查只发现少量合同错误和不一致,且没有任何事项对 Darktrace 财务报表构成重大影响;这有帮助,但抹不掉做空运动留下的市场记忆。 法律风险也需要跟踪。PacerMonitor 显示,Gatekeeper Solutions v. Darktrace 于 December 2025 从 Texas Eastern 转至 Northern District of California;PatSnap 随后报道,该事项在 early 2026 被有终局效力地驳回,双方各自承担费用。结果看起来有利,但专利诉讼曾经存在,仍强化了对 Darktrace IP 姿态和诉讼准备金假设做尽调的必要性。 更直接的尽调旗帜在当前数据质量。Darktrace 的关于页面仍展示一段归于 “Poppy Gustafsson OBE, CEO” 的引用,尽管她已在 September 2024 离任;Tracxn 的 April 2026 员工数估计为 2,591,也与 Darktrace 官网 2,300+ 的说法冲突。两点都不足以推翻核心投资逻辑,但都提示私有化后披露环境里,事实可能滞后或相互偏离。判断估值或杠杆假设前,投资者应直接核对员工数、董事会组成和资方持股,而不能只依赖公开摘要。[CO033, CO034, CO035, CO036, CO037, CO038]
02市场分析
2.1 市场边界、纳入支出与替代品
Darktrace 的经济相关市场既不是全部安全支出,也不只是一笔传统 NDR 设备预算。当前产品页显示,平台围绕网络、身份、云和邮件检测展开,并叠加 AI 主导的调查和定向自主响应;因此,纳入的支出池是这些攻击面上的遥测驱动检测与响应,而不是通用防火墙、GRC 套件、纯 IAM 管理,或咨询占比很高的服务。网络页面仍清楚划出核心边界:Darktrace 把 NDR 定位为 EDR、SIEM 和防火墙栈的补充,这说明公司常常作为既有安全架构中的新增层或替换层获胜,而不是完整控制平面替代品。相邻支出也重要,因为 Darktrace 还可以通过合作伙伴、MSP 和 MSSP 触达同一需求,把网络和邮件监控打包进托管服务。实际边界因此从狭义 NDR 延伸到更宽的 AI 主导检测与响应流程;主要现状替代品仍是 SIEM 优先检测、端点中心套件、传统邮件网关和手工 SOC 分诊。TM001 捕捉了这条支出边界及其排除项。[CM001, CM002, CM003, CM004, CM005, CM006]
| 细分 / 品类 | 纳入支出 | 排除支出 | 买方 / 付款方 | 相关性 |
|---|---|---|---|---|
| AI 主导的 NDR / 网络检测 | 网络遥测、横向移动检测、异常检测、自主响应、调查工作流。 | 防火墙硬件更新、传统 IDS/IPS、没有响应逻辑的通用网络监控。 | 买方:SecOps 或检测负责人;付款方:CISO 或安全平台负责人。 | Darktrace 的核心切入点,仍是最清晰的分析师式品类边界。 |
| 身份检测与响应 | SSO/AD 监控、账户接管检测、会话控制、内部威胁和横向移动检测。 | 纯 IAM、PAM、生命周期管理、仅治理的身份支出。 | 买方:身份安全或安全架构;付款方:CISO/CIO。 | 把 Darktrace 从网络扩展到账户中心安全预算。 |
| 云检测与调查 | 多云威胁检测、API 和工作负载监控、云取证、身份上下文调查。 | 通用云基础设施、CSP 合同、没有检测逻辑的纯 CSPM 或工单工具。 | 买方:云安全负责人;付款方:CISO、CIO 或平台预算负责人。 | Darktrace 推进云和取证后的重要邻近市场。 |
| AI 驱动的电子邮件安全 | 行为型钓鱼、BEC、账户接管检测、电子邮件和协作威胁响应。 | 仅旧式 SEG 的支出、归档,以及通用协作订阅。 | 买方:邮件安全或 SecOps;付款方:安全运营预算。 | 拓宽 SAM 的补充模块,但不应视为完整电子邮件安全市场。 |
| 合作伙伴交付的 MDR 叠加层 | 由 Darktrace 网络和邮件遥测驱动的托管监控与响应服务。 | 没有差异化检测平台的人员补充或咨询。 | 买方:MSSP/MDR 运营商或企业 CISO;付款方:服务预算或安全运营预算。 | 显示部分 Darktrace 需求通过渠道和服务层货币化,而不只是直接软件席位。 |
边界有意保持部分口径,因为 Darktrace 的平台叙事与邻近市场重叠;纳入支出跟踪遥测驱动的检测与响应,排除支出剔除仅治理、仅硬件和仅咨询的类别。
[CM001, CM002, CM003, CM004, CM005, CM006]2.2 多视角规模测算:广义 TAM、受限 SAM、未经验证 SOM
已发布的市场数字支持多个有效视角,而不是一个干净 TAM。MarketsandMarkets 估计,网络安全 AI 市场将从 2026 年的 $25.53 billion 增长到 2031 年的 $50.83 billion;其 XDR 视角则把更窄的平台预算放在 2025 年的 $7.92 billion 和 2030 年的 $30.86 billion。Mordor 给出了最贴近 Darktrace 根基的窄楔子:网络流量分析在 2026 年为 $4.91 billion,到 2031 年为 $8.29 billion。这些数字不能相加:AI 网络安全数字包含与 XDR、云和身份预算的重叠,而 NTA/NDR 是子细分,不是可以直接叠上去的独立池子。因此,最可防守的公开 SAM,是围绕 Darktrace 覆盖攻击面的证据约束综合,大约 $8 billion 到 $12 billion,而不是整个广义 AI 网络安全 TAM。任何 SOM 估计都更弱,因为私有化后的公开收入和细分组合数据缺失。FM001 和 FM002 保留了这种边界敏感性,没有硬凑一个虚假的点估计。[CM009, CM010, CM011, CM012, CM013, CM014]
| 发布方 | 年份 | 地域 | 数值 | CAGR | 方法 | 置信度 | 局限 |
|---|---|---|---|---|---|---|---|
| MarketsandMarkets | 2026-2031 | 全球 | $25.53B(2026)到 $50.83B(2031) | 14.8% | 广义 AI 网络安全市场视角,覆盖 AI 原生和 AI 增强产品。 | 中 | 口径过宽,不能作为 Darktrace 直接 SAM 使用,因为它与许多非 Darktrace 品类重叠。 |
| MarketsandMarkets | 2025-2030 | 全球 | 2025 年 $7.92B 至 2030 年 $30.86B | 31.2% | 以平台化整合预算为中心的 XDR 市场口径。 | 中 | 能反映预算竞争,但不是纯 Darktrace 品类,且部分与更宽的 AI 网络安全估算重叠。 |
| Mordor Intelligence | 2026-2031 | 全球 | 2026 年 $4.91B 至 2031 年 $8.29B | 11.06% | 带终端用户和区域拆分的网络流量分析市场口径。 | 中 | 最接近 Darktrace 早期基本盘的公开切口,但窄于 Darktrace 当前的多攻击面平台。 |
| 章节综合 | 2026 | 全球企业 / 受监管客户 | 估计 SAM:$8B-$12B | n/a | 受约束的综合口径:以 NTA/NDR 核心为底,再纳入与 Darktrace 覆盖攻击面相关的部分 XDR、电子邮件、云和身份邻近市场。 | 中 | 推导估算,存在重叠风险;应视为尽调口径,而非出版方披露的 TAM。 |
| 公开 SOM 口径 | 2026 | 全球 | 无法从 2025-2026 年公开披露中验证 | n/a | 暂不列 SOM,因为 Darktrace 私有化后,当前收入和分部结构不再公开。 | 低 | 没有管理层数据,无法做出可辩护的市场份额测算。 |
这张表有意把已发布品类数字和分析师推导的 SAM 口径放在一起,保留边界敏感性,而不是把一切压成一个人为合成的 TAM。
[CM009, CM010, CM011, CM012, CM013, CM014]金字塔视角:从广义 AI 网络安全 TAM 到更窄的 Darktrace 覆盖 SAM,SOM 则受公开数据限制。
只有顶层是直接的 2026 年品类估算;SAM 层是本章综合,SOM 层因私有化后缺少收入披露而刻意不填数字。
[CM009, CM013, CM014, CM015, CM039]区间图保留广义 TAM、平台预算和传统 NDR 视角之间的差异,而不是把它们平均抹平。
所有行均使用十亿美元。中间行代表各自报告预测窗口内的市场包络,不是同一年点估算。
[CM009, CM010, CM011, CM014, CM015, CM016]2.3 买方、用户、付款方与采用路径
Darktrace 的公开材料显示,主要经济买方仍是安全高管或面向董事会的安全预算负责人,但运营推动者通常更接近 SOC、身份团队或云运维团队。公司的客户证据集中在高校、医院、工业制造商、地方议会,以及其他运营连续性风险较高的组织;网络页面还明确面向中小企业、企业、政府和关键基础设施。这意味着买方地图由企业和受监管账户主导,而不是消费者或极小企业。采用路径也有多条:合作伙伴和 MSSP 可以把 Darktrace 打包进 MDR 风格产品,直接部署则往往从价值验证开始,团队信任流程影响后再扩展到邮件、身份或云。身份部署尤其跨职能,因为 Darktrace 把它们同 SSO、AD 和账户控制动作绑定在一起。实践中,用户是分析师或响应人员,评估者是安全运营或检测工程负责人;付款方可能是 CISO、CIO,或共享安全平台预算,取决于购买触发因素是威胁压力、合规,还是工具整合。TM003、FM003 和 FM004 映射了这些关系。[CM017, CM018, CM019, CM020, CM021, CM022]
| 细分市场 | 买方 | 用户 | 付款方 | 工作流 | 预算所有者 | 采纳触发因素 |
|---|---|---|---|---|---|---|
| 大型企业 SecOps | CISO 或安全副总裁 | SOC 分析师和检测工程师 | CISO | 由网络和平台牵引的检测,并配自动化调查 | 安全运营平台预算 | 需要缩短驻留时间,降低分析师负荷。 |
| 受监管欧洲企业 | 接受董事会监督的安全负责人 | SOC、合规和风险团队 | CISO 或 CIO | 与 NIS2 式事件报告和治理挂钩的检测与响应 | 网络风险或合规挂钩的安全预算 | 新增报告义务或董事会审视。 |
| 云重度企业 | 云安全负责人或安全架构师 | 云响应人员和事件调查人员 | CISO 或共享云安全预算 | 云遥测、取证采集和身份上下文调查 | 云安全和平台预算 | 可见性缺口和云端入侵经历。 |
| 身份牵引型企业 | 身份安全架构师 | 身份管理员和 SOC 团队 | CISO、CIO 或共享身份 / 安全预算 | SSO 和 AD 监控,并配账号接管响应 | 身份安全预算 | 凭证被盗痛点和处理耗时过长。 |
| 关键基础设施 / 公共部门 | 安全项目负责人或 CIO/CISO | 小型内部 IT / 安全团队加响应人员 | CIO、CISO 或公共部门网络安全项目 | 在运营敏感环境中提供托管或辅助监控 | 运营韧性预算 | 服务连续性、勒索软件风险和监管问责。 |
| MSSP / MDR 渠道 | MDR 服务负责人或合作伙伴总经理 | 合作伙伴 SOC 分析师 | 托管服务 P&L 负责人 | Darktrace 嵌入合作伙伴交付的网络或电子邮件 MDR 服务 | 合作伙伴服务预算 | 需要放大检测质量,并快速证明价值。 |
企业安全采购里,买方、用户和付款方经常分离;本表把经济所有者与验证匹配度和续约价值的运营团队分开列示。
[CM017, CM018, CM019, CM020, CM021, CM022]流程图展示需求如何从买方触发因素,经过技术评估,进入 Darktrace 直销或伙伴主导部署。
[CM018, CM019, CM020, CM030, CM041]示意性购买漏斗,展示 Darktrace 交易从触发到续约在哪些环节获得或失去动能。
百分比不是公司报告的转化率;它们把价值验证销售、伙伴路径、平台化和治理约束中的有证据摩擦点可视化。
[CM029, CM030, CM031, CM035, CM037, CM042]2.4 增长驱动因素与采用约束
需求逻辑可信。IBM 称,全球平均数据泄露成本为 $4.4 million,广泛使用 AI 做安全的组织可节省 $1.9 million;CrowdStrike 报告平均 eCrime 突破时间为 29 分钟,来自启用 AI 的攻击者的攻击上升 89%,披露前被利用的零日漏洞增加 42%。Darktrace 自己的云和身份页面也强化了买方为何在意:其引用的 CSA 调查中,只有 23% 的组织报告完整云可见性,79% 报告过去 18 个月至少发生过一次云泄露,身份泄露仍然解决缓慢。监管进一步放大这种压力,NIS2 把义务扩展到 18 个关键行业,SEC 网络规则也推动上市公司更快披露事件并记录治理。约束端同样重要。自主响应成为销售话术的一部分时,AI Act 正好增加了人类监督和高风险系统义务;Palo Alto 等平台厂商也持续把预算导向更宽套件。Darktrace 还把自己的 NDR 层定位为 SIEM、EDR 和防火墙的补充,这有利于采用,但也限制了简单整体替换的经济性。TM004 把宏观增长顺风和承保风险分开。[CM024, CM025, CM026, CM027, CM028, CM029]
| 驱动 / 约束 | 方向 | 时间 | 影响 | 尽调问题 |
|---|---|---|---|---|
| IBM 入侵成本与 AI 节省证据 | 驱动 | 当前 | 支撑以 ROI 为核心的采购论证:更快检测、更多自动化。 | Darktrace 赢单有多少靠量化降低损失,而不是功能持平? |
| 横向扩散更快,AI 赋能攻击更多 | 驱动 | 当前 | 抬高实时检测、分诊和响应的紧迫性。 | Darktrace 的赢单是否集中在事故之后,尤其是暴露驻留时间或分析师产能缺口的事故? |
| 云和身份可见性缺口 | 驱动 | 当前 | 带来跨云、账号和网络上下文的检测层需求。 | 新管线中有多少来自云或身份牵引用例,而非核心 NDR 替换? |
| NIS2 和 SEC 治理压力 | 驱动 | 2024-2026 | 把网络安全问责推向管理层和董事会,支撑预算优先级。 | 有多少收入来自如今面临更严格报告和监督的受监管行业? |
| EU AI Act 监督要求 | 约束 | 2026 年起 | 在欧洲,自动响应主张会多出合规和人工监督摩擦。 | 要让自动响应继续能在欧盟受监管客户中部署,产品和法律侧还需要做哪些工作? |
| 大型套件平台化 | 约束 | 当前 | 预算转向更宽的供应商;它们有更大的平台 ARR 和打包续约经济性。 | Darktrace 在哪些场景替换既有平台,哪些场景只是作为专业叠加层出售? |
| 补充而非替换的架构 | 约束 | 当前 | 这种定位利于部署匹配,但限制其替代整块预算,也可能拖慢采购。 | 有多少交易是在 SIEM/EDR 旁边加购 Darktrace,而不是把支出整合到 Darktrace? |
| 当前独立评测证据偏薄 | 约束 | 当前 | 公开来源难以验证定价、误报和续约摩擦主张。 | 在 NDA 下索取当前赢输单、定价异议和客户访谈数据。 |
本表是尽调议程,不是评分卡;它把每个需求顺风或约束项,与其带出的承销问题相连。
[CM024, CM025, CM026, CM027, CM028, CM029]2.5 尽调缺口与相互矛盾的估计
两个矛盾应保持明示。第一,公开市场估计差异很大,因为它们描述的是不同边界:$25.53 billion 的 AI 网络安全视角、$7.92 billion 的 XDR 平台视角,以及更窄的 $4.91 billion NTA/NDR 楔子同时存在,简单相加会夸大 Darktrace 的真实机会。第二,公司在向买方销售宽泛的 AI 主导平台故事,但买方仍会用更窄的 NDR 或流程增强视角评估产品中的相当部分。仍有几项尽调缺口很重要。发现包中最强的反向来源——一篇关于 2022-2026 NDR 市场动态的 Omdia 文章——本轮返回 404,因此无法从一手文本重新验证专家续约压力的最直接公开证据。公开可检索的独立当前评价,对定价、误报和续约摩擦也偏薄;私有公司披露又意味着当前 SOM 无法用 2025-2026 收入数据验证。做估值时,这意味着边界纪律和管理层提供的队列证据,比任何单一已发布 TAM 标题都更重要。[CM015, CM016, CM034, CM038, CM039, CM040]
03竞争格局
3.1 竞争格局与替代地图
Darktrace 竞争的市场,比独立 NDR 更宽,又比“全部网络安全”更窄。直接同业仍很清楚:Vectra、ExtraHop,以及程度稍弱的 Corelight,都在争夺同一笔网络主导检测预算;PeerSpot 的 May 2026 截面显示,Darktrace、Vectra 和 ExtraHop 聚在一个正在收缩的心智份额池里,而不是分属不同类别。Darktrace 自己最后公开规模点仍有意义:ARR 为 $782.2 million,客户 9,735 家;但这个足迹现在明显小于那些越来越定义企业 SOC 采购的数十亿美元级公开套件厂商。[CP001][CP026][CP027] 更重要的战略对手,是能把预算讨论向上重定向的平台存量厂商。CrowdStrike FY2026 末 ARR 为 $5.25 billion,SentinelOne FY2026 末 ARR 超过 $1.1 billion,Palo Alto Networks 在 fiscal 2025 退出时 Next-Generation Security ARR 为 $5.6 billion。Microsoft Sentinel、Cisco XDR 加 Splunk,以及 IBM QRadar 也很重要,因为它们锚定现状和既有数据平面。实践中,Darktrace 不再只是对抗另一台 NDR 设备;它在对抗一个更宽的主张:安全团队应购买一个统一运营平台,覆盖端点、身份、日志和响应流程。[CP004][CP007][CP009][CP011][CP015][CP016][CP017][CP018][CP044] 这张更宽地图还包括相邻路径和替代路径。Nozomi 拿住偏 OT 的侧翼,Corelight 代表开放 NDR 和内部自建倾向,Google 收购 Wiz 则把多云安全平台延伸到相邻检测与响应地带。Omdia 的 2026 观点是关键反向证据:随着统一 XDR 平台拿到份额,独立 NDR 出现了更多不续约和替换。正确的竞争版图因此横跨直接同业、存量厂商、相邻专家、手工 SIEM 现状、内部自建,以及可能更快扩展控制平面的潜在进入者。[CP018][CP032][CP033][CP035][CP039][CP040][CP044][CP048]
按平台宽度与 AI / 自主检测深度做序数定位。分数来自保留证据下的比较判断,不是基准测试输出。
坐标轴是基于官方产品范围、公开规模和评测证据得出的序数分析判断,而不是基准性能分数。
[CP001, CP004, CP009, CP011, CP018, CP019]3.2 竞争对手画像、规模与战略方向
画像表把核心规模不对称摊开。CrowdStrike、Microsoft、Palo Alto Networks 和 Cisco/Splunk 拥有更深披露、合作伙伴杠杆和更大软件收入基础,Darktrace 目前无法在公开层面匹配。CrowdStrike 的 FY2026 业绩和 Falcon 平台表述,给出了这个模型最清晰的版本:统一合同和遥测基础,可从端点扩展到身份、SaaS 和更宽的 AI 保护。Palo Alto 通过 XSIAM 从 SIEM 侧采用同一逻辑,Cisco 则从网络基础设施延伸到基于 Splunk 的 TDIR。[CP004][CP005][CP006][CP009][CP010][CP014][CP015][CP016] 直接专家更有层次。Vectra 仍是最接近的同类对手,因为它围绕网络、身份和云营销行为检测,引用 39 项 AI 专利,并继续借 Gartner 和 GigaOm 认可证明品类领导力。ExtraHop 即使没有公开财务披露,仍会真实进入买方评估清单;Corelight 也重要,因为它把开放 NDR 方法商业化,服务那些宁愿自己拥有遥测和分析层的组织。Nozomi 处于相邻而非直接替代位置:当关键基础设施、工业网络或运营韧性要求主导采购动作时,它的 OT 和 IoT 深度最重要。[CP019][CP022][CP024][CP025][CP026][CP027][CP035][CP036][CP037][CP039] Darktrace 自身位置因此尴尬但仍有价值。它比多数私有纯 NDR 同业更大、更宽,但披露更少,合同嵌入程度也弱于平台厂商。公司以自学习 AI、异常驱动检测和响应自动化做差异化;但越来越多时候,它卖进的账户真正采购决策是:在 Microsoft、CrowdStrike、Palo Alto、Cisco 或 IBM 之上,是否还值得给另一个专家预算。因此,战略方向和当前功能对等同样重要:赢家往往是最能控制买方既有运营模式的厂商,而不是异常检测故事最好的厂商。[CP001][CP002][CP003][CP019][CP041][CP045]
| 竞争者 | 类别 | 规模 / 融资信号 | 目标客户 | 差异化 | 局限 |
|---|---|---|---|---|---|
| Darktrace | AI 原生 NDR / 检测与响应专家 | FY2024 ARR 为 $782.2M,收入 $689.5M+,最后一次公开快照显示 9,735 家客户 | 大型企业、高端中型市场、受监管客户 | 自学习 AI、响应自动化,并广泛覆盖网络 / 电子邮件 / 云 / 身份 | 私有化后披露变薄;定价仍不透明 |
| Vectra AI | 直接 NDR 对手 | 2,000+ 家组织;39 项 AI 专利;声称获得 Gartner 和 GigaOm 认可 | 需要行为型网络和身份检测的企业 SecOps 团队 | 覆盖网络、身份和云的行为型 NDR | 财务数据仍不透明;定价评测称授权复杂 |
| ExtraHop | 直接 NDR 对手 | 2026 年 5 月 PeerSpot NDR 排名第 4、认知份额 6.1% | 企业网络和安全团队 | 线速数据积累和较高用户推荐率 | 保留来源中没有公开财务规模 |
| Corelight | 开放 NDR / 接近内部自建的替代方案 | 开放 NDR 平台,在大型交易、交通和医疗环境已有部署证明 | 安全成熟企业、政府、关键基础设施 | 开放证据模型和 Zeek 社区分析 | 比 Darktrace 更依赖工程投入,开箱即用程度更低 |
| CrowdStrike Falcon | 端点优先的 XDR 既有厂商 | FY2026 ARR 为 $5.25B,收入 $4.81B | 企业和公共部门 SOC 团队 | 统一平台、大型装机基础、Falcon Flex 打包打法 | 原生网络深度不如端点和身份广度重要 |
| Microsoft Sentinel / Defender | 超大规模云厂商 SIEM + XDR 既有厂商 | 350+ 个连接器,加上 Microsoft 身份和云合同杠杆 | 重度使用 Microsoft 的企业,以及 IT / 安全共享买方 | 云原生 SIEM、数据湖、图谱上下文和既有合同覆盖 | Microsoft 已经扎根的账户,预算逻辑最强 |
| Palo Alto Cortex XSIAM | 平台化 SOC 既有厂商 | 2025 财年收入 $9.2B,NGS ARR 为 $5.6B | 大型 SOC 团队和以整合为导向的企业 | AI 牵引的 SOC、强平台化叙事、QRadar 迁移路径 | 公开定价不透明;最适合大型套件评估 |
| Cisco XDR + Splunk | 既有 SIEM / TDIR 控制平面 | Cisco 称 Splunk 让其跻身全球最大软件公司之一 | 以 Cisco/Splunk 标准化的企业 | 网络牵引防御,加上 Splunk 数据引力和 TDIR 工作流 | 仍可能像现状现代化,而不是净新增 NDR |
| Nozomi Networks | 邻近 OT / IoT 专家 | 为关键基础设施专门打造的 OT 和 IoT 安全平台 | 工业、公用事业、交通和 OT 重度运营方 | 深度 OT 上下文和运营韧性姿态 | 不是 Darktrace 在主流企业 IT 中的替代方案 |
| Google Security Operations + Wiz | 邻近平台和潜在进入者 | Google 将 Wiz 纳入多云 AI 安全平台 | 围绕 Google Cloud 安全运营做标准化的云优先企业 | 代码到云,加上运行时上下文和超大规模云厂商分发 | 目前仍更以云安全为中心,不是直接替代 Darktrace |
本表是部分列举,聚焦截至 2026-05-30 有直接保留证据的竞争者和替代方案;内部自建与手工 SIEM 现状在逐行规模证据过薄时放在正文讨论。
[CP001, CP004, CP007, CP009, CP015, CP018]3.3 能力、定价、GTM 与信任姿态
Darktrace 的能力逻辑,在买方看重行为网络深度、以及基于本地基线而非纯关联告警的响应时最强。当前 AI 安全页面仍把产品放在签名和规则方法的对立面;TrustRadius 评论也确认,Darktrace 会先学习环境数周,再进入更完整的识别和自动化动作。Vectra 在同一行为检测叙事上最接近;Corelight 则代表相反哲学:开放遥测和开放分析,而不是封闭的自学习 AI 引擎。[CP002][CP003][CP019][CP030][CP031][CP039] 商业姿态更混合。在保留集合中,Microsoft 是唯一清楚发布定价机制的厂商,披露了承诺层级以及数据湖与分析定价,这让它在预算对话中有结构性优势。CrowdStrike、Palo Alto、Cisco/Splunk、Darktrace 和 Vectra 多数通过企业包装语言、评论证据或套件代理指标出现,而不是公开价目表。评论数据表明,在部分交易中 Vectra 价格可能低于 Darktrace,尽管两者都被视为昂贵的企业产品;Darktrace 评论者则提到年度涨价和谈判必要性。信任姿态也分化:CrowdStrike、SentinelOne、Palo Alto、Microsoft、Cisco 和 IBM 定期发布当前运营指标和路线图语言,而 Darktrace 现在只能通过更薄的私有公司披露界面来判断。[CP004][CP006][CP007][CP009][CP011][CP013][CP015][CP016][CP028][CP029][CP030] 这道披露缺口重要,因为在受监管账户中,信任本身就是竞争的一部分。套件厂商可以把产品主张与季度披露、公开泄露叙事、合作伙伴生态和迁移优惠绑定。Darktrace 仍可凭产品体验或自主响应获胜,但在规模、当前合同或附加率的公开证据密度上,目前无法匹配同等水平。在一个走向平台理性化的市场里,买方理解的“信任”往往既包括技术有效性,也包括披露、迁移确定性和商业可预测性。[CP018][CP030][CP041][CP043][CP045][CP046]
| 采购标准 | Darktrace | Vectra | CrowdStrike | Microsoft Sentinel | Palo Alto XSIAM | Cisco XDR + Splunk |
|---|---|---|---|---|---|---|
| 行为型网络检测深度 | 强 | 强 | 中 | 有限 / 连接器牵引 | 中 | 中 |
| 身份和云上下文 | 强 | 强 | 强 | 强 | 强 | 中 |
| 自主或 AI 引导响应 | 强 | 中 | 强 | 强 | 强 | 中 |
| 原生 SIEM / 数据湖控制 | 有限 | 有限 | 有限 | 强 | 强 | 强 |
| OT / 工业邻近 | 中 | 合作伙伴牵引 | 有限 | 有限 | 有限 | 有限 |
| 公开规模和披露深度 | 低 | 低 | 高 | 高 | 高 | 高 |
| 分发 / 打包能力 | 中 | 中 | 高 | 很高 | 高 | 高 |
| 公开定价透明度 | 低 | 低 | 低 | 中 | 低 | 低 |
单元格是基于保留来源集的、有证据支撑的序数判断。“有限”指能力较弱,或主要靠集成实现,而不是占主导的原生控制平面。没有独立支持的竞品主张,不上调到高于中。
[CP002, CP003, CP005, CP008, CP010, CP011]| 供应商 | 定价 / 合同模式 | 公开定价可见度 | GTM / 分发 | 打包或迁移杠杆 | 影响 |
|---|---|---|---|---|---|
| Darktrace | 跨模块和受保护环境的企业订阅;评测证据显示采用议价定价和年度涨价条款 | 无公开标价 | 直销加合作伙伴渠道 | 相对套件供应商,打包杠杆较低 | 赢单需要证明差异化结果,而不是靠简单表格对比 |
| Microsoft Sentinel | 按用量定价,含承诺层级,以及分析层与数据湖层 | 是,部分机制公开 | Microsoft 企业协议、Azure、合作伙伴生态 | 极高:既有 Microsoft 合同降低增量采购摩擦 | 已经向 Microsoft 付费的账户里,最可信的现状替代方案 |
| CrowdStrike Falcon | 平台合同,靠打包扩张和 Falcon Flex 式跨模块经济性 | 保留来源中无公开价目表 | 大规模直销和渠道动作 | 高:Flex 账户和端点覆盖让邻近场景变宽,无需单独采购 | 在 Darktrace 获得重新评估机会前,可先吸收增量检测工作流 |
| SentinelOne Singularity | 跨端点、云和身份的分层平台定位;保留证据显示定价仍大多基于报价 | 保留来源中无公开标价 | 直销加渠道 | 中高:统一平台标准化卖点 | 买方想要 XDR、但不想被 Microsoft 或 CrowdStrike 锁定时,更有竞争力 |
| Palo Alto XSIAM | 平台化和企业 ELA 式打法;未保留公开价格手册 | 保留来源中无公开标价 | 全球直销、渠道和 IBM 服务杠杆 | 高:QRadar 迁移路径和更宽的平台合同 | 大型企业已经在精简供应商时,定位最好 |
| Cisco XDR + Splunk | 围绕 TDIR 和数据工作流的企业平台授权 | 保留来源中无公开标价 | Cisco 装机基础、合作伙伴、Splunk SOC 覆盖 | 高:数据引力和既有工作流锁定 | 即便 NDR 深度不是同类最佳,现状仍有黏性 |
| Vectra AI | 年度企业授权;评测称计量逻辑复杂 | 未公开标价 | 直销加合作伙伴 / MSSP 路径 | 套餐捆绑杠杆低,专业渠道杠杆中等 | 某些交易中能压低 Darktrace 报价,但自身仍受定价复杂性拖累 |
| Corelight | 围绕开放 NDR 和证据采集打包平台与传感器 | 未公开标价 | 技术型安全销售与合作伙伴集成 | 商业套餐杠杆低;工程团队自建杠杆更高 | 买方想掌控遥测和分析栈时更有吸引力 |
保留样本中,只有 Microsoft 明确公开定价机制。其他行结合了官方包装表述、财务披露或独立评测评论, 而不是经审计的价格手册。
[CP006, CP013, CP018, CP028, CP029, CP030]压缩视图:哪些厂商原生拥有 Darktrace 相关购买标准,哪些是借更宽平台语境覆盖。
这些标签把更完整的矩阵压缩成面向采购判断的分层。「低」或「有限」表示原生能力偏弱,或覆盖主要依靠连接器完成。
[CP003, CP011, CP012, CP014, CP018, CP022]3.4 切换成本、锁定效应、多家并用与分销权力
Darktrace 确实有真实切换成本,但它们不同于套件厂商的锁定效应。TrustRadius 评论者描述,Darktrace 达到完整识别模式前需要一个学习期,也描述了基线建立后的自动化动作。这意味着替换不只是拆掉一个传感器:客户还需要重新训练另一套系统,并重建运营人员已经信任的响应逻辑。这是真实嵌入价值,尤其在开启自主或半自主响应的场景里。[CP030][CP031][CP042] 问题是,Darktrace 通常是多家并用,而不是垄断。Microsoft Sentinel 设计为吸收广泛第三方数据,Cisco XDR 销售开放集成和网络主导防御,Splunk 仍是统一 TDIR 控制平面。因此,Darktrace 往往与 SIEM、端点和身份工具共存,而不是彻底替代它们。多家并用降低了整体替换风险,但也限制钱包份额,并让平台整合故事更危险:Microsoft 可以利用现有合同,CrowdStrike 可以通过 Falcon Flex 扩宽,Palo Alto 可以在专家进入最终采购清单前拦截 QRadar 迁移。[CP011][CP012][CP014][CP016][CP018][CP043] 分销权力是本章最清楚的不对称。Cisco 现在拥有 Splunk,IBM 明确把 SaaS 迁移导向 XSIAM,Microsoft 已经占据身份和日志预算,CrowdStrike 越来越多销售平台扩张而非独立模块。Darktrace 仍有合作伙伴覆盖,但在这个比较里,它是较小的控制平面。最好的防御,是变得足够运营不可或缺,让买方即便整合也继续保留它。如果这种不可或缺性偏弱,Darktrace 就可能变成别人安全运营栈里一个受尊重的第二信号。[CP006][CP018][CP020][CP021][CP043][CP045]
3.5 护城河耐久性、商品化风险与反向证据
只有当自学习检测加响应自动化持续显著好于“足够好”的平台替代品时,Darktrace 的护城河才耐久。这条护城河不是假的:产品仍呈现差异化模型,Vectra 仍是最接近的纯专业对手而非套件存量厂商,评论证据也显示,一旦流程调好,Darktrace 会变得粘。但市场方向对任何无法反复证明更好结果的专家都不利。Omdia 关于独立 NDR 不续约的证据,是保留集合中最重要的反证数据点。[CP002][CP031][CP032][CP041][CP042][CP046] 第二个风险,是买方感知里的 AI 商品化。CrowdStrike、Microsoft、Palo Alto 和 Darktrace 现在都在营销 AI 驱动的调查和响应。即使架构不同,信息差也已大幅收窄。Microsoft 正把 Security Copilot 推进身份分诊,Palo Alto 在销售智能体 SOC,CrowdStrike 销售 Charlotte AI 和统一 AI 原生平台,Google 加 Wiz 正在构建一个背靠 Google Security Operations 的云安全控制平面。在这种语境里,“我们使用 AI”本身已不再是护城河;Darktrace 必须围绕响应质量、异常精度和节省分析师时间,守住更窄的主张。[CP005][CP010][CP034][CP040][CP041][CP047] 反向证据因此不是单一致命缺陷,而是一叠压力。PeerSpot 显示,直接同业 NDR 队列正在丢失心智份额;评论数据标出定价和调优摩擦;套件厂商现在有更清晰商业路径,把网络检测吸收进更宽合同。护城河仍存在,尤其在重视自主响应或不信任套件厂商“足够好”网络分析的组织里。但其耐久性看起来是中等而非铁板一块;悲观情景也很容易表述:如果 Darktrace 变成新增项而非不可或缺项,平台整合将同时压缩增长和定价权。[CP026][CP028][CP029][CP032][CP034][CP043][CP045][CP046][CP047]
| 护城河主张 | 威胁 | 严重性 | 时间范围 | 缓释措施 / 尽调问题 |
|---|---|---|---|---|
| 自学习检测加自动化响应 | CrowdStrike、Microsoft 和 Palo Alto 的 AI 叙事和引导式响应工作流已经足够接近,买方可能接受 | 高 | 12-24 个月 | 比较启用自主响应与仅做被动监控时的赢单率 |
| 行为基线和工作流嵌入 | 客户仍可在更大的 SIEM 或 XDR 控制平面下并用 Darktrace | 高 | 当前 | 按账户架构和 RESPOND 附加率索取队列留存数据 |
| 专业 NDR 深度 | 据 Omdia,统一 XDR 平台的 NDR 替换率正在上升 | 高 | 当前 | 验证 Darktrace 在新客户中赢单是替换现有系统,还是只作为叠加层 |
| 私有化公司定位和欧洲品牌积累 | 上市套件型竞争对手更常披露规模、路线图和迁移确定性,Darktrace 如今较难做到 | 中 | 当前 | 要求管理层在 NDA 下披露当前 ARR、客户数和产品附加率 |
| 泛平台覆盖主张 | 开放 NDR 和内部自建替代方案会削弱其在安全成熟账户中的价值 | 中 | 12-24 个月 | 测试当买方偏好开放遥测和自运营分析时,Darktrace 还能否赢单 |
| 云和 OT 邻近领域 | Google 加 Wiz、Nozomi 从云安全和 OT 专家两侧挤压 Darktrace | 中 | 12-24 个月 | 跟踪 Darktrace 在不拥有更大平台时,能否守住云和 OT 叙事 |
严重性综合了分析师证据、评测评论和在位厂商分销能力。风险最高的项目,是那些会把 Darktrace 从主控制平面压成次级遥测层的因素。
[CP031, CP032, CP034, CP041, CP042, CP043]用紧凑视图呈现有证据支撑的核心指标,这些指标界定了 Darktrace 当前的竞争站位。
规模差距项把 Darktrace 最后披露的公开 ARR 与 CrowdStrike FY2026 ARR 对比。切换成本和压力评级是定性综合判断,不是公司披露的 KPI。
[CP001, CP004, CP009, CP026, CP030, CP031]3.6 图表
04财务情况
4.1 收入模式、定价机制与 GTM 动作
Darktrace 的公开收入模式,仍应理解为通过谈判合同销售的经常性企业网络安全软件,而不是透明自助定价。最强公开锚,是 Darktrace 作为上市公司选择披露的运营指标:ARR、收入、客户数、留存和 RPO。最后一次完整公开截面显示,截至 30 June 2024,ARR 达到 $782.2 million,收入至少 $689.5 million;H1 FY2024 RPO 已达 $1.254 billion。管理层反复称,该模式由多年合同支撑;这一点重要,因为它解释了为什么 ARR、积压订单和收入转换更慢,但可见度优于一次性交易销售。 官方购买入口也指向销售辅助动作。Network 产品页把潜在客户引向在自身环境里的评估,Contact 页面把买方导向销售和支持渠道,合作伙伴页面描述 VAR、MSP/MSSP、咨询和分销路径。同一合作伙伴页面向咨询伙伴宣传 30-day 价值验证,说明售前动作实质存在,获客成本也不会低,尽管公司不披露 CAC 或回本周期。公开记录没有披露的内容同样重要:看不到官方价目表、模块级收入组合、直销与渠道拆分,也没有实际折扣数据。公开投资者可以判断一个高质量经常性模式的存在,却无法充分判断 SKU 层面的定价权。[CI001, CI002, CI003, CI004, CI010, CI011]
| 收入来源 | 机制 | 单位 | 当前数值 / 状态 | 质量 | 尽调问题 |
|---|---|---|---|---|---|
| 核心经常性平台订阅 | 以 ARR 为主要跟踪指标的多年期企业网络安全合同 | ARR / 订阅合同 | 截至 30 Jun 2024 ARR 为 $782.2M;FY2024 收入至少 $689.5M | 规模维度高;模块组合维度低 | 提供按模块、地域和客户分群拆分的收入与 ARR |
| 存量客户扩张 | 在已安装客户群内增购和交叉销售 | 来自存量客户的净新增 ARR | 管理层称,新增 ARR 中仍有相当部分来自存量客户;具体金额未拆分 | 中 | 按队列、模块附加和毛续约到净续约瀑布,提供扩张 ARR |
| 新客户 ARR | 通过直销和合作伙伴辅助 GTM 获得的新客户订阅 | 净新增客户 / 新客户 ARR | FY2024 净新增 936 家客户;管理层预计 FY2025 新客户 ARR 增量会提高 | 中 | 提供新客户 ARR、首年平均 ACV 和按分群拆分的回本周期 |
| 合作伙伴 / MSP / MSSP 路径 | VAR、分销商、咨询公司、MSP 和 MSSP 渠道转售 Darktrace,或把它打包进服务 | 合作伙伴主导交易 / 捆绑服务 | 官方路径存在,包含 30 天 Proof of Value 流程;公开收入分成未披露 | 中 | 拆分合作伙伴来源 ARR、合作伙伴利润率以及直销对渠道赢单率 |
| 服务 / 实施长尾 | 软件销售周边的部署、赋能和支持经济性 | 服务合同 / 支持负担 | 公开 FY2024 材料未单独披露服务收入或服务毛利率 | 低 | 披露专业服务收入、设备 / 支持负担以及按服务线拆分的毛利率 |
公开证据最强的是经常性订阅规模和 GTM 路径;模块级收入结构和服务贡献仍是私有信息。
[CI002, CI003, CI004, CI007, CI011, CI012]| 定价要素 | 价格 / 单位 / 合同 | 标价与实际价格 | 折扣 / 未知项 | 来源 |
|---|---|---|---|---|
| 官方购买路径 | 未公开费率卡;本次审阅的官方页面把买方引向评估或联系流程 | 未公开标价、结账路径或标准折扣表 | Darktrace 网络和联系页面 | |
| 合同结构 | 协商式多年期企业合同 | 仅合同形态公开;实际成交价格不公开 | 期限组合、年度涨价条款和续约让利未知 | H1 FY2024 和 FY2023 业绩评论 |
| Proof of Value 路径 | 面向咨询合作伙伴的 30 天 Proof of Value | 商业导入路径公开,但价格未公开 | 试点转付费率和售前成本未知 | Darktrace 合作伙伴页面 |
| 平均 ARR / 客户代理指标 | June 2024 约每客户 $79.8k-$80.3k | 由 ARR 除以 9,735 家客户得出;不是标价 | 掩盖了席位数、覆盖面数量和企业规模造成的大幅差异 | FY2024 经营更新 |
| 第三方评测定价页面 | 公开评测 URL 存在,但本次运行被 JS 阻挡 | 无法从被阻挡页面验证任何报价或合同基准 | G2 定价 URL |
可守住的结论是协商式企业定价,配合销售主导的 Proof-of-Value 路径,而不是透明的公开 SKU 定价。
[CI012, CI020, CI021, CI035, CI036, CI039]Darktrace 靠评估驱动的签约流程,而不是公开标价,把企业需求转成 ARR、收入和毛利。
该流程是概念图,因为公开来源披露了变现结构,但没有披露模块级收入结构或实际成交价格。
[CI003, CI004, CI012, CI020, CI021, CI039]4.2 单位经济、毛利率驱动因素与销售效率代理指标
