Homepage

Breadcrumbs

Abnormal AI provides advanced email security to prevent credential phishing, business email compromise, account takeover, and more.

Abnormal AI

Abnormal AI provides advanced cloud email security to prevent credential phishing, business email compromise, account takeover, and more.

What's New? Product Updates

description

security,privacy,email security,cloud email security,phishing protection

keywords

https://images.abnormalsecurity.com/production/images/blog/L_Whats-New_Open-Graph.png?w=1200&h=630&q=82&auto=format&fit=crop&dm=1761934528&s=1f5a6c375b1d978b7651c77775beffa8

referrer

robots

twitter:card

twitter:creator

twitter:description

https://images.abnormalsecurity.com/production/images/blog/T_Whats-New_Open-Graph.png?w=1012&h=506&auto=compress%2Cformat&fit=crop&dm=1761934531&s=cb1d798e5b3839211d481e540a6c4650

twitter:image

twitter:image:alt

twitter:image:height

twitter:image:width

twitter:site

twitter:title

{"title":{"title":"What's New? Product Updates | Abnormal AI"}}

Learn about recent enhancements, updates, add-ons, and new products in our AI-native email security platform.

What's New

vs Mimecast

vs Avanan

Secondary CTA

Whether FormComplete is utilized on a form

FormComplete

CTA Display

What text is displayed on the primary CTA (see sheet for details on copy)

Primary CTA Text

Form Columns

chakra-ui-ChakraProvider

Button

EntriesCardWhatsNew

Select

BladesDynamicContentSections

Pagination

PagePropsProvider

Overlay

EmbeddedVideo

Divider

SocialShare

FormComponent

EntriesFilteringWhatsNew

WhatsNewMainPage

Footer

Container

OptionGroup

Option

Prose

HeaderSpacing

FormFields

SearchInput

Screen

PrimaryCtaText

FormColumns

CtaDisplay

VsMimecast

SecondaryCta

VsAvanan

Abnormal Solutions

react-awesome-reveal

lottie-react

date-fns

plasmic-nav

react-scroll-parallax-global

plasmic-embed-css

Abnormal Pages

Abnormal Careers

loading-boundary

plasmic-query

plasmic-basic-components

Abnormal Legal

Abnormal Why Abnormal

Abnormal Landing Pages

react-aria

plasmic-rich-components

Abnormal Partners

Abnormal Products

Abnormal Design System

Abnormal Marketing

antd5 hostless

react-slick

Abnormal now supports the promotions folder as a nested folder across both M365 and GWS, allowing end users to move it anywhere in their mailbox. This gives users greater flexibility and control over how they organize their mailboxes.

Email Productivity

End users can now move their Promotions folders anywhere in their mailbox.

Nested Folders for Graymail

Enhancement

Weekly Detection Enhancements - Week of October 31
<ul><li>Increased precise of detection of lookalike threats, reducing missed attacks.</li><li>Improved detection of impossible travel events in Account Takeover Protection</li><li>Enhanced accuracy of VPN identification in Account Takeover Protection </li><li>Enhanced ability to identify obfuscated malicious content in emails.</li></ul>

Inbound Email Security

A weekly summary of detection enhancements delivered by the Abnormal engineering team.

Weekly Abnormal Detection Enhancements

<h4>URL Rewriting now provides deeper visibility into how and why links are protected. With new explainability features and detailed click-event data, Abnormal makes link protection more transparent for users and more powerful for security teams.</h4>
<h4>With this release:</h4>
Enhanced Explainability
<ul>
<li>
Shows the reason a URL was rewritten to build user trust and reduce false-positive perception
</li>
<li>
Displays context in the Click Tracking Dashboard, end-user warning page, and SIEM Clicked Events
</li>
</ul>
Clicked Events for SIEM
<ul>
<li>
Publishes standardized click-event data, including user, link, and threat details
</li>
<li>
Delivers richer telemetry for investigation, automation, and real-time monitoring
</li>
</ul>
Together, these enhancements make link protection easier to understand, investigate, and act on, helping teams respond faster and with greater confidence.

We’ve introduced new capabilities that make investigations faster, link protection more transparent, and threat response more data-driven.

