Abnormal Blog

When attackers hold valid credentials and a signed offer letter, the identity layer has already cleared them

The lateral movement techniques security teams have playbooks for assume that a human is at the keyboard. Most attackers have moved on from that playbook.

From social engineering and third-party compromise to AI-accelerated attacks, here are the most important cybersecurity trends revealed in the Verizon 2026 DBIR.

Auto-generating response policy from incident signal is now within reach, but the model writing the rule isn't where this gets hard.

How Identity Threat Detection and Response provides value even when attacks are rare

Learn what the Canvas breach means for higher education institutions, the attacks likely to follow, and practical steps to protect students, faculty, and staff.

How Identity Threat Detection and Response provides value even when attacks are rare.

See how modern phishing attacks are built, why manual email triage creates operational risk, and how AI Security Mailbox speeds detection and containment.

Identity attack breadcrumbs are sitting in the inbox, but nothing is checking for them.

The CIS Microsoft 365 Foundations Benchmark v6 codified two years of real-world breach patterns into 29 new controls. Here is what changed, and what every Security Posture Management tenant now evaluates automatically.

Two new identity threats (AI agents accumulating permissions, synthetic job candidates gaining real access) lack detection signatures, but Abnormal's behavioral AI catches them by flagging deviations from baseline rather than relying on predefined rules.

Learn how Abnormal’s AI Detection Agents analyze customer-reported attacks, identify behavioral patterns, and iteratively generate detectors that generalize beyond static indicators.

See what changed, what was deployed, and what it caught—traceable evidence from every report to deployed protection.

Abnormal AI’s 2026 Attack Landscape Report reveals how phishing, BEC, and vendor compromise attacks are tailored to federal agency workflows, procurement processes, and organizational structures.

Learn how Peak Technologies used behavioral AI to detect sophisticated phishing attacks, automate remediation, and move beyond legacy email security controls.

Device code phishing allows attackers to hijack legitimate Microsoft 365 authentication flows and maintain persistent access. Learn how Abnormal AI detects compromise and helps contain account takeover activity.

Every vendor claims AI. The difference is whether the system reads intent or chases tactics. Here's what makes Abnormal's detection engine different.

From live AI-powered attack demos to real-world CISO insights, a DC roadshow reveals how attackers are using AI today—and why traditional email defenses are falling behind.

Most companies talk about AI transformation. Abnormal is doing it in public, showing how teams across the company are rebuilding their work with AI.

Abnormal now inspects auto-forwarded Microsoft 365 email before it reaches tools like Salesforce, Zendesk, and ServiceNow, blocking phishing and BEC upstream.

A single compromised admin triggered 200,000 device wipes. Learn why rethinking security posture in Microsoft 365 is key to containing risk.

Six Abnormal AI leaders have been named to CRN’s 2026 Women of the Channel list, recognizing their impact on partner programs, innovation, and channel success.

Twenty days after Europol seized 330 Tycoon2FA domains, a new campaign emerged with rebuilt infrastructure and six layers of obfuscation. Here's how it works.

Security teams rely on employee reporting but struggle to measure its impact. Metrics like reporting activity, response times, and feedback loops reveal whether security awareness is driving real behavior change.