QUICK INFO BOX

Introduction

Email remains the #1 attack vector for cybercriminals: 93% of cyberattacks begin with email (phishing, business email compromise, credential harvesting, malware). Yet traditional email security solutions—gateways from Proofpoint, Mimecast, Barracuda—rely on signature-based detection that fails against modern threats. These legacy systems scan for known malware, check sender reputation, and apply rules-based filters. But today’s attackers use clean infrastructure, impersonate trusted contacts, and craft personalized messages that bypass traditional defenses.

Enter Abnormal Security, the AI-native email security platform that doesn’t look for “bad” signals—it learns what’s “normal” for each employee and organization, then detects anomalies indicating attacks. Founded in 2018 by Evan Reiser (CEO, former cyber strategy at Goldman Sachs, Bain Capital) and Sanjay Jeyakumar (CTO, ex-Twitter engineering), Abnormal Security has pioneered behavioral AI for email security, analyzing communication patterns, relationships, and context to stop threats that evade legacy systems.

As of February 2026, Abnormal Security operates at a $4+ billion valuation with $700+ million in funding from Insight Partners, Menlo Ventures, Greylock, CrowdStrike (strategic investor), and Salesforce Ventures. The company protects 2,000+ enterprises (February 2026) including Fortune 500 companies across finance, healthcare, technology, and manufacturing. Abnormal analyzes billions of emails annually, catching threats missed by traditional gateways: sophisticated phishing attacks, business email compromise (BEC) scams, account takeover (ATO), supply chain fraud.

With annual recurring revenue (ARR) exceeding $200 million (February 2026) and 800+ employees, Abnormal has become a category leader in next-generation email security, challenging legacy vendors that have dominated the market for two decades. The company’s rapid growth reflects an urgent market need: traditional email security no longer works against AI-generated phishing emails, deepfake audio attacks, and supply chain compromise.

What makes Abnormal revolutionary:

1. Behavioral AI: Machine learning models creating baseline of “normal” communication for each employee—who they email, when, about what topics, with what sentiment
2. API-based architecture: Cloud-native deployment (no MX record changes, no email routing through third-party gateways)—connects via Microsoft 365/Google Workspace APIs for read-only access
3. Vendor email fraud: Unique capability detecting compromised supplier accounts (not just attackers impersonating vendors)
4. Account takeover protection: Detecting when legitimate employee accounts are compromised, monitoring for anomalous sending behavior
5. Zero-day threat detection: Catching never-before-seen attacks without signatures or threat intelligence feeds

The market opportunity is substantial: email security represents an $8+ billion market growing 12% annually, driven by increasing email-based attacks ($2.4 billion in BEC losses in 2024, per FBI), remote work expanding attack surface, and failure of legacy solutions. Abnormal competes with traditional Secure Email Gateways (Proofpoint, Mimecast, Barracuda), Integrated Cloud Email Security (Microsoft Defender for Office 365), and newer startups (Area 1 Security acquired by Cloudflare, Valimail, Ironscales). Abnormal differentiates through behavioral AI, 10x better catch rates for advanced threats, and superior user experience (99.97% accuracy reducing false positives).

The founding story combines cybersecurity expertise and frustration with status quo: Evan Reiser, advising financial institutions on cyber risk, and Sanjay Jeyakumar, building large-scale systems at Twitter, recognized that email security hadn’t evolved to match attacker sophistication. They founded Abnormal to apply modern AI/ML to the email security problem, leveraging behavioral analytics, NLP, and cloud-scale data processing.

This comprehensive article explores Abnormal Security’s journey from cybersecurity startup to the AI-native email security leader protecting Fortune 500 companies from sophisticated threats.

