Abnormal

Abnormal is an API-native email security platform that connects directly to Microsoft 365 and Google Workspace to analyze identity, behavior, and content signals for each message. By modeling normal communication patterns for users, vendors, and partners, Abnormal detects and blocks socially engineered attacks—including BEC, vendor fraud, invoice fraud, and advanced phishing—that often bypass traditional secure email gateways. The platform operates entirely in the cloud and requires no MX record changes or inline mail flow modifications. Key capabilities include behavioral anomaly detection, account takeover protection, supplier and VIP protection, graymail remediation, and abuse-mailbox automation. Abnormal enriches detections with identity context from IAM/SSO and collaboration systems, and provides automated investigation and response workflows to reduce mean time to remediate. Security teams can customize policies, review high-confidence detections, and orchestrate downstream actions in SIEM, SOAR, and ITSM tools. Differentiators include its purely API-based, post-delivery and pre-delivery controls, advanced behavioral models of people-to-people communication, and supply-chain risk insights derived from vendor communication patterns. Abnormal is designed to complement or replace traditional SEG controls by working alongside Microsoft Defender for Office 365/EOP and native Gmail defenses without introducing latency or mail flow complexity. Abnormal publishes enterprise security and compliance attestations typical for email security buyers, including SOC 2 Type II and ISO 27001, and supports GDPR/CCPA commitments. The platform is used by mid-market and large enterprises to stop BEC, protect executive/VIP mailboxes, and automate user-reported phishing triage.