Does Abnormal support Google Workspace or just Microsoft 365?

Both. Abnormal deploys via API to Microsoft 365 and Google Workspace with the same behavioral detection engine. Over half of technology-sector engagements run on Google Workspace — it is a first-class platform, not an afterthought.

Can Abnormal detect OAuth consent phishing and token-based attacks?

Yes. Abnormal correlates email-based consent lures with identity signals — authentication events, device changes, and suspicious app grants — to detect OAuth phishing across the full kill chain, from initial lure through token persistence.

We have an internal security engineering team. Why not build this ourselves?

You can build basic phishing detection. You cannot build behavioral baselines federated across 25% of the Fortune 500. VendorBase aggregates vendor compromise intelligence across thousands of enterprise environments — that network effect is structurally impossible to replicate internally. CrowdStrike builds security products for a living and chose Abnormal to protect their own people.

What happens if Abnormal blocks a legitimate email?

It happens — rarely. Abnormal achieves 99.99% detection accuracy with near-zero false positives. When a legitimate message is quarantined, it is easy to release with one click. The platform learns from that correction immediately. In head-to-head tests, Abnormal generates 75% fewer false positives than competing solutions.

How long does deployment take, and do we need to change MX records?

No MX changes, no mail rerouting, no transport rules. Abnormal connects via API in under 60 seconds. It runs passively during proof-of-value — zero risk to your mail flow. Most technology customers are fully deployed within a day.

Technology

Your stack trusts the sender. Abnormal knows the behavior.

Your team stops OAuth phishing, vendor compromise, and BEC targeting IT, engineering, and finance staff — deployed via API in minutes, no MX changes.

Request a Demo

$0B

BEC losses reported to the FBI in 2024 — second costliest cybercrime category

FBI IC3 2024 Internet Crime Report

Of companies experience at least one account takeover attempt every month

Barracuda 2025 Email Threats Report

BEC attacks caught monthly per customer that your gateway marked safe

Abnormal Platform Data

Take A Product Tour

The Challenge

Your Gateway Passes Every Attack That Looks Like a Colleague

OAuth Consent Phishing from Trusted Productivity Platforms

Attackers send consent requests through legitimate platforms like Google Drive or Microsoft 365.

Vendor Account Compromise Inside Active Deal Threads

A compromised vendor replies within an existing procurement thread with updated payment details.

Executive Impersonation with Zero Malicious Indicators

An attacker sends a text-only email from a look-alike domain requesting an urgent wire transfer.

Lateral Phishing from Compromised Internal Accounts

An employee's account is taken over via credential stuffing.

Payroll Diversion Targeting HR during Onboarding Cycles

Attackers impersonate new hires or contractors requesting direct deposit changes during high-volume onboarding periods.

Real Incident

AAcompromisedcompromisedvendorvendorrepliesrepliesinsideinsideaalegitimatelegitimateprocurementprocurementthreadthreadwithwithupdatedupdatedwirewireinstructionsinstructions——SPFSPFpasses,passes,DKIMDKIMvalidates,validates,thethedomaindomainisisallow-listedallow-listed——andandyouryourgatewaygatewaydeliversdeliversititstraightstraighttotoaccountsaccountspayablepayablebecausebecauseeveryeverytechnicaltechnicalcheckcheckreturnsreturnsclean.clean.

Based on a real customer incident

How It Works

Behavioral AI for Technology

Know When Your Vendors Are Compromised before the Attack Email Arrives

VendorBase federates vendor risk intelligence across 25% of the Fortune 500. When a vendor is compromised at any Abnormal customer, that signal protects your organization immediately — cross-customer behavioral intelligence that no internal security engineering team can replicate alone.

Detect Account Takeover across Email and Identity in Seconds

Abnormal correlates authentication anomalies, device changes, MFA events, and email behavior to identify compromised accounts — including internal lateral phishing that gateway solutions structurally cannot see because they only inspect the perimeter. Email Account Takeover Protection

Threats Removed before Your Engineers Engage

Malicious messages are auto-remediated from inboxes without SOC intervention. No rules to write, no policies to tune, no detection engineering burden on your team. Customers spend fewer than 30 minutes per week in the Abnormal portal. Inbound Email Security

Over 25% of the Fortune 500 Trust Abnormal AI to Make Automated, Critical Security Decisions

Our Impact

What Technology Leaders Are Saying About Abnormal AI

“It's a set-it-and-forget-it win on the defence side, and it's a win on the experience side because it gives our users a more secure and easier email experience.”

Marc Bown

CISO, REA Group

“This was an easy solution to sell to management: ‘I'm going to improve our email and cut our bill in half.’”

Steve Tieland

Senior Director, Corporate Security Operations, Pegasystems

Abnormal powers over 4,500 customers, including over 25% of the Fortune 500.

Customer Stories

FAQ

Related Resources

Industry Briefs

Abnormal for the Technology Industry

Discover the AI-based email security platform that protects technology companies from the full spectrum of email attacks.

Webinars

The Detection Gap: Why AI-Powered Attacks Are Winning Against Legacy Email Security

Watch this on-demand webinar to learn how AI-powered BEC attacks bypass secure email gateways, and how behavioral AI can detect what legacy tools miss.

White Papers

The Essential Guide to Human Risk Management

Learn why traditional security awareness training fails to reduce real-world risk and how modern human risk management helps organizations measure and reduce risky behavior over time.

View All Resources

See the Attacks Your Gateway Marked Safe Last Month

Request a demo to see Abnormal detect BEC, vendor compromise, and account takeover in your environment — results in 48 hours.

Request a Demo

Identity & AI Security

Platform

Product Resources

Support

Featured

Thought Leadership

Featured

Company

News & Events

Featured

Your stack trusts the sender. Abnormal knows the behavior.

Your Gateway Passes Every Attack That Looks Like a Colleague

OAuth Consent Phishing from Trusted Productivity Platforms

Vendor Account Compromise Inside Active Deal Threads

Executive Impersonation with Zero Malicious Indicators

Lateral Phishing from Compromised Internal Accounts

Payroll Diversion Targeting HR during Onboarding Cycles

Behavioral AI for Technology

Know When Your Vendors Are Compromised before the Attack Email Arrives

Detect Account Takeover across Email and Identity in Seconds

Threats Removed before Your Engineers Engage

Over 25% of the Fortune 500 Trust Abnormal AI to Make Automated, Critical Security Decisions

What Technology Leaders Are Saying About Abnormal AI

“It's a set-it-and-forget-it win on the defence side, and it's a win on the experience side because it gives our users a more secure and easier email experience.”

“This was an easy solution to sell to management: ‘I'm going to improve our email and cut our bill in half.’”

FAQ

Related Resources

See the Attacks Your Gateway Marked Safe Last Month