Darktrace 的公开单位经济披露,输出指标强,输入指标弱。输出端,公司披露的毛利率持续很高:FY2022 为 89.2%,FY2023 为 89.8%,H1 FY2024 为 89.3%;同时 FY2022 产生 $99.5 million 自由现金流,FY2023 为 $93.8 million。这些是强软件化经济性,也解释了为什么 Darktrace 进入私有所有权时是运营强势,而不是救助融资。H1 FY2024 增加了更多层次:收入同比增长 27.4%,调整后 EBITDA 利润率达到 25.6%,RPO 超过 $1.25 billion。公开层面,这是积压订单、转换和高毛利的强组合。 但成本结构的变化,让历史利润率外推并不简单。Darktrace 称 H1 FY2024 S&M 和 G&A 占收入比例下降,但也指出部分客户成功经理和渠道合作伙伴成本被重新归类到 S&M,同时 R&D 现金用工成本增加 15.3%。更早的 FY2023 披露还解释,佣金计划改为 100% 预付销售佣金,短期提高现金流出,并重置调整后 EBITDA 呈现方式。因此,公开记录足以推断强毛利经济性,但不足以完整建模全口径 CAC、销售生产率、渠道抽成率或资方控股期贡献利润率。最好的公开代理指标只能是方向性的:June 2024 时每客户 ARR 约 $80 thousand;按不同员工数截面,每员工收入约 $287 thousand 到 $300 thousand;留存保持在 100% 以上。但经典 SaaS 效率输入仍是私有信息。[CI003, CI006, CI010, CI011, CI013, CI014]
| 指标 | 数值 | 置信度 | 重要性 | 尽调问题 |
|---|---|---|---|---|
| FY2024 ARR | $782.2M | 中 | 公司私有化前,最终公开的最佳经常性收入锚点 | 提供从 Jul 2024 至当前期间的月度 ARR 桥接 |
| FY2024 收入下限 | $689.5M+ | 中 | 为估值和杠杆分析设定最低规模基准 | 提供 FY2024 最终审计收入和当前运行率 |
| H1 FY2024 RPO | $1.254B | 中 | 显示多年期剩余履约义务和收入可见性 | 提供当前 RPO、递延收入滚动表和平均剩余期限 |
| 净收入留存率 | Jun 2024 为 106.6%;Dec 2023 为 105.0% | 中 | 留存高于 100%,支撑持续扩张,但幅度有限 | 提供按产品队列拆分的季度 NRR 和总留存率 |
| ARR 总流失率 | Jun 2024 为 6.3%;Dec 2023 为 6.6% | 中 | 流失可控,但对庞大的已安装客户群仍有分量 | 提供客户流失、ARR 流失和降级拆分 |
| 毛利率历史 | FY2022 为 89.2%;FY2023 为 89.8%;H1 FY2024 为 89.3% | 高 | 支撑类似软件的模式,毛利润转化能力强 | 提供当前毛利率桥接,包含托管、设备和支持 |
| 自由现金流 | FY2022 为 $99.5M;FY2023 为 $93.8M | 中 | 证明收购前业务已产生现金 | 提供 FY2024 最终 FCF、FY2025 FCF 和赞助方持有期现金瀑布 |
| 人均收入 | 按 FY2024 收入下限和 2,300-2,400 名员工口径计算,为 $287k-$300k | 中 | 勾勒经营杠杆和销售强度 | 按 S&M、R&D、G&A、服务和客户成功提供当前 FTE |
| 公开 CAC / 回本周期 / 配额产能 | 低 | 缺少这些数据,销售效率无法完整测算 | 提供全负担 CAC、回本周期、中位销售周期、爬坡时间和配额达成率 | |
| 公开直销与渠道组合 | 低 | 没有组合和合作伙伴抽成率,市场进入经济性仍不透明 | 按合作伙伴类型提供来源 ARR、预订组合和渠道利润率 | |
| FY2024 最终 EBITDA 率 / FY2025 展望 | 因收购流程在 Jul 2024 暂缓披露 | 中 | 给当前期间投资测算设下硬边界 | 提供 FY2024 最终利润率、FY2025 实际值以及当前预算与计划 |
公开披露最强的是 ARR、毛利率、流失和 FCF 等产出指标;关键缺口是销售效率和赞助方持有期成本结构数据。
[CI003, CI004, CI006, CI010, CI011, CI013]公开指标显示毛利经济性和积压订单较强,主要缺口在 CAC、渠道结构和财务赞助方时代的成本分摊。
这座桥是定性的,因为 Darktrace 披露了产出指标和部分成本驱动因素,但没有披露经典 CAC 或销售配额生产率输入。
[CI010, CI011, CI012, CI013, CI016, CI020]可观察的公开边界框定了 Darktrace 的历史规模和估值输入,但看不到这家私有公司的当前利润表。
区间把披露值和有来源支撑的简单推导合在一起:ARR 同时展示重列和已报告的货币口径,单员工收入使用官方 2,300+ 至 2,400+ 的员工数参考,估值倍数覆盖 EV/ARR 到 EV/收入。
[CI003, CI022, CI035, CI036, CI037, CI038]4.3 资本充足性、资方杠杆信号与公私可见度差异
公司概况已经覆盖 Darktrace 的历史融资脉络;财务部分更相关的问题,是 October 2024 私有化后还剩哪些公开证据。官方收购材料对核心对价很清楚:安排方案于 1 October 2024 生效,Bidco 取得全部已发行股本,股东有权在一笔估值约 $5.3 billion 的交易中获得每股 $7.75 现金。随后监管通知显示法院批准、生效、FTSE 删除和交易所取消。这些事实足以锚定估值背景,也证明公开市场披露在退市时结束。 交割后更有意思的信号是杠杆。Companies House 备案历史显示,截至 30 June 2025 年度的完整账目已在 March 2026 提交,December 2025 的 MR01 担保登记也已登记。该担保 PDF 把 Goldman Sachs Bank USA 列为担保方,并称该工具包含固定抵押、覆盖公司全部财产或经营的浮动抵押,以及负面承诺。这是本章最强公开信号,说明资方控股期融资包含有担保义务,而不是纯股权持有。但它离投资者需要的信息仍差很远:本次审阅的公开文件没有披露债务本金、定价、摊销、契约比率、非受限现金或现金跑道。即使 2025 账目 PDF 成功抓取,本轮也没有产出机器可读的财务文本,因此账目存在是公开事实,提取出的内容却仍不可实际使用。结果是,公开记录确认杠杆和文件存在,但不能支持对当前流动性做判断。[CI001, CI009, CI023, CI024, CI025, CI026]
| 项目 | 数值 | 公开状态 | 重要性 | 尽调问题 |
|---|---|---|---|---|
| 私有化交易披露估值 | $5.3B 和 $7.75/股现金 | 官方已披露 | 锚定赞助方入场估值和隐含的公转私重估 | 提供内部估值标记和任何交割后股权滚转安排 |
| 交易生效日期 | 1 Oct 2024 | 官方已披露 | 标志常规公开经营披露实际结束的时点 | 提供董事会和贷款人使用的交割后报告节奏 |
| 监管 / 法院交割路径 | 监管批准于 16 Sep 2024 满足;法院于 24 Sep 2024 批准;安排于 1 Oct 2024 生效 | 官方已披露 | 显示私有化流程的时间线和完整性 | 提供完整安排文件,包括资金来源和任何贷款人承诺 |
| 交割后有担保融资信号 | 以 Goldman Sachs Bank USA 为受益人的 MR01 抵押;固定抵押、浮动抵押、负面质押 | Companies House 文件公开披露 | 证实收购后存在有担保债务 | 提供债务金额、贷款人、到期日、定价、担保包和契约表 |
| 最新法定账目可见性 | 截至 30 Jun 2025 的完整账目于 14 Mar 2026 提交 | 公开文件存在,但本次运行提取内容不可机器读取 | 表明当前资产负债表数据存在,但这里难以从开放来源利用 | 提供可读的法定账目或管理账,包含现金、债务和 P&L 桥接 |
| 当前债务本金 / 利息负担 | 审阅材料未公开披露 | 缺少该项无法测算杠杆规模 | 提供债务提款计划、实际利率、摊还和对冲条款 | |
| 当前在手现金 / 现金跑道 | 审阅材料未公开披露 | 缺少资金管理数据,无法判断流动性是否充足 | 提供非受限现金、循环信贷额度余量和下行情景现金跑道模型 | |
| 赞助方持有期投资能力 | Thoma Bravo 称会投资于规模和创新,但未公开量化资本计划 | 仅定性 | 解释战略雄心,但不能说明融资依赖 | 提供董事会批准的现金用途,覆盖产品、GTM、招聘和 M&A |
公开记录证明私有化已交割,且存在有担保融资,但未暴露赞助方持有期杠杆的规模或偿付能力。
[CI009, CI023, CI024, CI025, CI026, CI027]| 缺失的私有指标 | 影响 | 精确尽调路径 |
|---|---|---|
| FY2025-FY2026 收入、ARR、NRR、流失和新增客户 | 阻断退市后当前增长和留存测算 | 索取 Jul 2024 以来的月度管理 KPI 包及董事会评论 |
| 债务本金、定价、契约和偿债计划 | 阻断杠杆测算、下行情景建模和赞助方持有期偿付能力分析 | 索取已签署债务协议、合规证书和贷款人报告包 |
| 非受限现金、循环信贷可用额度和现金跑道 | 阻断资本充足性和选择权分析 | 索取资金报告、现金瀑布和基准 / 下行情景流动性预测 |
| 实际成交价格、折扣和渠道抽成率 | 阻断定价权和市场进入利润率分析 | 索取报价到回款提取数据,包含标价、净价、期限、续约涨幅和渠道经济性 |
| 模块组合和服务 / 设备负担 | 阻断产品级毛利率和收入质量分析 | 索取 SKU 级 ARR、服务收入、设备 / 支持成本和毛利率桥接 |
| CAC、销售周期、配额产能和合作伙伴来源效率 | 阻断 GTM 效率测算和招聘计划评估 | 索取按直销、渠道和公共部门路径拆分的销售运营仪表盘 |
| 可读的交割后法定账目和管理账 | 开源提取未获得当前资产负债表数字 | 提供机器可读的财务报表,或直接来自财务系统的导出 |
这些是最低限度的数据室私有资料请求,才能把 Darktrace 从高质量历史公开快照变成可测算的赞助方持有期模型。
[CI009, CI027, CI029, CI030, CI039, CI040]历史现金生成进入财务赞助方持有的资产负债表;担保安排看得见,但债务规模和流动性仍不透明。
这张图展示公开来源能确认哪些交割后的资本结构信息,以及信息停在哪里;它不是量化的债务偿付瀑布。
[CI023, CI024, CI029, CI030, CI041, CI048]4.4 财务结论、收入质量审查与尽调阻碍
Darktrace 在收入质量上筛起来不错,在公开可判断性上则弱一些。正面逻辑很具体:经常性多年合同基础、H1 FY2024 超过 $1.25 billion 的 RPO、约 89% 毛利率、收购前为正的自由现金流,以及最后公开 ARR 截面 $782.2 million。这些不是财务脆弱供应商的标记。它们说明 Darktrace 进入私有所有权时已有实质规模、高毛利能力,并有能力自筹相当一部分运营投入。 警示在于,剩下的未知项正好是资方所有权下最重要的项目。July 2024 交易限制把最终 FY2024 EBITDA 和 FY2025 指引从公开记录中移除。December 2025 Goldman 担保登记证实存在有担保融资,但没有披露规模。公开来源也不披露实际定价、直销与渠道组合、当前净留存、现金、债务服务或契约余量。收入质量审查也并未完全结束:EY 的 2023 年审查覆盖渠道合同、营销支出、合同退出条款、设备部署、递延收入相关控制、ARR 计算和第三方关系,并得出已识别错误不构成重大影响的结论;但 Yahoo 和 The Register 显示,会计问题和 Mike Lynch 阴影仍影响外部感知。因此,正确结论是:历史软件经济性有利,但当前杠杆和流动性不完整。严肃承保仍需要当前管理账、债务文件、从报价到收款的抽取数据,以及队列级留存和毛利率衔接表,才能把资方控股期资本结构视为已理解。[CI003, CI004, CI009, CI011, CI023, CI029]
05产品与技术
5.1 客户流程定义
Darktrace 当前产品最好理解为跨攻击面的 AI 安全流程,而不是单点 NDR 设备。ActiveAI Security Platform 把 NETWORK、EMAIL、CLOUD、OT、IDENTITY、ENDPOINT 和新的 SECURE AI 模块放进一个运营界面,再叠加 Cyber AI Analyst、Forensic Acquisition & Investigation、Attack Surface Management、Proactive Exposure Management、Incident Readiness & Recovery 和 Adaptive Human Defense。这个宽度重要,因为买方承诺是减少工具交接:从多个环境收集行为、自动调查、精准响应、更快恢复,然后加固环境。 官方页面和 2024 ActiveAI 发布报道暗示,客户路径是检测、调查、响应、恢复和加固。Cyber AI Analyst 是调查引擎,Autonomous Response 是动作层,FAI 和服务帮助恢复并理解影响范围,PREVENT 或 ASM 功能则为泄露前加固提供输入。Darktrace 约 10,000 家客户的安装基础说明,这条流程在商业上真实存在;但最新延伸——SECURE AI——公开技术证据仍比网络、云、邮件和端点攻击面更薄。[CE001, CE002, CE003, CE004, CE005, CE006]
| 用户任务 | 当前工作流 | Darktrace 方案 | 声称收益 | 局限 |
|---|---|---|---|---|
| 发现异常行为 | 在多套工具里关联网络、邮件、云、终端和身份信号 | 覆盖核心模块的 ActiveAI 平台 | 用一张检测界面覆盖多类攻击向量 | 效果取决于遥测完整度和集成质量 |
| 调查告警 | 分析师只分流部分告警,后续手动跳转调查 | Cyber AI Analyst | 声称响应速度提升 10 倍、可调查所有告警,并处理第三方告警 | 生产率提升来自公司披露,未见独立基准测试 |
| 遏制活跃威胁 | 走人工工单、SOAR 剧本或防火墙变更 | Autonomous Response 加合作伙伴动作 | 按机器速度采取动作,并定向落实策略 | 阻断深度取决于配置、拓扑和客户审批设置 |
| 恢复并厘清影响范围 | 从云资产和日志中手工收集证据 | FAI 加服务 | 用分钟级完成云取证并保留时间线,而不是耗时数天 | 来自 Cado 的能力深度整合仍缺乏公开文档 |
| 加固安全态势 | 事件后优先处理暴露面、薄弱控制和影子 AI | 曝露面管理、ASM、SECURE AI 和服务 | 把事前加固和事后复盘接起来 | 可衡量加固效果的公开证明仍有限 |
该工作流把 Darktrace 的公开产品语言整理成面向买方的运营模型;收益保留为公开声称,不等同于经审计的解决时长指标。
[CE002, CE008, CE010, CE015, CE022, CE034]保留来源显示,客户工作流从检测到加固共有六步。
该工作流来自保留下来的产品、服务和事件响应材料的规范化整理,并非摘自某一张官方供应商图。
[CE002, CE008, CE010, CE015, CE022, CE034]5.2 模块地图与成熟度
模块宽度真实存在,但成熟度不均。NETWORK、EMAIL、CLOUD、IDENTITY、ENDPOINT 和 OT 都是当前平台模块;SECURE AI 则明确标为新模块,瞄准 AI 智能体、提示词和影子 AI 风险。Cyber AI Analyst、Forensic Acquisition & Investigation、Attack Surface Management、Proactive Exposure Management、Incident Readiness & Recovery 和 Adaptive Human Defense 等跨平台产品,更像流程覆盖层,而不是独立控制平面。这种打包方式让 Darktrace 能在账户内扩张,同时不放弃 AI 主导安全的身份。 成熟度信号在传统检测攻击面和分析师流程上最强。OT 已获得更明确的攻击路径和零信任语言;FAI 看起来是 Cado 之后向云取证扩张的切入点。SECURE AI 有战略重要性,因为它把业务延伸到 AI 治理,但今天的公开证据更多强调风险框定和发布信息,而不是深度记录的架构、部署参考或量化采用。[CE001, CE005, CE006, CE011, CE013, CE014]
| 模块 / 能力 | 主要用户 / 买方 | 交付结果 | 成熟度 / 状态 | 差异化 | 尽调缺口 |
|---|---|---|---|---|---|
| NETWORK | SOC / 网络安全 | 检测东西向和南北向异常 | 核心 / 成熟 | Darktrace 以 AI 驱动威胁模型的锚定场景 | 未保留独立精度基准 |
| 邮件安全 / 协作管理员 | 阻止钓鱼、账户接管和邮件数据泄露 | 核心 / 成熟 | 行为邮件安全加 Adaptive Human Defense | 评测中支持和集成质量仍然参差 | |
| CLOUD | 云安全 / SecOps | 跨 IaaS、PaaS、容器和 SaaS 语境检测并响应 | 核心 / 成熟 | 借助流量镜像、API 日志和无服务器支持,在 AWS 上快速部署 | 结果证明取决于遥测质量和响应设计 |
| OT | 关键基础设施 / 工厂安全 | 检测 OT 特有攻击路径和异常活动 | 扩张中 / 可信 | 关键基础设施里的攻击路径和 Xage 背书零信任叙事 | 公开协议、部署和认证深度仍薄 |
| IDENTITY | IAM / SecOps | 发现异常身份和 SaaS 用户行为 | 核心 / 成熟 | 接入更广的跨平台调查 | 相比纯 ITDR 厂商的公开差异化尚无基准 |
| ENDPOINT | 端点 / SecOps | 为端点和服务器增加 AI 驱动可见性与定向响应 | 商业化 / 成熟 | 不替换现有 EDR,也能提供行为模式响应和远程端点覆盖 | 拓扑、学习期和误报调优仍然关键 |
| SECURE AI | 安全架构 / AI 治理 | 监控提示词、智能体、影子 AI 和政策违规 | 最新 / 早期 | 以单一视图覆盖人类和 AI 智能体活动 | 公开技术深度和客户证据仍薄 |
| Cyber AI Analyst | SOC 分诊 | 自动化调查和总结 | 商业化 / 成熟 | 声称覆盖所有告警的跨平台调查引擎 | 主张很强,但仍主要来自公司自述 |
| FAI | IR / DFIR / 云安全 | 捕获并保全云取证证据 | 扩张中 / 战略性 | 与 Cado 对齐的云取证和时间线工作流 | 收购后的具体整合深度未公开 |
行内容综合截至 2026-05-30 的公开文档和留存评审证据;成熟度标签基于文档深度、时间新旧和工作流具体程度判断, 而不是基于已披露的模块收入或使用量。
[CE001, CE005, CE006, CE011, CE013, CE015]核心界面看起来已经成熟;更新的扩张产品具备战略重要性,但公开验证较少。
这些单元格是基于文档深度、发布时间、评测证据和合作伙伴具体性做出的判断,而不是基于披露的模块收入或采用数据。
[CE006, CE013, CE022, CE025, CE028, CE031]5.3 架构与依赖地图
Darktrace 的公开架构由遥测驱动,并且高度依赖集成。AWS 材料描述,云部署可通过轻量主机代理或流量镜像加 API 日志完成;集成页面则把 Darktrace 接入 Azure Sentinel、Splunk、ServiceNow、Microsoft Graph Security API、AWS Lambda、Slack、Jira、Okta、Palo Alto 和 Xage。Cyber AI Analyst 位于这些数据流之上,把 Darktrace 告警和第三方信号关联成调查;Autonomous Response 和合作伙伴动作则执行策略或遏制。 这种架构带来灵活性,也集中依赖风险。产品价值取决于客户暴露正确遥测,维护身份、云、防火墙和工单集成,并决定允许多少自动化响应。FAI 或 Cado 层以及第三方 SDK 展示出真实的自动化和调查界面;但保留公开材料仍没有给买方足够细的参考架构、韧性 SLO,或每个模块在集成退化时如何表现的硬证据。[CE009, CE010, CE015, CE017, CE018, CE019]
| 层级 / 组件 | 角色 | 依赖 | 风险 |
|---|---|---|---|
| 遥测接入 | 收集云、终端、身份、网络和 OT 活动 | 流量镜像、API 日志、主机 Agent 和合作伙伴数据 | 客户遥测不完整或配置错误时会出现盲区 |
| 集成层 | 将 Darktrace 连接到 SIEM、SOAR、工单、防火墙、IAM 和云控制系统 | Azure Sentinel、Splunk、ServiceNow、AWS Lambda、Microsoft Graph、Xage 等 | 连接器质量和 API 变更会快速削弱产品价值 |
| 调查引擎 | 把告警关联成事件,并推荐动作 | Cyber AI Analyst 加第三方告警接入 | 自动化主张很强,但多数仍来自公司披露 |
| 响应层 | 阻断、隔离或限制高风险活动 | Autonomous Response 设置和下游执行点 | 如果响应被关闭,或当前拓扑不支持,风险仍会暴露 |
| 取证与恢复 | 保全证据,加快影响范围分析 | FAI、与 Cado 对齐的云工作流和留存日志 | 收购后工作流原生整合到什么深度仍不清楚 |
| 服务叠加层 | 增加人工分流和响应支持 | 24/7 SOC、MDR 和专家服务 | 服务质量能抵消一部分部署或集成短板,但不能消除它们 |
这张架构表面向公开读者,综合留存文档、合作伙伴入口和评审证据;它不是内部系统图,尽调时应拿真实参考架构验证。
[CE009, CE015, CE017, CE018, CE019, CE020]Darktrace 的公开技术栈分为遥测采集、集成、AI 调查、响应、恢复和人工服务几层。
这套技术栈是面向公开资料的综合,不是内部产品架构图。
[CE009, CE015, CE017, CE019, CE022, CE037]Darktrace 的产品价值依赖上游遥测、合作伙伴动作,以及客户响应政策的选择。
依赖关系是方向性、面向公开资料的;保留来源没有完全披露供应商内部集中度和韧性细节。
[CE017, CE019, CE020, CE033, CE035, CE036]5.4 部署、集成、可靠性与支持
云中心环境中的部署看起来快于传统纯网络上线。Darktrace 称 CLOUD 可在五分钟内从云端部署,并支持多租户、混合和无服务器资产;ENDPOINT 则与现有 EDR 并行工作,而不是替代它。同时,从业者证据仍描述异常收敛前需要学习期,且当 Autonomous Response 依赖网络位置或防火墙集成时会有拓扑约束。换句话说,产品在旧式设备意义上并不重,但仍要求客户认真设计遥测和响应。 服务层部分抵消了这项负担。Darktrace 现在销售 24/7/365 全球接力 SOC 支持、MDR,以及横跨网络、云、SaaS 和 OT 的分诊协助。这让精简团队更容易消费平台,但不能替代集成质量。公开评论来源对定价、支持响应速度和集成成熟度仍然评价不一。买方因此应把 Darktrace 视为可部署、可扩展,但并非无摩擦。[CE011, CE012, CE017, CE018, CE022, CE031]
5.5 差异化、IP、数据与路线图
Darktrace 的差异化不是单个独立探测器,而是自学习行为分析、广覆盖面和自动化调查的组合。2024 年 ActiveAI 发布说明显示,公司有意从事后检测扩展到预防、攻击路径分析、调查和恢复,并把这些能力放进同一套 AI 架构。Cyber AI Analyst 的效率叙事、OT 或 Xage 零信任扩展,以及 Cado 支撑的 FAI 扩张,都指向同一个方向:Darktrace 想做客户现有技术栈周围的 AI 编排层,而不是又一个传感器。 公开护城河证据不错,但还不完整。至少有一项围绕异常检测方法的留存专利来源,有一页覆盖 Gartner 和其他分析机构的广泛认可,也有第三方 SDK 证明 API 暴露面足以供外部工具使用。但独立基准验证仍然偏薄。最新路线图信号——SECURE AI 和 2026 年 AI 智能体调研——显示 Darktrace 在追一个可信的新问题集,但公开证据还没跟上,无法证明这道边界面对平台型巨头能有多持久。[CE006, CE025, CE027, CE028, CE029, CE030]
| 日期 / 阶段 | 功能 / 里程碑 | 状态 | 影响 | 来源 |
|---|---|---|---|---|
| 2024-03 | Darktrace / OT + Xage 集成 | 已宣布 | 将 OT 从检测延伸到零信任执行 | SE028 |
| 2024-04 | ActiveAI Security Platform 发布 | 已发布 | 围绕统一 AI 架构整合预防、检测、调查和恢复 | SE027 |
| 2024-2025 | FAI 内与 Cado 对齐的取证能力 | 商业化可见 | 将 Darktrace 推进到云证据采集和更深度调查 | SE007, SE020 |
| 当前 | AWS 快速部署和 Security Lake 集成 | 已上线的合作伙伴工作流 | 说明包装形态走向云原生,而不只是设备驱动部署 | SE010 |
| 当前 | 连接 Microsoft Copilot 和 Defender 的工作流 | 已上线的合作伙伴工作流 | 说明 Darktrace 试图留在既有 Microsoft 安全预算内 | SE009 |
| 2026 | SECURE AI 和 AI 智能体风险叙事 | 最新扩张方向 | 推动 Darktrace 进入 AI 治理和 AI 工作负载安全 | SE005, SE014, SE015 |
路线图行结合了留存的发布与合作伙伴证据,以及当前产品入口;它们能证明方向和出货界面, 但不能证明客户采用深度或模块级收入贡献。
[CE006, CE018, CE021, CE025, CE029, CE030]5.6 信任、安全、隐私与质量控制
Darktrace 的信任面明显强过一页普通营销稿。Trust Centre 列出 ISO 27001、ISO 27018、ISO 42001 和 Cyber Essentials 材料,2026 年 AI 安全博客还把 ISO 42001 与负责任 AI 管理挂钩。这很关键:Darktrace 要客户相信自动化调查与响应,也要相信更新的 AI 治理产品,因此正式控制证据是产品叙事的一部分,不是旁注。信任面还由具名支持工程师和面向合规问题的客户门户支撑。 主要风险不是没有控制叙事,而是控制口径与部署现实之间有落差。云案例研究显示 Autonomous Response 可以阻断实时 SSH 数据外流,但同一案例也记录了受影响设备未配置响应时,718 GB 数据外流并触发勒索软件。联邦页面证明政府市场野心,但留存来源集没有证明 FedRAMP 或 CMMC 状态。因此,产品信任足够进入严肃企业尽调,但还不足以跳过对配置默认值、联邦授权和独立性能基准的追问。[CE023, CE024, CE026, CE034, CE035]
| 控制 / 认证 | 状态 | 范围 | 证据 | 缺口 |
|---|---|---|---|---|
| ISO 27001:2022 | 公开列示 | 信息安全管理 | Trust Centre 证书和适用性声明 | 证书范围已公开,但正常运行时间和服务承诺细节仍有限 |
| ISO 27018:2019 | 公开列示 | 云个人数据保护 | Trust Centre 证书 | 单凭该认证无法证明各模块做到产品层面的数据流最小化 |
| ISO 42001:2023 | 公开列示 | AI 管理体系 | Trust Centre 材料和 2026 年 AI 安全博客 | 控制项存在性更清楚,产品级模型治理细节仍不够清楚 |
| Cyber Essentials | 公开列示 | 英国基础网络安全控制 | Trust Centre 工件清单 | 是有用信号,但不能替代企业级保障尽调 |
| 支持与门户资源 | 公开描述 | 信任、隐私、法律和客户指引 | Trust Centre 提到支持工程师和客户门户 | 公开材料不能替代客户 SLA 条款 |
| 联邦信任态势 | 留存材料中仅见营销表述 | 面向美国政府买方的任务韧性 | Darktrace Federal 页面 | 留存来源无法证明 FedRAMP 或 CMMC 状态 |
本表区分留存公开材料中明确可见的内容,以及仍需客户尽调核实的内容;缺少联邦状态证明被视为缺口,而不是不合规证据。
[CE023, CE024, CE026]5.7 展示材料
06客户情况
6.1 客户分层与买方画像
Darktrace 留存客户证据指向的是可重复的企业级和受监管市场买方,而不是消费化或 SMB 主导的打法。决策者通常是资深安全或 IT 管理层:当前故事引用了 Technologent 的 CISO、Lake Macquarie City Council 的 CTO、Okayama Kyokuto Hospital 的 CIO,以及 Cogne 和 NCG 的安全或 IDS 负责人。日常使用则落在精简安全团队、分析师或合作伙伴 SOC 身上,他们需要网络和邮件工作流的持续可见性。这个分工很重要,因为它说明价格重心更接近中大型企业和企业级安全预算,而不是低接触的部门支出。 垂直行业和地域组合也足够分散,值得关注。当前具名参考覆盖医疗、教育、地方政府、工业制造、物流、饮料,以及一个经销商兼客户的混合角色;公司材料也明确面向金融服务、医疗、政府和国防、教育、制造和零售销售。留存证据集的地域覆盖北美、英国、欧洲大陆、日本和澳大利亚。渠道是主线,不是事后补充:Darktrace 公开通过 VAR、MSP/MSSP、咨询公司和分销商销售,并为美国公共部门业务保留单独的联邦附属实体。缺口在经济层面,而不是品类层面,因为公开来源仍不披露按细分市场、地区或渠道拆分的收入结构。[CU001, CU002, CU003, CU004, CU005, CU006]
| 维度 | 观察到的细分 | 具名证据 | 战略价值 | 尽调缺口 |
|---|---|---|---|---|
| 买方 / 付款方 | 高级安全和 IT 负责人,包括 CISO、CTO、CIO 和 IDS 负责人 | Technologent CISO;Lake Macquarie CTO;Okayama CIO;NCG IDS 负责人 | 支撑企业预算和董事会层面的安全开支 | 未披露按职能、ACV 或采购负责人划分的结构 |
| 主要用户 | 精简安全团队、分析师、IT 管理员和合作伙伴 SOC 工作流 | Biomerics IT 团队;NCG 安全负责人;Cogne SOC 协作;Tokai 双人团队 | 解释了为什么自动化、告警分流和可见性主导证据集 | 缺少用户席位或日活分母 |
| 行业 | 医疗、教育、地方政府、制造 / OT、物流、饮料、经销商兼客户 | 具名客户:Biomerics;Okayama;NCG;Lake Macquarie;Cogne;Tokai;CCBN;Technologent | 表明需求不依赖单一细分市场 | 未披露按行业划分的 ARR 或客户结构 |
| 地域 | 具名证据覆盖北美、英国、欧洲大陆、日本和澳大利亚 | 具名证据:Technologent、NCG、Cogne、Okayama、Tokai、CCBN、Lake Macquarie | 表明其相关性超出英国本土市场,已具备真实国际性 | 未披露区域 ARR 或续约拆分 |
| 规模 / 经济重心 | 从中高端中型市场到企业级,FY2024 单客户平均 ARR 接近 $80k | FY2022-FY2024 公开文件,加上医院、议会、工业和 Fortune-1000 邻近客户的当前案例 | 显示客户基盘更分散,而不是纯大型客户模式 | 平均 ARR 掩盖分布和七位数大单集中度 |
| 渠道 / 采购 | 直营加 VAR、MSP/MSSP、咨询公司、分销商和联邦 / 公共部门路径 | 合作伙伴页面;MSSP 公告;Technologent;Darktrace Federal | 扩大触达,并降低部分细分市场的采用阻力 | 未公开渠道收入占比或合作伙伴集中度数据 |
分层基于截至 2026-05-30 留存的当前客户页面、行业聚焦和合作伙伴材料。各细分的经济权重未公开披露。
[CU001, CU002, CU003, CU004, CU005, CU006]Darktrace 的购买旅程通常从安全团队主导的发现和价值验证,进入运营信任、模块扩张,最终形成可引用案例。
[CU003, CU013, CU014, CU027, CU028, CU029]6.2 采用轨迹与公开规模信号
Darktrace 最后一个公开报告窗口显示公司已有真实规模,但增长画像也有一部分被冻结在过去。客户数从 FY2022 的 7,437 增至 FY2023 的 8,799、FY2024 H1 的 9,232 和 FY2024 的 9,735。同一期间 ARR 从大约 $514 million 增至 $628 million,再到 FY2024 H1 的 $702 million 和 FY2024 的 $782 million。这个组合意味着公司既在持续获取新客户,也在更好地货币化存量客户,单客户平均 ARR 从 FY2022 的约 $69,000 提高到 FY2024 的约 $80,000。按后期安全软件标准,这条曲线不算爆发式增长,但也很难把它否定为表面客户数膨胀。 采用层面的保留意见在于新鲜度。公司当前页面写着 10,000 家客户,相比最后一个类似审计口径的公开基线只意味着约 265 家净增。Darktrace 自己的 FY2024 更新也称,现有客户仍贡献了可观新 ARR,说明即使表观增长放缓,商业模型仍有扩张能力。但私有化之后,公开记录不再给投资者提供他们通常需要的逐季客户数与留存桥。因此,证据支持一个庞大且仍在增长的安装基础,同时也确认 2024 年 6 月之后的增长速度和质量已不再对外可见。[CU015, CU016, CU017, CU018, CU019, CU020]
| 期间 | 客户数 | ARR / 积压信号 | 单客户平均 ARR | 留存信号 | 含义 | 缺失分母 |
|---|---|---|---|---|---|---|
| FY2022 | 7,437 | $514.4M ARR;$1.004B RPO | $69k | 105.5% NRR;6.5% 总流失 | 公开基线已显示企业级采用具备规模 | 未披露席位、模块或区域拆分 |
| FY2023 | 8,799 | $628.4M ARR;$1.258B RPO | $71k | 104.7% NRR;6.8% 总流失 | 尽管有宏观逆风,客户 Logo 数和 ARR 均增长 | 未披露按季度的新增客户 / 流失桥 |
| H1 FY2024 | 9,232 | $702.1M ARR;$1.254B RPO | $76k | 105.0% NRR;6.6% 总流失 | 安装基盘仍在扩大,且明显具备多年期属性 | 缺少队列可见性或产品附加率 |
| FY2024 | 9,735 | $782.2M ARR;收入至少 $689.5M | $80k | 106.6% NRR;6.3% 总流失 | 存量客户仍贡献了有意义的增量 ARR | 没有 FY2025/FY2026 公开更新 |
| 当前官网 | 10,000 | 未披露当前 ARR | 无法根据公开信息计算 | 未披露当前 NRR 或流失率 | 显示退市后客户 Logo 仍有一定增长 | 缺少从 9,735 到 10,000 的带日期桥接 |
单客户 ARR 按披露 ARR 除以披露客户数简单计算。官网行来自公司声称,未绑定到退市后有日期的报告包。
[CU015, CU016, CU017, CU018, CU019, CU020]公开销售动作看起来从发现和价值验证推进到初始部署、模块扩张,最终变成可引用案例。
漏斗数值是示意性的阶段比例,来自保留客户故事和合作伙伴材料中反复出现的价值验证与扩张模式。Darktrace 不公开披露任何阶段的实际转化率。
[CU003, CU011, CU024, CU026, CU027, CU028]6.3 具名客户证明与证据质量
Darktrace 当前最强的客户证明不是旧的上市公司营销材料,而是 2026 年前后的客户故事集。留存故事明显处于生产阶段,不是猜测性试点:Technologent 内部运行 Darktrace,也转售该产品;Biomerics 描述了受监管制造场景下的邮件威胁预防;NCG 在七所学院使用平台;Okayama Kyokuto Hospital 从价值验证扩展到临床运营的全面监控;Cogne 展示了 24/7 工业场景中的网络、OT 和邮件使用;CCBN 把 Darktrace / EMAIL 绑定到每月百万级邮件;Tokai Kyowa 只有两名安全人员,却在物流环境中运行自主响应。这样的宽度让人更有信心相信,Darktrace 在差异很大的运营环境里确实有人付费、有人使用。 证据质量仍不均衡。有几篇故事给出了量化或高度具体的结果:NCG 称调查时间从数周降到数分钟,Cogne 披露流量、IP、调查和节省工时指标,Tokai Kyowa 公布了明确的 80% 异常响应阈值。其他故事更偏定性,强调更早发现、降低分析师压力或提升韧性。独立评论平台能佐证产品正在使用,也能佐证反复出现的抱怨,但它们不会独立验证客户故事的核心结果。因此,这组证明商业上可信且新鲜,但多数仍由公司居中呈现,而不是由第三方复现。[CU004, CU006, CU007, CU008, CU009, CU010]
| 客户 | 细分 | 地域 | 部署 / 用例 | 生产环境 / 试点 | 结果 / 证明 | 局限 |
|---|---|---|---|---|---|---|
| Technologent | 渠道 / 企业 IT | 美国 | 内部使用加经销商验证 | 生产环境 | 表明 Darktrace 能把经销商转化为付费用户 | 缺少量化 ROI 指标 |
| Biomerics | 医疗 / 医疗器械 | 美国 | Darktrace / EMAIL 应对 BEC 和网络钓鱼 | 生产环境 | 称能立即挡住复杂邮件攻击 | 结果由供应商托管发布,而非客户自行撰写 |
| NCG | 教育 | 英国 | 跨学院可见性、调查和自主响应 | 生产环境 | 调查从数周压缩到分钟或秒级 | 缺少支出或续约数据 |
| Okayama Kyokuto Hospital | 医疗 | 日本 | 面向临床运营的网络监控和自主响应 | 价值验证后进入生产环境 | Darktrace 发现了既有终端工具漏掉的异常 | 未披露合同金额或模块收入 |
| Lake Macquarie City Council | 地方政府 | 澳大利亚 | 在 SHQ 和 Data#3 支持下部署 Darktrace / EMAIL | 价值验证后进入生产环境 | 检测比传统工具更早,告警疲劳更少 | 合作伙伴主导部署,让直销经济性变得不透明 |
| Cogne Acciai Speciali | 制造 / OT | 意大利 | NETWORK、OT、EMAIL 和 Cyber AI Analyst | 生产环境 | 监控 335 TB;17,558 次调查;节省 1,712 小时 | 仅有一组近期指标 |
| Coca-Cola Beverages Northeast | 饮料 / 分销 | 美国 | 百万级邮件规模下的 Darktrace / EMAIL | 生产环境 | 显示邮件工作负载具备规模,控制模型采用阻力低 | 缺少量化降幅指标 |
| Tokai Kyowa | 物流 | 日本 | NETWORK、自主响应和托管威胁检测 | 价值验证后进入生产环境 | 自动遏制严重度阈值高于 80% 的异常 | 未公开续约或扩张 KPI |
本表是截至 2026-05-30 在英文 /customers 页面及其链接案例页可见的 Darktrace 具名客户故事的部分、当前措辞样本。 它足以证明生产部署覆盖面,但不能枚举所有历史公开 Logo。
[CU004, CU027, CU028, CU029, CU030, CU031]Darktrace 当前客户证据在公司发布量化或高度具体运营结果的地方最强;独立评测证据能增加使用可信度,但不能直接验证 ROI。
[CU014, CU028, CU029, CU030, CU031, CU032]6.4 留存、满意度与持久性
公开持久性证据在私有化前很扎实,之后就变薄。最近四个公开检查点中,Darktrace 披露的总 ARR 流失率分别为 6.5%、6.8%、6.6% 和 6.3%,净 ARR 留存率分别为 105.5%、104.7%、105.0% 和 106.6%。这些数字显示,公司在整个期间把净留存守在 100% 以上,同时把总流失率缓慢改善回 6% 中段。FY2024 H1 的 RPO 为 $1.254 billion,并明确关联多年合同,这进一步说明 Darktrace 拥有真实合同可见性,而不只是短期交易型需求。 独立满意度证据正面,但不干净。PeerSpot 和 TrustRadius 用户持续称赞检测、自主响应和支持,支持了已部署客户能获得真实运营价值的判断。与此同时,同一批评论页面反复提到高定价、授权不灵活、误报、调优工作量和界面复杂度。历史 G2 评论显示,这些主题在私有化很久之前就已经存在。净判断是:截至 FY2024,Darktrace 在报告指标上看起来有持久性,但公开记录无法让投资者确认这种持久性是否延续到 FY2025 和 FY2026,因为当前队列、续约或流失桥都不公开。[CU033, CU034, CU035, CU036, CU037, CU038]
| 指标 | 数值 | 细分 / 基础 | 信心 | 尽调追问 |
|---|---|---|---|---|
| FY2022 总流失 / NRR | 6.5% / 105.5% | 全公司公开文件 | 中 | 核实 >100% NRR 中有多少来自模块交叉销售,有多少来自价格 |
| FY2023 总流失 / NRR | 6.8% / 104.7% | 全公司公开文件 | 中 | 要求提供按队列和细分拆分的续约桥 |
| H1 FY2024 总流失 / NRR | 6.6% / 105.0% | 全公司公开文件 | 中 | 要求提供模块附加率和增购结构 |
| FY2024 总流失 / NRR | 6.3% / 106.6% | 全公司公开文件 | 高 | 要求提供 FY2025/FY2026 这些指标的延续情况 |
| RPO 耐久性锚点 | $1.254B;多年期合同;收入可见性强 | H1 FY2024 文件 | 高 | 索取平均剩余期限和续约排期 |
| PeerSpot 评价信号 | 检测和支持很强,但定价、授权僵硬、集成和误报仍是反复出现的抱怨 | 当前独立评价汇总 | 中 | 询问分客群总续约率和支持响应 SLA |
| TrustRadius 评价信号 | 自动化响应和可见性正面;涨价、调优工作量和误报仍会出现 | 当前独立评价 | 中 | 索取按客户规模划分的流失率和实施周期 |
| G2 历史信号 | 私有化前已可见 PoC、价格敏感,以及集成 / 报告摩擦 | 2019 年归档评价页 | 低 | 仅作为问题主题持续存在的证据,不用于判断当前满意度 |
留存证据到 FY2024 仍扎实,私有化后明显变薄。评价平台证据可用于判断满意度和抱怨主题,但不能替代队列数据。
[CU033, CU034, CU035, CU036, CU037, CU038]Darktrace 不公布真实客户队列,因此这张图展示披露的总留存快照,以及两条基于已报告流失率的示意性延续曲线。