URL Rewriting: Enhanced Explainability

<h4>Abnormal judgments now appear alongside Microsoft’s in the Quarantine Release view, helping analysts make faster and more confident release decisions directly in Search &amp; Respond.</h4>
<h4>With this release:</h4>
<ul><li>Side-by-Side Judgments: View Microsoft and Abnormal judgments together for each quarantined message</li>

<li>Abnormal Scoring for Microsoft Quarantine Messages: Applies Abnormal’s behavioral scoring to all Microsoft Quarantine messages</li>

<li>Filtering by Abnormal Judgment: Filter quarantined messages by Abnormal judgment, such as Safe, Suspicious, or Malicious</li></ul>
Broader Time-Based Searches in Search &amp; Respond for All Abnormal Messages
<ul>
<li>
Filter messages by Received Time only, without adding sender, subject, or recipient filters
</li>
<li>
Run broad, time-based queries for audits, investigations, and forensics with ease</li></ul>
These enhancements extend Abnormal’s single pane of glass for email investigation, reducing time to decision and increasing confidence across Microsoft 365 environments.

Abnormal judgments now appear alongside Microsoft’s in the Quarantine Release view, helping analysts make faster and more confident release decisions.

Quarantine Release with Abnormal Scoring

<h4>Inbox Insights is now Email Digest, offering clearer context and a cleaner experience for end users. The update adds sender and subject details, simplifies long sections, and delivers a more intuitive format that makes digest reviews faster and easier.</h4>
<h4>With this release:</h4>
<ul><li>Rename: Inbox Insights to Email Digest: Introduces a clearer, more user-friendly name</li>

<li>More Context for End Users: Adds sender and subject details to daily and weekly digests</li>

<li>Concise by Design: Displays up to 50 remediated emails per section for easier review</li>

<li>De-branded Experience: Removes product branding from subject and body to reduce confusion</li></ul>
These improvements make digests more useful and approachable for every user, helping organizations drive greater engagement and clarity in email security notifications.

Inbox Insights is now Email Digest, offering clearer context and a cleaner experience for end users.

Email Digest: Evolving from Inbox Insights

<h4>Calendar invites have become a new phishing vector. Abnormal now automatically removes malicious or unwanted events linked to remediated emails, helping organizations maintain clean, trusted calendars.</h4>
<h4>With this release:</h4>
Automatic Removal of Malicious Calendar Invites
<ul>
<li>
Detects and deletes .ics and embedded calendar events tied to remediated messages
</li>
<li>
Removes malicious and unwanted calendar invites from end-user calendars
</li>
</ul>
New Calendar Invite Attack Insight
<ul>
<li>
Surfaces calendar-based attack activity directly in the Threat Log for faster investigation
</li>
</ul>
By extending remediation to calendar events, Abnormal closes a common phishing gap and ensures Microsoft 365 environments stay safer and easier to manage.

Calendar invites have become a new phishing vector. Abnormal now automatically removes malicious or unwanted events linked to remediated emails

O365 Calendar Invite Attack Remediation

Functional Release

AI Phishing Coach now delivers phishing simulations and just-in-time coaching in employees’ preferred languages, creating a more inclusive and effective training experience for global teams.
With this release:<ul><li>Automatic language detection from GWS or M365 user profiles</li><li>Localized simulations, just-in-time coaching, and email reminders</li><li>Delivers seamless, inclusive training experiences for global teams</li></ul>
By localizing phishing simulations and training, AI Phishing Coach helps organizations engage employees worldwide, increase understanding, and strengthen security culture across every region.

AI Phishing Coach

AI Phishing Coach now delivers phishing simulations and just-in-time coaching in employees’ preferred languages, creating a more inclusive and effective training experience for global teams.

Multi-language Simulations & Coaching

The revamped Simulation Settings Page introduces a smarter, more flexible way to manage simulations. Admins can now fine-tune frequency, targeting, and content through an intuitive, self-service interface.
With this release:
<ul><li dir="ltr">Streamline setup with intuitive controls and guided defaults </li><li dir="ltr">Clear visibility into simulation cadence, audience targeting, and email signatures </li><li dir="ltr">Self-service tools to fine-tune simulation schedules, exclusions, and training content</li></ul>
These new capabilities empower admins with greater control and flexibility, enabling faster onboarding and easier scaling across the organization.

