Abnormal AI

Abnormal AI is a technology company that develops AI-based email security and user behavior analysis solutions. The company operates by offering products designed to detect and prevent threats such as phishing, business email compromise (BEC), account takeover (ATO), and graymail, particularly those targeting enterprise users. Built on a cloud-based modern API (Application Programming Interface) architecture, the platform integrates with email services such as Microsoft 365 and Google Workspace to detect behavioral threats within enterprise email systems.

Founding

Abnormal AI was founded in 2018 with headquarters in San Francisco, California. The company’s founders are Evan Reiser (CEO), Sanjay Jeyakumar (CTO), and Dan Desai. Also known as Abnormal Security, the company specializes in AI-powered solutions for email security. Since its inception, it has distinguished itself through advanced behavioral analysis systems and a cloud-native architecture, developing security and productivity solutions specifically for the Microsoft 365 and Google Workspace ecosystems. The company has received investment from venture capital funds including Andreessen Horowitz (a16z) and Greylock.

Technological Approach

Abnormal AI employs a “behavioral AI” approach to build normal behavior profiles for enterprise users by analyzing email habits, content types, sender identities, device usage patterns, and other signals. These profiles serve as the foundation for detecting anomalous activity. The system can identify suspicious sessions and content by leveraging identity signals, access logs, and communication data. Thanks to its API-based structure, Abnormal AI integrates with more than 85 applications including Microsoft 365, Google Workspace, OneDrive, SharePoint, Teams, Intune, and Outlook. It also operates compatibly with identity providers such as CrowdStrike, Okta, and Azure Active Directory, as well as XDR platforms.

Products and Modules

Inbound Email Security: Analyzes phishing, spam, and malware in incoming emails from outside the organization. Uses behavioral models based on users’ internal communication patterns to detect suspicious content.

AI Security Mailbox: Automatically evaluates emails reported by users as suspicious and classifies them as malicious, spam, safe, or simulated. It also identifies and removes bulk copies of malicious email campaigns across the system. Provides each user with automated, personalized feedback.

Email Productivity: Identifies promotional, time-wasting emails known as graymail and automatically removes them from inboxes. The system learns each user’s email preferences and moves messages to appropriate folders. Generates reports on time savings and productivity gains across the organization.

Core Account Takeover Protection: Analyzes email behavior and session data to determine whether user accounts have been compromised. Upon detection, it terminates sessions, resets passwords, and blocks access. Offers automated account recovery for Microsoft 365.

Core Security Posture Management: Reports security vulnerabilities, misconfigurations, and improvement recommendations to administrators within email environments.

Security Operations

Abnormal AI has developed automation-focused solutions to reduce the workload on security operations centers (SOCs). The AI Security Mailbox module continuously scans, evaluates, and takes collective action on emails reported as suspicious by users, 24/7. It also provides productivity-enhancing AI-powered communication capabilities that enable security teams to deliver individualized feedback to each user.

Performance

According to Abnormal AI’s data, its “Email Productivity” module removed 2.8 billion graymail messages from inboxes during its first year alone. It is estimated that 80 percent of Fortune 1000 companies have experienced at least one account takeover incident, one in four organizations faces weekly ATO attempts, and data breaches resulting from compromised credentials cost an average of $4.5 million. The company’s solution aims to mitigate the impact of these threats.

Microsoft Integrations

Abnormal AI is a member of Microsoft’s Intelligent Security Association (MISA) and is listed as a “Preferred Solution” for Microsoft 365 users. The platform integrates with SIEM/SOAR solutions and email security buttons to centralize alert management, incident analysis, and response actions.

Future Vision

Abnormal AI’s long-term goal is to transform email security into a fully AI-managed system. To this end, the company is developing solutions that automate both attack prevention and incident response using models that understand human behavior. The company’s vision is to accelerate the transition to autonomous AI systems in cybersecurity by reducing manual burdens on employees and security teams.