Abnormal Blog

Bug triage used to start with an engineer reading a ticket. Now an AI agent does that pass first, and engineers spend their time on the work only they can do.

Every tool in the identity stack went blind. The ground truth was sitting in email, where it almost always is.

Security teams racing to inventory unsanctioned AI are asking the right first question. The harder one is usually skipped.

Shadow AI is growing faster than most organizations can track. Learn why unsanctioned AI agents create new security risks and why behavioral analysis is critical for detecting threats.

A live AI attack demo and Anticimex’s story showed why native email defenses alone can’t keep up—and how behavioral AI closes the gap.

Behind the scenes on how Abnormal closed the gap between product intent and engineering reality

When attackers hold valid credentials and a signed offer letter, the identity layer has already cleared them

The lateral movement techniques security teams have playbooks for assume that a human is at the keyboard. Most attackers have moved on from that playbook.

From social engineering and third-party compromise to AI-accelerated attacks, here are the most important cybersecurity trends revealed in the Verizon 2026 DBIR.

Research from Abnormal reveals that most BEC attacks involve impersonation of external third parties, not internal identities.

Auto-generating response policy from incident signal is now within reach, but the model writing the rule isn't where this gets hard.

How Identity Threat Detection and Response provides value even when attacks are rare

Learn what the Canvas breach means for higher education institutions, the attacks likely to follow, and practical steps to protect students, faculty, and staff.

How Identity Threat Detection and Response provides value even when attacks are rare.

See how modern phishing attacks are built, why manual email triage creates operational risk, and how AI Security Mailbox speeds detection and containment.

Identity attack breadcrumbs are sitting in the inbox, but nothing is checking for them.

The CIS Microsoft 365 Foundations Benchmark v6 codified two years of real-world breach patterns into 29 new controls. Here is what changed, and what every Security Posture Management tenant now evaluates automatically.

Two new identity threats (AI agents accumulating permissions, synthetic job candidates gaining real access) lack detection signatures, but Abnormal's behavioral AI catches them by flagging deviations from baseline rather than relying on predefined rules.

Learn how Abnormal’s AI Detection Agents analyze customer-reported attacks, identify behavioral patterns, and iteratively generate detectors that generalize beyond static indicators.

See what changed, what was deployed, and what it caught—traceable evidence from every report to deployed protection.

Abnormal AI’s 2026 Attack Landscape Report reveals how phishing, BEC, and vendor compromise attacks are tailored to federal agency workflows, procurement processes, and organizational structures.

Learn how Peak Technologies used behavioral AI to detect sophisticated phishing attacks, automate remediation, and move beyond legacy email security controls.

Device code phishing allows attackers to hijack legitimate Microsoft 365 authentication flows and maintain persistent access. Learn how Abnormal AI detects compromise and helps contain account takeover activity.

Every vendor claims AI. The difference is whether the system reads intent or chases tactics. Here's what makes Abnormal's detection engine different.