Darktrace 不披露真实的队列留存表。前两行是示意性延续曲线,只是对已报告总流失率做复合计算;第三行把 FY2022、FY2023、H1 FY2024 和 FY2024 披露的公司级总留存代理指标串起来。
[CU035, CU036, CU037, CU038, CU039, CU046]6.5 扩张路径与集中度风险
最清晰的扩张路径由模块驱动,而不是由席位驱动。当前客户证明通常从网络或邮件可见性开始,再延伸到自主响应、OT 可见性、董事会报告或托管服务。Darktrace 自己的 FY2024 更新称,现有客户仍贡献了可观新 ARR;合作伙伴计划也显示,价值验证、经销商支持和 MSSP 打包能帮助账户从初始部署走向更广采用。Technologent 尤其有启发,因为它既是渠道伙伴也是用户,说明商业扩张既可以来自生态信誉,也可以来自直接产品增购。 更难的问题是集中度,公开证据没有回答。没有留存来源披露头部客户占比、合同期限或队列留存,因此无法证明 Darktrace 的客户基础在收入上足够分散,还是只是 logo 数量看起来很宽。公共部门动作也可见但不可量化:Darktrace Federal 存在,政府资源存在,也能跑采购搜索,但留存公开采购页面仍没有给出干净的授标级集中度图景。再加上收购后披露下滑,以及声誉审查仍可能在尽调中浮现的反向提醒,结论就是:扩张故事可信,但集中度问题仍未关闭。[CU003, CU005, CU024, CU026, CU043, CU044]
| 驱动因素 / 风险 | 证据 | 影响 | 尽调路径 |
|---|---|---|---|
| 存量客户扩张 | FY2024 更新称,大量新增 ARR 仍来自现有客户群 | 即便增长放缓,仍支撑落地后扩张的经济性 | 按队列索取模块附加、价格上调和增购贡献 |
| 模块带动嵌入 | 当前案例把 NETWORK 或 EMAIL 叠进自主响应、OT 可见性、董事会报告和托管服务 | 提高切换成本和账户耐久度 | 索取按模块数量和首个产品家族划分的留存 |
| 合作伙伴 / MSSP 路径 | Darktrace 提供 30 天价值验证、MSSP 打包和转售商支持;Technologent 既是转售商,也是用户 | 可以扩大触达,但也可能把终端客户集中度藏在合作伙伴之后 | 索取渠道来源 ARR 结构和头部合作伙伴敞口 |
| 公共部门打法 | Darktrace Federal 和政府材料显示出一条单独的受监管市场路径 | 增加战略客户背书价值和预算多元性 | 索取联邦、州和地方收入结构,以及各账户采购路径 |
| 头部客户集中度不透明 | 留存公开来源没有披露最大客户或前 10 大客户 ARR 占比 | 阻碍对客户集中度做正式下行测算 | 索取前 1、前 5、前 10 大客户 ARR 占比和标准合同期限 |
| 收购后数据新鲜度缺口 | 2024 年 6 月之后没有公开 NRR 或流失更新 | 当前耐久度和扩张经济性难以验证 | 索取 FY2025/FY2026 客户数、留存和扩张桥接 |
扩张证据可信,但集中度证据不足。公开记录更清楚地证明了部署广度,而不是收入集中度或续约集中度。
[CU003, CU024, CU026, CU043, CU044, CU045]07风险
7.1 严重性排序与投资逻辑破裂框架
Darktrace 最高的剩余风险,不是公司缺少产品宽度或客户证明;真正的问题是,PE 持有期的不透明让外界很难判断增长质量、治理质量和产品质量是否仍足以支撑带杠杆的 PE 所有权结构。公开记录现在把三件事推到最前面。第一,EY 复核之后,2023 年会计攻击已不再是活跃欺诈论点,但公开记录仍看不到 FCA 或 FRC 的公开结案。第二,收购后的财务和治理可见度薄得多:IR 网站现在只是档案,最清晰的存续融资证据是 2025 年 12 月 Goldman Sachs 押记,其中包含固定押记、浮动押记和负面承诺表述。第三,运营质量仍是真实承销变量,因为即使 Darktrace 继续深入云取证、AI 防护和广泛伙伴集成,评论仍在提示定价升级、调优工作量和界面复杂度。因此,本章的投资逻辑破裂标准集中在正式监管行动、契约压力、又一次 CEO 更替,或私人运营数据显示净留存跌破 100%。[CR001, CR003, CR005, CR024, CR025, CR026]
最高的剩余风险单元格是财务赞助方时代不透明、监管尾部风险和主要平台依赖;法律风险真实存在,但低于 2023 年,因为核心欺诈论点没有获得公开证实。
可能性和影响分层是基于引用来源集做出的定性分析判断,而不是统计概率。影响反映风险可能如何传导到续约、债务灵活性、融资可信度和估值。
[CR003, CR005, CR010, CR012, CR018, CR024]7.2 监管 / 法律风险
从已审阅证据看,Darktrace 的法律与监管暴露有分量,但不明显是生死问题。关键历史问题仍是 2023 年做空攻击:Reuters 和后续英国会计报道显示,Quintessential Capital Management 攻击公司财务报告之后,Darktrace 聘请 EY;后来的公开摘要称 EY 没有发现欺诈证据,只识别出少量错误和不一致。这大幅降低了即时欺诈风险,但没有完全结案,因为 Darktrace 表示会把结果提供给 FCA 和 FRC,而不是发布报告;已审阅的 2026 年期间公开材料仍未显示监管机构正式关闭。第二个法律问题是 IP:PacerMonitor 确认 Gatekeeper 专利案移交北加州,PatSnap 报道该案在 2026 年 2 月被终局驳回。这是有利结果,但也说明 Darktrace 已经大到足以吸引专利主张。最后,Darktrace 的 AI 原生监控模型处在收紧的政策边界内:EU AI Act、NIS2、UK ICO AI 指引和 FCA 的 AI 治理框架,都提高了它成为受监管客户可信网络 AI 供应商的成本。[CR001, CR002, CR003, CR004, CR005, CR006]
| 风险 / 案件 | 法域 | 当前状态 | 可能性 | 严重性 | 缓释 | 剩余敞口 | 尽调路径 |
|---|---|---|---|---|---|---|---|
| 历史会计问题 / FCA-FRC 悬而未决 | 英国 | EY 未发现欺诈证据,但 Darktrace 将结果提交 FCA 和 FRC,公开记录仍未显示正式结案 | 中 | 高 | 独立 EY 复核,以及公司所称控制改进 | 监管后续动作或未披露函件可能重启尽调 | 取得完整 EY 报告和所有 FCA/FRC 往来函件 |
| AI Act 合规与透明度义务 | 欧盟 | AI Act 已生效;禁止性做法自 2025 年 2 月生效,透明度规则自 2026 年 8 月生效 | 中 | 高 | Darktrace 已发布负责任 AI 框架和可解释性主张 | 产品范围如何对应高风险和部署方义务,公开资料仍未讲清 | 将每个产品模块映射到 AI Act 义务和客户责任分配 |
| NIS2 推动的供应商审查 | 欧盟 | 基本和重要实体必须评估供应商网络安全和供应链实践 | 高 | 高 | Darktrace 可以指向 AI 治理、ISO 表述和广泛平台覆盖 | 若供应商证据不足,受监管买家仍可能拉长采购 | 索取受监管客户审计包、DPA 条款和供应商问卷 |
| UK GDPR / ICO AI 数据保护挑战 | 英国 / 欧盟 | AI 系统处理个人数据时,DPIA、透明度和合法性义务仍有效 | 中 | 高 | Darktrace 发布 AI 治理原则和面向客户的政策材料 | 如果留存或最小化控制薄弱,行为监控仍会触发隐私异议 | 审查 DPIA 模板、留存设置和数据最小化控制 |
| Gatekeeper 专利诉讼与未来 FTO 风险 | 美国 | 案件已移送 N.D. Cal.;PatSnap 报道 2026 年 2 月自愿撤诉且不得再诉 | 中低 | 中高 | 公开摘要显示撤诉且不得再诉,未见赔偿或禁令 | 该案说明 Darktrace 已成为现实的专利主张目标 | 索取 FTO 分析、准备金假设和专利组合策略 |
各行按剩余投资者影响排序,而不是简单按时间排序。会计风波已不如 2023 年尖锐,但监管不透明和 AI 治理义务仍会持续,因为它们仍可能影响融资、采购和舆论风险。
[CR001, CR002, CR003, CR004, CR005, CR006]7.3 运营 / 质量 / 安全风险
Darktrace 的运营风险并不主要来自已确认的公开入侵史,而是来自自动化、产品宽度和客户专属调优的组合。多处评论证据在这一点上相当一致。TrustRadius 用户描述了令人困惑的仪表盘、困难的调优和逐年上涨的合同价格;PeerSpot 评论者进一步提到界面复杂、集成要求,以及对误报管理的抱怨;更早的 G2 评论显示,同样的调校需求已经存在多年,并非一次性投诉。这些摩擦很重要,因为 Darktrace 技术上没有停在原地。公司一边通过 Cado 扩展云调查与响应,一边把自动化取证加入 ActiveAI 平台,还在快速变化的攻击面上营销负责任 AI 控制。护城河因此变宽,但必须可靠运行的产品表面也变多。若没有新的收购后队列、事件或支持指标披露,投资者必须假设:配置错误、调优不足或发布纪律薄弱,都可能直接传导为续约压力和更高服务成本。[CR024, CR025, CR026, CR027, CR028, CR029]
| 失效模式 | 可能性 | 严重性 | 缓释成熟度 | 剩余敞口 | 未解决缺口 |
|---|---|---|---|---|---|
| 价格上调、仪表盘混乱和沉重调优要求削弱操作员信任与续约质量 | 高 | 高 | 部分 | 客户仍反馈明确检测价值,但易用性摩擦在多个评价平台上长期存在 | 没有公开的收购后流失桥接或支持工单队列数据 |
| 广泛第三方集成面带来外部 API、遥测和工作流故障点 | 中 | 高 | 部分 | 生态提升覆盖面和采购相关性 | 没有公开证据显示连接器级 SLA 表现或弃用处理 |
| 负责任 AI 和较新的 AI 保护产品面把 Darktrace 推入变化很快的攻击领域 | 中 | 中高 | 早期 | Darktrace 已发布负责任 AI 原则和可解释性主张 | 最新产品面的公开证据比核心网络和邮件产品更薄 |
| Cado 与自动化取证整合增加路线图、数据管线和打包复杂度 | 中 | 中高 | 早期 | 这笔收购在战略上合理,补上了云取证缺口 | 完成、迁移和留住人才的里程碑没有公开跟踪 |
| 大客户存量和自主响应定位放大重大检测或更新质量问题的影响半径 | 中低 | 高 | 部分 | Darktrace 主打广泛安全覆盖和 AI 监督 | 未找到公开的 2025-2026 事件复盘或发布保障证据 |
运营风险按其传导到续约、支持负担或客户信任的能力排序,而不只看是否出现入侵头条。Darktrace 的产品广度是一项战略资产,但也扩大了集成漂移或调优复杂度可能出问题的范围。
[CR024, CR025, CR026, CR027, CR028, CR029]7.4 合作伙伴 / 依赖风险
Darktrace 的生态能帮助它进入大型环境,但也给外部方创造了多种截留价值或制造故障点的方式。公司自有材料称其与 AWS 和 Microsoft 有深度联盟;技术伙伴目录显示,集成触及 AWS Lambda、Microsoft Graph Security API、Azure Sentinel、Splunk、ServiceNow、Okta 等外部控制系统。这在战略上有用,但也意味着产品质量部分受制于 API 稳定性、伙伴优先级,以及 Darktrace 所依赖公司的竞争重叠。市场进入侧也有类似模式。Darktrace 公开通过 VAR、MSP、MSSP、咨询公司和分销商做分发,因此伙伴效率会直接影响价值验证动作和托管服务扩张。联邦附属实体和专业 OT 伙伴关系把触达进一步拉长,但也增加了更多节点,资格、认证或路线图漂移都可能拖慢商业执行。赞助方和贷款人依赖也属于同一类风险:Thoma Bravo 控制战略时间点,Goldman Sachs 押记显示资本结构已不再是干净的公开股权故事。[CR018, CR020, CR021, CR022, CR029, CR035]
| 依赖 | 交易对手 | 作用 | 集中度 / 重叠 | 失效情景 | 严重性 | 缓释 | 剩余敞口 |
|---|---|---|---|---|---|---|---|
| 云平台联盟与工作流集成 | AWS 与 Microsoft | 分销、遥测、云工作负载安全和 SOC 工作流上下文 | 高战略重叠 | 重大 API、定价、联合销售或原生功能变化会压缩 Darktrace 差异化 | 高 | 深度联盟、广泛集成和客户熟悉度 | 同一个合作伙伴也可能变成替代控制平面 |
| 渠道驱动分销与托管服务 | VAR / MSP / MSSP / 分销商生态 | 价值验证、转售和托管检测触达 | 中高 | 集中的合作伙伴或服务路径表现不佳,拖慢落地后扩张 | 高 | Darktrace 提供赋能、价值验证支持和授权服务计划 | 公开来源不披露合作伙伴集中度或伙伴贡献 ARR |
| 资方治理与战略时点 | Thoma Bravo | 董事会控制、领导层选择、资本配置和退出时点 | 高 | 资方将杠杆纪律、领导层调整或退出准备置于长期产品投资之上 | 高 | 大型软件投资经验和运营手册 | 外部投资者和客户很难看清决策权或激励 |
| 有担保资本提供方 | Goldman Sachs Bank USA | 享有固定押记、浮动押记和消极担保保护的贷款方 | 中 | 增长转弱时,债务条款限制经营灵活性或再融资选择 | 高 | 除押记存在外,公开材料看不到其他缓释 | 利率、契约和期限细节未公开披露 |
| 公共部门路径 | Darktrace Federal | 专门面向美国联邦市场的市场拓展关联公司 | 中 | 资质或授权缺口拖慢联邦客户赢单或续约 | 中高 | 聚焦美国公共部门账户的独立关联公司结构 | 留存来源中未见清晰公开授权路径 |
| 专业 OT 生态触达 | Xage 和其他 OT 专家 | 面向关键基础设施的零信任与 OT 控制扩展 | 中 | 合作伙伴路线图漂移削弱 Darktrace 的 OT 故事,或拖慢事件响应集成 | 中 | 合作让 Darktrace 不必完全内建,也能延伸到专业环境 | 关键 OT 能力并不完全内嵌在 Darktrace 自身技术栈里 |
依赖风险按其影响续约控制权、定价权或经营灵活性的潜力排序。AWS、Microsoft、Thoma Bravo 和 Goldman Sachs 最关键,因为它们都能在不逐一取得客户同意的情况下改变 Darktrace 的经济姿态。
[CR018, CR020, CR021, CR022, CR031, CR035]Darktrace 依赖一组外部节点:超大规模云厂商、渠道伙伴、收购方治理、贷款方、美国联邦市场拓展基础设施,以及专业 OT 生态伙伴;AWS、Microsoft、Thoma Bravo 和 Goldman Sachs 是其中影响最大的外部节点。
依赖图突出外部可控或对协同敏感的节点,而不是逐项列出每个产品组件。目的在于说明,合作伙伴演进、融资条款或组织瓶颈会在哪些地方把 Darktrace 的战略空间卡住。
[CR018, CR020, CR021, CR022, CR028, CR029]7.5 财务 / 模型风险
财务模型风险是 Darktrace 最重要的问题之一,正因为公开记录现在不完整。收购价很清楚:Thoma Bravo 的公开材料把交易定在约 $5.3 billion、每股 $7.75。不清楚的是,企业现在背了多少杠杆、契约要求是什么,以及当前 ARR、流失率和自由现金流转换是否仍健康到足以支撑这套结构。IR 网站明确告诉投资者它只是历史档案,Companies House 线索只确认 2025 年账目已提交,以及 2025 年 12 月存在一项 Goldman Sachs 押记。MR01 文件有信息量但仍不完整:它确认有固定押记、浮动押记和负面承诺特征的担保债务,却不披露本金、利率、期限或契约阈值。这让投资者只能依赖代理信号。评论网站仍显示定价摩擦和运营者负担;如果业务净留存高于 100%,这些问题也许可以承受,但如果 PE 持有期的增长再加速失败,它们会很快变危险。因此,杠杆投资逻辑取决于公开来源已经无法提供的私人运营数据。[CR024, CR025, CR026, CR031, CR032, CR033]
主要传导链从监管不透明、领导层流动、债务不透明和超大规模云厂商依赖开始,随后流向续约压力、利润率压缩、贷款人敏感度和估值重置。
这些边是基于保留来源集的定性因果关系。DAG 有意省略反馈环,尽管实践中多个影响很可能相互强化。
[CR005, CR024, CR028, CR029, CR031, CR032]7.6 人员 / 执行风险与缓释
Darktrace 的执行风险集中在领导层更替、关键人深度和披露纪律上。公开过渡公告和后续报道显示,继任路径被压得很紧:Poppy Gustafsson 于 2024 年 9 月卸任,Jill Popelka 随后在 2026 年 1 月卸任;董事会寻找继任者期间,Charles Goodman 出任临时 CEO。BusinessCloud 的反向叙事把赞助方控制问题说得很直白,称 Popelka 仅十六个月后就被私募股权所有者逼走。与此同时,核心技术可信度仍高度绑定创始 CTO Jack Stockdale,他的资料明确把他与支撑平台的贝叶斯模型和 AI 算法相连。这不意味着 Darktrace 缺少梯队深度,但意味着投资案例仍异常依赖少数人。当前公开记录还给出一个较软但重要的警示信号:公司页面仍把一段 Poppy 引语标注为“CEO”,而其他页面使用的员工数又略有不同。这些都不能证明运营失败,但确实说明,收购后的治理和信息卫生需要主动尽调,不能被动信任。[CR019, CR034, CR036, CR037, CR038, CR039]
| 角色 / 职能 | 依赖或缺口 | 可能性 | 严重性 | 缓释 | 尽调路径 |
|---|---|---|---|---|---|
| CEO 继任 | 2024 年 9 月至 2026 年 1 月发生两次 CEO 交接,随后董事会寻找永久替代人选期间由临时领导层接手 | 高 | 高 | 董事长连续性和资方运营经验 | 索取永久 CEO 授权、决策权和 2026 运营记分卡 |
| 创始技术领导力 | Jack Stockdale 仍与支撑平台的贝叶斯模型和 AI 算法紧密绑定 | 中 | 高 | 任期长,技术可信度清晰 | 获取核心架构、模型治理和研发领导层继任梯队深度 |
| 资方治理可见度 | 董事会委员会、独立性和激励设计在当前公开材料中并不清晰 | 高 | 中高 | Companies House 仍提供高管备案,资方有软件投资经验 | 索取董事会构成、委员会章程和管理层激励结构 |
| 披露纪律 | 当前公开页面仍有过时或互相漂移的领导层和员工数信号 | 中 | 中 | 部分页面仍保持更新,公司仍发布产品 / 新闻稿 | 将客户数、员工数和高管头衔与内部管理数据核对 |
| 整合带宽 | 领导层流动与 Cado 整合、自动化取证推出,以及持续的超大规模云厂商 / 伙伴扩张同时发生 | 高 | 中高 | 广泛合作伙伴网络和活跃产品发布节奏 | 审查整合里程碑、留任人才和路线图延误日志 |
该清单强调公开记录已经显示真实压力的执行点,而不是臆测文化问题。公司内部仍可能运转良好,但可见数据已经支持提高关键人和治理监控强度。
[CR028, CR030, CR034, CR036, CR037, CR038]| 风险 | 可监控触发点 | 阈值 / 事件 | 现有缓释 | 剩余敞口 | 行动含义 |
|---|---|---|---|---|---|
| 2023 年会计事件留下的监管悬而未决 | 新的 FCA/FRC 往来函件、披露或执法信号 | 任何正式行动、强制重述,或与此前复核相关的公开谴责 | EY 未发现欺诈证据,至今未出现公开执法 | 完整报告和监管结论仍未公开 | 暂停投资,直到法律顾问能量化法律和声誉敞口 |
| 债务与契约压力 | 新 MR01 备案、债务修订,或管理层披露契约压力 | 任何新增有担保押记、修订或契约违约 | 历史上市公司现金生成能力和大型客户存量 | 当前债务规模、定价和期限未知 | 在确定仓位信心前要求贷款材料,并重切下行假设 |
| 商业压缩 | 私有 NRR、流失和价格实现数据 | NRR 低于 100%、总流失率高于约 8%,或大客户大规模降购潮 | FY2024 公开留存仍高于 100%,客户群庞大 | 退市后公开数据已经过时 | 立即重做收入增长和杠杆承受能力测算 |
| 平台依赖与竞争重叠 | 失去联合销售资格、API 弃用,或客户可见的合作伙伴替代 | 重大 AWS 或 Microsoft 集成被降级、弃用,或被原生工作流取代 | 深度联盟和既有工作流集成 | 合作伙伴也可能变成替代平台 | 下调增长假设,并要求伙伴贡献销售管线证据 |
| 领导层 / 关键人不稳定 | 再次 CEO 重置或 Jack Stockdale 离职 | 12 个月内任何 CEO 更替,或 CTO 离任且看不到继任梯队 | 临时连续性和成熟技术创始人 | Darktrace 已经承受多次高层交接 | 升级治理尽调,并重新审视执行假设 |
| 产品质量或新模块失手 | 新 AI 与取证产品面的评价恶化、重大宕机或客户可见事件 | 持续评价下滑,或任何与新产品面相关的重大客户事件 | 负责任 AI 原则、广泛平台能力和既有支持打法 | 最新产品面的大规模公开证明仍有限 | 在审阅事后复盘和队列质量数据前,推迟高确信度测算 |
能用公开记录衡量的地方,投资逻辑破裂条件都尽量设成可量化;不能量化的地方,则绑定离散披露事件。目标不是证明 Darktrace 今天不可投,而是界定哪些具体信号会推翻增长加杠杆的投资测算。
[CR003, CR005, CR018, CR024, CR025, CR031]08估值
8.1 投资逻辑与反向逻辑
Darktrace 仍有可信投资案例,因为最后一次完整披露的运营快照足够强,看起来像一个有规模、能盈利的网络安全平台,而不是投机性 AI 故事。到 2024 年 6 月,公司 ARR 达到 $782.2 million,收入至少 $689.5 million,毛利率 89.3%,净 ARR 留存率 106.6%,客户数 9,735;当前公司材料仍指向约 10,000 家客户、110 个国家和超过 2,300 名员工。正向逻辑是,Thoma Bravo 买到的是一个真实平台:品类宽度存在,借 Cado 扩展云取证,留存质量也足以支撑未来以更高估值退出。反向逻辑是,让 Darktrace 适合被赞助方收购的那些属性,现在都藏在私人所有权后面。公开记录显示了杠杆、赞助方过渡窗口中的两次 CEO 更替、残余会计阴影折价,以及 Omdia 认为独立 NDR 续约受到 XDR 平台整合挤压的观点。这让 Darktrace 落在“可投但无法定价”的桶里:战略上相关,但没有新的私人数据,就难以高置信度投资。[CV001, CV004, CV005, CV006, CV007, CV013]
| 维度 | 当前判断 | 证据基础 | 决策含义 |
|---|---|---|---|
| 建议 | 观察 | 战略相关性看得见,但资方接手后的业绩和债务仍不透明 | 在管理层开放资料室或价格更清楚反映不透明性之前,先跟踪,不投入资金 |
| 置信度 | 中 | 最后一份公开快照较强,但核心的交割后输入仍缺失 | 证据足以设定纪律,但不足以发出买入建议 |
| 风险评级 | 高 | 杠杆已确认;治理不稳定;NDR 整合是真问题。 | 先测算下行,再看上行;一旦留存下滑,投资逻辑会迅速破裂。 |
| 估值立场 | 只有接近 2024 年资方入场价才算合理,高于该价则偏高 | 入场时 ~6.8x ARR / ~7.7x 收入相对披露的 FY2024 质量显得克制,但考虑不透明性,并不明显便宜。 | 没有当前 ARR、债务和股权结构表可见度,不应向资方标记支付溢价。 |
| 入场纪律 | 价格敏感,且以尽调通过为前提 | 公开记录只能支持把 $5.3B 私有化收购价作为参考上限,而不能证明当前公允价值。 | 任何投资决定前,先要求最新 ARR 桥、债务明细和分配瀑布。 |
| 目标回报门槛 | 若要约 5 年实现 ~2.0x 总价值,需要 >$10.6B | 以 $5.3B 入场要做出十几个点的 IRR,必须跑出牛市或强基准情景 | 在未知更高价格下,单靠基准情景不足以支撑投资 |
本表是投资判断,不是管理层披露。建议、置信度、风险和估值立场综合公开证据,并明确惩罚私募控股期不透明度。
[CV001, CV002, CV003, CV010, CV011, CV030]| 正向论点 | 为什么重要 | 反向论点 | 什么会改变判断 |
|---|---|---|---|
| FY2024 经营质地达到私募可投标准 | ARR、利润率、留存和客户数说明,这是真软件资产,不只是 AI 叙事 | 这些指标截至 2024 年 6 月,投资者无法验证私有化后质量是否守住 | 提供 2024 年 7 月以来按月 ARR、NRR、流失、EBITDA 和现金数据 |
| Darktrace 仍有平台宽度和客户规模 | 近 10,000 家客户,加上最新云端 / 取证产品发布,让公司仍能进入买方和退出市场视野。 | Omdia 称,平台套件正在挤压独立 NDR 的续约模式和定价权。 | 证明云端 / 取证加挂和交叉销售正在抵消 NDR 单点压缩。 |
| Cado 和 ActiveAI 带来核心 NDR 之外的上行空间 | 云端取证可抬高 ACV,并扩大对战略买家的关注度 | 公开记录尚未证明变现加挂率或整合成功 | 披露 Cado 相关销售动作的管线转化和 ARR 贡献 |
| 已有私募控股先例 | Thoma Bravo 已把 SailPoint 大规模私有化,并受益于后续重估 | 如果债务、治理或市场结构更弱,Darktrace 未必能复制同样结果 | 证明领导层稳定、杠杆受控,并在退出窗口前恢复增长 |
| 会计问题已不再是仍在发酵的欺诈论点 | EY 未发现对过往报表有重大影响,降低了生存性下行风险 | 争议从未完全淡出公开记录,剩余来源折价仍在 | 提供 EY 报告、监管往来函件和干净的私募控股期审计包 |
反向论点列刻意写得强。只有管理层拿出新的财务或治理证据推翻它们,本章才会上调判断。
[CV004, CV005, CV006, CV010, CV013, CV015]基于现有公开证据,为什么 Darktrace 只支持跟踪而不是买入。
流程图是概念框架,不是概率模型,展示哪些证据撑起跟踪建议、哪些障碍挡住买入结论。
[CV004, CV005, CV007, CV010, CV013, CV015]8.2 当前融资与进入纪律
最干净的估值锚仍是 2024 年 10 月赞助方入场。按最后公开的 FY2024 数字,Thoma Bravo 支付约 $5.3 billion,意味着约 6.8x ARR 和 7.7x 收入。相对 Darktrace 已披露的经济性,这不算冒进:业务还在增长,毛利率仍接近 90%,留存高于 100%。问题在于交割之后发生的一切。Companies House 确认 FY2025 法定账目已提交,但开放网络提取结果几乎是空白。2025 年 12 月 MR01 文件也证明存在杠杆,并点名 Goldman Sachs Bank USA 为担保贷款人,但公开记录仍不披露本金、定价、期限或契约水平。因此,进入纪律必须简单。新投资者应把 2024 年赞助方价格视为公允价值上限,直到管理层提供当前 ARR 桥、更新留存、当前 EBITDA / FCF 和债务包。没有这些项目,更高定价就是为不透明付溢价,而不是为已证明的改善付钱。[CV001, CV002, CV003, CV004, CV005, CV008]
| 可比对象 | 状态 / 指标日期 | 价值指标 | 隐含倍数 / 估值 | 为什么重要 | 局限 |
|---|---|---|---|---|---|
| Darktrace 私募入场 | 2024 年 10 月交割 / 2024 年 6 月经营基准 | $5.3B EV,对应 $782.2M ARR 和 $689.5M 收入 | ~6.8x ARR;~7.7x 收入 | 最好的当前纪律硬锚点,因为这是最后一笔真实控制权价格交易 | 对新投资者仍已滞后,因为私募控股期债务和经营趋势未披露 |
| SailPoint 2026 年公开市场 | 2026 年 5 月 CompaniesMarketCap 快照 | $10.68B 市值,对应 $1.07B TTM 收入 | ~10.0x 市值 / 收入 | 可作为 Thoma Bravo 网络安全软件先例,观察重新上市的私募资产能交易到什么水平 | 身份安全比独立 NDR 更直接受当前公开市场青睐 |
| Palo Alto Networks 2026 年公开市场 | 2026 年 5 月 CompaniesMarketCap 快照 | $228.45B 市值,对应 $9.89B TTM 收入 | ~23.1x 市值 / 收入 | 如果 Darktrace 做出更宽套件经济性,它代表平台安全的估值上限 | 规模远大于 Darktrace,业务更多元,流动性也更强 |
| CrowdStrike 2026 年公开市场 | 2026 年 5 月 CompaniesMarketCap 快照 | $186.06B 市值,对应 $4.81B TTM 收入 | ~38.7x 市值 / 收入 | 说明市场会给最强 AI 原生上市网络安全复利资产多高定价 | 增长快得多,披露也强于 Darktrace,因此它是上行上限,不是直接可比对象 |
| SailPoint 私募入场 | 2022 年 8 月私有化收购 | $6.9B 全现金交易 | 仅作估值参考 | 证明 Thoma Bravo 愿意持有规模化安全资产,也能打出后续重估路径 | 现有来源未提供该收购可直接佐证的 ARR 或收入倍数 |
公开市场行使用市值 / 收入代理,Darktrace 入场行使用最后公开经营基准下的企业价值倍数。这种混用是有意为之,反映了可取得的证据集。
[CV001, CV002, CV003, CV023, CV024, CV025]当 ARR 与估值倍数假设偏离 2024 年收购方入场点,价值结果如何变化。
柱形只是情景标记,不是预测曲线。每根柱将假设 ARR 与退出倍数配对,说明留存、增长和市场胃口一变,价值会多快重估。
[CV001, CV002, CV003, CV036, CV037, CV038]8.3 可比分析与估值立场
可比分析支持的结论是,Darktrace 在赞助方入场时估值合理,并不明显便宜。按简单市值 / 收入代理口径,公开网络安全龙头的交易水平远高于 Darktrace 2024 年入场价:CrowdStrike 接近 38.7x 收入,Palo Alto 接近 23.1x,SailPoint 接近 10.0x。这些数字让 Darktrace 7.7x 收入入场看起来保守,但只是表面保守。公开同行披露更新鲜、公开流动性价值更强,PE 持有期不透明也更少。SailPoint 是最好的赞助方案例:Thoma Bravo 在 2022 年以约 $6.9 billion 收购它,现在其公开市值超过 $10 billion,说明 Thoma Bravo 可以在多年持有期里让有规模的安全资产重估。即便如此,Darktrace 不是 SailPoint。它的直接品类承受更多平台压力,当前债务未知,治理路径明显更不稳定。因此,本章落点是接近 2024 年入场价的合理立场,而不是今天有吸引力的立场。[CV023, CV024, CV025, CV026, CV027, CV028]
衡量 Darktrace 当前可投资性的关键维度评分卡。
KPI 面板混合原始指标和判断性评分,服务于投委会排序优先级,不用于时间序列对标。
[CV004, CV005, CV006, CV007, CV008, CV009]8.4 情景分析与回报逻辑
情景区间很宽,因为 Darktrace 有可能长成高得多的退出价值,但方差主要由 PE 持有期的隐藏变量决定。乐观情景下,Darktrace 到 2029 年把 ARR 复合增长到 $1.1 billion 以上,把净留存稳稳守在 105% 以上,货币化 Cado 和云取证,并受益于更开放的网络安全 IPO 或战略买方市场;这可以支撑约 $11-14 billion 的价值,相当于 2024 年入场价略高于 2x 的总价值。基准情景下,ARR 增长到约 $1.0 billion,并以约 8-10x ARR 退出,产生约 $7.5-9.5 billion。悲观情景下,NDR 平台压力加剧,净留存跌破 100%,债务限制投资,治理不确定性持续;价值可能压缩到 $4-6 billion,接近或低于入场价。加权后的教训是,Darktrace 仍有上行,但当前公开记录无法证明足够边际,不能让人有信心买入这份上行。[CV013, CV014, CV015, CV016, CV023, CV024]
| 情景 | 2029 年 ARR 假设 | 退出倍数 | 隐含价值 | 相对 $5.3B 入场价的总价值 | 概率信号 / 条件 |
|---|---|---|---|---|---|
| 牛市 | $1.10-1.20B | 12-14x ARR | $11-14B | ~2.1-2.6x | 要求云端取证完成变现、NRR 高于 105%、CEO 稳定,并且 2027-2029 年退出窗口打开 |
| 基准 | $0.95-1.05B | 8-10x ARR | $7.5-9.5B | ~1.4-1.8x | 如果 Darktrace 继续复利增长、但未像顶级上市同业一样重估,这是公开数据下最可能路径 |
| 熊市 | $0.80-0.90B | 5-7x ARR | $4-6B | ~0.8-1.1x | 如果 NRR 跌破 100%、债务限制投入,或领导层不稳延续,熊市情景就会更可能 |
情景价值基于上一次 Darktrace 公开快照和公开可比区间估算。它们不是管理层预测,应视为不确定性下的承销区间。
[CV002, CV005, CV013, CV015, CV016, CV036]相对于 Darktrace $5.3B 收购方入场价的乐观、基准、悲观价值区间。
区间展示情景表隐含的企业价值结果。区间刻意拉宽,因为收购方持有期的财务数据没有公开更新。
[CV036, CV037, CV038, CV039]8.5 退出准备度、投资逻辑破裂触发器与最终尽调问题
Darktrace 规模已足够拥有真实退出可选性,但仅凭公开证据,还不够透明到可以称为退出就绪。正面逻辑很清楚:公司有公开市场历史、接近 10,000 家客户的足迹、赞助方支持,以及仍覆盖网络、云、邮件、身份相邻工作流和自动化取证的产品叙事。负面逻辑同样清楚:公众不知道债务规模,FY2025 账目通过开放提取几乎无法使用,而且公司在转向私人所有权期间,已经从 Poppy Gustafsson 到 Jill Popelka,再到临时 CEO Charles Goodman。这些不自动构成交易杀手,但足以定义硬性的投资逻辑破裂规则。只有当管理层能展示干净的 PE 持有期复合增长、无威胁的杠杆画像、稳定领导层,以及更像纪律性重估而非被迫流动性事件的退出路径时,建议才会升级。在此之前,尽调应聚焦债务文件、当前 ARR 质量、股权结构经济性和云产品附加率证明。[CV008, CV009, CV010, CV011, CV015, CV016]
| 触发器 | 阈值 / 信号 | 对投资论点的传导 | 行动含义 |
|---|---|---|---|
| 留存破裂 | 净 ARR 留存连续两个期间低于 100% | 推翻牛市和基准情景背后的复利假设 | 在管理层证明修复前,从跟踪转为回避 |
| 债务压力显现 | 债务明显高于 ~6x EBITDA,或契约余量偏窄 | 私募杠杆从可管理叠加项,变成核心股权减值风险 | 考虑入场前,先按债务优先的下行情景重建模型 |
| 治理再次失速 | 第三次 CEO 更替,或临时领导期拉长且没有永久方案 | 释放私募董事会不稳信号,并压低退出信心 | 下调倍数假设,并降低退出准备度 |
| 平台压力恶化 | 与 XDR 套件相关的不续约、套件替代或价格让步再次出现明确证据 | 证实独立 NDR 正被结构性压缩的反向论点 | 提高熊市情景权重,并下调终局倍数 |
| 监管或来源问题重启 | 围绕 2023 年会计争议或后续披露质量出现新的正式行动 | 信用折价重新进入模型,并可能突然关闭退出窗口 | 暂停尽调,并把资本结构下行作为首要风险 |
| 退出路径停滞 | 到 2028 年仍没有可信二级交易、战略出售或重新 IPO 准备 | 削弱私募打法论点,并抬高持有期风险 | 假设持有期更长,回报预期更低 |
每个触发器都直接映射到估值后果:收入质量信心下降、倍数信心下降,或退出信心下降。
[CV010, CV011, CV013, CV018, CV021, CV040]| 主题 | 缺失证据 | 为什么重要 | 负责人 / 尽调路径 |
|---|---|---|---|
| ARR 桥和质量 | 2024 年 7 月至当前期间的月度 ARR 桥,包括新增总额、扩张、收缩和流失 | 这是建议和情景区间里价值最高的单一输入 | 任何 IC 备忘录前,先索要 CFO 材料包和董事会 KPI 材料 |
| 债务包 | 本金金额、利差、到期日、契约水平、担保包和最新合规证书 | MR01 文件证明杠杆存在,但未说明股权风险是温和还是重大 | 取得已签署债务文件和贷方报告包 |
| FY2025 / FY2026 财务报表 | 可读的私募控股期 P&L、资产负债表、现金流和预算对实际分析 | 公开备案虽存在,但公开提取几乎不可用,投资者仍需要经营真相 | 索要数据室格式的审计报表或管理账 |
| 股权结构和分配瀑布 | Thoma Bravo 基金持股、管理层滚投、优先权、债务排序及任何共同投资结构 | 如果资本堆栈复杂,退出时股权价值可能与企业价值大幅背离 | 索要法律股权结构摘要和分配瀑布模型 |
| 云端 / Cado 变现 | 云端取证产品的加挂率、ACV 提升、流失变化和管线证据 | 牛市上行取决于能否证明 Darktrace 不只是旧 NDR 故事 | 向产品 / 销售运营索要分群级加挂和胜率数据 |
| 领导层和退出计划 | 永久 CEO 方案、董事会激励,以及 2027-2029 年私募退出思路 | 治理稳定性现在是估值折价的一部分,不是旁支问题 | 索要董事会材料、管理层留任计划,以及投行 / 私募退出选项评估 |
尽调清单刻意保持短而卡点。每一项要求都在关闭一个估值变量;这些变量当前支撑的是跟踪,而非买入建议。
[CV008, CV009, CV010, CV011, CV015, CV018]8.6 展示材料
免责声明
本报告基于截至 2026-05-30 的公开信息,不构成投资建议。Darktrace 自 2024 年 10 月起已私有化,因此若干核心投资研判输入——包括收购方持有期的 ARR 与收入进展、杠杆、股权结构条款以及当前治理细节——仍未出现在本报告审阅的公开记录中。
证据索引
| 编号 | 陈述 | 可信度 | 来源 |
|---|---|---|---|
| CO001 | Darktrace was founded in 2013. | 高 | SO001, SO012 |
| CO002 | Darktrace says it was founded by global experts in AI and cyber defense. | 中 | SO001 |
| CO003 | Darktrace's public company page lists Cambridge, New York, London, and Singapore as operating locations. | 中 | SO001 |
| CO004 | Darktrace says its AI research centres are in Cambridge and The Hague. | 中 | SO001 |
| CO005 | Darktrace says its ActiveAI Security Platform secures cloud, email, identities, OT, endpoints, and network environments. | 中 | SO001 |
| CO006 | Darktrace's about page reports 10,000 customers, operations in 110 countries, and 2,300+ employees. | 中 | SO001 |
| CO007 | Darktrace says it has more than 200 patents and pending applications. | 中 | SO001 |
| CO008 | Darktrace says it has deep alliances with AWS and Microsoft. | 中 | SO001 |
| CO009 | Darktrace says it is ISO/IEC 27001:2013 certified and published a responsible-AI whitepaper in 2025. | 高 | SO001, SO023 |
| CO010 | Nicole Eagan is currently listed as Co-Founder and Strategic Advisor at Darktrace. | 中 | SO004 |
| CO011 | Jack Stockdale is Darktrace's founding CTO. | 中 | SO005 |
| CO012 | Jack Stockdale oversees Bayesian mathematical models and AI algorithms that underpin Darktrace's technology. | 中 | SO005 |
| CO013 | Summit Partners says Darktrace's origins are tied to the University of Cambridge signal processing lab and GCHQ-linked expertise. | 中 | SO012 |
| CO014 | Public transition notices reported that Poppy Gustafsson stepped down as CEO on 6 September 2024 and Jill Popelka succeeded her. | 高 | SO009, SO014 |
| CO015 | Business Chief reported that Poppy Gustafsson remained on Darktrace's board as a non-executive director after the September 2024 transition. | 高 | SO014, SO009 |
| CO016 | Darktrace and Thoma Bravo announced on 27 January 2026 that Jill Popelka stepped down as CEO. | 高 | SO003, SO008 |
| CO017 | Darktrace and Thoma Bravo said Charles Goodman was appointed interim CEO while the board searched for a permanent chief executive. | 高 | SO003, SO008 |