A revamped Simulation Settings experience gives admins greater controls over simulation cadence, targeting, and training content while accelerating onboarding and scaling across the organization without sacrificing autonomy or personalization.

Revamped Simulation Settings in AI Phishing Coach

Simulation Guidelines give admins intelligent, AI-powered control over phishing simulations through simple natural language prompts. Admins can direct the system to prioritize or exclude specific content to ensure every campaign aligns with organizational goals and security priorities.
With this release:
<ul><li dir="ltr">AI-powered simulation control that refines which simulations are delivered or excluded </li><li dir="ltr">Flexible inclusion and exclusion of training topics, difficulty levels, or behavioral themes </li><li dir="ltr">Adaptive optimization that updates Auto-pilot’s simulations based on admin feedback</li></ul>
By combining human guidance with AI intelligence, Simulation Guidelines help organizations deliver phishing simulations that are relevant, compliant, and on-brand while keeping administration effortless and efficient.

An AI-driven way to refine simulation selection. Admins can use natural language prompts to guide training content to prioritize or avoid based on organizational goals.

AI-powered Simulation Guidelines

Weekly Detection Enhancements - Week of October 24
<ul><li>Enabled more accurate detection of attacks leveraging links in subject lines</li><li>Improved campaign group correlation logic for attacks with similar characteristics</li></ul>
Other Velocity Enhancements <ul><li>Enabled faster and more flexible message search and review in Search and Respond, with "date" as the only required selector</li></ul>

Admins can now view each employee’s simulation status along with their Manager, Department, and Office Location directly in the AI Phishing Coach UI or via CSV export. These expanded metrics unlock richer visibility into training performance across every level of the organization.
With this release: 
<ul><li dir="ltr">Get clear visibility into phishing simulation performance across your organization</li><li dir="ltr">Easily track employee progress and completion with a new coaching status</li><li dir="ltr">Uncover trends by manager, department, or location to pinpoint areas for improvement</li></ul>
This enhancement empowers admins to better understand and strengthen their organization’s security readiness.

This release expands reporting to include each employee’s simulation status along with their manager, department and location to help identify trends, measure training impact and strengthen organizational security readiness.

Expanded Reporting Metrics for AI Phishing Coach Simulations

Weekly Detection Enhancements - Week of October 17
<ul><li>Improved campaign consistency and message grouping, ensuring similar executive impersonation attack campaigns are grouped and remediated reliably.</li><li>Improved vendor fraud detection for lookalike domains.</li><li>Improved detection of password spray attacks in Account Takeover Protection.</li><li>Enhanced Okta integration to enable enhanced processing of authentication signals in Account Takeover Protection. </li></ul>

Employees will now experience realistic credential phishing simulations for popular platforms like Google, Microsoft, LinkedIn, X, Apple, Stripe, and GitHub. This new capability goes beyond tracking clicks—identifying who is actually willing to enter credentials and expose real breach risk, then turning those moments into instant training opportunities.
With this release:
<ul><li dir="ltr">Employees experience authentic credential phishing pages that mimic real-world logins </li><li dir="ltr">Automatic failure triggers when credentials are entered or sharing intent is detected </li><li dir="ltr">Just-in-Time coaching and credential phishing quizzes appear immediately after failure</li></ul>
Credential Phishing helps employees recognize credential harvesting attacks and reinforces safer security habits for lasting behavior change.

Realistic credential phishing simulations expose behaviors that lead to breach risk, turning those high-risk moments into instant, personalized training that builds safer security habits and lasting behavior change.

Credential Phishing Now in AI Phishing Coach

Weekly Detection Enhancements - Week of October 10<ul><li>Enhanced phishing simulation detection for training emails</li><li>Reduced false positives in claims-related email detection</li><li>Reduced false positives for legitimate voicemail-to-email notifications</li><li>Improved detection of account compromises through internal email analysis</li><li>Enhanced detection of attacker-controlled phone scams utilizing uncommon top-level domains</li><li>Strengthened identification of impersonation attacks targeting non-Outlook environments</li></ul>

Upload, generate, and begin training in just 30 minutes. Now available to customers, this feature leverages AI to generate branded video training content—no Abnormal support required. Simply upload your company’s logo and a short description to generate branded training videos—ready to use in minutes.
How to Configure:
<ol><li dir="ltr">Go to Settings, Select AI Phishing Coach.</li><li dir="ltr">Underneath Generate Video Training Content, upload your company logo and a short description.</li><li dir="ltr">Save changes to generate training videos automatically.</li><li dir="ltr">After 30 minutes, preview your videos and begin scheduling trainings for employees.</li></ol>

Create branded training videos in minutes—just upload your logo and a short description. Available now, this AI feature lets you upload, generate, and start training in under 30 minutes.

