Abnormal Security
Behavioral AI-powered email and identity security platform that detects sophisticated attacks through anomaly detection rather than signatures.
1. Core Product / Service
Abnormal Security (rebranded as Abnormal AI) is a behavioral AI security platform built on its proprietary Attune foundation model. The platform analyzes thousands of identity and behavioral signals to detect sophisticated email attacks, account compromises, and unauthorized AI tool usage—threats that traditional signature-based gateways miss.
The core product architecture is cloud-native and API-based, integrating directly with Microsoft 365 and Google Workspace without sitting in the mail flow (unlike legacy Secure Email Gateways). The platform ingests behavioral signals in real-time to build bespoke baselines of "normal" for each organization and its vendor relationships. Key capabilities include inbound email security, account takeover detection, vendor email compromise (VEC) prevention, business email compromise (BEC) detection, identity threat protection, and AI security monitoring (blocking unauthorized SaaS and generative AI usage).
As of 2026, the Attune 1.0 foundation model powers 85% of detections. The system can simultaneously analyze identity, behavior, and content to identify attacks that move too fast for human response, operating at "machine speed" while maintaining accuracy claimed to exceed general-purpose LLMs.
2. Target Users & Pain Points
Abnormal Security targets enterprise organizations (2,400+ customers as of 2026) across all verticals. Primary users are security teams responsible for email, identity, and emerging AI risks. The company serves organizations from mid-market to Fortune 500, with particular traction in financial services, healthcare, and professional services.
Pain points include: (1) 61% of BEC attacks are now vendor email compromise (VEC), exploiting trusted vendor relationships rather than technical vulnerabilities; (2) AI-generated phishing renders signature-based detection obsolete; (3) attackers now target human behavior and organizational trust rather than system exploits, requiring behavioral intelligence rather than threat intelligence; (4) account takeover and compromised-user attacks operate asynchronously across cloud applications, undetectable by legacy email gateways; (5) proliferation of unauthorized AI tools introduces blind spots in security posture.
3. Competitive Landscape
| Competitor | Architecture | Strength | Abnormal Differentiation |
|---|---|---|---|
| Proofpoint | Secure Email Gateway (on-premise/hybrid) | Mature threat intel, compliance | API-native, behavioral, no mail flow |
| Mimecast | Secure Email Gateway | Cloud convenience | Superior BEC/VEC detection; API approach |
| Cisco Secure Email | Gateway + Talos threat intel | Enterprise integration | Behavior-driven vs. signature-driven |
| Microsoft Defender Office 365 | Cloud-native, bundled | Cost consolidation | Specialized behavioral baseline; standalone |
| Google Workspace Security | Cloud-native, bundled | Native integration | Specialized; behavioral signals vs. rule-based |
Abnormal's key differentiator is behavioral anomaly detection that builds per-user, per-vendor baselines instead of relying on threat signatures or known-bad indicators. This approach catches sophisticated social engineering and BEC attacks (text-only, no URL/attachment) that defeat competitors. The API-first design avoids mail-flow latency and deployment complexity of legacy gateways, crucial for detecting asynchronous account takeovers across SaaS.
4. Unique Observations
Abnormal Security is riding a structural shift in email threat landscape: attackers have moved away from technical exploits (malware, URLs) toward behavioral and organizational attacks (social engineering, vendor impersonation, AI-generated content). This shift invalidates the 20-year playbook of signature-based email gateways and creates opportunity for behavioral AI.
The 2026 Attack Landscape Report (analyzing 800,000 attacks across 4,600+ organizations) shows VEC now dominates BEC—a finding that directly invalidates legacy risk scoring models built on direct attacker impersonation. Abnormal's architecture, which learns vendor communication patterns, is structurally aligned with this threat evolution.
The company's path to IPO (stated aspiration by CEO) suggests venture and public market confidence in both the security vertical and the AI/ML-driven defensibility model. With $200M+ ARR and 2,400+ customers, the unit economics appear to support enterprise SaaS scaling. However, the market is crowded with both legacy SEG vendors upgrading to behavioral features and younger AI-native startups. Abnormal's moat rests on the quality of its Attune model and stickiness of its customer integrations.
The pivot to glean-like "see and enforce policy" for AI tool usage (announced 2026) expands TAM but signals that email security alone is maturing and that the real growth TAM is identity + AI governance—a competitive pivot distinct from email-only competitors like Proofpoint.
5. Financials / Funding
- Total raised (primary equity): $0.53B
- Latest valuation: $5.1B
| Date | Round | Amount | Post-money | Lead investor(s) |
|---|---|---|---|---|
| 2019-11 | Series A | $0.02B | $0.1B | Greylock Partners |
| 2020-11 | Series B | $0.05B | — | Menlo Ventures |
| 2022-05 | Series C | $0.21B | $4.0B | Insight Partners |
| 2024-08 | Series D | $0.25B | $5.1B | Wellington Management |
| 2025-10 | Series E (unconfirmed) | undiscl. | — | Insight Partners; Menlo Ventures |
6. People & Relationships
Founders & Leadership
- Evan Reiser (CEO, co-founder): Previously led product and ML at Twitter advertising; founded and exited Bloomspot (acquired by JPMorgan Chase) and AdStack (acquired by TellApart). Deep expertise in behavioral profiling and applied ML.
- Sanjay Jeyakumar (CTO, co-founder): Prior work on ML and behavioral profiling; founding engineer at Google and Pinterest.
- Jeshua Bratman (Head of Machine Learning): Google background.
- Abhijit Bagri, Dmitry Chechik (Founding Engineers): Twitter and other tech leaders.
Key Investors
- Greylock Partners (Series A lead, sustained investor)
- Menlo Ventures (Series B lead, sustained investor)
- Insight Partners (Series C lead, sustained investor)
- Wellington Management (Series D lead; growth PE, first institutional PE lead)
- Existing: CrowdStrike Falcon Fund (strategic investor)
Competitive Relationships
- vs. snyk / chainguard: Abnormal focuses on email + identity + AI; Snyk/Chainguard focus on supply chain security. Complementary but not directly overlapping.
- vs. glean: Both positioning on AI governance, but Glean is search/knowledge; Abnormal is identity/access.
- Traditional competitors: Proofpoint (acquisition target of Thoma Bravo, ~$12B), Mimecast (under Permira ownership), Cisco Secure Email.