| CO018 | Darktrace and Thoma Bravo said the take-private transaction completed on 1 October 2024. | 高 | SO002, SO007 |
| CO019 | Darktrace and Thoma Bravo said the transaction valued Darktrace at approximately $5.3 billion. | 高 | SO002, SO007 |
| CO020 | Thoma Bravo said each Darktrace shareholder received $7.75 per share in cash and the company ceased trading on the London Stock Exchange. | 高 | SO007, SO002 |
| CO021 | Darktrace's investor-relations site now says the company is a Thoma Bravo company and the IR website is only a historical archive. | 中 | SO006 |
| CO022 | Darktrace's FY2024 trading update reported ARR of $782.2 million at 30 June 2024. | 高 | SO020, SO021 |
| CO023 | Darktrace's FY2024 trading update reported revenue of at least $689.5 million. | 高 | SO020, SO021 |
| CO024 | Darktrace's FY2024 trading update reported 9,735 customers at 30 June 2024, up 10.6% year over year. | 高 | SO020, SO021 |
| CO025 | Darktrace's FY2024 trading update reported one-year gross ARR churn of 6.3%. | 高 | SO020, SO021 |
| CO026 | Darktrace's FY2024 trading update reported net ARR retention of 106.6%. | 高 | SO020, SO021 |
| CO027 | Darktrace announced a proposed acquisition of Cado Security on 9 January 2025. | 中 | SO022 |
| CO028 | Darktrace said the proposed Cado deal was expected to complete in February 2025 subject to regulatory approval. | 中 | SO022 |
| CO029 | Darktrace said Cado extends coverage across multi-cloud, container, serverless, SaaS, and on-premises investigation environments. | 中 | SO022 |
| CO030 | Darktrace launched automated forensics capabilities in September 2025 and said the new workflow can cut investigation times from days to minutes. | 中 | SO024 |
| CO031 | Companies House lists Darktrace Holdings Limited correspondence address at Maurice Wilkes Building, St John's Innovation Park, Cowley Road, Cambridge CB4 0DS. | 中 | SO010 |
| CO032 | Companies House filings show Darktrace director changes continued into March 2026. | 中 | SO011 |
| CO033 | City A.M. reported that the short seller associated with Matthew Earl held a 0.52% short position in Darktrace in August 2023. | 中 | SO016 |
| CO034 | City A.M. reported that Darktrace critics accused regulators and the London Stock Exchange of failing to curb aggressive short-selling activity. | 中 | SO016 |
| CO035 | CNBC reported that EY found only a small number of contract errors and inconsistencies and nothing material to Darktrace's financial statements. | 中 | SO025 |
| CO036 | Yahoo Finance reported in August 2024 that Mike Lynch's death renewed scrutiny of Darktrace because of his role as a founding investor and Autonomy alumnus. | 中 | SO017 |
| CO037 | PacerMonitor shows Gatekeeper Solutions v. Darktrace was transferred from Texas Eastern to the Northern District of California in December 2025. | 中 | SO019 |
| CO038 | PatSnap reported that the Gatekeeper Solutions case was dismissed with prejudice in early 2026 and each side bore its own costs. | 中 | SO018 |
| CO039 | Tracxn lists Darktrace as an acquired Cambridge-based company with a last known valuation of $5.32 billion. | 中 | SO013 |
| CO040 | Tracxn estimated Darktrace had 2,591 employees as of 26 April 2026. | 低 | SO013 |
| CO041 | Darktrace's current company page still states that the company has 2,300+ employees. | 中 | SO001 |
| CO042 | Darktrace's current website customer count of 10,000 is higher than the 9,735 customers disclosed for FY2024, implying continued expansion after June 2024. | 中 | SO001, SO020 |
| CO043 | Public headcount disclosure is inconsistent: Darktrace says it has 2,300+ employees while Tracxn estimated 2,591 employees in April 2026. | 低 | SO001, SO013 |
| CO044 | Darktrace's current company page still attributes a testimonial quote to “Poppy Gustafsson OBE, CEO” despite her September 2024 departure. | 中 | SO001, SO009 |
| CO045 | Darktrace did not provide FY2025 guidance in the July 2024 trading update because of the regulatory environment surrounding the proposed Thoma Bravo acquisition. | 高 | SO020, SO021 |
| CO046 | Public materials reviewed here do not disclose Darktrace's exact post-take-private cap table or Thoma Bravo ownership percentage. | 中 | SO006, SO007, SO010 |
| CO047 | Public materials reviewed here do not fully enumerate Darktrace's private-company board committee structure or all independent directors. | 中 | SO003, SO010, SO011 |
| CO048 | Public sources reviewed do not fully settle a complete founder roster beyond the confirmed involvement of Nicole Eagan, Jack Stockdale, and the broader Cambridge-origin narrative. | 低 | SO004, SO005, SO012 |
| CM001 | Darktrace currently markets itself as an AI-led security platform that spans network, cloud, identity, email, and automated investigation workflows. | 中 | SM013 |
| CM002 | Darktrace / EMAIL positions email threat protection as a distinct product surface inside Darktrace's addressable market rather than as generic collaboration software. | 中 | SM014 |
| CM003 | Darktrace / CLOUD extends the addressable boundary into cloud threat detection, investigation, and forensic response rather than pure cloud infrastructure spend. | 中 | SM015 |
| CM004 | Darktrace / NETWORK still frames NDR as a core category and explicitly describes NDR as complementary to EDR, SIEM, and firewalls. | 中 | SM019 |
| CM005 | Darktrace / IDENTITY adds account-takeover, insider-threat, and lateral-movement use cases that broaden the company beyond pure network analytics. | 中 | SM018 |
| CM006 | Status-quo substitutes for Darktrace's core spend pool include SIEM-first detection, endpoint-centric bundles, firewalls, IDS or IPS, and manual SOC triage. | 中 | SM013, SM019 |
| CM007 | Darktrace's relevant spend pool excludes pure IAM administration, governance-only security software, hardware refresh, and consulting-only engagements. | 中 | SM013, SM014, SM015, SM018, SM019 |
| CM008 | Darktrace reaches part of the same demand through channel, MSP, MSSP, and MDR-style partner routes rather than only direct software sales. | 中 | SM022 |
| CM009 | MarketsandMarkets projects the AI-in-cybersecurity market at $25.53 billion in 2026 and $50.83 billion in 2031. | 中 | SM001 |
| CM010 | MarketsandMarkets projects the XDR market from $7.92 billion in 2025 to $30.86 billion in 2030 at a 31.2% CAGR. | 中 | SM002 |
| CM011 | Mordor Intelligence estimates the network traffic analysis market at $4.91 billion in 2026 and $8.29 billion in 2031 at an 11.06% CAGR. | 中 | SM004 |
| CM012 | MarketsandMarkets' phishing-protection lens reaches $4.1 billion by 2028 and is directionally useful for Darktrace / EMAIL, but it is not a pure Darktrace email TAM. | 中 | SM003 |
| CM013 | Darktrace's practical SAM is narrower than the full AI-cybersecurity TAM but broader than standalone NDR or NTA alone because the company spans network, identity, cloud, and email workflows. | 中 | SM001, SM013, SM014, SM015, SM018, SM019 |
| CM014 | A defensible public-data SAM for Darktrace is roughly $8 billion to $12 billion once the NTA or NDR core is combined with only the overlapping portions of XDR, email, cloud, and identity budgets. | 中 | SM001, SM002, SM003, SM004, SM013, SM014, SM015, SM018, SM019 |
| CM015 | Darktrace's market opportunity changes materially depending on whether the lens is broad AI cybersecurity, platform-led XDR, or a narrow NDR or NTA wedge. | 中 | SM001, SM002, SM004 |
| CM016 | Public category growth rates imply platform budgets are compounding faster than the heritage network-analysis wedge, which increases valuation sensitivity to Darktrace's cross-surface expansion story. | 中 | SM002, SM004 |
| CM017 | Darktrace's network page explicitly targets SMB, enterprise, government, and critical infrastructure buyers. | 中 | SM019 |
| CM018 | Darktrace's partner program says MSSPs and MDR providers can integrate Darktrace network and email products into managed services. | 中 | SM022 |
| CM019 | Darktrace customer stories center on reduced investigation time, autonomous response, and operational resilience, implying that analysts and responders are the day-to-day users even when executives approve the spend. | 中 | SM021 |
| CM020 | Darktrace identity deployments require shared security and identity-team involvement because the product integrates with SSO and AD and can force logouts or disable accounts. | 中 | SM018 |
| CM021 | IBM reports $1.9 million of average breach-cost savings from extensive AI use in security, which supports premium budget cases in high-loss sectors. | 中 | SM005 |
| CM022 | NIS2 applies to medium-sized and large entities across 18 critical sectors and pushes cybersecurity accountability toward top management and the boardroom. | 中 | SM020 |
| CM023 | Palo Alto Networks' $4.8 billion of next-generation security ARR shows that buyers are increasingly funding broader platforms rather than isolated specialist controls. | 中 | SM017 |
| CM024 | IBM says the global average cost of a data breach is $4.4 million in 2025. | 中 | SM005 |
| CM025 | CrowdStrike reports a 29-minute average eCrime breakout time, an 89% increase in attacks from AI-enabled adversaries, and a 42% increase in zero-days exploited before disclosure. | 中 | SM008 |
| CM026 | NIS2 widens the regulated buyer base by extending EU cyber obligations across 18 sectors and medium or large entities. | 中 | SM020 |
| CM027 | The SEC's cyber-disclosure rules require a Form 8-K within four business days after a public company determines a cybersecurity incident is material. | 中 | SM010 |
| CM028 | The EU AI Act applies from 2 August 2026 and imposes requirements on high-risk AI systems including human oversight. | 中 | SM009 |
| CM029 | Darktrace says 93% of security teams prefer holistic security platforms over individual point solutions. | 低 | SM013 |
| CM030 | Darktrace's partner program uses a 30-day proof-of-value motion, which indicates that buying journeys are frequently pilot-led rather than pure top-down renewals. | 中 | SM022 |
| CM031 | Darktrace customer and partner materials repeatedly position reduced investigation time and 24/7 MDR-style support as core adoption drivers. | 中 | SM021, SM022 |
| CM032 | Darktrace's cloud page cites 79% of surveyed companies experiencing at least one cloud breach in the last 18 months and only 23% reporting full cloud visibility. | 低 | SM015 |
| CM033 | Darktrace's identity page cites 328 days as the mean time to resolution for breaches caused by compromised credentials and says 90% of surveyed organizations experienced at least one identity-related incident in the past year. | 低 | SM018 |
| CM034 | The targeted Omdia NDR market URL returned 404 during this run, so the strongest adverse public source in the discovery pack could not be revalidated from primary text. | 中 | SM025 |
| CM035 | Even without the inaccessible Omdia text, Palo Alto's platformization messaging and Darktrace's own holistic-platform statistic both indicate that bundle-driven consolidation is a real adoption constraint. | 中 | SM013, SM017 |
| CM036 | Darktrace / EMAIL claims it catches threats 13 days earlier than leading secure email gateways and stops up to 55% more threats that evade native providers, but those performance numbers are company-sourced rather than independently benchmarked. | 低 | SM014 |
| CM037 | Darktrace's own NDR page positions the product as complementary to SIEM, EDR, and firewalls, which can help adoption but also limits full rip-and-replace budget capture. | 中 | SM019 |
| CM038 | Current independently retrievable review evidence is thin because Gartner's public review page exposes mostly disclaimers and the accessible G2 fetch resolves to a 2019 archive. | 中 | SM016, SM023 |
| CM039 | Current SOM is only partially answerable from public sources because Darktrace is private and recent revenue or segment mix disclosures were not located in the chapter evidence set. | 低 | |
| CM040 | Additive TAM math would overstate the opportunity because the broad AI-cybersecurity lens overlaps with the narrower XDR and NTA or NDR lenses. | 中 | SM001, SM002, SM004 |
| CM041 | Darktrace monetizes the same end-market demand through direct customers and through partners that deliver MDR-style services, so adoption can occur through multiple buying routes. | 中 | SM021, SM022 |
| CM042 | The same regulation that expands demand for detection tooling also raises governance and oversight expectations for AI-led response, producing a two-sided adoption effect for Darktrace in regulated accounts. | 中 | SM009, SM010, SM020 |
| CP001 | Darktrace's FY2024 trading update reported ARR of $782.2 million, revenue of at least $689.5 million, and 9,735 customers at 30 June 2024. | 高 | SP001, SP002 |
| CP002 | Darktrace frames self-learning AI as an alternative to signature-based and rules-based detection by learning what is normal for each organization. | 中 | SP003 |
| CP003 | Darktrace's current AI-security page markets coverage across network, cloud, identity, email, OT, and endpoint-adjacent workflows. | 中 | SP003 |
| CP004 | CrowdStrike reported FY2026 ending ARR of $5.25 billion and FY2026 revenue of $4.81 billion. | 中 | SP004 |
| CP005 | CrowdStrike says Falcon unifies endpoint, identity, cloud, SaaS, and AI protection in one AI-native platform with automated response. | 中 | SP005 |
| CP006 | CrowdStrike says Falcon Flex accounts ended FY2026 with $1.69 billion of ARR, showing broad bundle adoption inside the platform. | 中 | SP004 |
| CP007 | SentinelOne reported FY2026 revenue of $1.0013 billion and ending ARR of $1.1191 billion. | 中 | SP006 |
| CP008 | SentinelOne markets Singularity as a platform spanning endpoint, cloud, and identity. | 中 | SP007 |
| CP009 | Palo Alto Networks reported fiscal 2025 revenue of $9.2 billion and Next-Generation Security ARR of $5.6 billion. | 中 | SP008 |
| CP010 | Palo Alto Networks says Cortex XSIAM applies 2,900+ ML models and 13,300+ detections. | 中 | SP009 |
| CP011 | Microsoft Sentinel is described by Microsoft as a cloud-native SIEM with a unified data lake, graph-enabled visibility, and intelligent reasoning tools. | 中 | SP010 |
| CP012 | Microsoft says Sentinel integrates with more than 350 different solutions through Microsoft and partner connectors. | 中 | SP010 |
| CP013 | Microsoft Sentinel pricing is consumption-based with commitment tiers, distinct analytics and data-lake tiers, and a public-preview 50 GB commitment tier running through June 2026. | 中 | SP011 |
| CP014 | Cisco XDR markets network-led defense with agentic AI across network, endpoint, email, cloud, and identity. | 中 | SP012 |
| CP015 | Cisco said completing the Splunk acquisition made it one of the largest software companies globally. | 中 | SP013 |
| CP016 | Splunk Enterprise Security now bundles SIEM, SOAR, UEBA, AI/ML, and agentic AI into a unified threat-detection, investigation, and response platform. | 中 | SP014 |
| CP017 | IBM QRadar SIEM still positions around centralized visibility, real-time threat detection, and a claimed savings of more than 14,000 analyst hours over three years. | 中 | SP015 |
| CP018 | IBM and Palo Alto Networks set up a formal migration path in which QRadar SaaS clients can move to Cortex XSIAM with no-cost migration services for qualified customers while QRadar on-prem can remain supported. | 高 | SP015, SP016 |
| CP019 | Vectra's platform and company pages position it as a behavior-based NDR vendor spanning network, identity, and cloud with 39 AI patents and more than 2,000 organizations relying on it. | 高 | SP017, SP018, SP031 |
| CP020 | Vectra and CrowdStrike jointly market a solution for SMB and midmarket security teams. | 中 | SP019 |
| CP021 | Vectra's Microsoft Sentinel partner page says Vectra detections can feed Sentinel workbooks and automation. | 中 | SP020 |
| CP022 | Vectra and Nozomi market a joint IT/OT solution, showing that Darktrace's OT flank is contested by a specialist partnership rather than by Vectra alone. | 高 | SP021, SP030 |
| CP023 | Vectra's Darktrace comparison page is vendor-authored marketing, but it shows Vectra framing the head-to-head around modern-network coverage and AI precision. | 中 | SP022 |
| CP024 | Vectra's ExtraHop comparison page claims 80%+ alert fidelity over ExtraHop. | 低 | SP023 |
| CP025 | Vectra's Cisco comparison page explicitly frames Stealthwatch and Cisco Secure Network Analytics as a replacement target. | 低 | SP024 |
| CP026 | PeerSpot's May 2026 NDR comparison says Darktrace held 14.8% mindshare, Vectra AI 11.2%, and ExtraHop 6.1%, with all three down versus the prior year. | 中 | SP025 |
| CP027 | PeerSpot ranks Darktrace number one with an average rating of 8.1 and ExtraHop number four with an average rating of 8.7 in the retained NDR comparison. | 中 | SP025 |
| CP028 | PeerSpot reviewers describe Vectra pricing as relatively high but competitive, with annual licensing that can still be cheaper than Darktrace in some deals. | 中 | SP026 |
| CP029 | PeerSpot reviewers say Vectra's licensing model remains complex and users want simplification and better cloud functionality without extra subscriptions. | 中 | SP026 |
| CP030 | TrustRadius reviewers say Darktrace pricing is negotiable, contracts can rise by 5% or more each year, and the product typically needs a learning period of a few weeks before full identification mode. | 中 | SP028 |
| CP031 | TrustRadius reviewers describe Darktrace as able to raise alerts and take automated actions once baselines are established. | 中 | SP028 |
| CP032 | Omdia says standalone NDR deployments saw higher non-renewal or replacement rates as buyers consolidated around unified XDR platforms. | 中 | SP027 |
| CP033 | Omdia says the 2022-2026 NDR market has been reshaped by XDR disruption, platform consolidation, and an AI-driven renaissance rather than simple category expansion. | 中 | SP027 |
| CP034 | Microsoft's March 2026 identity-security blog says 32% of organizations have duplicative access-management solutions and 40% say they have too many different vendors. | 中 | SP029 |
| CP035 | Nozomi positions itself as purpose-built for OT and IoT security in industrial, commercial, and critical-infrastructure environments. | 中 | SP030 |
| CP036 | Vectra says Gartner's 2025 NDR Magic Quadrant positioned it highest for ability to execute and furthest for completeness of vision. | 中 | SP031 |
| CP037 | Vectra says GigaOm named it both a Leader and Outperformer across NDR and ITDR radar reports. | 中 | SP032 |
| CP038 | Vectra's 2026 State of Threat Detection says detection latency, fragmented visibility, and siloed signals still undermine outcomes even when teams have more tooling. | 中 | SP033 |
| CP039 | Corelight positions itself as an Open NDR Platform built from sensors, open-source and proprietary evidence collections, and Zeek-community analytics. | 中 | SP034 |
| CP040 | Google says combining Wiz with Google Security Operations creates a unified AI-powered multicloud security platform that can detect, prevent, and respond across all environments while keeping Wiz multicloud. | 中 | SP035 |