Self-Service Video Training Generation in AI Phishing Coach

Security awareness admins can now access an audit log of AI Phishing Coach simulation reports for reliable, on-demand visibility. Reports are generated asynchronously, ensuring access whenever needed. The audit log provides a full history of simulation activity, making it easy to review past reports or generate new ones with confidence. This enhancement streamlines compliance and cyber insurance workflows, giving admins more flexibility and control in managing training report data.

Security awareness admins can now generate and access an audit log of AI Phishing Coach simulation reports for reliable, on-demand visibility.

Audit Log for AI Phishing Coach Simulation Reports

Security Posture Management now provides exposure impact and time-to-fix insights directly in Posture Details. Teams can evaluate not just the risk of an issue, but also the consequences of exposure and how long remediation is likely to take.
With this release:
<ul><li dir="ltr">Exposure impact highlights the business and security consequences of each posture </li><li dir="ltr">Time-to-fix estimates help teams understand remediation timelines </li><li dir="ltr">Risk, exposure, and time context are shown together for more effective prioritization These insights give customers a more complete picture of remediation priorities, helping them act quickly, align across teams, and drive measurable outcomes. <img src="https://images.abnormalsecurity.com/production/images/MKT1083-Posture-Priority-Assessment_L2R1.png?w=768&q=82&auto=format&fit=clip&dm=1759236674&s=3cb1fdcedbf19e7a626e5e93eaa37d2c" alt="Priority Assessments in SPM" />
 </li></ul>

Security Posture Management

Security Posture Management now provides exposure impact and time-to-fix insights directly in Posture Details. Teams can evaluate not just the risk of an issue, but also the consequences of exposure and how long remediation is likely to take.

Priority Assessment & Improved Risk Filtering in Security Posture Management

We’ve extended Role-Based Access Controls (RBAC) beyond VendorBase to PeopleBase, AppBase, TenantBase, ThreatIntelBase, giving administrators granular visibility and permission controls.
Why it matters:
<ul><li dir="ltr">Enhanced Security: Limit Knowledge Base access by role or team</li><li dir="ltr">Improved Compliance: Aligns with least-privilege and governance standards</li><li dir="ltr">Flexible Access: Configure permissions per Knowledge Base</li></ul>

Platform

We’ve extended Role-Based Access Controls (RBAC) beyond VendorBase to PeopleBase, AppBase, TenantBase, ThreatIntelBase, giving administrators granular visibility and permission controls.

RBAC for Knowledge Bases

Powered by the combined work of our machine learning engineers and detection team, we’ve made significant improvements to our detection accuracy.
Smarter Core Models
Our core detection models now leverage 50% more features and advanced architectures, enabling proactive identification of more than 30,000 additional attack campaigns each week, without increasing false positives.
Expanded Phishing Coverage
We’ve added 27 new detectors for internal impersonation, brand impersonation, and compromised sender attacks. These updates are already blocking over 60,000 additional phishing attempts weekly and have reduced missed detections by 30%.
Stronger Campaign Consistency
Campaign consistency has been extended beyond ATTACK and SPAM to also include SAFE and GRAYMAIL. This delivers a 4% improvement in AI Security Mailbox consistency and a 1% boost in message campaign consistency, ensuring more reliable classification across all message types.
These enhancements reflect our ongoing investment in people and AI-enabled systems, expanding protection against evolving attacks while keeping operations efficient and burden-free for security teams.

Detection

Powered by the combined work of our machine learning engineers and detection team, we’ve made significant improvements to our detection accuracy.

