Abnormal AI
Behavioral AI for BEC, vendor email compromise, and account takeover detection
Abnormal AI built one of the first email security platforms designed specifically to detect socially engineered attacks (BEC, vendor email compromise, account takeover) using behavioral AI rather than signatures or URL inspection. The platform learns each user's normal communication patterns and flags deviations. Deployed via M365 or Google Workspace API, often as a layer on top of an existing gateway, Abnormal is a strong specialist choice for organizations with heavy BEC exposure.
Behavioral AI email security for the post-malware era
Traditional email security finds known-bad URLs, attachments, and signatures. Abnormal takes a different angle: it learns each user's normal email behavior (who they email, who emails them, what they discuss, tone, timing, devices) and flags anomalous messages that suggest BEC, vendor compromise, or account takeover, even when no malicious payload exists.
Deployed via M365 or Google Workspace API alongside an existing gateway (Microsoft, Proofpoint, Mimecast), Abnormal acts as a final behavioral layer catching attacks the gateway misses. Account Takeover Protection extends the model to flag compromised mailboxes (anomalous logins, suspicious mailbox rules).
Behavioral AI
Identity Graph
Abnormal builds an identity and communication graph per organisation, learning normal patterns and flagging deviations indicative of social engineering, even with no malicious content.
- Identity-based detection: learn each user's normal communication patterns
- VendorBase: cross-customer vendor compromise intelligence at scale
- Account Takeover Protection: detect compromised mailboxes via login and rule anomalies
- API-mode deployment alongside any existing email gateway
Abnormal AI Behavioural AI Email Security Highlights
Superhuman behavioural AI. Detects what no signature or rule can see.
Abnormal AI was built from the ground up on a single insight: most modern email attacks succeed because they look completely normal. BEC, executive impersonation, vendor email compromise, and account takeover carry no malicious links, no attachments, and no known indicators; they exploit trust. Abnormal's behavioural AI builds a baseline of normal human behaviour for every user and vendor, then detects the subtle deviations that signal an attack. Named a Leader and placed furthest on the Completeness of Vision axis in the 2025 Gartner Magic Quadrant for Email Security.
1 click
API integration via Microsoft 365 Graph API: no MX record changes, no mail routing
30%
Reduction in missed detections after 2025 core model upgrades with 50% more features
#1
Furthest on Completeness of Vision in the 2025 Gartner Magic Quadrant for Email Security
Builds a baseline of normal for every person, vendor, and relationship
Abnormal analyses thousands of signals (communication history, relationship context, tone, urgency, timing, and intent) to build a unique behavioural baseline for every employee and vendor. When any message deviates from that baseline, even by subtle language shifts or unusual requests, it is flagged as a potential attack before the user ever sees it.
No rules, no tuning, no policy maintenance, ever
Abnormal requires no rules to be written, no thresholds to be tuned, and no policies to be maintained. The AI learns organisational norms automatically and adapts continuously as communication patterns change. This removes a massive operational burden, and removes the human error that misconfigured rules introduce.
Detects compromised vendors using federated behavioural intelligence
Abnormal's VendorBase profiles every vendor relationship, monitoring communication cadence, message content, recipient patterns, and relationship history. When a vendor's behaviour deviates from their established norm (unusual payment requests, new bank details, unfamiliar recipients), Abnormal flags and blocks the message automatically.
Detects and automatically disables compromised accounts
Abnormal continuously monitors internal account behaviour for signs of takeover: unusual sign-ins, session hijacking, sudden internal email bursts, access from unfamiliar locations. When an account is compromised, Abnormal automatically disables it and prevents it from sending malicious messages to internal and external recipients.
Stop accidental data leaks before they leave the organisation
Not all risk comes from external attackers. Abnormal's Misdirected Email Prevention analyses behavioural patterns and identity context to detect when a user is about to send sensitive information to the wrong recipient, alerting them before the mistake can lead to a data breach or compliance violation.