| CP041 | Darktrace's clearest differentiation remains self-learning detection tied to autonomous or semi-autonomous response, but the suite vendors own broader SIEM, identity, endpoint, or cloud control planes. | 高 | SP003, SP005, SP009, SP010 |
| CP042 | Darktrace switching costs are real because baselining and automated actions embed the product into day-two workflows, but multi-homing is also normal because customers still rely on external SIEM and XDR platforms. | 高 | SP003, SP010, SP012, SP028 |
| CP043 | Bundle power is strongest where Microsoft contracts, CrowdStrike Flex, or IBM-to-Palo Alto migration offers let buyers add network or SOC capabilities without a fresh point-product procurement cycle. | 高 | SP004, SP011, SP016, SP029 |
| CP044 | The relevant landscape now spans direct NDR peers, endpoint-first XDR suites, SIEM incumbents, OT specialists, open-NDR and internal-build alternatives, and likely entrants such as Google after Wiz. | 高 | SP014, SP027, SP030, SP034, SP035 |
| CP045 | Distribution and partner access are durable incumbent advantages because Cisco now owns Splunk, IBM is steering QRadar SaaS migrations toward XSIAM, and Microsoft already controls a large share of identity and log workflow. | 高 | SP010, SP013, SP016, SP029 |
| CP046 | Review evidence says Darktrace still faces renewal friction around pricing escalators, tuning, and the initial learning period, even though the product can automate response after that setup stage. | 中 | SP028 |
| CP047 | Competitor AI narratives have converged: CrowdStrike sells Charlotte AI and unified protection, Microsoft extends Security Copilot triage into identity, Palo Alto sells an agentic SOC through XSIAM, and Darktrace continues to sell self-learning AI. | 高 | SP003, SP005, SP009, SP029 |
| CP048 | Open NDR and internal-build alternatives remain credible for security-mature accounts because Corelight sells open evidence and analytics rather than a closed AI console. | 中 | SP034 |
| CI001 | Darktrace's IR site now presents itself as a historical archive after the Thoma Bravo take-private. | 中 | SI001 |
| CI002 | Darktrace's financial-results archive still exposes FY2024 trading materials, FY2023 and FY2022 results, and annual-report downloads from the public-company period. | 中 | SI002 |
| CI003 | Darktrace reported FY2024 ARR of $782.2 million at 30 June 2024. | 中 | SI003 |
| CI004 | Darktrace said FY2024 revenue would total at least $689.5 million, including at least $183.1 million in Q4. | 中 | SI003 |
| CI005 | Darktrace said FY2024 net ARR added was $144.9 million and Q4 net ARR added was $51.1 million. | 中 | SI003 |
| CI006 | At 30 June 2024, one-year gross ARR churn was 6.3% and net ARR retention was 106.6%. | 中 | SI003 |
| CI007 | Darktrace finished FY2024 with 9,735 customers and added 936 net new customers during the year. | 中 | SI003 |
| CI008 | Darktrace's July 2024 trading update said its direct cost profile remained relatively stable and full-year gross margin should remain in the range of recent reported periods. | 中 | SI003 |
| CI009 | Because of the proposed Thoma Bravo acquisition, Darktrace did not provide its final FY2024 adjusted EBITDA margin, free-cash-flow conversion, or FY2025 outlook in the July 2024 trading update. | 中 | SI003 |
| CI010 | In H1 FY2024, Darktrace reported $330.3 million of revenue, 89.3% gross margin, $84.5 million of adjusted EBITDA, and $65.6 million of net operating cash inflow. | 中 | SI004 |
| CI011 | At 31 December 2023, Darktrace reported $702.1 million of ARR, 105.0% net ARR retention, 6.6% gross ARR churn, 9,232 customers, and $1.254 billion of RPO. | 中 | SI004 |
| CI012 | Darktrace described its model in H1 FY2024 as a resilient business underpinned by multi-year contracts and a flexible cost structure. | 中 | SI004 |
| CI013 | Darktrace said H1 FY2024 S&M and G&A fell as a percentage of revenue, some customer success manager and channel partner costs were reclassified into S&M, and R&D cash employment costs rose 15.3%. | 中 | SI004 |
| CI014 | Darktrace reported FY2023 revenue of $545.43 million, gross margin of 89.8%, adjusted EBITDA of $139.2 million, and free cash flow of $93.8 million. | 中 | SI005 |
| CI015 | Darktrace reported FY2023 ARR of $628.4 million, net ARR added of $143.6 million, gross ARR churn of 6.8%, net ARR retention of 104.7%, 8,799 customers, and $1.258 billion of RPO. | 中 | SI005 |
| CI016 | Darktrace's FY2023 results said FY2024 commission plans moved to paying 100% of sales commissions upfront, temporarily increasing cash outflows and changing adjusted EBITDA presentation. | 中 | SI005 |
| CI017 | Darktrace reported FY2022 revenue of $415.482 million, gross margin of 89.2%, adjusted EBITDA of $91.4 million, and free cash flow of $99.5 million. | 中 | SI006 |
| CI018 | Darktrace reported FY2022 ARR of $514.4 million, gross ARR churn of 6.5%, net ARR retention of 105.5%, 7,437 customers, and $390.6 million of cash and cash equivalents. | 中 | SI006 |
| CI019 | Darktrace reallocated $3.8 million of revenue from FY2022 into FY2021 and said the timing adjustment did not affect ARR or cash position. | 中 | SI006 |
| CI020 | Reviewed official buying surfaces route prospects to evaluation or contact flows rather than a public self-serve checkout or price list. | 中 | SI015, SI016, SI017 |
| CI021 | Darktrace's partner program publicly spans VARs, MSP/MSSPs, consultancies, and distributors, and advertises a complimentary 30-day Proof of Value for consultancy partners. | 中 | SI015 |
| CI022 | Darktrace's current company page says it has 10,000 customers, operates in 110 countries, and has 2,300+ employees. | 中 | SI014 |
| CI023 | The acquisition scheme became effective on 1 October 2024 and Bidco took ownership of the entire issued share capital of Darktrace. | 高 | SI010, SI018, SI019 |
| CI024 | Darktrace's take-private consideration was $7.75 per share in cash and the transaction valued the company at approximately $5.3 billion. | 高 | SI010, SI018, SI019 |
| CI025 | All regulatory and antitrust conditions were satisfied by 16 September 2024 and the scheme was court-sanctioned on 24 September 2024. | 高 | SI011, SI012 |
| CI026 | Darktrace shares ceased trading around the close and the company was removed from the FTSE100 / London Stock Exchange public-market surface after the transaction. | 高 | SI013, SI019 |
| CI027 | Companies House filing history shows full accounts made up to 30 June 2025 were filed on 14 March 2026. | 中 | SI020 |
| CI028 | Companies House filing history shows an MR01 registration of charge created on 4 December 2025. | 中 | SI020 |
| CI029 | The registered charge names Goldman Sachs Bank USA as the secured party and states that the instrument contains fixed charges, a floating charge over all property or undertaking, and a negative pledge. | 高 | SI020, SI022 |
| CI030 | The reviewed public documents confirm sponsor-era secured financing exists, but they do not disclose readable current debt principal, interest burden, covenant ratios, unrestricted cash, or runway. | 中 | SI001, SI020, SI021, SI022 |
| CI031 | EY's 2023 review covered partner channel contracts and marketing spend, contract opt-outs and appliance deployments, non-current deferred revenue, ARR calculation, and certain third-party relationships. | 高 | SI023, SI024 |
| CI032 | EY identified a small number of errors and inconsistencies in sampled channel contracts, but Darktrace said they were not material to previously filed financial statements. | 高 | SI023, SI024 |
| CI033 | Yahoo Finance and The Register show that accounting scrutiny and the Mike Lynch association remained part of Darktrace's outside narrative even after EY's review. | 中 | SI025, SI026 |
| CI034 | Tracxn reports that Darktrace has raised $239 million in funding and had a last known valuation of $5.32 billion. | 低 | SI027 |
| CI035 | Average ARR per customer at June 2024 was about $80.3 thousand using $782.2 million of ARR and 9,735 customers. | 中 | SI003 |
| CI036 | Average ARR per customer was about $79.8 thousand on Darktrace's rebased FY2025 constant-currency ARR balance of $777.0 million. | 中 | SI003 |
| CI037 | FY2024 revenue per employee was roughly $287 thousand to $300 thousand using the FY2024 revenue floor and the official 2,300+ to 2,400+ employee references. | 中 | SI003, SI014 |
| CI038 | Darktrace's $5.3 billion take-private valuation implied about 6.8x FY2024 ARR and about 7.7x FY2024 revenue floor. | 中 | SI003, SI019 |
| CI039 | Reviewed public sources do not disclose realized pricing, discount ladders, module-level mix, or direct-versus-channel revenue share. | 中 | SI015, SI016, SI017 |
| CI040 | The public G2 pricing URL existed but was JavaScript-blocked in this run, so it did not provide a verifiable Darktrace price card. | 低 | SI029 |
| CI041 | Darktrace generated positive free cash flow of $99.5 million in FY2022 and $93.8 million in FY2023 before the take-private closed. | 中 | SI005, SI006 |
| CI042 | Darktrace's disclosed gross margin stayed within a narrow high band of 89.2% in FY2022, 89.8% in FY2023, and 89.3% in H1 FY2024. | 高 | SI004, SI005, SI006 |
| CI043 | In March 2024 Darktrace raised FY2024 adjusted EBITDA margin guidance to at least 21%, but by July 2024 it declined to publish a final margin because of deal constraints. | 中 | SI003, SI004 |
| CI044 | The March 2026 Companies House accounts PDF fetched successfully but did not yield machine-readable financial text in this run. | 中 | SI021 |
| CI045 | Summit Partners' Darktrace history page shows the company had institutional backing and a developed equity story before the 2021 IPO. | 中 | SI030 |
| CI046 | Official Darktrace site pages still frame buying around demos, evaluation, partner channels, and contact flows rather than transparent SKU pricing. | 高 | SI015, SI016, SI017 |
| CI047 | After delisting, Darktrace stopped providing ongoing public FY2025 and FY2026 operating disclosures, so external analysis still anchors on the June 2024 snapshot and later filing breadcrumbs. | 中 | SI001, SI009, SI013 |
| CI048 | Public evidence is strong enough to judge Darktrace's historical software economics favorably, but not strong enough to underwrite sponsor-era leverage or liquidity with confidence. | 中 | SI003, SI020, SI022 |
| CE001 | Darktrace frames ActiveAI as one platform spanning network, email, cloud, OT, identity, endpoint, and cross-platform products rather than as a standalone NDR appliance. | 中 | SE001, SE027, SE026 |
| CE002 | The public product flow can be normalized as detect, investigate, respond, recover, and harden, with Cyber AI Analyst, Autonomous Response, FAI, and exposure-management products each owning part of that workflow. | 中 | SE001, SE006, SE007 |
| CE003 | Official Darktrace pages say the company serves more than 10,000 customers or organizations. | 高 | SE001, SE002 |
| CE004 | Independent and marketplace sources place Darktrace around nearly 10,000 customers and roughly 2,300 employees, reinforcing enterprise product maturity even after privatization. | 高 | SE024, SE026 |
| CE005 | Darktrace's cross-platform capability set includes Proactive Exposure Management, Adaptive Human Defense, Attack Surface Management, Forensic Acquisition & Investigation, Incident Readiness & Recovery, and Cyber AI Analyst. | 中 | SE001, SE005, SE006, SE017 |
| CE006 | SECURE AI is positioned as a new module for AI agents, prompts, shadow AI, and policy enforcement rather than as a generic add-on to legacy NDR. | 中 | SE005, SE014, SE015 |
| CE007 | SECURE AI says it can inspect prompts, sessions, and responses, discover agent identities via MCP and services like Amazon S3, and distinguish sanctioned from unsanctioned AI activity. | 中 | SE005 |
| CE008 | Cyber AI Analyst claims to accelerate incident response by 10x and save 50,000 hours annually. | 中 | SE006 |
| CE009 | Darktrace says Cyber AI Analyst mirrors the human investigative process with multiple machine-learning techniques rather than simple prompt-only GenAI. | 中 | SE006 |
| CE010 | Darktrace says Cyber AI Analyst autonomously investigates all alerts, including third-party security-tool alerts, and fewer than 4% of its investigations require human review. | 中 | SE006 |
| CE011 | ENDPOINT is marketed as visibility for remote and off-VPN endpoints that complements existing EDR rather than replacing it. | 中 | SE004 |
| CE012 | ENDPOINT says it can enforce a pattern of life for a device or group while leaving customers in control of how AI response is customized by device type, IP range, and working hours. | 中 | SE004 |
| CE013 | OT is no longer pitched as generic monitoring only; public materials emphasize OT-specific attack-path analysis, APT and MITRE mapping, and critical-infrastructure context. | 中 | SE003, SE027 |
| CE014 | The Xage relationship extends Darktrace's OT story into zero-trust enforcement and rapid device-level lockdown across IT and OT environments. | 中 | SE028, SE011 |
| CE015 | FAI automates disk- and memory-level evidence capture across cloud, container, and SaaS investigations and unifies findings in one timeline. | 中 | SE007, SE020 |
| CE016 | FAI claims deep forensic insight in minutes instead of days and cites a 250% efficiency gain from a customer quote on the Cado site. | 中 | SE007, SE020 |
| CE017 | Darktrace says its AWS deployment can launch from the cloud in five minutes using lightweight host agents or traffic mirroring and API logs, with support for multi-tenant, hybrid, and serverless estates. | 中 | SE010 |
| CE018 | Darktrace says it integrates with Amazon Security Lake and extended AWS VPC traffic mirroring to non-Nitro instances. | 中 | SE010 |
| CE019 | The integrations and partner surfaces list Azure Sentinel, Splunk, Splunk SOAR, ServiceNow, Microsoft Graph Security API, AWS Lambda, Slack, Jira, Okta, Palo Alto, and Xage among the supported ecosystem touchpoints. | 中 | SE011, SE012 |
| CE020 | Darktrace's Microsoft page says the product combines enterprise-specific behavioral context with Microsoft 365, Azure, endpoint, and network data for defense-in-depth. | 中 | SE009 |
| CE021 | Darktrace says Cyber AI Analyst integrates with Microsoft Copilot for Security and that EMAIL can integrate with Defender and Security Copilot for investigation workflows. | 中 | SE009 |
| CE022 | Darktrace's services page describes a 24/7/365 follow-the-sun SOC, MDR, SOC-assisted triage, and wrap-around expert services across network, cloud, SaaS, and OT. | 中 | SE018 |
| CE023 | Darktrace's Trust Centre publicly lists ISO 27001, ISO 27018, ISO 42001, and Cyber Essentials artifacts. | 高 | SE008, SE015 |
| CE024 | Darktrace's trust surface includes named support engineers for compliance questions and a customer portal for additional security and legal resources. | 中 | SE008 |
| CE025 | Darktrace's 2026 AI-security survey covers 1,500 cybersecurity professionals and says 92% are concerned about AI agents across the workforce. | 高 | SE014, SE015 |
| CE026 | The federal page shows Darktrace actively packaging a mission-resilience message for US federal buyers. | 中 | SE019 |
| CE027 | A retained patent source shows Darktrace-linked anomaly-detection IP around generated abnormal data, semi-supervised or unsupervised learning, and adaptive decision boundaries for cyber-physical systems. | 中 | SE023 |
| CE028 | Darktrace's recognition surface cites 2025 Gartner NDR leadership and multiple OT, anti-phishing, ASM, and ransomware-prevention accolades from other analyst firms. | 中 | SE013 |
| CE029 | Help Net Security's 2024 ActiveAI launch note shows Darktrace broadening from reactive detection toward prevention, automated investigation, attack-path analysis, and recovery inside one common AI architecture. | 中 | SE027 |
| CE030 | Help Net Security's 2024 Xage report shows Darktrace extending OT with zero-trust enforcement for critical infrastructure environments. | 中 | SE028 |
| CE031 | Public review sources repeatedly describe Darktrace pricing as expensive or inflexible, with PeerSpot citing quotes above $100,000 per year and AWS reviews calling it somewhat expensive. | 中 | SE021, SE024 |
| CE032 | Public review sources say deployments are often straightforward but still involve a learning period before anomalies stabilize. | 中 | SE021, SE024 |
| CE033 | Review evidence also points to false positives, support variability, integration friction, and Autonomous Response limits in some shared or topology-constrained environments. | 中 | SE021, SE024, SE029 |
| CE034 | Darktrace's cloud incident case study shows Autonomous Response blocking suspicious SSH-based exfiltration in an AWS case after Darktrace SOC investigation. | 中 | SE016 |
| CE035 | The same cloud case study documents 718 GB uploaded and ransomware detonation when Autonomous Response was not configured to act on the affected devices. | 中 | SE016 |
| CE036 | Cado's own site and Darktrace's FAI material align on cloud-native evidence capture, API-driven workflows, and timeline-based investigations, indicating strategic fit even though full post-acquisition integration depth remains under-documented. | 中 | SE007, SE020 |
| CE037 | A third-party SDK shows that Darktrace's API surface spans AI Analyst, Antigena, model breaches, email, endpoint, PCAP, status, and device data with token-based authentication, retries, and SSL controls. | 中 | SE025 |
| CE038 | Older G2 reviews portray Darktrace as useful for root-cause analysis and network mapping but still complementary to a SIEM, with integration and reporting weaknesses noted in early deployments. | 低 | SE029 |
| CE039 | AWS Marketplace lists Darktrace as a SaaS product sold by Darktrace and shows 24 ratings with a 4.1 score, supporting channel maturity even though it is not an outcome benchmark. | 中 | SE024 |
| CE040 | SecurityWeek describes Darktrace as an AI-powered threat-detection and response platform for enterprise IT, email, and OT environments, which independently supports the broad product framing. | 中 | SE026 |
| CU001 | Darktrace's current company page says it serves 10,000 customers in 110 countries. | 高 | SU001, SU004 |
| CU002 | Darktrace's current company page says its customers include critical infrastructure, public sector agencies, healthcare providers, financial services institutions, and education institutions. | 高 | SU001, SU025, SU026, SU027, SU028, SU033, SU034 |
| CU003 | Darktrace publicly sells through VAR, MSP/MSSP, consultancy, and distributor routes in addition to direct sales. | 高 | SU003, SU029 |
| CU004 | The current Darktrace customer-stories surface shows named proofs across healthcare, education, local government, manufacturing, logistics, beverages, and reseller-led environments. | 中 | SU002, SU017, SU018, SU019, SU020, SU021, SU022, SU023, SU024 |
| CU005 | Darktrace Federal is a U.S.-based affiliate headquartered in Arlington, Virginia for federal customers. | 中 | SU004 |
| CU006 | NCG is a named education customer spanning seven colleges. | 中 | SU019 |
| CU007 | Sofukai Foundation Okayama Kyokuto Hospital is a named healthcare customer with 214 beds, about 500 staff, and roughly 800 IP-connected devices. | 中 | SU020 |