Detection Accuracy Enhancements

Additional R&amp;D Accomplishments 
<ul><li dir="ltr">Enhanced detection of PayPal impersonation scam campaigns</li><li dir="ltr">Strengthened identification of payload domain links attacks</li><li dir="ltr">Improved detection of compromised senders using Vercel.app hosting for phishing pages</li><li dir="ltr">Advanced detection of technical support scams utilizing WebP file extensions</li><li dir="ltr">Enhanced identification of email impersonation attacks from hosting services with lookalike body content</li><li dir="ltr">Bolstered identification of malicious campaigns featuring lengthy sender addresses and unusual display names</li></ul>

Additional enhancements delivered by the Abnormal engineering team.

AI Phishing Coach now delivers annual training as a library of micro-learning videos that are easy to digest, drive higher engagement, and improve knowledge retention. Instead of one long video, employees complete five focused trainings on the topics customers ask for most—Introduction, Threat Awareness, Emerging Threats, Ethical &amp; Social Responsibility, and Best Practices. This shift reduces fatigue, increases completion rates, and ensures employees retain critical security concepts more effectively.

AI Phishing Coach now delivers annual training as a library of micro-learning videos that make content digestible, boost engagement, and strengthen retention.

Micro-Learning Video Library

You can now integrate Microsoft Teams Messaging Security in just one click, making it faster to protect Teams messages from malicious content.
With the new One-Click Integration:
<ul><li dir="ltr">Onboard Messaging Security with a simple, secure one-click flow – no manual scripts or multi-step setup required</li><li dir="ltr">Microsoft per-message charges are eliminated → no added cost for you</li><li dir="ltr">Deploy in minutes</li></ul>
Existing Messaging Security customers need to re-integrate using the One-Click Integration to access upcoming Messaging Security enhancements, including protection with no Microsoft per-message charges and Manual Remediation.
This capability is available to all new and existing Messaging Security customers at no additional cost. Please reach out to your Abnormal Representative for guidance on getting started.

Explore Microsoft Teams Messaging Security <a href="https://abnormal.ai/products/messaging-security">here</a>.

Messaging Security

Integrate Microsoft Teams Messaging Security in one click to quickly protect your Teams environment from malicious content.

One-Click Integration for Microsoft Teams Messaging Security

Customers with Messaging Security can now manually delete malicious Microsoft Teams messages directly from the Threat Log. This gives you admin control to remove threats across Teams channels and direct messages.
To remediate a malicious message in Teams:
<ol><li dir="ltr">Go to Threat Log </li><li dir="ltr">Locate the malicious Teams message </li><li dir="ltr">Click Select Remediation Options </li><li dir="ltr">Select Block, then click Remediate to delete the message from Teams</li></ol>
What happens next:
<ul><li dir="ltr">Recipients and channel participants see a tombstone icon with the text, "This message has been deleted.”</li><li dir="ltr">The sender sees that their message is blocked.</li></ul>
This new capability helps reduce exposure from post-delivery threats and enhances visibility and control across Microsoft Teams.
Note: To access this capability, new and existing customers must complete the new One-click Integration for Microsoft Teams.

Explore Microsoft Teams Messaging Security <a href="https://abnormal.ai/products/messaging-security">here</a>.

Delete malicious Microsoft Teams messages directly from the Threat Log for immediate threat control across channels and direct messages.

Manual Remediation for Microsoft Teams Threats

You can now export your application inventory data directly from AppBase, making it easier to see and analyze all of the third-party applications (e.g. OAuth apps) connected to your Microsoft 365 tenant.* Third-party applications have substantial access to sensitive data, including the ability to read/write end-user emails, files, and calendar invites. 
To export your AppBase data: 
<ul><li dir="ltr">Navigate to AppBase </li><li dir="ltr">Click Export to CSV</li><li dir="ltr">The download will start automatically.</li><li dir="ltr">If you select multiple tenants, the CSV will include a Tenant column</li></ul>
*AppBase is a no-cost feature available only for Microsoft 365 tenants.

Analysts can now export their Microsoft 365 application inventory data directly from AppBase.

Export AppBase Data to a CSV

We’ve enhanced our AI Phishing Coach with Just-in-Time Quizzes to ensure employees retain security knowledge, and don't simply click “acknowledge". The new quizzes are automatically-generated, relevant assessments that can be found on each coaching landing page, validating employee understanding and closing the training loop. Employees who don’t complete the quiz and acknowledge the training get reminders after 24 hours and again after 7 days. This enhancement empowers employees to apply their learnings and practice safer behaviors, fostering a more resilient security culture.

