Email remains the backbone of modern business—and the entry point for some of the most damaging cyberattacks. In 2024, Business Email Compromise (BEC) alone caused $2.77 billion in losses. Attackers are leveraging generative AI to scale campaigns with unprecedented realism, making phishing, impersonation, and account takeovers more convincing than ever.

Despite billions invested in secure email gateways and awareness training, organizations continue to suffer staggering losses. This changing threat landscape highlights a constant truth: legacy defenses built on static rules and signatures struggle to keep pace. Since our founding, Abnormal has championed a different approach, one rooted in AI-native solutions and human behavior. As modern attacks evolve every day, so does the autonomous Abnormal platform built to stop them.

To capture this progression, we’ve updated our ABX: Abnormal Behavior Technology report for 2025, detailing how the behavioral foundation of Abnormal has protected organizations since day one, and how it continues to adapt as attackers embrace AI-powered tactics.

At the heart of the Abnormal platform is Abnormal Behavior Technology (ABX), a behavioral AI engine that ingests thousands of signals from Microsoft 365, Google Workspace, and connected applications. ABX establishes a living model of how people, vendors, and applications normally operate—then identifies the anomalies that reveal threats.

ABX evaluates every event across three interconnected dimensions:

• Identity Awareness: Profiles employees, vendors, customers, and apps by examining attributes like sign-in locations, communication history, financial details, and device usage.

• Context Awareness: Maps the relationships among those identities, analyzing cadence, tone, and sentiment to surface anomalies in how, when, and why people interact.

• Risk Awareness: Applies advanced natural language models and deep content inspection to assess URLs, attachments, and message intent for malicious signals.

Together, these pillars allow ABX to detect never-before-seen attacks with high confidence and explainability. Security teams gain verdicts they can trust, without the manual tuning and maintenance burden of legacy tools.

The updated 2025 ABX report documents the full scope of Abnormal Behavior Technology and demonstrates how this AI-native foundation adapts in practice to expose sophisticated campaigns such as:

• Vendor Email Compromise: Attackers who hijack a trusted vendor account can inject fraudulent payment instructions directly into ongoing conversations. ABX detects changes in invoicing cadence, communication frequency, or financial requests that fall outside the vendor’s known-normal behavior.

• Account Takeover: Once inside an employee’s mailbox, adversaries often conduct reconnaissance or launch internal phishing campaigns. ABX flags suspicious login locations, device mismatches, or unusual east–west traffic patterns that indicate compromise.

• Credential Phishing: Many brand impersonation attacks evade sandboxing because they lack malware payloads. By comparing requests against established identity and risk baselines, ABX recognizes the abnormal patterns that expose phishing attempts.

• Platform-Level Exploits: From MFA bypass to malicious third-party applications, ABX provides visibility into anomalies across the entire cloud environment, not just email content.

By analyzing behavioral anomalies instead of relying on known threat indicators, ABX provides comprehensive protection against the next generation of AI-powered social engineering targeting cloud email.

Generative AI has given attackers an unprecedented opportunity to breach the enterprise with tailored attacks. Their primary point of exploitation remains the same: the trust inherent in human communication. Legacy defenses—built on rules, signatures, or static policies—cannot adapt fast enough to counter AI-powered social engineering.

Behavioral intelligence is not just a differentiator; it is the future of cloud email security. By continuously learning from each environment and grounding detection in identity, context, and risk, ABX equips enterprises with a defense layer designed for an era of rapid change.

The 2025 ABX report offers a clear view of how this foundation has evolved alongside attacker innovation, and why organizations adopting behavioral defenses today will be best positioned to withstand tomorrow’s threats.

Download the report to learn how Abnormal is redefining cloud email security for the age of AI.