| CU008 | Cogne Acciai Speciali is a named manufacturing and OT customer with a main site in Aosta, Italy and an international footprint. | 中 | SU022 |
| CU009 | Lake Macquarie City Council is a named local-government customer serving more than 200,000 residents. | 中 | SU021 |
| CU010 | Coca-Cola Beverages Northeast is a named customer with more than 3,500 employees and over one million emails per month. | 中 | SU023 |
| CU011 | Tokai Kyowa ran Darktrace proof of value across about 300 workstations while operating with only two security staff. | 中 | SU024 |
| CU012 | Biomerics is a named medical-device manufacturer customer with 14-plus facilities and 3,200 employees. | 中 | SU018 |
| CU013 | Current customer stories consistently quote CISOs, CTOs, CIOs, directors of information services, and security specialists as decision-makers, implying the recurring buyer and payer is senior security or IT leadership. | 中 | SU017, SU019, SU020, SU021, SU022, SU023 |
| CU014 | Current customer stories center daily usage on security analysts, lean IT teams, and SOC partners running network, email, and autonomous-response workflows. | 中 | SU018, SU019, SU021, SU022, SU024 |
| CU015 | Darktrace's FY2022 results reported 7,437 customers at 30 June 2022. | 中 | SU008 |
| CU016 | Darktrace's FY2023 results reported 8,799 customers at 30 June 2023. | 中 | SU007 |
| CU017 | Darktrace's H1 FY2024 results reported 9,232 customers at 31 December 2023. | 中 | SU006 |
| CU018 | Darktrace's FY2024 trading update reported 9,735 customers at 30 June 2024. | 高 | SU005, SU009, SU010 |
| CU019 | Darktrace's FY2024 trading update reported $782.2 million of ARR and expected revenue of at least $689.5 million at 30 June 2024. | 高 | SU005, SU009, SU010 |
| CU020 | Using reported FY2022 ARR and customer count, average ARR per customer was about $69,000. | 中 | SU008 |
| CU021 | Using reported FY2023 ARR and customer count, average ARR per customer was about $71,000. | 中 | SU007 |
| CU022 | Using reported H1 FY2024 ARR and customer count, average ARR per customer was about $76,000. | 中 | SU006 |
| CU023 | Using reported FY2024 ARR and customer count, average ARR per customer was about $80,000. | 中 | SU005, SU009 |
| CU024 | Darktrace's current website claim of 10,000 customers implies only about 265 net new customers versus the FY2024 public baseline. | 中 | SU001, SU005 |
| CU025 | FY2022-to-FY2024 public disclosures show customer count up roughly 31% while ARR rose roughly 52%, indicating Darktrace combined logo growth with expansion inside the base before the buyout. | 中 | SU008, SU007, SU005 |
| CU026 | Darktrace's FY2024 update said it continued to drive a significant amount of new ARR from its existing customer base. | 中 | SU005 |
| CU027 | Technologent uses Darktrace both internally and as a reseller, making it both a paying customer and a channel proof point. | 中 | SU017 |
| CU028 | Biomerics says Darktrace / EMAIL immediately stopped sophisticated phishing and BEC attacks that had bypassed its layered defenses. | 中 | SU018 |
| CU029 | NCG says Darktrace reduced investigations from weeks to minutes or seconds and now feeds security reporting directly to executive leadership and the board. | 中 | SU019 |
| CU030 | Okayama Kyokuto Hospital says Darktrace surfaced anomalous communications that existing endpoint products did not detect during proof of value. | 中 | SU020 |
| CU031 | Lake Macquarie City Council says Darktrace detected threats earlier than legacy tools during proof of value and reduced alert fatigue after deployment. | 中 | SU021 |
| CU032 | Cogne Acciai Speciali says Darktrace processed 335 TB of traffic, monitored nearly 3,000 internal IP addresses, ran 17,558 autonomous investigations, and saved 1,712 hours of manual analysis in a recent period. | 中 | SU022 |
| CU033 | Coca-Cola Beverages Northeast uses Darktrace / EMAIL to protect more than a million emails monthly while applying risk-based controls that avoid disrupting operations. | 中 | SU023 |
| CU034 | Tokai Kyowa configured Darktrace autonomous response to automatically contain communications whose anomaly score exceeds 80%. | 中 | SU024 |
| CU035 | Darktrace's FY2022 results reported 6.5% one-year gross ARR churn and 105.5% net ARR retention. | 中 | SU008 |
| CU036 | Darktrace's FY2023 results reported 6.8% one-year gross ARR churn and 104.7% net ARR retention. | 中 | SU007 |
| CU037 | Darktrace's H1 FY2024 results reported 6.6% one-year gross ARR churn and 105.0% net ARR retention. | 中 | SU006 |
| CU038 | Darktrace's FY2024 trading update reported 6.3% one-year gross ARR churn and 106.6% net ARR retention. | 高 | SU005, SU009, SU010 |
| CU039 | Darktrace's H1 FY2024 results reported $1.254 billion of RPO and described the business as underpinned by multi-year contracts with significant revenue visibility. | 高 | SU006, SU007, SU008 |
| CU040 | PeerSpot reviewers repeatedly cite high pricing, licensing inflexibility, interface complexity, integration demands, and false positives alongside strong threat detection and support. | 中 | SU011 |
| CU041 | TrustRadius reviewers cite strong anomaly detection, automated email and network response, and compliance value, but also mention contract price increases, false positives, tuning effort, and UI complexity. | 中 | SU012 |
| CU042 | Historical G2 reviews show long-running proof-of-concept use, price sensitivity for smaller buyers, and recurring requests for easier reporting and integrations. | 低 | SU013 |
| CU043 | Darktrace's partners page says channel partners receive a complimentary 30-day proof of value, margin protection, and opportunity exclusivity. | 中 | SU003 |
| CU044 | Darktrace's 2023 MSSP announcement shows it packaging managed email security specifically for MSSPs, reinforcing channel-led delivery rather than pure direct sales. | 高 | SU029, SU003 |
| CU045 | The named proofs mostly start with NETWORK or EMAIL and then extend into autonomous response, OT, board reporting, or managed services, implying a module-led land-and-expand motion. | 中 | SU018, SU019, SU020, SU021, SU022, SU023, SU024 |
| CU046 | Public sources reviewed do not disclose top-customer revenue share, contract length, or cohort retention for Darktrace. | 低 | SU001, SU005, SU006, SU007, SU008 |
| CU047 | Post-take-private public disclosure is materially thinner: the website still claims 10,000 customers, but the retained public set does not update NRR or churn beyond June 2024. | 低 | SU001, SU005, SU009, SU010, SU032 |
| CU048 | Darktrace Federal and the government-and-defense materials indicate a separate public-sector motion, but the retained procurement sources do not disclose contract values or buyer concentration. | 低 | SU004, SU014, SU015, SU027 |
| CU049 | Finance Yahoo reported renewed scrutiny around Darktrace because of its historical Mike Lynch association, showing reputational overhang can still enter enterprise diligence. | 中 | SU030 |
| CU050 | SecurityWeek's take-private coverage reinforces that Darktrace crossed into a less transparent private-company phase after the $5.3 billion Thoma Bravo sale. | 中 | SU032 |
| CU051 | CNBC reported EY found only a small number of contract errors and inconsistencies and nothing material to Darktrace's financial statements, which supports treating the historic ARR and customer disclosures as directionally usable. | 中 | SU031 |
| CR001 | QCM’s 2023 short-seller campaign challenged Darktrace’s financial reporting and created a material governance overhang. | 高 | SR001, SR002 |
| CR002 | Darktrace commissioned EY in February 2023 to conduct an independent review of its finances in response to the short-seller attack. | 高 | SR002, SR003 |
| CR003 | Public reporting on the EY review said Darktrace found no evidence of fraud and only a small number of errors and inconsistencies. | 中 | SR003, SR004 |
| CR004 | Darktrace said it would provide the EY review to the FCA and FRC rather than publish the full report publicly. | 中 | SR003, SR004 |
| CR005 | The reviewed 2026-period public materials do not disclose a formal FCA or FRC enforcement outcome or closure tied to the 2023 EY review. | 中 | SR003, SR052 |
| CR006 | PacerMonitor shows Gatekeeper Solutions v. Darktrace was transferred from Texas Eastern to the Northern District of California in December 2025. | 中 | SR007 |
| CR007 | PatSnap reported that Gatekeeper voluntarily dismissed the action with prejudice on 2026-02-02 and each side bore its own costs. | 中 | SR034 |
| CR008 | The Gatekeeper matter involved U.S. Patent No. 9,032,038 and still illustrates residual freedom-to-operate exposure even after dismissal. | 中 | SR007, SR034 |
| CR009 | Darktrace says its technology portfolio is backed by over 200 patents and pending applications. | 中 | SR029 |
| CR010 | The European Commission says the AI Act’s prohibited-practices rules took effect in February 2025 and its transparency rules take effect in August 2026. | 中 | SR012 |
| CR011 | The AI Act subjects high-risk AI systems to obligations including risk assessment, logging, documentation, human oversight, and cybersecurity. | 中 | SR012 |
| CR012 | NIS2 requires essential and important entities to address cybersecurity in the supply chain and assess supplier and service-provider practices. | 中 | SR013 |
| CR013 | ICO AI guidance highlights DPIA, transparency, and lawfulness obligations for AI systems processing personal data. | 中 | SR014 |
| CR014 | The FCA’s AI update says AI adoption requires modified risk-management and governance approaches plus stronger transparency, explainability, and accountability. | 中 | SR015 |
| CR015 | Darktrace’s responsible-AI whitepaper says its framework is informed by the NIST AI RMF, the EU AI Act, and the OECD AI Principles. | 高 | SR036, SR028 |
| CR016 | Darktrace says Cyber AI Analyst exposes its investigative steps at the hypothesis level, which is a concrete mitigation for interpretability risk. | 中 | SR036 |
| CR017 | Darktrace’s current company page says it has 10,000 customers and 2,300-plus employees. | 中 | SR029 |
| CR018 | Darktrace says it works with hundreds of partners worldwide and has deep alliances with AWS and Microsoft. | 高 | SR029, SR030 |
| CR019 | Darktrace’s current company page still attributes a quote to “Poppy Gustafsson OBE, CEO”. | 中 | SR029 |
| CR020 | Darktrace’s partners page says its channel routes include VARs, MSPs, MSSPs, consultancies, distributors, and a 30-day proof-of-value motion. | 中 | SR030 |
| CR021 | Darktrace’s technology-partners page lists external dependencies including AWS Lambda, Microsoft Graph Security API, Azure Sentinel, Okta, ServiceNow, and Splunk. | 中 | SR044 |
| CR022 | Darktrace’s Microsoft solution page says Cyber AI Analyst integrates with Microsoft Copilot for Security and complements Microsoft Defender for Endpoint. | 中 | SR042 |
| CR023 | Darktrace Federal is a U.S.-based affiliate headquartered in Arlington, Virginia. | 中 | SR031 |
| CR024 | TrustRadius reviewers report that Darktrace contracts can include 5%-plus annual price increases. | 中 | SR019 |
| CR025 | TrustRadius reviewers describe a confusing dashboard, a product that learns for weeks before normal detection mode, and a system that can be hard to tune. | 中 | SR019 |
| CR026 | PeerSpot reviewers cite high pricing, interface complexity, integration demands, and the need for better false-positive management and less manual configuration. | 中 | SR045 |
| CR027 | Older G2 reviews show that Darktrace could already be perceived as pricey and in need of substantial tweaking to fit the environment. | 中 | SR018 |
| CR028 | Darktrace announced the proposed acquisition of Cado Security in January 2025, subject to regulatory approval and expected completion in February. | 中 | SR035 |
| CR029 | Darktrace said Cado would expand cloud investigation and response across multi-cloud, container, serverless, SaaS, and on-premises environments. | 中 | SR035 |
| CR030 | Darktrace later announced automated forensics capabilities inside its ActiveAI Security Platform for hybrid and multi-cloud security. | 中 | SR037 |
| CR031 | Thoma Bravo’s public acquisition materials valued Darktrace at approximately $5.3 billion and $7.75 per share. | 中 | SR020 |
| CR032 | Darktrace’s investor-relations site now says it is only the historical archive of the company’s public-company disclosure website. | 中 | SR052 |
| CR033 | Companies House filing history shows Darktrace Holdings Limited filed full accounts made up to 30 June 2025 on 14 March 2026. | 中 | SR038 |
| CR034 | The same filing history shows the termination of Jill Popelka’s appointment as a director effective 30 January 2026. | 中 | SR038 |
| CR035 | The December 2025 MR01 charge names Goldman Sachs Bank USA as the secured party and states that it contains fixed charges, floating charges, and a negative pledge. | 中 | SR040 |
| CR036 | Investegate and Business Chief show that Poppy Gustafsson stepped down as CEO in September 2024 and Jill Popelka succeeded her. | 高 | SR025, SR053 |
| CR037 | Darktrace announced on 27 January 2026 that Jill Popelka stepped down and Charles Goodman became interim CEO while the board searched for a successor. | 中 | SR033 |
| CR038 | BusinessCloud said Popelka left after only 16 months and that reports suggested she had been forced out by the private-equity owner. | 中 | SR008 |
| CR039 | Jack Stockdale is Darktrace’s founding CTO and is responsible for the Bayesian mathematical models and AI algorithms underpinning the platform. | 中 | SR032 |
| CR040 | Current public materials do not clearly disclose independent board committees or incentive structures for the private company. | 中 | SR052, SR038 |
| CR041 | Current public materials show stale disclosure because the company page still labels Poppy Gustafsson as CEO even though later transition notices show she stepped down in September 2024. | 高 | SR029, SR053 |
| CR042 | Darktrace’s January 2025 Cado announcement said the company had over 2,400 employees and nearly 10,000 customers, while the current company page says 2,300-plus employees and 10,000 customers, showing mild disclosure drift rather than a clean live operating bridge. | 高 | SR035, SR029 |
| CR043 | Darktrace’s public mitigation set includes responsible-AI framing and new forensics capability, but public proof on the newest surfaces is still thinner than on the core platform. | 中 | SR036, SR037 |
| CR044 | Help Net Security reported that Darktrace partnered with Xage to combine OT anomaly detection with zero-trust controls for critical environments. | 中 | SR047 |
| CR045 | Darktrace’s published AI-governance mitigations remain self-declared rather than backed in the reviewed source set by a third-party AI certification standard. | 中 | SR029, SR036 |
| CR046 | Because the post-buyout public record is archival on operating metrics but live on debt and leadership filings, Darktrace’s core underwriting risk is now disclosure opacity rather than lack of historical scale evidence. | 高 | SR052, SR038, SR040 |
| CR047 | Darktrace’s OT and broader platform reach partly depends on specialist ecosystem partners rather than only on fully native capability. | 中 | SR044, SR047 |
| CV001 | Darktrace completed its take-private on 1 October 2024 at $7.75 per share for an approximately $5.3 billion valuation. | 高 | SV020, SV021 |
| CV002 | Using Darktrace's $782.2 million ARR at 30 June 2024, the $5.3 billion sponsor entry implies an approximate 6.8x ARR multiple. | 高 | SV021, SV039 |
| CV003 | Using FY2024 revenue of at least $689.5 million, the same $5.3 billion entry implies an approximate 7.7x revenue multiple. | 高 | SV021, SV039 |
| CV004 | Darktrace reported 89.3% gross margin and 25.6% adjusted EBITDA margin in its 1H FY2024 results. | 中 | SV040 |
| CV005 | Darktrace reported one-year gross ARR churn of 6.3% and net ARR retention of 106.6% at 30 June 2024. | 中 | SV039 |
| CV006 | Darktrace ended FY2024 with 9,735 customers. | 中 | SV039 |
| CV007 | Darktrace's current company page says the business serves 10,000 customers across 110 countries with 2,300+ employees. | 中 | SV030 |
| CV008 | Companies House shows that Darktrace Holdings Limited filed full accounts for the year ended 30 June 2025 on 14 March 2026. | 中 | SV022 |
| CV009 | The retained FY2025 statutory accounts file is effectively blank in open extraction, so the public filing exists but is not practically machine-readable for underwriting. | 高 | SV022, SV023 |
| CV010 | The December 2025 MR01 filing names Goldman Sachs Bank USA and shows fixed charges, floating charges, and a negative pledge over Darktrace Holdings Limited. | 中 | SV024 |
| CV011 | The MR01 filing does not disclose debt principal, pricing, maturity, or covenant thresholds in the retained public materials. | 中 | SV024 |
| CV012 | Darktrace's IR overview explicitly says the site is a historical archive because Darktrace is now a Thoma Bravo company. | 中 | SV038 |
| CV013 | Omdia says standalone NDR deployments saw greater non-renewal or replacement rates from 2022 as buyers consolidated into unified XDR platforms. | 中 | SV025 |
| CV014 | The same Omdia note says standalone NDR still retains value where deep network visibility, unmanaged-device coverage, or AI-driven threat detection matters. | 中 | SV025 |
| CV015 | Darktrace announced the proposed acquisition of Cado Security in January 2025. | 中 | SV029 |
| CV016 | Darktrace later announced automated forensics capabilities in its ActiveAI platform for hybrid and multi-cloud security. | 中 | SV037 |
| CV017 | Investegate records that Poppy Gustafsson stepped down as CEO in September 2024 and Jill Popelka became her successor. | 中 | SV031 |
| CV018 | Darktrace announced in January 2026 that Jill Popelka would step down and board chairman Charles Goodman would become interim CEO. | 中 | SV055 |
| CV019 | Business Chief described Darktrace's public-market peak as roughly £7 billion before the transition to private ownership. | 中 | SV032 |
| CV020 | CNBC and Reuters preserve the 2023 record of short-seller-led accounting allegations against Darktrace. | 高 | SV026, SV027 |
| CV021 | CNBC reported that EY found only a small number of errors and inconsistencies and nothing material to Darktrace's prior financial statements. | 高 | SV027, SV028 |
| CV022 | Yahoo Finance reported renewed Mike Lynch-linked scrutiny around the period when the Thoma Bravo transaction was closing. | 中 | SV035 |
| CV023 | CompaniesMarketCap shows CrowdStrike at a May 2026 market capitalization of $186.06 billion and TTM revenue of $4.81 billion. | 中 | SV047, SV048 |
| CV024 | Those CrowdStrike figures imply an approximate 38.7x market-cap-to-revenue multiple. | 中 | SV047, SV048 |
| CV025 | CompaniesMarketCap shows Palo Alto Networks at a May 2026 market capitalization of $228.45 billion and TTM revenue of $9.89 billion. | 中 | SV049, SV050 |
| CV026 | Those Palo Alto figures imply an approximate 23.1x market-cap-to-revenue multiple. | 中 | SV049, SV050 |
| CV027 | CompaniesMarketCap shows SailPoint at a May 2026 market capitalization of $10.68 billion and TTM revenue of $1.07 billion. | 中 | SV051, SV052 |
