Abnormal AI
By Abnormal AI
An API-based email security platform that connects directly to Microsoft 365 or Google Workspace rather than sitting inline as a gateway, using behavioral AI to baseline normal vendor and executive communication patterns and flag the subtle impersonation and payload-free social engineering that signature-based filters typically miss. Renamed from Abnormal Security to Abnormal AI in April 2025.
Verified Source: 1
- Product type
- Software
- Deployment
- SaaS
- Organization size
- Mid-marketEnterprise
- Pricing tier
- $$$
Capability checklist
How Abnormal AI measures up against the full Email Security taxonomy.
- Phishing & malware detection — supported
- Blocks malicious links, attachments, and known phishing patterns in inbound email.
- Business email compromise detection — supported
- Flags impersonation and social-engineering attempts that lack a malicious payload.
- Link & attachment sandboxing — not supported
- Detonates suspicious links and files in an isolated environment before delivery.
- DMARC/SPF/DKIM enforcement — supported
- Enforces sender authentication standards to block domain spoofing.
- User-reported phishing workflow — not supported
- Lets employees report suspicious emails and routes them for rapid review.
- Data loss prevention for email — supported
- Blocks sensitive data from leaving the organization through outbound email.
Alternatives
Other Email Security tools with overlapping capabilities, sized for similar teams.
Appears in stacks
Real-world stacks that include Abnormal AI.