Abnormal Security logo

Abnormal Security

Abnormal Security (operating under the abnormal.ai brand) is an AI-native email and SaaS security platform that uses behavioral AI to model normal communication and identity behavior, then detect socially engineered email attacks, business email compromise, vendor email compromise, and account takeovers across Microsoft 365, Google Workspace, Slack, Zoom, and Microsoft Teams. The Behavior Platform is paired with AI Security Agents (AI Security Mailbox, AI Phishing Coach, AI Data Analyst) and exposes a gated REST API at api.abnormalplatform.com for SOC, SIEM, SOAR, and ticketing integrations. 4,500+ customers including 25% of the Fortune 500; named a 2024 Gartner Magic Quadrant Leader for Email Security Platforms.

1 APIs 11 Features
CybersecurityEmail SecurityAccount TakeoverBehavioral AISaaS SecurityPhishingBEC

Abnormal Security publishes 1 API on the APIs.io network. Tagged areas include Cybersecurity, Email Security, Account Takeover, Behavioral AI, and SaaS Security.

Abnormal Security’s developer surface includes developer portal, documentation, engineering blog, and 8 more developer resources.

APIs

Abnormal Security Platform API

The Abnormal Security Platform REST API at api.abnormalplatform.com gives customers and integration partners programmatic access to detected threats, attack cases, abuse mailbox...

Features

Behavior Platform

AI-native platform that models normal email and identity behavior to detect socially engineered attacks

Inbound Email Security

Autonomous AI defense against phishing, BEC, vendor email compromise, and other inbound email attacks

Account Takeover Protection

Detection and mitigation of account takeovers across email and identity platforms

Security Posture Management

Detection of Microsoft 365 misconfigurations before attackers can exploit them

Email Productivity

Personalized graymail filtering to reduce inbox noise without compromising security

Misdirected Email Prevention

Detect and prevent emails sent to the wrong recipient before data is exposed

AI Security Mailbox

AI agent that responds to user-reported emails and coaches users at superhuman speed

AI Phishing Coach

Hyper-personalized security training that reduces phishing susceptibility

AI Data Analyst

Natural-language security reporting that produces board-ready insights

SaaS Account Takeover Protection

Account takeover protection for SaaS applications such as Slack and Zoom

Messaging Security

Detection of malicious content inside Microsoft Teams

Use Cases

BEC and Phishing Defense

Stop business email compromise, phishing, and vendor email compromise on Microsoft 365 and Google Workspace

Account Takeover Response

Detect and respond to compromised email and SaaS accounts in near-real time

SOC Automation

Use AI Security Agents to triage user-reported emails and automate SOC workflows

Security Posture Hardening

Continuously identify and remediate Microsoft 365 misconfigurations

Executive Reporting

Use the AI Data Analyst to deliver board-ready security reporting through natural-language queries

Integrations

Microsoft 365

Native API-based integration with Microsoft 365 for email and identity protection

Google Workspace

Native API-based integration with Google Workspace email and identity surfaces

Microsoft Teams

Messaging security integration with Microsoft Teams

Slack

SaaS account takeover protection for Slack workspaces

Zoom

SaaS account takeover protection for Zoom accounts

SIEM

REST API forwarding of detected threats and cases into Splunk, Sentinel, Chronicle, and similar SIEMs

SOAR

Bidirectional integrations with Cortex XSOAR, Splunk SOAR, Tines, and other SOAR platforms

ITSM

Ticketing integrations with ServiceNow, Jira, and other ITSM tools

Resources

🔗
LinkedIn
LinkedIn
🔗
Website
Website
🌐
Abnormal Security Customer Portal
Portal
🔗
Documentation
Documentation
📰
Blog
Blog
🔗
Resources
Resources
🔗
ContactSales
ContactSales
🔗
Careers
Careers
🔗
Partners
Partners
📜
PrivacyPolicy
PrivacyPolicy
📜
TermsOfService
TermsOfService