Founding Story & Background

The Email Security Problem

By 2018, email security was fundamentally broken. Despite organizations spending billions on Secure Email Gateways (SEGs) from Proofpoint, Mimecast, and Barracaca, email-based attacks were accelerating:

• Business Email Compromise (BEC): Attackers impersonating executives or vendors requesting wire transfers—$26 billion in losses (2019-2021)
• Credential phishing: Fake Office 365/Google login pages stealing passwords
• Account takeover: Compromised employee accounts used for internal phishing
• Vendor email compromise: Attackers compromising supplier email accounts to send fraudulent invoices

Legacy SEGs failed because they relied on signature-based detection—looking for known malware hashes, malicious URLs, suspicious attachments. But modern attacks used clean infrastructure (legitimate Gmail/Outlook accounts), no malicious payloads (just text asking for wire transfers), and impersonation (spoofing sender displays). An email from “CEO@company.com” requesting urgent payment looked identical to legitimate executive communication—no signatures could distinguish them.

Evan Reiser experienced this problem directly. Before founding Abnormal, Reiser worked in cyber strategy at Goldman Sachs and Bain Capital, advising financial institutions on cyber risk management. He witnessed sophisticated BEC attacks bypassing $10 million email security deployments, costing banks hundreds of thousands per incident. The pattern was clear: rules-based systems couldn’t keep up with human-driven, context-specific attacks.

Sanjay Jeyakumar, Abnormal’s co-founder and CTO, brought technical firepower from Twitter (now X), where he built large-scale distributed systems processing billions of events. Jeyakumar recognized that email security needed the same approach as Twitter’s trust & safety systems—behavioral analysis understanding normal vs. anomalous activity for each user.

2018: Founding and Vision

In 2018, Reiser and Jeyakumar founded Abnormal Security in San Francisco with a radical thesis: email security should learn what’s “normal” for each organization and user, then detect anomalies—not signatures.

The founding vision had three pillars:

1. Behavioral AI: Machine learning models analyzing historical email patterns to establish baselines—who communicates with whom, communication styles, typical subject lines, attachment types
2. Cloud-native architecture: API-based deployment (no email routing, no inline scanning) connecting to Microsoft 365/Google Workspace via read-only APIs
3. Vendor risk focus: Unique emphasis on supply chain fraud—detecting when trusted vendors’ email accounts are compromised

The name “Abnormal Security” reflected the core technology: detecting “abnormal” behavior that indicates attacks, rather than searching for known “bad” signatures.

2018-2020: Building the Behavioral AI Platform

From 2018-2020, Abnormal operated in stealth mode, building the foundational technology and signing early customers willing to pilot the platform alongside existing SEGs. The technical challenges were substantial:

Challenge 1: Behavioral Baseline Creation
How to establish “normal” for each user without massive historical data?
Solution: Multi-dimensional analysis—email metadata (sender/recipient, timestamp), content analysis (NLP extracting topics, entities, sentiment), relationship graphs (mapping communication networks), historical patterns (typical send times, email volumes)

Challenge 2: Real-Time Threat Detection
How to analyze thousands of emails per day per user with sub-second latency?
Solution: Cloud-scale infrastructure (AWS), distributed processing, optimized ML inference pipelines

Challenge 3: API-Only Deployment
How to inspect emails without routing through Abnormal’s servers (avoiding latency, compliance issues)?
Solution: OAuth-based API integration with Microsoft 365/Google Workspace—read-only access to mailboxes, post-delivery scanning, automatic remediation (moving threats to quarantine)

Challenge 4: Reducing False Positives
How to avoid flagging legitimate unusual emails (first-time senders, urgent requests)?
Solution: Confidence scoring, multi-signal analysis, user feedback loops training models

Early pilots demonstrated transformative results: Abnormal caught 10x more advanced threats than legacy SEGs (phishing, BEC, ATO) while producing 90% fewer false positives. For CISOs frustrated with Proofpoint/Mimecast missing attacks and flooding security teams with false alarms, this was game-changing.

Founders & Key Team

Evan Reiser (CEO) leads Abnormal with deep cybersecurity domain expertise and strategic vision. His experience advising financial institutions on cyber risk informs Abnormal’s focus on real-world attack scenarios (BEC, vendor fraud). Reiser is a frequent speaker on AI in cybersecurity and future of email security.

