Abnormal Security (Abnormal AI) - Experts & Thought Leaders

Abnormal AI (Abnormal Security), the globally renowned company in AI-native human behaviour security, has unveiled its most ambitious product release to date — introducing autonomous AI agents that revolutionise how organisations train employees and report on risk, while also evolving its email security capabilities to continue to stop the world’s most advanced email attacks. In a year defined by the explosive use of malicious AI for cybercrime, Abnormal is doubling down on its mission to protect people. With its AI-native platform, Abnormal’s newest innovations bring intelligent automation to security awareness training, executive reporting, and advanced email threat detection. Abnormal AI’s autonomous AI agents “The most dangerous attacks don’t target firewalls — they target people, and people need better protection,” said Evan Reiser, CEO and Founder of Abnormal AI, adding “Today, we’re introducing true AI agents that not only protect people from advanced cyber-attacks, but also eliminate the manual effort that’s bogging down security teams.” He continues, “From personalised phishing simulations to autonomous reporting and expanded threat remediation capabilities, these innovations represent a massive leap forward in how AI can be operationalised across the security stack.” Introducing Two New AI Agents AI Phishing Coach allows organisations to replace generic training with autonomous AI platform In a recent survey, 53% of security leaders agreed that the effort required to run and maintain their organisation’s current security awareness training program isn’t worth the impact it appears to be having. To solve this pain point, the launch of AI Phishing Coach allows organisations to replace ineffective, generic training with a personalised, autonomous AI platform. By converting real attacks blocked by Abnormal into tailored simulations for each user, it delivers instant coaching modules when users click — no more canned videos or impersonalised courses. For company-wide training, AI-generated videos are created on-demand, branded, and customised to each organisation's threat landscape. Abnormal’s behavioural AI engine Unlike legacy training platforms that rely on static templates and outdated scenarios, AI Phishing Coach uses real-time behavioural threat data to deliver hyper-relevant training experiences. Because it’s powered by Abnormal’s behavioural AI engine, it learns from each organisation’s threat environment and adapts training dynamically — providing proactive education before attacks succeed. It’s like giving every employee their own AI-powered security mentor — without adding any operational burden to security teams. AI Data Analyst In addition to AI Phishing Coach, Abnormal is also launching AI Data Analyst to turn complex security data into instantly usable intelligence — providing admins with better reporting tools and saving teams dozens of hours in manual data aggregation. AI Data Analyst acts as an intelligent agent that proactively delivers reports directly to customers AI Data Analyst acts as an intelligent agent that proactively delivers reports directly to customers, highlighting the value Abnormal is bringing to their organisation. Customers can then interact with the agent to ask follow-up questions, explore specific data points, or request customised board decks — complete with interactive slides and plain-language insights — tailored to showcase the impact of Abnormal AI on their security posture. Enhancing Email Security to Replace the SEG As email attacks continue to bypass legacy secure email gateways (SEGs), the Abnormal Behaviour Platform has consistently outperformed traditional tools — and even human analysts. Currently, three-fourths of Abnormal customers have moved away from their third-party SEG. To support this shift and continue to provide more visibility and flexibility, Abnormal is rolling out three no-cost upgrades to Inbound Email Security, now available to all customers:  Quarantine Release: Consolidates Microsoft-quarantined emails into the Abnormal platform for streamlined triage and faster response. URL Rewriting: Adds user-facing warnings and click tracking for suspicious links, improving protection without disrupting the email experience. Enterprise Remediation Settings: Allows administrators to tailor remediation actions based on threat type and business context. Together, these enhancements make it easier than ever for organisations to fully replace their legacy tools while maintaining control, visibility, and peace of mind. Expanding Globally, Scaling Securely Earlier this month, Abnormal achieved FedRAMP Moderate Authorisation in only 256 days, paving the way for federal agencies to easily adopt the platform. Currently, the company is also announcing expanded operations into Germany, with Japan and France to follow later this year. With expansion, the Abnormal Behaviour Platform will be tuned for the nuances and language needs of each market.

