Abnormal Security
Abnormal Security is an API-based cloud email security platform that uses behavioral and relationship intelligence to detect business email compromise, credential phishing, and account takeover attempts that evade signature- and gateway-centric controls.
Visit WebsiteCompany Overview
Abnormal Security provides cloud email security focused on social-engineering threats (BEC, vendor fraud, credential phishing, and account takeover) using behavioral anomaly detection and relationship/identity signals derived from email and collaboration telemetry. The platform is typically deployed via API integrations with major cloud email providers (e.g., Microsoft 365 and Google Workspace), enabling detection of attacks that contain no malware payloads or malicious URLs and therefore often bypass traditional secure email gateways.
Commercially, Abnormal competes in an increasingly consolidated email security market where incumbents (Proofpoint, Microsoft) and cyber platforms are expanding integrated offerings. Abnormal’s differentiation is strongest where detection quality for BEC and relationship-based fraud materially reduces financial loss and investigative workload; however, competitive pressure is driven by suite bundling (especially Microsoft), and by adjacent vendors offering similar API-based “post-delivery” remediation.
For defense and allied government customers, the dual-use value proposition is credible but execution-dependent: spearphishing and credential theft remain primary initial-access vectors for APTs, and behavioral/relationship-based detection can improve resilience against tailored impersonation and account takeover. Strategic relevance to the U.S.-Israel ecosystem is strengthened by the firm’s Israeli founder roots and reported Israel R&D footprint, but investability into government/defense missions hinges on verified compliance posture (e.g., FedRAMP/DoD impact levels), data residency controls, and demonstrated deployments in sensitive environments.
Dual-Use Assessment
Advanced email security has significant dual-use applications for protecting government and military personnel from targeted spear phishing and social engineering attacks. Defense and intelligence organizations face sophisticated nation-state adversaries conducting highly targeted email campaigns to compromise credentials and infiltrate classified systems.
Key Technologies
- API-based cloud email security for Microsoft 365 and Google Workspace (post-delivery detection/remediation)
- Behavioral anomaly detection for user and organization communication patterns
- Relationship/identity graph analytics for impersonation and BEC detection
- Account takeover detection using login/session and mailbox activity signals (where available)
- Automated triage and remediation workflows (quarantine/recall, policy enforcement, user reporting integration)
- Vendor/supply-chain email fraud detection (third-party impersonation and invoice/wire diversion patterns)
Use Cases & Applications
- Business email compromise (CEO/CFO/vendor impersonation) detection and response for enterprises
- Credential phishing and adversary-in-the-middle style social engineering detection in cloud mailboxes
- Account takeover detection and suspicious mailbox-rule/forwarding behavior monitoring
- Protection of government agencies and defense contractors from spearphishing and impersonation campaigns (subject to compliance)
- Executive protection for high-risk roles (finance, procurement, HR) and mission-critical programs
- Third-party/vendor communications monitoring for invoice fraud and supply-chain social engineering
Strategic Value to U.S.-Israel Alliance
Abnormal's behavioral AI provides allied defense and intelligence organizations with capabilities to defend against sophisticated nation-state spear phishing campaigns targeting personnel with access to classified information and sensitive systems.
Interested in this startup?
Learn more about our investment approach or get in touch to discuss opportunities in dual-use technology.