Modern security is being reshaped by two forces: how attackers operate and how products are built.

Abnormal’s behavioral AI platform is built on a foundation designed for that reality. We architected our system to model identity, behavior, and context at enterprise scale, reflecting how people and organizations actually work. That foundation enables us to redefine email security. It’s also what positions us to go much further.

At the same time, AI-native development is transforming how products are created, empowering small, highly leveraged teams to build faster at a fraction of the cost. When teams combine a behavioral AI platform with an AI-native development model, something powerful happens: they can solve a much broader set of customer problems at speed and scale that wasn’t possible just a year ago.

That’s the phase Abnormal is entering now. And that’s exactly what Stephen Harrison is joining to lead as our new VP of Product, Next Gen Products.

Stephen is joining Abnormal to help shape where our platform goes next—not as a standalone product leader, but as someone who understands attackers, enterprise complexity, and how to operate in an AI-native era. His career spans four disciplines that rarely converge in one leader: offensive security, Fortune 500 security leadership, hands-on product and engineering ownership, and AI-native development.

He started in offensive security as a white-hat hacker and penetration tester, where he learned how attacks are actually built—not just how they’re described in reports. He later served in Fortune 500 security programs and eventually as a CISO at MGM Resorts, leading security operations at a massive scale. There, he helped guide the company through one of the most visible cyber incidents in recent history, navigating recovery in real time under global scrutiny.

But Stephen wasn’t just defending the business. He also led Enterprise Architecture, overseeing roughly 80 internally developed applications and owning the full product development lifecycle from ideation through deployment. As Stephen puts it:

“I wasn’t just securing the business—I was building and scaling products with engineering teams. Abnormal is the first place where I can now apply that experience to a platform purpose-built for how attacks actually happen today.”

After years of operating at enterprise scale, Stephen saw a gap between what security teams need and what most security tools deliver. “Most security products aren’t built by people who’ve lived on both sides of the problem,” he says. “I joined Abnormal to change that.”

As a CISO, he understood firsthand the tension between speed and safety, complexity and usability, innovation and operational reality. He wanted to create the products he would have bought—ones designed around how attackers actually behave.

Abnormal’s AI-native foundation makes that possible. Unlike legacy vendors that retrofit AI onto rule-based systems, Abnormal was architected from the ground up to understand identity relationships, behavioral baselines, and contextual anomalies across the enterprise. That intelligence layer powers everything we deliver.

Equally important is how we build. AI-native development leverages generative AI, autonomous tooling, and modern workflows to shorten the path from idea to deployment. This allows us to move quickly, experiment rapidly, and extend our platform into new problem areas without re-architecting infrastructure from scratch.

Because every product is built on the same behavioral intelligence core, each new capability strengthens the system rather than adding complexity—creating a compounding advantage as we expand the platform.

“The next generation of security products won’t be rule-driven or reactive. They’ll be AI-native, adaptive, and designed by people who understand the adversary as well as the enterprise.”

Leading security for a Fortune 500 enterprise reinforced one critical lesson: attackers move faster than most security stacks are designed to handle. Modern adversaries are coordinated, patient, and outcome-driven. They chain together identity, social engineering, and system access, adapting in real time based on what works.

When attacks unfold across identities and systems, you need visibility into behavior across the enterprise, rather than isolated point tools reacting independently. Every minute matters, from detection through response, communication, and recovery. Stephen saw firsthand how fragmented tooling and reactive workflows slow teams down and how purpose-built, tightly integrated systems can accelerate resilience.

That experience reshaped how he thinks about product development. Having crafted attacks himself (and defended against them under pressure), he doesn’t design for checklists. He designs for adversaries.

Instead of asking whether a control technically satisfies a requirement, Stephen asks, If I were attacking this company, would this actually stop me? This adversary-informed, operator-grounded, speed-driven mindset is what he now brings to Abnormal’s next phase of product development.

At Abnormal, Stephen will lead the exploration of new product directions, working side-by-side with product, engineering, and design to shape the platform’s next phase.

He’ll focus on expanding our behavioral AI platform into new domains where identity, behavior, and context determine risk. Because we build in an AI-native way, we can pursue these opportunities with speed, rapidly validating, iterating, and deploying capabilities that would traditionally take years to bring to market. As Stephen puts it:

“Abnormal combines deep attacker understanding with an AI-native foundation and a culture that moves quickly. That’s a rare combination.”

Stephen’s appointment marks a product inflection point for Abnormal. It reinforces our long-term ambition to expand our AI-native platform with products grounded in operational experience, informed by adversary behavior, and built to scale with enterprise complexity.

That combination allows us to invest in solving more customer problems—faster and more effectively—than platforms constrained by legacy architectures and traditional development cycles.

It’s also a signal to builders who want to work on the next generation of AI-native security products. That’s the standard at Abnormal, and we couldn’t be more excited about what comes next.

For builders who want to work on AI-native security grounded in real-world experience, there’s more to build at Abnormal.