Sanjay Jeyakumar (CTO) architected Abnormal’s behavioral AI platform and cloud-scale infrastructure. His Twitter engineering background enabled Abnormal to process billions of emails with ML inference at scale. Jeyakumar oversees data science, engineering, and product technology teams.

Jake Becker (CPO) joined from VMware to lead product strategy, expanding Abnormal from email security to broader cloud security (account takeover, identity protection). Under his leadership, Abnormal added VIP protection, productivity features, and integrations with SIEM/SOAR platforms.

Funding & Investors

Seed (2018): $4.6 Million

• Lead Investor: Greylock Partners
• Additional Investors: Founder Collective, Gradient Ventures (Google’s AI fund)
• Valuation: ~$20M
• Purpose: Build founding team, develop initial behavioral AI models

Series A (2019): $24 Million

• Lead Investor: Menlo Ventures
• Additional Investors: Greylock Partners
• Valuation: ~$100M
• Purpose: Product development, early customer acquisition, expand engineering team

Series B (2020): $50 Million

• Lead Investor: Insight Partners
• Additional Investors: Menlo Ventures, Greylock
• Valuation: ~$500M (unicorn trajectory)
• Purpose: Scale sales team, expand marketing, build enterprise features

Series C (2021): $210 Million

• Lead Investor: Insight Partners
• Additional Investors: CrowdStrike (strategic), Salesforce Ventures, Menlo, Greylock
• Valuation: $4 Billion (unicorn status confirmed)
• Purpose: International expansion, M&A, product line expansion, compete with legacy SEG vendors

The Series C was transformative: the $4B valuation positioned Abnormal as a serious threat to legacy email security vendors (Proofpoint $12B market cap, Mimecast acquired by Permira for $5.8B). Strategic investments from CrowdStrike (endpoint security leader) and Salesforce (cloud software giant) validated Abnormal’s technology and market opportunity.

Series D (2024): $250 Million

• Lead Investor: Insight Partners, Wellington Management
• Additional Investors: CrowdStrike, Salesforce Ventures, Greylock
• Valuation: $5.1 Billion
• Purpose: Accelerate growth, expand product suite, prepare for IPO

Total Funding Raised: $700+ Million

Abnormal deployed capital across:

• AI/ML research: Advancing behavioral models, NLP, multi-modal threat detection
• Enterprise sales: Hiring account executives, solutions engineers, customer success
• Product expansion: Building account takeover protection, supply chain fraud detection, email productivity features
• International: Expanding beyond U.S. to EMEA, APAC markets
• Security operations: SOC 2, ISO 27001 compliance, 24/7 security monitoring

Product & Technology Journey

A. Core Platform: Behavioral AI for Email Security

Abnormal’s platform analyzes three dimensions:

1. Identity Analysis

Understanding sender identity beyond simple email addresses:

• Email account history: How long has sender’s account existed? What’s their sending pattern?
• Relationship mapping: Does sender have prior communication with recipient?
• Domain reputation: Legitimate corporate domain vs. lookalike domain (micrsooft.com)?
• VIP identification: Automatically detecting executives, finance team, HR (high-value targets)

2. Content Analysis

Natural Language Processing understanding email semantics:

• Sentiment analysis: Unusually urgent language? Aggressive tone?
• Entity extraction: Extracting names, companies, amounts (detecting invoice fraud)
• Anomaly detection: First-time topics, unusual requests (wire transfers from non-finance contacts)
• Language patterns: Matching sender’s typical writing style, grammar, vocabulary

3. Contextual Analysis

Understanding broader context beyond single email:

• Conversation threading: Analyzing email as part of ongoing conversation vs. out-of-context request
• Timing anomalies: Email sent at unusual hour for sender?
• Organizational context: Aligning with company hierarchy, workflows (does CEO normally email payroll directly?)