Abnormal Security, the pioneer in AI-native human behaviour security, announced it has been recognised as a pioneer in the first-ever Gartner® Magic Quadrant™ for Email Security Platforms. A complimentary version of the full report can be found. Gartner evaluated 14 vendors across the email security market and placed Abnormal in the Leaders Quadrant. They feel this placement recognises Abnormal for excelling in both Completeness of Vision by addressing current and future email threats, and in Ability to Execute by delivering tangible results for customers. Of all 14 vendors in the Magic Quadrant, Abnormal is positioned furthest for Completeness of Vision. Behavioural AI approach In the report, Gartner highlights that “humans are increasingly incapable of identifying social engineering attacks as large language models (LLMs) are refined for purpose by attackers.” To combat these sophisticated threats, they believe that organisations need solutions that utilise behavioural AI and natural language processing to analyse user behaviour and detect anomalies. Abnormal’s Human Behaviour AI Platform stands out in the market for its unique behavioural AI approach to stopping the full spectrum of email attacks, including sophisticated social engineering threats like business email compromise, credential phishing, and account takeover. Autonomous AI models The platform links via API to analyse thousands of signals from datasets and precisely baseline known behaviour The platform connects via API to analyse thousands of signals from multiple data sets and precisely baseline known behaviour. Autonomous AI models then enable Abnormal to detect anomalous activity and stop never-before-seen attacks with superhuman speed and accuracy. “It’s an honour to be named a Leader in the inaugural Gartner Magic Quadrant for Email Security Platforms,” said Evan Reiser, chief executive officer at Abnormal Security. Gartner Peer Insights™ Customers’ Choice Reiser added: “As organisations seek autonomous solutions to combat sophisticated email threats, Abnormal is setting the bar—using AI to protect humans better than humans can protect humans—and we believe this recognition is a testament to that. We view our Magic Quadrant position as the latest validation of our momentum as an independent, AI-driven cybersecurity company, further cementing our position among the fastest-growing security companies in history.” Abnormal’s inclusion in this Magic Quadrant follows the company’s recent recognition as a Gartner Peer Insights™ Customers’ Choice for Email Security. As of December 19th 2024, out of 263 reviews, Abnormal has a 99% Would Recommend rating and an average rating of 4.8 on Gartner Peer Insights™. Gartner's research publications Gartner's research serials consist of the views of Gartner’s study corps and should not be construed Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner's research publications consist of the opinions of Gartner’s research organisation and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant and Peer Insights are a registered trademark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Views of Gartner Peer Insights Gartner Peer Insights content consists of the opinions of individual end-users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

Business email compromise (BEC) attacks involve manipulating or impersonating email accounts to deceive employees, often leading to financial fraud, breaches or data loss. According to Verizon, BEC attacks doubled last year and comprised nearly 60% of all social engineering incidents. To deal with this growing frequency of BEC attacks, MSPs need advanced strategies, such as user behaviour analysis and employee training programs. Let’s look at the key BEC protection strategies for MSPs. What are BEC attacks? BEC attacks are a sophisticated form of cyber threat where malicious actors exploit email communication BEC attacks are a sophisticated form of cyber threat where malicious actors exploit and manipulate email communication within an organisation. These attacks typically target individuals with access to sensitive information or financial transactions or those in positions of authority. These scams rely on social engineering tactics like phishing attacks, domain spoofing, impersonation of executives and urgent requests. The importance of BEC protection strategies By offering robust BEC protection services, enterprises can protect their clients from the following consequences.  