Cyber Tool Stack
All tools

Abnormal AI

By Abnormal AI

An API-based email security platform that connects directly to Microsoft 365 or Google Workspace rather than sitting inline as a gateway, using behavioral AI to baseline normal vendor and executive communication patterns and flag the subtle impersonation and payload-free social engineering that signature-based filters typically miss. Renamed from Abnormal Security to Abnormal AI in April 2025.

Verified Source: 1

Product type
Software
Deployment
SaaS
Organization size
Mid-marketEnterprise
Pricing tier
$$$

Capability checklist

How Abnormal AI measures up against the full Email Security taxonomy.

Phishing & malware detection — supported
Blocks malicious links, attachments, and known phishing patterns in inbound email.
Business email compromise detection — supported
Flags impersonation and social-engineering attempts that lack a malicious payload.
Link & attachment sandboxing — not supported
Detonates suspicious links and files in an isolated environment before delivery.
DMARC/SPF/DKIM enforcement — supported
Enforces sender authentication standards to block domain spoofing.
User-reported phishing workflow — not supported
Lets employees report suspicious emails and routes them for rapid review.
Data loss prevention for email — supported
Blocks sensitive data from leaving the organization through outbound email.

Alternatives

Other Email Security tools with overlapping capabilities, sized for similar teams.

Appears in stacks

Real-world stacks that include Abnormal AI.

Search Cyber Tool Stack

Jump to any tool, vendor, category, or glossary term.