Dark data is information that a system creates, receives, or logs but does not properly store, index, or expose for later use. It may exist in temporary files, container-local storage, chat transcripts, telemetry buffers, or other places that disappear or are never cataloged. In practice, the data is present at creation time but effectively invisible afterward.
This matters in cyber security because security teams rely on records for detection, forensics, compliance, and recovery. If alerts, agent outputs, or audit trails become dark data, defenders lose evidence needed to understand what happened or prove what a system did. Attackers can also exploit weak retention by forcing errors, restarts, or cleanup paths that discard logs and session state. Good defenses treat valuable outputs as durable records: capture them at creation, attach provenance metadata, store them in indexed systems, and test backup and restore workflows.