Automated phishing triage: SOC workload eliminated, not reduced
The AI Security Mailbox triages every user-reported phishing email, generates personalised feedback to the reporter, and detects unreported messages from the same campaign across all inboxes, automatically. SOC teams that spent hours on abuse mailbox triage have this work done autonomously.
Converts real-world attacks into targeted just-in-time training
Abnormal's AI Phishing Coach automatically transforms real phishing attacks that targeted your organisation into personalised simulations, delivering them as coaching moments via conversational AI immediately after the attack. This is context-specific training at the exact moment employees are most receptive to it.
Surfaces Microsoft 365 misconfigurations and risky third-party apps
Abnormal continuously monitors the Microsoft 365 tenant environment for misconfigurations: dormant admin accounts with excessive permissions, third-party apps with overly broad access, and identity drift. Each risk is prioritised by business impact and presented with step-by-step remediation guidance.
Abnormal's defining advantage: it is the only email security platform that completely eliminates rule-writing, threshold-tuning, and policy maintenance. This makes it operationally transformative for security teams of any size, and makes it the most effective solution for detecting payloadless, socially-engineered attacks that signature-based tools cannot see. It is the natural complement to any existing secure email gateway.
Who should put Abnormal AI on the shortlist
Banks, finance teams, and CFO offices with heavy BEC and payroll fraud exposure
Organisations with significant supplier relationships and vendor email compromise risk
Customers already running a gateway (Microsoft, Proofpoint, Mimecast, Sophos) needing a BEC layer
High-value-target executives and finance staff needing identity-based protection
UAE enterprises wanting account takeover detection as a primary requirement
Mature SOCs that benefit from cross-customer VendorBase intelligence
Buyers prepared to layer Abnormal on top of an existing gateway, not replace it
Product portfolio
Models we deploy and manage
Picking the right SKU is as important as picking the right vendor. We size by user count, mailbox mix, and operational capacity, not by brochure tier.
Deployment Options
Gateway, API, or hybrid: your call. Artiflex deploys Abnormal AI in whichever model fits your mail flow and regulatory requirements.
MX Gateway
Traditional pre-delivery scanning via MX record change. Strongest pre-delivery enforcement, fits hybrid Exchange and complex mail flow.
API Mode
API integration with Microsoft 365 or Google Workspace. Fast to deploy (days), no MX change, ideal for cloud-only mail estates.
Hybrid
Gateway plus API together: pre-delivery blocking and post-delivery clawback in one solution. Recommended for most UAE enterprise estates.
Why Artiflex IT
Delivering Abnormal AI across the UAE
Artiflex IT delivers Abnormal AI as a BEC-specialist layer for UAE customers across banking, finance, and enterprise. Our team has experience layering Abnormal alongside Sophos, Proofpoint, Mimecast, and Microsoft gateways, with M365 API tenant integration, VendorBase enrolment, and Account Takeover Protection rollout. We provide vendor-neutral sizing to make the layer-versus-replace call.
Frequently asked
Abnormal AI questions we hear from UAE buyers
In most UAE deployments, Abnormal sits alongside an existing gateway as a BEC-specialist layer. The gateway handles bulk anti-spam, anti-malware, and URL/attachment scanning; Abnormal catches the socially engineered attacks the gateway misses. Replacing the gateway entirely is possible but uncommon.
Abnormal's defining strength is identity and behavioral modeling at the user level, with cross-customer VendorBase intelligence. Proofpoint NexusAI is broader but typically less identity-deep. Harmony Email's strength is inline-block authority and ThreatCloud AI. We size all three when BEC is the primary buying criterion.
Yes. API-mode tenant authorisation, learning period, and pilot can complete in one to two weeks because no MX change is required and no mail routing is touched. The learning period (Abnormal building behavioral models) typically takes 7-14 days.
Two to four weeks total: API onboarding (days), learning period (one to two weeks), policy and detection-mode go-live (one week). Account Takeover Protection adds another one to two weeks of tuning.
Ready to evaluate Abnormal AI?
Free email security assessment, vendor-neutral sizing, and a written recommendation. We will tell you when another vendor is the better fit.