| CV028 | Those SailPoint figures imply an approximate 10.0x market-cap-to-revenue multiple. | 中 | SV051, SV052 |
| CV029 | Thoma Bravo completed SailPoint's acquisition in August 2022 in an all-cash transaction valued at approximately $6.9 billion. | 高 | SV053, SV054 |
| CV030 | Darktrace's 2024 sponsor entry multiple sits below current public cyber-software revenue multiples for SailPoint, Palo Alto Networks, and CrowdStrike. | 高 | SV021, SV039, SV047, SV048, SV049, SV050, SV051, SV052 |
| CV031 | EM360Tech reported that Darktrace's board argued the company's operating and financial achievements were not being reflected commensurately in public valuation and that shares traded at a significant discount to global peer groups. | 中 | SV033 |
| CV032 | The public evidence supports a track recommendation rather than buy because strategic relevance is visible but current sponsor-era performance and capital structure are not underwritable. | 中 | SV020, SV021, SV024, SV025, SV039, SV040 |
| CV033 | Confidence in the recommendation is medium because the last public operating snapshot is strong but the bull case depends on sponsor-era data that is still undisclosed. | 中 | SV022, SV023, SV039, SV040 |
| CV034 | A high risk rating is justified because leverage exists, governance has been unstable, and NDR platform consolidation remains a real pressure channel. | 中 | SV024, SV025, SV055 |
| CV035 | The valuation stance is fair only if entry is near the October 2024 sponsor price; above that level, public evidence becomes stretched relative to disclosure quality. | 中 | SV021, SV024, SV039, SV047, SV048, SV049, SV050, SV051, SV052 |
| CV036 | A new investor entering near $5.3 billion would need an exit above roughly $10.6 billion to clear about a 2.0x gross-money target over five years. | 中 | SV021 |
| CV037 | A supportable bull case assumes ARR can exceed roughly $1.1 billion by 2029 and exit around 12-14x ARR, producing about $11-14 billion of value. | 中 | SV025, SV029, SV037, SV053, SV054 |
| CV038 | A supportable base case assumes ARR of roughly $0.95-1.05 billion by 2029 and exit around 8-10x ARR, producing about $7.5-9.5 billion of value. | 中 | SV021, SV039, SV051, SV052 |
| CV039 | A supportable bear case assumes ARR of roughly $0.8-0.9 billion by 2029 and exit around 5-7x ARR, producing about $4-6 billion of value. | 中 | SV024, SV025, SV039, SV055 |
| CV040 | Net ARR retention below 100% for two consecutive periods would break the core compounding assumption that supports Darktrace's valuation case. | 中 | SV039 |
| CV041 | Debt materially above roughly 6x EBITDA would create meaningful covenant and refinancing risk, but the public record cannot currently confirm or reject that scenario. | 中 | SV024, SV040 |
| CV042 | A third CEO change within 24 months would be strong evidence of sponsor-governance failure and would lower exit confidence. | 中 | SV031, SV055 |
| CV043 | If Darktrace still lacks a credible secondary, strategic, or re-IPO path by 2028, the sponsor-playbook argument weakens materially. | 中 | SV053, SV054 |
| CV044 | Before Darktrace can move from track to buy, management needs to disclose a sponsor-era ARR bridge, debt package, readable financial statements, and cap-table economics. | 中 | SV022, SV023, SV024, SV039 |
| CV045 | Darktrace's current product and scale disclosures still support strategic relevance through a large installed base, global footprint, cloud-forensics expansion, and active AI product development. | 中 | SV029, SV030, SV037 |
| CV046 | The accounting controversy is no longer a live fraud thesis after EY's review, but it still justifies some valuation discount because the controversy never fully disappears from the public record. | 中 | SV026, SV027, SV028, SV035 |
| CV047 | Darktrace generated $99.5 million of free cash flow in FY2022 and $93.8 million in FY2023 before the buyout. | 中 | SV041, SV042 |
| CV048 | Darktrace's archival IR posture, blank FY2025 open extraction, and unknown debt terms create a meaningful disclosure discount for any outside investor relying only on public sources. | 中 | SV022, SV023, SV024, SV038 |
| 编号 | 出版方 | 标题 | 引文 |
|---|---|---|---|
| SO001 | Darktrace | Top AI Cyber Security Company | About Darktrace | Darktrace has been building a new model for cybersecurity since 2013. |
| SO002 | Darktrace | Darktrace announces formal completion of its acquisition by Thoma Bravo | Darktrace ... has today announced the completion of its acquisition by Thoma Bravo ... for $5.3bn. |
| SO003 | Darktrace | Jill Popelka to Step Down as CEO of Darktrace; Board Chairman Charles Goodman Named Interim CEO | Jill Popelka has stepped down as Chief Executive Officer. Charles Goodman ... has been appointed interim CEO. |
| SO004 | Darktrace | Nicole Eagan | Darktrace | |
| SO005 | Darktrace | Jack Stockdale OBE FREng | Darktrace | |
| SO006 | Darktrace | Darktrace Investor Relations | Darktrace is now a Thoma Bravo company. This is the historical archive of the Darktrace Investor Relations website. |
| SO007 | Thoma Bravo | Thoma Bravo Completes Acquisition of Darktrace | valuing the Company at approximately $5.3 billion. Each Darktrace shareholder will be entitled to receive $7.75 per share in cash. |
| SO008 | Thoma Bravo | Jill Popelka to Step Down as CEO of Darktrace; Board Chairman Charles Goodman Named Interim CEO | |
| SO009 | Investegate | Directorate Change | Company Announcement | Investegate | Poppy Gustafsson to step down as CEO of Darktrace; Jill Popelka appointed successor |
| SO010 | UK Companies House | DARKTRACE HOLDINGS LIMITED people - Find and update company information | |
| SO011 | UK Companies House | DARKTRACE LIMITED filing history - Find and update company information | |
| SO012 | Summit Partners | Darktrace: Pioneering AI in the Cyber Security Space | |
| SO013 | Tracxn | Darktrace - 2026 Company Profile & Team - Tracxn | |
| SO014 | Business Chief | Darktrace CEO Steps Down as Thoma Bravo Buys Company | |
| SO015 | EM360Tech | Darktrace Acquired by Private Equity Firm Thoma Bravo in $5 Billion Deal | |
| SO016 | City A.M. | Burglar short-sellers under fire over Darktrace attack | The fund, led by “dark destroyer” Matthew Earl, has shorted 0.52 per cent of Darktrace's stock. |
| SO017 | Yahoo Finance | Darktrace—the cybersecurity firm with ties to deceased tech tycoon Mike Lynch—attracts renewed scrutiny after yacht disaster | |
| SO018 | PatSnap | Gatekeeper Solutions v. Darktrace: Voluntary Dismissal in Digital Distribution Patent Case | Gatekeeper Solutions voluntarily dismissed the suit with prejudice, and each party bore its own costs. |
| SO019 | PacerMonitor | Gatekeeper Solutions, Inc. v. Darktrace, Inc. | |
| SO020 | Financial Times | Q4 FY 2024 Trading Update – Company Announcement | Darktrace's Annualised recurring revenue at 30 June 2024 was $782.2 million. |
| SO021 | Quartr | Darktrace (DARK) Investor Relations, Earnings Summary & Outlook | |
| SO022 | Darktrace | Darktrace announces proposed acquisition of Cado Security, a cloud investigation and response specialist | Darktrace ... announced the proposed acquisition of Cado Security ... expected to complete in February. |
| SO023 | Darktrace | Towards Responsible AI in Cybersecurity | Resources | Darktrace | |
| SO024 | Darktrace | Darktrace Unveils Automated Forensics Capabilities in its ActiveAI Security Platform to Advance Hybrid and Multi-Cloud Security | the industry’s first truly automated cloud forensics solution, can cut investigation times from days to minutes |
| SO025 | CNBC | Darktrace shares pop 26% after EY concludes report into accounting allegations | EY ... found a “small number of errors and inconsistencies” ... but nothing that would be “material” to its financial statements. |
| SM001 | MarketsandMarkets | AI in Cybersecurity Market - Global Forecast to 2031 | |
| SM002 | MarketsandMarkets | Extended Detection and Response (XDR) Market - Global Forecast to 2030 | |
| SM003 | MarketsandMarkets | Phishing Protection Market - Global Forecast to 2028 | |
| SM004 | Mordor Intelligence | Network Traffic Analysis Market - Size & Report 2026 - 2031 | |
| SM005 | IBM | Cost of a data breach 2025 | |
| SM006 | Verizon Business | 2026 Data Breach Investigations Report (DBIR) | |
| SM007 | World Economic Forum | Global Cybersecurity Outlook 2025 | |
| SM008 | CrowdStrike | 2026 Global Threat Report | |
| SM009 | European Union | Regulation (EU) 2024/1689 (Artificial Intelligence Act) | |
| SM010 | U.S. Securities and Exchange Commission | Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure | |
| SM011 | NIST | Cybersecurity Framework | |
| SM012 | UK Government | Cyber security breaches survey 2025 | |
| SM013 | Darktrace | ActiveAI Security Platform | |
| SM014 | Darktrace | AI-Based Email Security Software | Email Threat Protection | |
| SM015 | Darktrace | Cloud Security Solutions | AI for Cloud Cyber Security | |
| SM016 | Gartner Peer Insights | Darktrace Reviews, Ratings & Features 2026 | |
| SM017 | Palo Alto Networks | Palo Alto Networks Reports Fiscal Second Quarter 2025 Financial Results | |
| SM018 | Darktrace | Identity Security | Darktrace | |
| SM019 | Darktrace | Network Security Management | AI Network Security Protection | |
| SM020 | European Commission | NIS2 Directive: securing network and information systems | |
| SM021 | Darktrace | Darktrace Customers | |
| SM022 | Darktrace | Partners | Darktrace | |
| SM023 | G2 | Darktrace Reviews 2019: Details, Pricing, & Features | |
| SM024 | Grand View Research | Artificial Intelligence (AI) Cybersecurity market report landing page | |
| SM025 | Omdia | NDR market 2022-2026 page (retrieved as 404 during this run) | |
| SP001 | Financial Times | Q4 FY 2024 Trading Update – Company Announcement | Darktrace's Annualised recurring revenue at 30 June 2024 was $782.2 million. |
| SP002 | Quartr | Darktrace (DARK) Investor Relations, Earnings Summary & Outlook | Darktrace reported ARR of $782.2 million and 9,735 customers in its FY2024 trading update. |
| SP003 | Darktrace | AI Cybersecurity | A New Approach to AI in Cybersecurity | State of AI | Darktrace | Rather than learn from previously-encountered attacks, Darktrace combines multiple AI models to understand 'normal' for your organization and reveal unusual behavior. |
| SP004 | CrowdStrike | CrowdStrike Reports Fourth Quarter and Fiscal Year 2026 Financial Results | Annual Recurring Revenue (ARR) grew 24% year-over-year to $5.25 billion as of January 31, 2026. |
| SP005 | CrowdStrike | The CrowdStrike Falcon Platform | CrowdStrike unifies endpoint, identity, cloud, SaaS, and AI protection in one AI-native platform. |
| SP006 | SentinelOne | SentinelOne Announces Fourth Quarter and Fiscal Year 2026 Financial Results | Revenue increased 20% year-over-year. ARR up 22% year-over-year. |
| SP007 | SentinelOne | SentinelOne Singularity XDR | The Singularity platform prevents, detects, and responds across endpoint, cloud, and identity. |
| SP008 | Palo Alto Networks | Palo Alto Networks Reports Fiscal Fourth Quarter and Fiscal Year 2025 Financial Results | Fiscal year 2025 revenue grew 15% year over year to $9.2 billion. Next-Generation Security ARR grew 32% year over year to $5.6 billion. |
| SP009 | Palo Alto Networks | Explore Cortex XSIAM Security Analytics | Apply 2,900+ ML models to stop advanced attacks. With 13,300+ up-to-date detections, XSIAM is always ready for what’s next. |
| SP010 | Microsoft | Microsoft Sentinel—AI-Ready Platform | Microsoft Sentinel is a security platform that unifies a cloud-native SIEM, unified data lake, graph-enabled visibility, and intelligent reasoning tools. |
| SP011 | Microsoft | Microsoft Sentinel Pricing | Commitment tiers allow you to reserve a set amount of daily data ingestion capacity for Microsoft Sentinel for a fixed, predictable daily fee. |
| SP012 | Cisco | Cisco XDR - Extended Detection and Response | Harness network visibility, open integrations, agentic AI, and detailed forensics to make threat detection and response fast, simple, and effective. |
| SP013 | Cisco | Cisco Completes Acquisition of Splunk | With Splunk, Cisco becomes one of the largest software companies globally. |
| SP014 | Splunk | Splunk Enterprise Security | ES is an integrated threat detection, investigation, and response platform that integrates SIEM, agentic AI, SOAR, UEBA, and AI/ML. |
| SP015 | IBM | IBM QRadar SIEM | IBM QRadar SIEM centralizes security visibility, enables real-time threat detection, and claims analysts saved more than 14,000 hours over 3 years. |
| SP016 | IBM Newsroom | Palo Alto Networks and IBM to Jointly Provide AI-powered Security Offerings | Palo Alto Networks has agreed to acquire IBM’s QRadar SaaS assets and the two companies will partner to offer seamless migration for QRadar customers to Cortex XSIAM. |
| SP017 | Vectra AI | Modern NDR for Modern Networks | Vectra AI Platform | See how our platform uses behavioral detection and real-time network visibility to reduce exposure and stop attacks across network, identity, and cloud. |
| SP018 | Vectra AI | About Vectra: AI Driven Cybersecurity Company | Vectra AI builds on its market-leading NDR foundation to deliver continuous observability, clear risk signal, and confident action across the modern network. |
| SP019 | Vectra AI | Vectra AI + CrowdStrike | Vectra AI and CrowdStrike launch a joint solution for SMB and midmarket security teams. |
| SP020 | Vectra AI | Vectra AI + Microsoft Azure Sentinel | The integration of Vectra AI with Microsoft Sentinel enables seamless collaboration between the two platforms. |
| SP021 | Vectra AI | Vectra AI + Nozomi Networks | Joint solution for IT/OT convergence. |
| SP022 | Vectra AI | Vectra AI vs. Darktrace | Why choose Vectra AI over Darktrace? |
| SP023 | Vectra AI | Vectra vs ExtraHop | Why choose Vectra AI over ExtraHop? 80%+ alert fidelity. |
| SP024 | Vectra AI | Vectra vs Cisco Secure Network Analytics | Why choose Vectra NDR over Cisco Secure Network Analytics? Best-in-class Detection Precision. |
| SP025 | PeerSpot | Compare Darktrace vs ExtraHop Reveal(x) vs Vectra AI | As of May 2026, Darktrace held 14.8% mindshare, Vectra AI 11.2%, and ExtraHop Reveal(x) 6.1%. |
| SP026 | PeerSpot | Vectra AI Reviews, Competitors and Pricing | Vectra AI's pricing is considered relatively high but competitive within the enterprise market, and some users say it is cheaper than Darktrace. |
| SP027 | Omdia | Network detection and response (NDR) market 2026 | Standalone NDR deployments saw greater non-renewal or replacement rates as organizations began to consolidate security tools into unified XDR platforms. |
| SP028 | TrustRadius | Darktrace Reviews & Ratings 2026 | The device learned for a few weeks and then switched into identification mode. Expect 5%+ price increase for each year across the contract. |
| SP029 | Microsoft Security Blog | Identity security is the new pressure point for modern cyberattacks | 32% of organizations say they have duplicative access management solutions and 40% say they have too many different vendors. |
| SP030 | Nozomi Networks | OT Security Platform | Nozomi Networks | Purpose-built for complex industrial, commercial and critical infrastructure environments, the Nozomi Networks platform combines visibility from the endpoint to the air with continuous monitoring and AI-powered analysis. |
| SP031 | Vectra AI | Vectra AI Named a Leader in the First-Ever Gartner® Magic Quadrant for Network Detection and Response | Vectra AI is positioned highest for Ability to Execute and furthest for Completeness of Vision in the inaugural report. |
| SP032 | Vectra AI | Vectra AI is the Only Vendor Named a Leader and Outperformer in Both GigaOm Radar Reports | Vectra AI has been named both a Leader and Outperformer in two key 2025 GigaOm Radar Reports: NDR and ITDR. |
| SP033 | Vectra AI | 2026 State of Threat Detection | Detection latency, fragmented visibility, and siloed signals continue to undermine outcomes. |
| SP034 | Corelight | All Products | Corelight | See all of the products that power our Open NDR Platform, from our sensors to open-source and proprietary evidence collections to our analytics and SaaS solutions. |
| SP035 | Google Cloud | Welcoming Wiz to Google Cloud: Redefining security for the AI era | Together, we will offer an AI-powered cybersecurity platform that combines Google’s Threat Intelligence and Security Operations with Wiz’s Cloud and AI Security Platform. |
| SI001 | Darktrace | Darktrace Investor Relations | Darktrace is now a Thoma Bravo company. This is the historical archive of the Darktrace Investor Relations website. |
| SI002 | Darktrace | Financial Results | |
| SI003 | Darktrace | 4Q and FY 2024 Trading Update | Darktrace’s Annualised recurring revenue (“ARR”) at 30 June 2024 was $782.2 million. |
| SI004 | Darktrace | Results for the Six Months Ended 31 December 2023 | Revenue 330,303 ... Gross margin 89.3% ... Adjusted EBITDA 84,518. |
| SI005 | Darktrace | Results for the Financial Year Ended 30 June 2023 | Revenue 545,430 ... Adjusted EBITDA 139,163 ... Free cash flow 93,753. |
| SI006 | Darktrace | Results for the Financial Year Ended 30 June 2022 | Revenue 415,482 ... Adjusted EBITDA 91,412 ... Free cash flow 99,517. |
| SI007 | Darktrace | Darktrace Annual Report FY2023 | |
| SI008 | Darktrace | Darktrace Annual Report FY2022 | |
| SI009 | Darktrace | Regulatory News for 2024 | |
| SI010 | Darktrace PLC | Scheme of Arrangement becomes Effective | the Scheme has now become Effective in accordance with its terms. Pursuant to the Scheme, the entire issued share capital of Darktrace is now owned by Bidco. |
| SI011 | Darktrace PLC | Regulatory Approval & Timetable Update | |
| SI012 | Darktrace PLC | Court Sanction of Scheme | |
| SI013 | London Stock Exchange Notice | Cancellation - Darktrace plc | At the request of the company the following securities have been cancelled from admission to trading on London Stock Exchange. |
| SI014 | Darktrace | Top AI Cyber Security Company | About Darktrace | 10,000 Customers ... 110 Countries ... 2,300+ Employees. |
| SI015 | Darktrace | Partners | Darktrace | With a complimentary 30-day Proof of Value of Darktrace technology, Consultancy partners receive all the tools to complete successful introductions. |
| SI016 | Darktrace | Network Security Management | AI Network Security Protection | See what Darktrace finds. Evaluate in your environment today. |
| SI017 | Darktrace | Get in Touch with Darktrace | |
| SI018 | Darktrace | Darktrace announces formal completion of its acquisition by Thoma Bravo | Darktrace ... has today announced the completion of its acquisition by Thoma Bravo ... for $5.3bn. |
| SI019 | Thoma Bravo | Thoma Bravo Completes Acquisition of Darktrace | valuing the Company at approximately $5.3 billion. Each Darktrace shareholder will be entitled to receive $7.75 per share in cash. |