Financial losses One of the most immediate and significant impacts of a BEC attack is financial loss. Cybercriminals may successfully manipulate employees into making unauthorised wire transfers or redirecting funds to fraudulent accounts or other financial scams, resulting in direct monetary losses for the organisation. Victims of a BEC attack also face an increase in premiums for their cyber insurance or challenges in renewing their policies after the incident. Operational disruptions In response to a BEC attack, clients may need to temporarily shut down or restrict access to certain IT systems to conduct thorough investigations, implement security patches and remove malicious elements. This downtime can disrupt regular business operations and impact revenue. In fact, unplanned downtime costs Fortune Global 500 companies 11% of their yearly turnover — around $1.5 trillion, per Siemens. Reputational damage Diminished investor confidence impacts the ability to attract funding When clients and partners discover that an organisation has fallen victim to manipulation and deception, they question the company’s ability to conduct secure business transactions. Diminished investor confidence impacts the ability to attract funding, with publicly traded companies seeing a short-term drop in market value. Comparitech found that the share prices of compromised companies experience an average drop of 3.5% after a cyber-attack. Regulatory consequences A BEC attack leads to non-compliance with industry-specific regulations, such as HIPAA in the healthcare sector and PCI DSS in the financial industry. Regulatory authorities often have the power to impose hefty fines for non-compliance with data protection and privacy regulations.  Top four strategies for improved business email compromise protection BEC protection requires a comprehensive and multi-layered approach. Here are four key strategies to get started with BEC security: 1. Awareness and training Employees open almost 28% of emails that are BEC attacks and even reply to 15% of these emails, according to Abnormal Security. With an effective security awareness program, organisations can train employees to recognise and respond appropriately to potential BEC threats. Tailor training content to different roles within the organisation. For instance, employees with financial responsibilities, such as CFOs or accountants, should receive specialised training on recognising fraudulent financial requests. MSPs and MSSPs should train clients to look for the following signs of BEC: High-level executives asking for unusual information Requests instructing employees not to communicate with others Poor grammar, awkward phrasing or date formats that differ from the standard conventions used in their organisation Email domains and ‘Reply To’ addresses that do not match legitimate ones 2. Monitoring and alerting for anomalies Start by establishing a baseline of normal communication behaviour for customers’ employees’ email accounts and financial transactions within the organisation.  Use SaaS security software to set up automated alerting when anomalies are detected Understanding what is typical allows security systems to identify anomalies and compare activities against known indicators of compromise (IOCs), such as a sudden increase in the volume of outgoing emails or unusual attachment types. This information helps them effectively identify and respond to potential BEC threats. Use SaaS security software to set up automated alerting when anomalies are detected. Enterprises can configure these cyber security alerts to notify security teams or IT personnel, ensuring a rapid response to potential BEC attacks. 3. Multi-Factor Authentication (MFA) Implementing MFA helps mitigate the risk of unauthorised access to email accounts, even if credentials are compromised. Some MFA solutions offer adaptive authentication, which adjusts the level of security based on contextual factors. For example, if a user attempts to log in from an unknown location or device, the system requires additional authentication steps, providing adaptive protection against unauthorised access. 4. Incident response and recovery Develop a comprehensive incident response plan outlining roles, responsibilities, communication protocols and the steps to be taken, if a suspected or confirmed BEC attack occurs. Automated remediation tools play a crucial role in isolating and containing BEC threats Automated remediation tools play a crucial role in isolating and containing BEC threats. They automatically deactivate compromised email accounts, block malicious email addresses or enforce temporary restrictions on certain activities to prevent further damage. An ideal recovery plan should outline the steps to restore normal operations, following a BEC incident. These steps include: Restoring data from backups Validating the integrity of systems Implementing additional security measures to mitigate future incidents Protect against business email compromise attacks with SaaS Alerts A robust security tool like SaaS Alerts is essential for businesses to stay one step ahead of malicious actors and boost BEC protection. Here’s how SaaS Alerts helps MSPs better protect their clients: Continuous threat detection capabilities identify anomalous activities like logins from unfamiliar devices or locations, suspicious email forwards and irregular data downloads. Automated remediation triggers predefined responses automatically, such as isolating affected accounts or blocking malicious email addresses. Customised alerting and reporting features allow MSPs to customise their offering based on their client’s specific needs. This flexibility allows them to tailor the tool to each organisation’s unique characteristics and risks.