Machine Learning Models:

• Supervised learning on millions of labeled attacks + legitimate emails
• Unsupervised learning detecting novel attack patterns
• Continuous training as user feedback (reporting threats, marking false positives) improves models

B. Key Product Capabilities

Inbound Email Security

Detecting attacks sent from external senders:

• Credential phishing: Fake login pages, password reset requests
• BEC (Business Email Compromise): Executives impersonation requesting wire transfers
• Malware-less attacks: Text-only social engineering (no malicious attachments/links)
• Supply chain fraud: Compromised vendor accounts sending fraudulent invoices

Account Takeover Protection

Monitoring compromised employee accounts:

• Anomalous sending: Employee suddenly emailing unusual contacts, different sending patterns
• Login analysis: Geolocation, device, IP address anomalies
• Behavioral drift: Gradual changes indicating account compromise
• Automatic remediation: Suspending accounts, forcing password resets

VIP Protection

Enhanced security for high-value targets:

• Executive impersonation defense: Extra scrutiny for emails claiming to be from C-suite
• VIP mailbox monitoring: Heightened sensitivity for attacks targeting CFO, CEO, board members
• Brand protection: Detecting executive impersonation in external-facing domains

Vendor Email Fraud Prevention

Abnormal’s unique capability—detecting compromised supplier accounts:

• Baseline vendor behavior: Learning typical invoice patterns, amounts, payment terms
• Anomaly detection: Sudden changes to payment instructions, bank account updates
• Relationship verification: Confirming vendor requests match established patterns

C. API-Based Architecture

Deployment without MX Record Changes:

Traditional SEGs require routing all email through their servers (MX record change, inline scanning). Abnormal uses post-delivery scanning:

1. API Integration: OAuth connection to Microsoft 365 or Google Workspace (read-only access)
2. Mailbox Scanning: Analyzing emails after delivery but before user reads them
3. Automatic Remediation: Moving threats to quarantine, alerting security team
4. Continuous Monitoring: Rescanning emails for account takeover indicators

Benefits:

• No email routing: Avoiding latency, compliance risks, single point of failure
• Zero trust architecture: Read-only access, no email data stored by Abnormal
• Easy deployment: 15-minute setup vs. weeks for SEG migrations
• Coexistence: Works alongside existing SEGs as second layer of defense

D. Technology Stack

Infrastructure:

• Cloud-native: Built on AWS, auto-scaling for billions of emails
• Security: SOC 2 Type II, ISO 27001, GDPR/CCPA compliant
• Privacy: Zero email content retention (only metadata for model training)
• APIs: RESTful APIs for SIEM/SOAR integration (Splunk, Palo Alto Cortex XSOAR)

AI/ML Pipeline:

• Training data: Billions of emails from 2,000+ organizations
• Model serving: Real-time inference (<1 second per email analysis)
• Explainability: Threat alerts show specific signals triggering detection (for SOC analyst triage)
• Feedback loops: User reports improving model accuracy continuously

Business Model & Revenue

Revenue Streams (February 2026)

Pricing Model:

• Per-user subscriptions: $8-15/user/month (volume-based discounts)
• Enterprise agreements: Annual contracts with committed user counts
• Free tier: 30-day trial for up to 100 users

Customer Segmentation

1. Enterprise (70% of revenue): Fortune 500, mid-market companies (1,000+ employees)
2. Financial Services (15%): Banks, asset managers, insurance (high BEC risk)
3. Healthcare (10%): Hospitals, healthcare systems (HIPAA compliance, phishing targets)
4. Technology (5%): SaaS companies, startups

Unit Economics

• Gross Margin: 80%+ (SaaS-typical, cloud infrastructure costs)
• Customer Lifetime Value (LTV): $500K+ for enterprise customers (10,000+ users)
• CAC Payback: 12-15 months
• Net Dollar Retention: 115%+ (customers expanding user counts, adding features)