| SI020 | UK Companies House | DARKTRACE HOLDINGS LIMITED filing history | 14 Mar 2026 ... Full accounts made up to 30 June 2025 ... 05 Dec 2025 ... Registration of charge 085620350014. |
| SI021 | UK Companies House | Full accounts made up to 30 June 2025 | |
| SI022 | UK Companies House | MR01 Registration of a Charge | Persons entitled: GOLDMAN SACHS BANK USA ... Contains fixed charge(s). Contains floating charge(s) ... Contains negative pledge. |
| SI023 | Darktrace | Conclusion of Ernst & Young LLP Review | EY reviewed ... partner channel contracts and marketing spend ... and identified a small number of errors and inconsistencies. |
| SI024 | CNBC | Darktrace shares pop 26% after EY concludes report into accounting allegations | EY ... found a small number of errors and inconsistencies but nothing that would be material to Darktrace's financial statements. |
| SI025 | Yahoo Finance | Darktrace—the cybersecurity firm with ties to deceased tech tycoon Mike Lynch—attracts renewed scrutiny after yacht disaster | Darktrace ... has also faced renewed attention as it seeks to finalize its acquisition by U.S. private equity firm Thoma Bravo. |
| SI026 | The Register | Darktrace tag - The Register | |
| SI027 | Tracxn | Darktrace | Darktrace has raised $239M in funding ... with last known valuation of $5.32B. |
| SI028 | Business Chief | Darktrace CEO Steps Down as Thoma Bravo Buys Company | |
| SI029 | G2 | Darktrace Pricing | |
| SI030 | Summit Partners | Darktrace: Pioneering AI in the Cyber Security Space | |
| SE001 | Darktrace | ActiveAI Security Platform | Darktrace | |
| SE002 | Darktrace | Customers | Darktrace | |
| SE003 | Darktrace | Operational Technology (OT) Cyber Security Solutions | |
| SE004 | Darktrace | AI Endpoint Security | Cyber Security Endpoint Protection Suite | |
| SE005 | Darktrace | Secure your AI with Darktrace | Secure AI | |
| SE006 | Darktrace | Cyber AI Analyst | Darktrace | |
| SE007 | Darktrace | Solve Cloud Forensics at Scale | |
| SE008 | Darktrace | Trust Centre | |
| SE009 | Darktrace | Microsoft Azure Security & Compliance | Security Services | |
| SE010 | Darktrace | AWS Data Loss Prevention, Security Compliance, & Protection | |
| SE011 | Darktrace | Technology Partners | Darktrace | |
| SE012 | Darktrace | Integrations | Darktrace | |
| SE013 | Darktrace | Industry Recognition | Darktrace | |
| SE014 | Darktrace | The State of AI Cybersecurity 2026 | |
| SE015 | Darktrace | State of AI Cybersecurity 2026 blog | |
| SE016 | Darktrace | Defending the Cloud: Stopping Cyber Threats in Azure and AWS with Darktrace | |
| SE017 | Darktrace | Adaptive Human Defense | Personalized Security Coaching | |
| SE018 | Darktrace | Managed Cybersecurity Services | 24/7 Expert Support | Darktrace | |
| SE019 | Darktrace | Darktrace Federal | Darktrace | |
| SE020 | Cado Security | Cado Security | |
| SE021 | PeerSpot | Darktrace Reviews | |
| SE022 | Gartner | Darktrace Reviews for Email Security | |
| SE023 | Google Patents | US11252169B2 patent page | |
| SE024 | AWS Marketplace | Darktrace ActiveAI Security Platform | |
| SE025 | GitHub | darktrace-sdk README | |
| SE026 | SecurityWeek | Darktrace to be Taken Private in $5.3 Billion Sale to Thoma Bravo | |
| SE027 | Help Net Security | Darktrace ActiveAI Security Platform helps organizations shift focus to proactive cyber resilience | |
| SE028 | Help Net Security | Darktrace partners with Xage Security to detect threats deep inside IT and OT systems | |
| SE029 | G2 | Darktrace Products | Read Reviews on G2 | |
| SE030 | Darktrace | Darktrace Annual Threat Report 2026 | |
| SU001 | Darktrace | Top AI Cyber Security Company | About Darktrace | 10,000 Customers 110 Countries 2,300+ Employees. |
| SU002 | Darktrace | Darktrace Customers | |
| SU003 | Darktrace | Partners | Darktrace | Darktrace partners range in technical, cyber and sales expertise. |
| SU004 | Darktrace | Darktrace Federal | Darktrace | Darktrace Federal Inc. is headquartered in Arlington, Virginia and is a U.S.-based affiliate of Darktrace. |
| SU005 | Darktrace | 4Q and FY 2024 Trading Update | With 9,735 customers at 30 June 2024, year-over-year growth in Darktrace's customer base was 10.6%. |
| SU006 | Darktrace | Results for the Six Months Ended 31 December 2023 | Remaining performance obligations (RPO), representing contracted revenue backlog, expanded by 12.2% year-over-year to $1.254 billion. |
| SU007 | Darktrace | Results for the Financial Year Ended 30 June 2023 | Number of customers at 30 June 8,799. |
| SU008 | Darktrace | Results for the Financial Year Ended 30 June 2022 | Number of customers at 30 June 7,437. |
| SU009 | Financial Times | Q4 FY 2024 Trading Update – Company Announcement | Darktrace's Annualised recurring revenue at 30 June 2024 was $782.2 million. |
| SU010 | Quartr | Darktrace (DARK) Investor Relations, Earnings Summary & Outlook | |
| SU011 | PeerSpot | Darktrace Reviews, Competitors and Pricing | Darktrace users express various concerns such as high pricing, complexity in the interface, and integration demands. |
| SU012 | TrustRadius | Darktrace Reviews & Ratings 2026 | TrustRadius | Expect 5%+ price increase for each year across the contract. |
| SU013 | G2 | Darktrace Reviews 2019: Details, Pricing, & Features | G2 | Product is very pricey. |
| SU014 | UK Crown Commercial Service | Digital Marketplace search for Darktrace | |
| SU015 | Contracts Finder | Contracts Finder search for Darktrace | |
| SU016 | Channel Futures | Darktrace channel program | |
| SU017 | Darktrace | Technologent | Initially introduced as a reseller, Technologent gained confidence in Darktrace through customer success—and ultimately deployed it internally. |
| SU018 | Darktrace | Biomerics | Darktrace / EMAIL immediately stopped the sophisticated phishing and BEC attacks that had been evading Biomerics' layered defenses. |
| SU019 | Darktrace | NCG | What once took weeks now takes minutes or seconds. |
| SU020 | Darktrace | Sofukai Foundation Okayama Kyokuto Hospital | Darktrace was the only solution to surface these signals. |
| SU021 | Darktrace | Lake Macquarie City Council | During the proof of value, Darktrace detected threats significantly earlier than legacy tools. |
| SU022 | Darktrace | Cogne Acciai Speciali | Processed 335 TB of network traffic ... Conducted 17,558 autonomous investigations ... Saved the equivalent of 1,712 hours of manual analysis. |
| SU023 | Darktrace | Coca-Cola Beverages Northeast | With more than 3,500 employees and over a million emails flowing each month, CCBN relies heavily on email. |
| SU024 | Darktrace | Tokai Kyowa Co., Ltd. | In practice, any communication with an anomaly score exceeding 80 percent is automatically contained. |
| SU025 | Darktrace | Industry Spotlight: Financial Services | Resources | Darktrace | |
| SU026 | Darktrace | Industry Spotlight: Healthcare | Resources | Darktrace | |
| SU027 | Darktrace | Industry Spotlight: Government and Defense | Resources | Darktrace | |
| SU028 | Darktrace | Industry Spotlight: Education | Resources | Darktrace | |
| SU029 | Darktrace | Darktrace Brings AI-Native Service Delivery to MSSPs with New Managed Email Security Offering | Darktrace Brings AI-Native Service Delivery to MSSPs with New Managed Email Security Offering. |
| SU030 | Yahoo Finance | Darktrace—the cybersecurity firm with ties to deceased tech tycoon Mike Lynch—attracts renewed scrutiny after yacht disaster | |
| SU031 | CNBC | Darktrace shares pop 26% after EY concludes report into accounting allegations | EY found only a small number of errors and inconsistencies in customer contracts that were not material to Darktrace's financial statements. |
| SU032 | SecurityWeek | Darktrace to Be Taken Private in $5.3 Billion Sale to Thoma Bravo | |
| SU033 | Darktrace | Industry Spotlight: Manufacturing | Resources | Darktrace | |
| SU034 | Darktrace | Industry Spotlight: Retail | Resources | Darktrace | |
| SR001 | CNBC | A prominent UK cybersecurity stock is under attack from short sellers. Here's what you need to know | Darktrace, one of the U.K.'s largest cybersecurity companies, was founded in 2013 by a group of former intelligence experts and mathematicians. |
| SR002 | Reuters | Darktrace hires EY for independent review of finances | Darktrace said on Monday it had commissioned a third-party review of its finances by EY, weeks after a short-seller questioned its results. |
| SR003 | UKTN | Darktrace shares surge as review finds no evidence of fraud | The EY review highlighted “a small number of errors and inconsistencies” in a sample of new channel contracts. |
| SR004 | AccountingWEB | Darktrace ‘cleared by EY’ following short seller attack | Darktrace said it was already aware of the historical weaknesses and that report will be sent to the UK’s Financial Conduct Authority (FCA) and Financial Reporting Council (FRC). |
| SR007 | PacerMonitor | Gatekeeper Solutions, Inc. v. Darktrace, Inc. (4:24-cv-00723), Texas Eastern District Court | Case transferred from Texas Eastern has been opened in California Northern District as case 3:25-cv-10599, filed 12/11/2025. |
| SR008 | BusinessCloud | Private equity owner ‘forces out Darktrace CEO’ | The CEO of Darktrace has stepped down after just 16 months, with reports suggesting that she has been forced out by the cyber giant’s private equity owner. |
| SR012 | European Commission | AI Act | The AI Act defines 4 levels of risk for AI systems. |
| SR013 | EUR-Lex | Directive - 2022/2555 - EN | Essential and important entities should therefore assess and take into account the overall quality and resilience of products and services, the cybersecurity risk-management measures embedded in them, and the cybersecurity practices of their suppliers and service providers. |
| SR014 | Information Commissioner’s Office | Guidance on AI and data protection | New content on things to consider as part of your DPIA. |
| SR015 | Financial Conduct Authority | AI Update | This will require modified approaches to firm risk management and governance. |
| SR018 | G2 | Darktrace Reviews 2019: Details, Pricing, & Features | G2 | Product is very pricey. If you do not have someone dedicated to this product ... you may be better off with something less expensive that does more. |
| SR019 | TrustRadius | Darktrace Reviews & Ratings 2026 | TrustRadius | Expect 5%+ price increase for each year across the contract. |
| SR020 | Thoma Bravo | Thoma Bravo Completes Acquisition of Darktrace | Thoma Bravo | valuing the Company at approximately $5.3 billion. Each Darktrace shareholder will be entitled to receive $7.75 per share in cash. |
| SR025 | Investegate | Directorate Change | Company Announcement | Investegate | Poppy Gustafsson to step down as CEO of Darktrace; Jill Popelka appointed successor |
| SR028 | OECD | AI Principles Overview | |
| SR029 | Darktrace | Top AI Cyber Security Company | About Darktrace | Through our Global Partner Organization, we work with hundreds of partners worldwide and we have deep alliances with AWS and Microsoft. |
| SR030 | Darktrace | Partners | Darktrace | Darktrace partners range in technical, cyber and sales expertise. |
| SR031 | Darktrace | Darktrace Federal | Darktrace | Darktrace Federal Inc. is headquartered in Arlington, Virginia and is a U.S.-based affiliate of Darktrace. |
| SR032 | Darktrace | Jack Stockdale OBE FREng | Darktrace | Jack is responsible for overseeing the development of Bayesian mathematical models and artificial intelligence algorithms that underpin Darktrace’s award-winning technology. |
| SR033 | Darktrace | Jill Popelka to Step Down as CEO of Darktrace; Board Chairman Charles Goodman Named Interim CEO | Jill Popelka has stepped down as Chief Executive Officer. Charles Goodman ... has been appointed interim CEO while the Board leads the search for the next CEO. |
| SR034 | PatSnap | Gatekeeper Solutions v. Darktrace: Voluntary Dismissal in Digital Distribution Patent Case | PatSnap Eureka | Gatekeeper Solutions voluntarily dismissed the action with prejudice on February 2, 2026. |
| SR035 | Darktrace | Darktrace announces proposed acquisition of Cado Security, a cloud investigation and response specialist | The acquisition is subject to receipt of regulatory approval and is expected to complete in February. |
| SR036 | Darktrace | Towards Responsible AI in Cybersecurity | Resources | Darktrace | Our approach is informed by ... the US NIST AI Risk Management Framework, the EU AI Act ... and OECD’s AI Principles. |
| SR037 | Darktrace | Darktrace Unveils Automated Forensics Capabilities in its ActiveAI Security Platform™ to Advance Hybrid and Multi-Cloud Security | |
| SR038 | UK Companies House | DARKTRACE HOLDINGS LIMITED filing history - Find and update company information | Full accounts made up to 30 June 2025 |
| SR040 | UK Companies House | MR01 Registration of a Charge | Persons entitled: GOLDMAN SACHS BANK USA |
| SR042 | Darktrace | Microsoft Azure Security & Compliance | Security Services | Darktrace’s Cyber AI Analyst integrates with Microsoft Copilot for Security to take SOC operations to the next level. |
| SR044 | Darktrace | Technology Partners | Darktrace | Microsoft Graph Security API |
| SR045 | PeerSpot | Darktrace Reviews, Competitors and Pricing | Users are looking for better false positive management, improved endpoint and remote worker visibility, and more intuitive visualizations. |
| SR047 | Help Net Security | Darktrace partners with Xage Security to detect threats deep inside IT and OT systems - Help Net Security | The integration between Darktrace/OT and Xage Fabric makes it easy to identify and respond to breaches in progress at any stage in operational technology (OT) and information technology (IT) environments. |
| SR052 | Darktrace | Darktrace Investor Relations | This is the historical archive of the Darktrace Investor Relations website. |
| SR053 | Business Chief | Darktrace CEO Steps Down as Thoma Bravo Buys Company | Jill Popelka, the company’s current chief of operations, will become the new CEO, while Gustafsson will remain on the board as a non-executive director after completion. |
| SV020 | Darktrace | Darktrace announces formal completion of its acquisition by Thoma Bravo | Darktrace ... has today announced the completion of its acquisition by Thoma Bravo ... for $5.3bn. |
| SV021 | Thoma Bravo | Thoma Bravo Completes Acquisition of Darktrace | valuing the Company at approximately $5.3 billion. Each Darktrace shareholder will be entitled to receive $7.75 per share in cash. |
| SV022 | UK Companies House | DARKTRACE HOLDINGS LIMITED filing history | 14 Mar 2026 ... Full accounts made up to 30 June 2025 ... 05 Dec 2025 ... Registration of charge 085620350014. |
| SV023 | UK Companies House | Full accounts made up to 30 June 2025 | |
| SV024 | UK Companies House | MR01 Registration of a Charge | Contains fixed charge(s). Contains floating charge(s). Contains negative pledge. |
| SV025 | Omdia | Network detection and response (NDR) market 2026 | Starting in 2022, standalone NDR deployments saw greater non-renewal or replacement rates as organizations began to consolidate security tools into unified XDR platforms. |
| SV026 | CNBC | A prominent UK cybersecurity stock is under attack from short sellers. Here's what you need to know | |
| SV027 | Reuters | Darktrace hires EY for independent review of finances | |
| SV028 | CNBC | Darktrace shares pop 26% after EY concludes report into accounting allegations | EY ... found a small number of errors and inconsistencies but nothing that would be material to Darktrace's financial statements. |
| SV029 | Darktrace | Darktrace announces proposed acquisition of Cado Security, a cloud investigation and response specialist | |
| SV030 | Darktrace | Top AI Cyber Security Company | About Darktrace | 10,000 Customers ... 110 Countries ... 2,300+ Employees. |
| SV031 | Investegate | Directorate Change | Company Announcement | Investegate | Poppy Gustafsson to step down as CEO of Darktrace; Jill Popelka appointed successor. |
| SV032 | Business Chief | Darktrace CEO Steps Down as Thoma Bravo Buys Company | |
| SV033 | EM360Tech | Darktrace Acquired by Private Equity Firm Thoma Bravo in $5 Billion Deal | Operating and financial achievements have not been reflected commensurately in its valuation, with shares trading at a significant discount to its global peer group. |
| SV035 | Yahoo Finance | Darktrace—the cybersecurity firm with ties to deceased tech tycoon Mike Lynch—attracts renewed scrutiny after yacht disaster | |
| SV036 | Darktrace | Towards Responsible AI in Cybersecurity | Resources | Darktrace | |
| SV037 | Darktrace | Darktrace Unveils Automated Forensics Capabilities in its ActiveAI Security Platform™ to Advance Hybrid and Multi-Cloud Security | |
| SV038 | Darktrace | Darktrace Investor Relations | Darktrace is now a Thoma Bravo company. This is the historical archive of the Darktrace Investor Relations website. |
| SV039 | Darktrace | 4Q and FY 2024 Trading Update | Darktrace’s Annualised recurring revenue (“ARR”) at 30 June 2024 was $782.2 million. |
| SV040 | Darktrace | Results for the Six Months Ended 31 December 2023 | Revenue 330,303 ... Gross margin 89.3% ... Adjusted EBITDA 84,518. |
| SV041 | Darktrace | Results for the Financial Year Ended 30 June 2023 | Revenue 545,430 ... Adjusted EBITDA 139,163 ... Free cash flow 93,753. |
| SV042 | Darktrace | Results for the Financial Year Ended 30 June 2022 | Revenue 415,482 ... Adjusted EBITDA 91,412 ... Free cash flow 99,517. |
| SV047 | CompaniesMarketCap | CrowdStrike (CRWD) - Market capitalization | As of May 2026 CrowdStrike has a market cap of $186.06 Billion USD. |
| SV048 | CompaniesMarketCap | CrowdStrike (CRWD) - Revenue | According to CrowdStrike's latest financial reports the company's current revenue (TTM) is $4.81 Billion USD. |
| SV049 | CompaniesMarketCap | Palo Alto Networks (PANW) - Market capitalization | As of May 2026 Palo Alto Networks has a market cap of $228.45 Billion USD. |
| SV050 | CompaniesMarketCap | Palo Alto Networks (PANW) - Revenue | According to Palo Alto Networks' latest financial reports the company's current revenue (TTM) is $9.89 Billion USD. |
| SV051 | CompaniesMarketCap | SailPoint (SAIL) - Market capitalization | As of May 2026 SailPoint has a market cap of $10.68 Billion USD. |
| SV052 | CompaniesMarketCap | SailPoint (SAIL) - Revenue | According to SailPoint's latest financial reports the company's current revenue (TTM) is $1.07 Billion USD. |
| SV053 | Thoma Bravo | Thoma Bravo Completes Acquisition of SailPoint | SailPoint Technologies Holdings, Inc. today announced the completion of its acquisition by Thoma Bravo ... in an all-cash transaction valued at approximately $6.9 billion. |
| SV054 | Business Wire | Thoma Bravo Completes Acquisition of SailPoint | SailPoint Technologies Holdings, Inc. ... announced the completion of its acquisition by Thoma Bravo ... valued at approximately $6.9 billion. |
| SV055 | Darktrace | Jill Popelka to Step Down as CEO of Darktrace; Board Chairman Charles Goodman Named Interim CEO |