Detection

Homepage

Breadcrumbs

Abnormal AI provides advanced email security to prevent credential phishing, business email compromise, account takeover, and more.

Abnormal AI

Abnormal AI provides advanced cloud email security to prevent credential phishing, business email compromise, account takeover, and more.

Aggregate Detection Model Enhancements

description

security,privacy,email security,cloud email security,phishing protection

keywords

https://images.abnormalsecurity.com/production/images/L_Abnormal-homepage_Opengraph.png?w=1200&h=630&q=82&auto=format&fit=crop&dm=1740090372&s=5d61b4c2e242be3ca70dfe1d54859b11

https://abnormal.ai/products/whats-new/aggregate-detection-model-enhancements

referrer

robots

twitter:card

twitter:creator

twitter:description

twitter:image

twitter:image:alt

twitter:image:height

twitter:image:width

twitter:site

twitter:title

{"title":{"title":"Aggregate Detection Model Enhancements | Abnormal AI"}}

Abnormal now detects suspicious file-sharing behavior with new aggregate signals that analyze sender and recipient patterns across third-party services.

Enhancement

Named a 2025 Gartner® Peer Insights™ Customers’ Choice for Email Security

vs Mimecast

vs Avanan

Secondary CTA

Whether FormComplete is utilized on a form

FormComplete

CTA Display

What text is displayed on the primary CTA (see sheet for details on copy)

Primary CTA Text

Form Columns

chakra-ui-ChakraProvider

WhatsNewEntry

BladesDynamicHeroBlade

Button

EntriesCardWhatsNew

BladesDynamicContentSections

PagePropsProvider

EmbeddedVideo

Divider

SocialShare

FormComponent

BreadcrumbItem

Footer

Container

Prose

HeaderSpacing

FormFields

Screen

PrimaryCtaText

FormColumns

CtaDisplay

VsMimecast

SecondaryCta

VsAvanan

Abnormal Solutions

react-awesome-reveal

lottie-react

date-fns

plasmic-nav

react-scroll-parallax-global

plasmic-embed-css

Abnormal Pages

loading-boundary

plasmic-query

plasmic-basic-components

Abnormal Legal

Abnormal Why Abnormal

Abnormal Landing Pages

react-aria

plasmic-rich-components

Abnormal Partners

Abnormal Products

Abnormal Design System

Abnormal Marketing

antd5 hostless

react-slick

Multiple enhancements that detect anomalies in the aggregate have been added to our detection model.
To better detect malicious use of third-party hosting services like OneDrive and DocuSign, Abnormal added aggregate signals on the sender and recipient level for file-sharing domains. Using frequency metrics, the new aggregate signals detect how often a user sends document-sharing links and how often recipients receive uncommon file-sharing domains to help identify suspicious file-sharing behavior.

As threat actors are constantly shifting that tactics to increase their success rate, we’ve seen the use of image anchors weaponized to contain malicious links. The updated detection model also better identifies images correlated with these types of hidden malicious payloads.

Aggregate Detection Model Enhancements

Get the Latest Insights