Employees engage with vendor email compromise (VEC) attacks at an average rate of 44%, underscoring how difficult these threats are to detect and avoid. As supply chains expand, attackers are increasingly able to blend into legitimate vendor communications, making fraudulent requests harder to distinguish from routine business.

Third-party involvement in breaches doubled in 2024, according to Verizon’s 2025 Data Breach Investigations Report. Meanwhile, vendor fraud, a common form of business email compromise (BEC), contributed to more than $51B in reported losses between 2013 and 2022.

Vendors represent a major risk dimension that has historically lacked consistent visibility, monitoring, and defense. That’s why Abnormal first introduced VendorBase, a living resource for tracking third-party risk using global, federated intelligence.

Schedule a demo to see VendorBase in action.

In this post, we take a closer look at what VendorBase does, why it matters, and how it helps security teams reduce vendor fraud without adding manual work.

VendorBase monitors vendor-to-employee interactions and aggregates risk signals across the Abnormal community. By surfacing high-risk vendors and suspicious communications, it helps security teams assess supply-chain threats and act quickly.

VendorBase also strengthens the Abnormal Behavior Platform by adding vendor behavioral context to detection decisions. It works alongside Abnormal’s other Knowledge Bases, which centralize and normalize the data used to make accurate judgments across tenants, third-party apps, employees, vendors, and threat intelligence.

VendorBase gives security teams two critical capabilities:

Continuous vendor discovery

Security teams often lack reliable visibility into which third-party vendors are actively interacting with users. That creates blind spots across one of the most common paths to compromise and delays proactive response.

VendorBase helps by automatically detecting when a new vendor interacts with users and creating a dedicated vendor profile. Each profile includes:

• associated vendor contacts

• internal users communicating with the vendor

• known domains

• common IP addresses

• common countries

• an activity timeline of email activity tied to the vendor

As new vendor representatives begin communicating with the organization, VendorBase updates the profile automatically. It also updates the list of internal users interacting with that vendor over time.

The result is better visibility into the vendor ecosystem and attack surface.

Continuous vendor risk analysis and scoring

Third-party risk remains a leading cause of breaches. Attackers exploit trusted vendor relationships by compromising legitimate accounts or impersonating them with realistic, context-aware attacks.

VendorBase addresses this by assigning each vendor a risk level and updating it continuously based on behavior such as suspicious email patterns, compromise indicators, or impersonation attempts. It also adjusts risk scores automatically when detecting relevant signals across Abnormal’s global community, harnessing the power of federated intelligence that doesn’t expose customer-specific data.

VendorBase also provides an evidence-based timeline of notable events involving a vendor. For each suspicious email, teams can quickly review:

• sender identity

• attack goal

• attack email details

• employee engagement

• recipients inside the organization

This helps analysts understand what changed, why it matters, and what to do next.

Supply-chain risk remains a top concern for security teams and business leaders, as attackers routinely exploit trusted vendor relationships as an entry point.

VendorBase is designed to prevent real-world losses, not just generate alerts. The impact is clear:

• $349M in prevented vendor fraud losses for Abnormal customers in 2023

• $36M invoice fraud attempt stopped by Abnormal (largest to date)

• 278% ROI delivered by the Abnormal Behavior Platform over three years, with VendorBase as a contributing factor (Forrester Total Economic Impact™ study)

To gain continuous visibility into vendor risk and reduce exposure to vendor fraud, schedule a demo and see VendorBase in action.