Abnormal extends Account Takeover Protection to cloud apps, introduces AI Security Mailbox
Abnormal Security is expanding its Account Takeover Protection product line beyond email to provide visibility into cross-platform user behavior and centralize compromised account detection and remediation across identity, collaboration, and cloud infrastructure applications.
In addition, the company is launching AI Security Mailbox, which provides a new AI-powered coworker that promotes security awareness through real-time conversations between employees and an AI security analyst, while also automating the triage and remediation of user-reported emails.
“As an AI-native company since our inception, our focus has always been on delivering the power of AI to our global customers,” said Evan Reiser, CEO at Abnormal Security. “Right now, our customers are eager for solutions that solve for two key areas: protecting their organizations from more attacks beyond email and accelerating AI initiatives across their security use cases. The products we’re announcing today solve for both of these needs, enabling all of our customers to receive more value from their Abnormal deployment. It’s an important next step in our journey of creating a fully AI-automated cybersecurity platform.”
Recent research from Abnormal shows that nearly 70% of security leaders view cross-platform account takeover threats as the greatest concern to their organizations—even ahead of headlining threats like ransomware and phishing. Additionally, 83% of these organizations have been impacted by an account takeover in the last year, and nearly one-fifth have been impacted more than 10 times.
To protect against this threat, Abnormal now integrates with more cloud accounts, enabling the platform to analyze a greater volume of signals to better understand human behavior, while empowering customers with more cross-platform visibility and control. These visibility and control features are available starting today in the following applications:
- Email: Microsoft 365, Google Workspace
- Identity: Azure Active Directory, Okta, Ping
- SaaS/Collaboration: Atlassian, Box, DocuSign, Dropbox, Google Drive, Salesforce, ServiceNow, Slack, Workday, Zendesk, Zoom
- Cloud Infrastructure: Amazon Web Services, Microsoft Azure, Google Cloud Platform
Starting today, any customer can integrate their cloud applications directly via API to the Abnormal AI platform in under five minutes and at no cost. As Abnormal begins ingesting data and signals, SOC teams are provided with a consolidated view of all account activity within each connected platform.
If malicious activity is found, administrators can remediate compromised accounts with a one-click “Identity Disconnect” button, which will terminate sessions, reset passwords and block access across platforms—drastically expanding the scope of protection.
Expanding Account Takeover Protection to cloud applications
For customers who would rather automatically detect and remediate compromised accounts through the power of AI, Abnormal is expanding its Account Takeover Protection product line beyond email. Once integrated, the Abnormal AI platform ingests a large set of signals, including sign-in events, typical geolocations and VPN details, to build a behavioral baseline for each user across all integrated applications.
Autonomous AI models then analyze risky events based on deviations from this baseline, which are correlated across other platforms accessed by that user. Compromised account detections deemed to be high-risk are automatically remediated—adding superhuman capabilities to the SOC team and providing automated cross-platform security for organizations.
Select Abnormal customers are already seeing the value. “Effectively detecting email account takeovers was already a significant challenge for most organizations; extending that detection across all their other cloud apps creates a problem that’s insurmountable without the right solution,” stated the deputy CISO at a global insurance organization. “No other solution has the extensive integrations or behavioral AI-based detection engine that Abnormal provides to quickly ingest, centralize, and analyze application activity comprehensively across the entire cloud environment.”
General availability for unified Account Takeover Protection will be announced later this year and Abnormal will also provide this cross-platform capability across other product lines. In 2025, customers can expect an expansion of Security Posture Management, which enables customers to discover and fix key security configuration risks across cloud email, to multiple cloud platforms.
“Our focus on AI expands far beyond our own platform as we seek to help our customers further their own AI initiatives,” continued Reiser. “As leaders in AI, we have a distinct opportunity to empower our customers to advance their own AI innovation roadmaps and help them cultivate their internal brand as AI leaders through effective and highly-visible AI deployments.”
To enable security teams to use more autonomous AI solutions, Abnormal is also launching AI Security Mailbox—an AI coworker for every security team. Now when an employee reports an attack, the Abnormal platform will serve as their personal AI cyber assistant by providing a personalized response explaining if the email was deemed malicious, safe, or spam and how a determination was made. Users can then converse directly with the AI security analyst, which delights them with real-time feedback as it teaches them better security practices.
With intrinsic autopilot capabilities, AI Security Mailbox comes pre-trained with enterprise security best practices automatically tailored for each customer environment. To enable further customization, each organization can give the conversational AI agent a name and choose its tone of voice, ranging from formal to humorous to empathic to pirate mode. This capability is available for free to all customers in AI Security Mailbox, formerly known as Abuse Mailbox Automation.