Sources

apis.yml Raw ↑ 
aid: abnormal-security
url: https://raw.githubusercontent.com/api-evangelist/abnormal-security/refs/heads/main/apis.yml
name: Abnormal Security
type: Index
image: https://kinlane-productions.s3.amazonaws.com/apis-json/apis-json-logo.jpg
tags:
- Cybersecurity
- Email Security
- Account Takeover
- Behavioral AI
- SaaS Security
- Phishing
- BEC
description: Abnormal Security (operating under the abnormal.ai brand) is an AI-native email and SaaS security platform that
  uses behavioral AI to model normal communication and identity behavior, then detect socially engineered email attacks,
  business email compromise, vendor email compromise, and account takeovers across Microsoft 365, Google Workspace, Slack,
  Zoom, and Microsoft Teams. The Behavior Platform is paired with AI Security Agents (AI Security Mailbox, AI Phishing Coach,
  AI Data Analyst) and exposes a gated REST API at api.abnormalplatform.com for SOC, SIEM, SOAR, and ticketing integrations.
  4,500+ customers including 25% of the Fortune 500; named a 2024 Gartner Magic Quadrant Leader for Email Security Platforms.
created: '2026-05-23'
modified: '2026-05-23'
specificationVersion: '0.19'
apis:
- aid: abnormal-security:abnormal-security-api
  name: Abnormal Security Platform API
  tags:
  - Threats
  - Cases
  - Abuse Mailbox
  - Account Takeover
  - Behavior Platform
  humanURL: https://portal.abnormalsecurity.com
  baseURL: https://api.abnormalplatform.com
  properties:
  - url: https://portal.abnormalsecurity.com
    type: Portal
    title: Abnormal Security Portal (gated)
  - url: https://abnormal.ai/products
    type: Documentation
    title: Abnormal Security Products Overview
  description: The Abnormal Security Platform REST API at api.abnormalplatform.com gives customers and integration partners
    programmatic access to detected threats, attack cases, abuse mailbox submissions, account takeover events, and security
    posture findings produced by the Abnormal Behavior Platform. The API is commonly used to forward attack data into SIEMs,
    drive SOAR playbooks, and integrate Abnormal into ticketing and incident workflows. Documentation and API credentials
    are provisioned through the Abnormal customer portal.
common:
- type: LinkedIn
  url: https://www.linkedin.com/company/abnormal-security
- type: Website
  url: https://abnormal.ai/
- type: Portal
  url: https://portal.abnormalsecurity.com
  title: Abnormal Security Customer Portal
- type: Documentation
  url: https://abnormal.ai/products
- type: Blog
  url: https://abnormal.ai/blog
- type: Resources
  url: https://abnormal.ai/resources
- type: ContactSales
  url: https://abnormal.ai/contact
- type: Careers
  url: https://abnormal.ai/careers
- type: Partners
  url: https://abnormal.ai/partners
- type: PrivacyPolicy
  url: https://abnormal.ai/privacy
- type: TermsOfService
  url: https://abnormal.ai/terms
- type: Features
  data:
  - name: Behavior Platform
    description: AI-native platform that models normal email and identity behavior to detect socially engineered attacks
  - name: Inbound Email Security
    description: Autonomous AI defense against phishing, BEC, vendor email compromise, and other inbound email attacks
  - name: Account Takeover Protection
    description: Detection and mitigation of account takeovers across email and identity platforms
  - name: Security Posture Management
    description: Detection of Microsoft 365 misconfigurations before attackers can exploit them
  - name: Email Productivity
    description: Personalized graymail filtering to reduce inbox noise without compromising security
  - name: Misdirected Email Prevention
    description: Detect and prevent emails sent to the wrong recipient before data is exposed
  - name: AI Security Mailbox
    description: AI agent that responds to user-reported emails and coaches users at superhuman speed
  - name: AI Phishing Coach
    description: Hyper-personalized security training that reduces phishing susceptibility
  - name: AI Data Analyst
    description: Natural-language security reporting that produces board-ready insights
  - name: SaaS Account Takeover Protection
    description: Account takeover protection for SaaS applications such as Slack and Zoom
  - name: Messaging Security
    description: Detection of malicious content inside Microsoft Teams
- type: UseCases
  data:
  - name: BEC and Phishing Defense
    description: Stop business email compromise, phishing, and vendor email compromise on Microsoft 365 and Google Workspace
  - name: Account Takeover Response
    description: Detect and respond to compromised email and SaaS accounts in near-real time
  - name: SOC Automation
    description: Use AI Security Agents to triage user-reported emails and automate SOC workflows
  - name: Security Posture Hardening
    description: Continuously identify and remediate Microsoft 365 misconfigurations
  - name: Executive Reporting
    description: Use the AI Data Analyst to deliver board-ready security reporting through natural-language queries
- type: Integrations
  data:
  - name: Microsoft 365
    description: Native API-based integration with Microsoft 365 for email and identity protection
  - name: Google Workspace
    description: Native API-based integration with Google Workspace email and identity surfaces
  - name: Microsoft Teams
    description: Messaging security integration with Microsoft Teams
  - name: Slack
    description: SaaS account takeover protection for Slack workspaces
  - name: Zoom
    description: SaaS account takeover protection for Zoom accounts
  - name: SIEM
    description: REST API forwarding of detected threats and cases into Splunk, Sentinel, Chronicle, and similar SIEMs
  - name: SOAR
    description: Bidirectional integrations with Cortex XSOAR, Splunk SOAR, Tines, and other SOAR platforms
  - name: ITSM
    description: Ticketing integrations with ServiceNow, Jira, and other ITSM tools
maintainers:
- FN: Kin Lane
  email: [email protected]