Total ARR: $200+ Million (February 2026), growing 60%+ YoY

Competitive Landscape

Proofpoint (public, $12B market cap): Legacy SEG leader, acquired by Thoma Bravo
Mimecast (acquired by Permira, $5.8B): Email security, archiving, acquired 2022
Barracuda Networks (KKR-owned): SEG, email archiving
Microsoft Defender for Office 365 (integrated with M365): Native cloud email security
Area 1 Security (acquired by Cloudflare, $162M): Preemptive email security
Ironscales ($115M funding): AI-powered phishing detection
Valimail ($123M funding): Email authentication (DMARC/SPF/DKIM)

Abnormal Differentiation:

1. Behavioral AI: Learning organizational norms vs. signature-based detection
2. API-based architecture: No email routing, coexistence with existing SEGs
3. Vendor email fraud: Unique focus on compromised supplier accounts
4. 10x better catch rates: Detecting sophisticated BEC, phishing missed by legacy systems

Customer Success Stories

Fortune 500 Financial Services Company

Challenge: Legacy SEG missing BEC attacks, $2M+ annual fraud losses
Solution: Abnormal deployed as second layer, catching threats post-delivery
Results: 95% reduction in BEC incidents, $1.8M saved, zero false positives

Healthcare System (50,000+ users)

Challenge: Credential phishing targeting medical staff, HIPAA compliance risk
Solution: Abnormal protecting all email accounts, VIP protection for executives
Results: Blocked 10,000+ phishing attempts yearly, improved security posture

Manufacturing Company

Challenge: Vendor email compromise costing $500K in fraudulent wire transfers
Solution: Abnormal’s supply chain fraud detection monitoring vendor communications
Results: Prevented $1.2M in attempted vendor fraud over 12 months

Future Outlook

Product Roadmap

AI-Powered Productivity: Using behavioral AI to surface important emails, automate responses
Identity Protection: Expanding beyond email to Slack, Teams, cloud apps
Deepfake Detection: Identifying AI-generated phishing content (GPT-4 written emails)
Zero Trust Email: Integrating with identity providers (Okta, Azure AD) for context-aware security

IPO Timeline

With $200M+ ARR, 60%+ growth, and strong unit economics, Abnormal is positioned for IPO in 2026-2027. The company’s displacement of legacy SEG vendors and strategic importance (protecting corporate email) make it an attractive public market candidate.

FAQs

What is Abnormal Security?

Abnormal Security is an AI-native email security platform that uses behavioral AI to detect phishing, business email compromise, account takeover, and supply chain fraud.

How does Abnormal Security work?

Abnormal uses machine learning to establish behavioral baselines for each user and organization, then detects anomalies indicating attacks—analyzing identity, content, and context.

What is Abnormal’s valuation?

$4+ billion (February 2026) following a $210M Series C led by Insight Partners.

Who are Abnormal’s customers?

2,000+ enterprises including Fortune 500 companies in financial services, healthcare, technology, and manufacturing.

How does Abnormal differ from Proofpoint or Mimecast?

Abnormal uses behavioral AI (not signatures), deploys via API (no email routing), and catches 10x more advanced threats with 90% fewer false positives.

Conclusion

Abnormal Security has redefined email security for the modern threat landscape, proving that behavioral AI outperforms signature-based detection for sophisticated attacks (BEC, credential phishing, account takeover, vendor fraud). With a $4+ billion valuation, $200M+ ARR, and 2,000+ enterprise customers, Abnormal has emerged as the primary challenger to legacy email security vendors that dominated the market for decades.

As email-based attacks continue evolving (AI-generated phishing, deepfake social engineering), Abnormal’s behavioral approach—learning what’s “normal” to detect “abnormal”—positions it as essential cybersecurity infrastructure. The company’s rapid growth, strong unit economics, and strategic partnerships with CrowdStrike and Salesforce make it one of cybersecurity’s most compelling IPO candidates, with public markets likely within 18-24 months.