We’ve enhanced our AI Phishing Coach with Just-in-Time Quizzes that validate employee understanding, reinforce safer behaviors, and foster a stronger security culture.

Just-in-Time Quizzes & Reminders for AI Phishing Coach

We’ve enhanced the Simulation Timeline to now include Email Open Tracking. In addition to clicks, organizations can now see when users first open a simulated phishing email, with this engagement data logged and displayed directly in each user’s simulation timeline within Abnormal's AI Phishing Coach. This enhancement gives security teams deeper insight into how employees interact with phishing simulations from the very first touchpoint—helping to track engagement and identify risky behaviors.

Track users' activity from the very first touchpoint with Email Open Tracking, giving security teams deeper insight into engagement and risky behaviors.

Enhanced Simulation Visibility with Email Open Tracking

We’ve introduced several updates to improve detection accuracy and simplify graymail management:
<h3>Graymail Detection Service</h3>
<ul><li>Improved efficacy of graymail detection</li><li>Auto-safelisting of all conversation participants, not just the original sender</li></ul>
<h3>Role-Based Access Controls (RBAC)</h3>
<ul><li>Control who can view the Graymail Dashboard</li><li>Manage who can adjust Email Productivity settings</li></ul><h3>Bypass Filter Management Enhancements</h3>
<h6>Wildcard &amp; CIDR Support</h6>
<ul><li>Wildcard domains (e.g., *.company.com, company.*.com, company.*)</li><li>CIDR IP ranges (e.g., 192.168.1.0/24)</li></ul>

<h6>​​Bulk Upload via CSV</h6>
<ul><li>Upload multiple bypass rules at once (domains, emails, IPs)</li></ul>

<h6>Search, Sort &amp; Filter</h6>

<ul><li>Search by domain, email, or IP</li><li>Filter by type (domain, email, IP) or tenant (multi-tenant support)</li><li>Sort by created date, last modified, or alphabetically</li></ul>
<h6>CSV Export</h6>

<ul><li>Export all rules or filtered results</li><li>Includes metadata: type, value, tenant, creation date, comments</li></ul>
<h6>Multi-Tenant &amp; Segmented SaaS Support</h6>


<ul><li>Scope rules to specific tenants</li><li>Portal Tenant Admins see/manage only their tenant’s rules</li><li>Portal Global Admins can manage all tenants or create global rules</li></ul>

We've rolled out several enhancements to Email Productivity to improve detection accuracy and simplify graymail management.

Email Productivity Enhancements

Abnormal now allows configuration of Account Takeover remediation settings separately for each tenant. This gives customers the flexibility to tailor remediation settings to the specific needs of each tenant they manage.
To configure:
<ul><li>Go to Settings &gt; Account Takeover</li><li>Click 'Add Custom Settings'</li></ul>
<img src="https://images.abnormalsecurity.com/production/images/ATO-Per-Tenant-Remediation-Settings.png?w=768&q=82&auto=format&fit=clip&dm=1755570434&s=51ea6a1ed217ef9545595d16e1ccdff4" alt="Account Takeover Per Tenant Remediation Settings" />

Account Takeover Protection

Customize Account Takeover remediation settings per tenant depending on the needs of your organization.

Per-Tenant Remediation Configuration for Account Takeover

Customers can now receive automatic threat alerts via email when Abnormal detects a high-severity threat in Microsoft Teams. Alerts include key details to help security teams quickly assess and respond.
To configure Threat Alerts for Microsoft Teams:
<ol><li dir="ltr">Navigate to Settings &gt; Notifications &gt; Microsoft Teams Messaging Security </li><li dir="ltr">Add individual recipients for alert notifications</li></ol>

Learn more about our Microsoft Teams Messaging Security <a href="https://abnormal.ai/products/messaging-security">here</a>.

Stay ahead of high-severity Teams threats with automatic email alerts that deliver actionable threat context for faster investigation and response.

