Stop more attacks. Fully automate operations.
Abnormal's core email products stop advanced attacks while autonomously handling triage and remediation — so your team focuses on strategy, not alert queues.
Inbound Email Security
Stops email attacks with autonomous AI — BEC, spear phishing, vendor impersonation, and socially engineered attacks that contain no malicious links or attachments. Behavioural AI models trained on thousands of identity signals detect attacks that secure email gateways miss entirely.
Email Account Takeover Protection
Detects and mitigates compromised Microsoft 365 and Google Workspace accounts by analysing behavioural anomalies — suspicious logins, mail rule creation, forwarding configuration, and OAuth app consent. Automatically remediates compromised sessions and terminates attacker access.
Security Posture Management
Continuously identifies Microsoft 365 misconfigurations, legacy authentication protocols, exposed API connectors, and Shadow IT integrations that create risk — surfacing gaps before attackers exploit them, with prioritised remediation guidance.
Email Productivity
Maximises inbox productivity by intelligently filtering graymail — newsletters, promotional emails, and bulk mail — using personalised behavioural models. Learns individual preferences to keep inboxes clean without accidentally removing legitimate business communications.
Misdirected Email Prevention
Prevents data leaks caused by emails sent to wrong recipients — detecting when email content, recipients, or context suggests an accidental misdirection and alerting the sender before the message leaves the organisation.
Autonomous AI agents that eliminate repetitive work.
Abnormal's AI Security Agents handle the manual tasks that consume analyst time — triage, coaching, and reporting — at superhuman speed and scale.
AI Security Mailbox
Responds to reported emails and coaches users at superhuman speed — analysing every user-reported suspicious email, providing instant verdicts, and sending personalised guidance. Eliminates the manual triage backlog that burdens SOC teams, freeing analysts for complex investigations.
AI Phishing Coach
Delivers hyperpersonalised security awareness training based on each individual's actual susceptibility patterns — sending targeted, context-specific coaching in the moment of risk. Reduces phishing susceptibility without mandatory annual training programmes.
AI Data Analyst
Provides personalised, board-ready security reporting through natural language queries — answering questions like "What are our top email threats this quarter?" and generating visualisations and executive summaries without manual report building.
Protect cloud apps beyond the inbox.
Abnormal extends AI behavioural protection beyond email to the SaaS applications where modern business happens — Slack, Teams, Zoom, and Salesforce.
SaaS Account Takeover Protection
Detects and prevents account takeovers across SaaS applications including Slack, Zoom, and Salesforce — applying the same behavioural AI that protects email to collaboration and business applications where attackers increasingly operate.
Messaging Security
Detects malicious content shared in Microsoft Teams — including phishing links, malware-laden files, and impersonation attacks conducted via chat rather than email. Extends Abnormal's behavioural protection to the collaboration layer of the modern workplace.
See Abnormal stop real attacks
Every stopped threat is backed by contextual evidence, behavioural signals, and a clear explanation of the AI verdict — so analysts understand exactly why each email was flagged.
Why organisations choose Abnormal
Secure Email Gateways (Mimecast, Proofpoint) use reputation and signature-based detection. They miss targeted BEC attacks with no links, no attachments, and no known-bad indicators. Abnormal's behavioural AI catches these by detecting deviations from established communication patterns — not matching against known bad.
Abnormal connects to Microsoft 365 or Google Workspace via API — no MX record changes, no mail flow modification, no policy migration required. Live within minutes. Reaches full effectiveness within 24–48 hours as behavioural baselines are established from historical email data.
Abnormal analyses over 20 million signals per email — sender identity, behavioural patterns, writing style, communication graph, infrastructure attributes, and cross-platform activity — generating a precise risk score for every inbound message.
Abnormal Security was recognised as a Leader in the 2024 Gartner Magic Quadrant for Email Security Platforms — validating its AI-native approach as the new standard for enterprise email protection.
Over 2,500 enterprise organisations use Abnormal — across financial services, healthcare, manufacturing, retail, and public sector. Customers include companies that already run Mimecast or Proofpoint and layer Abnormal on top to catch what their SEG misses.
Native SIEM, SOAR, and XDR integrations streamline response workflows — forwarding structured threat data to Splunk, Microsoft Sentinel, Palo Alto Cortex XSIAM, and other platforms. Abnormal's Knowledge Bases (PeopleBase, VendorBase, AppBase) provide behavioural context across integrations.
Frequently asked questions
Abnormal Security is an AI-native cloud email security platform that protects Microsoft 365 and Google Workspace from advanced email attacks including business email compromise (BEC), spear phishing, vendor fraud, account takeover, and supply chain attacks. Unlike traditional secure email gateways, Abnormal uses behavioural AI — building a unique identity model for every user, vendor, and counterparty to detect threats that have no malicious indicators.
Abnormal organises its platform into three categories: Cloud Email Security (Inbound Email Security, Email Account Takeover Protection, Security Posture Management, Email Productivity, Misdirected Email Prevention), AI Security Agents (AI Security Mailbox, AI Phishing Coach, AI Data Analyst), and SaaS Security (SaaS Account Takeover Protection for Slack/Zoom/Salesforce, and Messaging Security for Microsoft Teams).
Mimecast and Proofpoint are Secure Email Gateways (SEGs) that filter email using reputation, signatures, and rule-based detection — effective for known spam and mass phishing. Abnormal is designed to catch what SEGs miss: targeted BEC attacks with no links or attachments, vendor impersonation using legitimate domains, and account takeover by compromised internal users. Most Abnormal customers deploy it alongside their existing SEG as a second layer.
Business Email Compromise is a targeted attack where fraudsters impersonate executives, vendors, or trusted partners to deceive employees into making fraudulent payments or transferring sensitive data. BEC attacks contain no malicious links or attachments — they rely entirely on social engineering and impersonation — which is why traditional email security tools consistently fail to detect them. The FBI IC3 reported $2.9 billion in BEC losses in 2023, making it the most financially damaging cybercrime category.
Yes. Abnormal Email Account Takeover Protection monitors all Microsoft 365 and Google Workspace account activity — logins, mail rule changes, forwarding rules, OAuth app consent, and API access — and detects anomalies indicating a compromised account. Automated response terminates active sessions, revokes suspicious mail rules, and alerts the security team. This works for both human accounts and compromised service principals.
Yes. Abnormal SaaS Account Takeover Protection extends protection to Slack, Zoom, Salesforce, and other SaaS platforms — detecting compromised accounts sending malicious content in business applications. Messaging Security covers Microsoft Teams specifically. The AI Security Mailbox and AI Phishing Coach work across all integrated platforms to automate triage and reduce human susceptibility.
Deploy Abnormal Security
Servnet will connect Abnormal to your Microsoft 365 or Google Workspace tenant — no mail flow changes, no downtime, active within minutes.