Email threats are evolving—and traditional security tools aren’t keeping up. In this episode of DEMO, Keith Shaw is joined by Abnormal AI Sales Engineer Alex Dolce for a hands-on look at how the company’s behavioral AI platform detects phishing, business email compromise (BEC), and zero-day threats that bypass Microsoft 365 and Google Workspace defenses.Watch the full demo above and read the transcript below to learn how Abnormal AI integrates seamlessly with your existing environment, automates phishing triage, and reduces SOC team workload through AI-powered workflows.[Editor's note: At the time of recording, the company name was Abnormal Security. We have changed this to their current name, Abnormal AI, in the headline, description and transcript.]
Register Now
Keith Shaw: Hi everybody, welcome to DEMO, the show where companies come in and show us their latest products and platforms. Today, I'm joined by Alex Dolce. He is a Sales Engineer at Abnormal AI. Welcome to the show, Alex. Alex Dolce: Thanks for having me, Keith. Keith: All right.
Tell me a little bit about Abnormal AI — who they are, and what you're going to be showing us on DEMO today. Alex: Absolutely.
So Abnormal is a cloud email security platform powered by behavioral artificial intelligence. The biggest differentiator from traditional email architecture is that we're API-based. Keith: Okay.
And with email security, I'm assuming this is typically handled by the security team within an enterprise? Or is there a dedicated email team as a subset of that? Who is this designed for? Alex: Great question.
We work with both teams. Typically, the IT team manages the email platform, so they'll be involved. However, the security team is usually interested in the alerts we generate.
Keith: And what problems are you solving? I'm assuming phishing, spam — all the really bad stuff that hits mailboxes. Alex: Exactly.
Credential phishing, social engineering — and keep in mind, business email compromise is still a $50 billion problem today, according to the FBI. Keith: Wow.
So how is this different than just using something like Microsoft 365 or other major platforms? I assumed that kind of protection was already baked in.
Alex: We’re directly integrated into Office 365 or Google Workspace. They see the message first. But the big difference is that they're operating from a threat intelligence point of view — known bad indicators, blacklists, that sort of thing. The problem is that modern-day attacks often don't have those markers.
You can use phishing-as-a-service tools to generate zero-day links, or freemium platforms like Gmail to send plain text emails that appear totally legitimate. That’s why we approach it differently — through behavioral analysis. We use three pillars: identity, behavior, and content.
Looking at emails through this lens reveals a lot more than traditional threat intel alone.
Keith: So if a company isn’t using your platform, would a lot of these attacks go undetected? Would they have to rely on another service? Alex: Yeah.
When we plug in, we see what lands behind Microsoft, Google, or any third-party gateway. And yes, we often see a lot of threats still reaching inboxes today.
Keith: One of my biggest questions — when I click the “Report Phishing” button on an email, I never know where it actually goes. Are we about to find out? Alex: Absolutely.
Today I’m going to focus on our AI Security Mailbox. It integrates into the reporting mechanism most organizations already have. We’re agnostic to which tool is used — whether it's the built-in phishing button in Microsoft or Google, or a third-party tool.
We just plug into the mailbox on the other end.
Keith: I think you told me earlier that some companies have dedicated people who manually go through these phishing reports? Alex: For sure.
Many larger organizations use SOAR automations to help, but even with automation, there’s often manual review — especially when something’s classified as “unknown.” In smaller organizations, it’s typically all manual.
Here’s an example of a reported message: Jonathan Green, a real employee, is emailing from a personal address — NVT8765@gmail.com — asking Josh, the senior director of accounting, to send checks to a vendor. Classic business email compromise.
Keith: Yep, one of those typical BEC attacks. Alex: Exactly.
Abnormal flagged it. But from Josh’s perspective, this looks clean — no malicious links, no attachments. If he hasn’t had the right training, he may not notice anything suspicious.
That’s when he might click “Report Phishing.” Once reported, our platform provides an automated judgment and response — closing the loop for the user. Analysts no longer have to review every alert manually, which can take over an hour per case.
With Abnormal, analysis, response, and feedback happen within a minute.
Keith: So you’ve shown us one malicious example. What else do you have?
Alex: Here’s another malicious message. We also identify who else received the message. If 1,000 people got it, less advanced orgs would need a PowerShell script to find them. We do it proactively and even pull the email from inboxes automatically.
Keith: So even if someone hasn’t opened it — or opened it but didn’t report it — you can still remove it? Alex: Exactly.
That’s what we’re solving for.
Keith: You've got other cool stuff to show, too, right? Alex: Definitely.
There are two ways to give user feedback: preset responses and GenAI-generated responses. We can integrate with your phishing simulation tools so users get a “Good job!” when they correctly report a test. The preset responses are customizable with your logos and branding.
But now we’ve built GenAI into the solution — you can coach it on how to communicate, reinforce training, even personalize the tone. Want it to “talk like a pirate”? You can do that. It’s flexible for any organization.
Keith: Perfect for this type of episode! Alex: Exactly.
On the integration side, we call ourselves “phishing button agnostic.” Microsoft and Google buttons are embedded, so many customers just use those since they’re included.
Keith: Can people set this up quickly? Can they get a free demo? Alex: Absolutely.
We run read-only POVs at Abnormal. Because we're API-based, we’ve created a six-click integration for Google Workspace or Office 365. You just need a global admin to accept the permissions for our enterprise app. We don’t take write permissions for POVs — they’re read-only.
We sit behind your current tools, so anything they miss, we’ll see. In seven days, we provide a report of what we’ve found. We also process your historical email data — 45 to 60 days’ worth — to understand normal behavior and spot anomalies.
That’s where the name Abnormal comes from. For the AI Security Mailbox, we just need the destination where those phishing reports are sent, and we plug right in.
Keith: That is awesome. Alex Dolce from Abnormal AI — thanks again! Alex: Thank you. Great to be here. Keith: That’s going to do it for this episode of DEMO. Be sure to like the video, subscribe to the channel, and leave your thoughts in the comments.
Join us every week for new episodes. I’m Keith Shaw — thanks for watching. ?
Sponsored Links