Threat Alerts for Microsoft Teams

Abnormal now allows portal admins to fully manage their list of VIPs via Settings. You can manually add or remove individuals, and customize which job titles are used to automatically tag VIPs. This update gives organizations greater flexibility and accuracy in aligning VIP tagging with their unique structure without needing to make a support request.
To manage VIP's:
<ul><li>Go to Settings &gt; VIP Management</li><li>Click Manage VIPs</li></ul>

<img src="https://images.abnormalsecurity.com/production/images/MKT1010-Screenshot-for-Pendo-image.png?w=768&q=82&auto=format&fit=clip&dm=1756830998&s=36f7d8bf015d7060ed6592e111a44f4c" alt="VIP Management" />
Note: VIP Management is not currently available for Legacy EU datacenter customers.

Fine-tune VIP tagging to fit your organization.

VIP Management Settings

With expanded role-based access in AI Phishing Coach, organizations can now delegate phishing simulation management beyond global admins. Granting custom roles the ability to configure, manage, or test simulations empowers security teams to share responsibilities, speed up operations, and tailor access to each team member’s expertise. This enhancement improves efficiency, strengthens collaboration, and ensures simulation programs run smoothly without over-reliance on a single administrator.

Expanded role-based access in AI Phishing Coach lets organizations delegate simulation management beyond global admins, improving collaboration and program continuity.

Access Simulation Settings with Custom Roles

As Microsoft 365 environments become more complex, accidental misconfigurations are now a leading cause of cloud email vulnerabilities. The growing number of applications, layered settings, and fragmented ownership create blind spots and accidental openings that threat actors like Midnight Blizzard have exploited in the past.
The new Security Posture Management (SPM) add-on continuously detects misconfigurations across your users, apps, and tenants, giving your security teams the visibility and control they need to stay ahead of attackers. Now Available.

Continuously find and fix critical Microsoft 365 misconfigurations across your cloud email environment.

Announcing Security Posture Management for Microsoft 365

Major Release

Customers now have complete control to configure safelists and/or blocklists directly within URL Settings in the Abnormal Portal. 
To add a domain or URL:<ul><li>Navigate to Settings &gt; Message Remediation </li><li>Click on the URL Rewriting tab</li><li>Click ‘Add Entry’ for URL Rewriting Safelist and Blocklist</li></ul>
<img src="https://images.abnormalsecurity.com/production/files/safelist_blocklist-feature.png?w=768&q=82&auto=format&fit=clip&dm=1754322979&s=c480c1d176e27f56157caec23d8b68e1" alt="URL Rewriting Safelist and Blocklist" />

Note: URL Rewriting is not currently available for Gyre or Google Workspace customers.

Customers now have complete control to configure safelists and/or blocklists directly within URL Settings in the Abnormal Portal.

URL Rewriting: Safelisting and Blocklisting Self-Service

We’ve redesigned the Just-in-Time coaching pages in AI Phishing Coach to make them more engaging and easier to understand. The updated experience includes clearer structure, richer visuals, and stronger alignment between the simulation email and the coaching content. It also highlights behavioral insights more prominently to help users understand why the simulation was relevant to their role. This update addresses key customer feedback and is especially impactful for coaching senior employees more effectively.

The Just-in-Time coaching experience now features a more visual, structured, and personalized design to better engage end users and reinforce trust in training.

Enhanced Just-in-Time Coaching Experience in AI Phishing Coach

Abnormal now continuously analyzes login history using newly identified indicators of compromise (IOCs). When a historical login matches emerging IOCs, Abnormal automatically creates a new ATO case or updates existing case confidence levels and provides enriched threat context to help accelerate investigation.
This update to ATO leverages signals across the Abnormal customer base to strengthen case accuracy over time, which helps security teams detect and respond to threats with greater confidence.
Now Available.

Boost Account Takeover (ATO) detection confidence based on newly available intelligence about threat indicators.

Automated Threat Hunter for Account Takeover Protection

Enhance reliability and simplify deployment with direct push-based delivery.
Abnormal now offers a push-based integration for Microsoft Sentinel, allowing you to stream security event data directly into your Log Analytics Workspace without relying on polling or custom Function Apps.
This update eliminates missed events, reduces configuration complexity from multiple components to just a Log Analytics Workspace, and expands data coverage to include Vendor Cases, Posture Changes, and Audit Logs. It is available alongside our existing pull-based model, giving you more flexibility in how you connect to Sentinel.
Now available.

Streamline your Sentinel deployment with our new push-based integration for faster setup, broader coverage, and greater reliability.

Nonstop Innovation. That’s Abnormal.

Get the Latest Insights