◆ Gentoo Logic · Modeling Warehouse
WarehouseCybersecurityAbnormal Security

Cybersecurity · AWS

Abnormal Security

Abnormal runs a cloud-native, API-first behavioral AI platform that integrates with cloud email and collaboration suites (e.g., Microsoft 365, Google Workspace) outside the mail flow, ingesting user, email, and identity telemetry into proprietary behavioral models and a data lake to drive detection, response, and human-risk scoring.[1][5][7][8][9] Its core is a proprietary behavioral foundation model and related ML pipelines hosted in its own cloud environment, exposed through its SaaS console and APIs rather than via public/open-source model distribution.[7][9]

Foundation proximity: Native (own / self-hosted weights)

Foundational models & how they consume them

PrimaryAbnormal Behavioral Foundation Model· Abnormal (self-hosted) · Native (own / self-hosted weights)
SecondaryAbnormal ABX / behavioral ML models· Abnormal (self-hosted) · Native (own / self-hosted weights)

Cloud & datastore

AWSPostgreSQLAmazon S3 (data lake/object storage)Elasticsearch/OpenSearch (log/search, inferred)

Compliance

SOC 2 (inferred from enterprise email security norm)ISO 27001 (inferred)GDPR-aligned data processing (inferred)

Similar companies

DarktracePalo Alto NetworksSentinelOneSnykCrowdStrikeOkta
Head-to-head: Abnormal Security vs DarktraceAbnormal Security vs Palo Alto NetworksAbnormal Security vs SentinelOne

Others that build on proprietary / self-built models

AbridgeAdobeAI21 LabsAleph AlphaAmbienceAnduril

Explore

More Cybersecurity →Native (own / self-hosted weights) →More on AWS →

FAQ

Does Abnormal Security use a foundational AI model?
Abnormal Security uses Abnormal Behavioral Foundation Model, Abnormal ABX / behavioral ML models (Native (own / self-hosted weights)).
What cloud does Abnormal Security run on?
Abnormal Security runs on AWS.
What database does Abnormal Security use?
Abnormal Security uses PostgreSQL, Amazon S3 (data lake/object storage), Elasticsearch/OpenSearch (log/search, inferred).
How close does Abnormal Security run to the foundational model?
Abnormal Security is Native (own / self-hosted weights) — close to the metal, so cheaper tokens and more control over outputs.

Sources

abnormalsecurity.com ↗

Also on the map

proprietary / self-built models

← Full orbit map (260 companies) · Score your own stack →

Architecture inferred from public sources · confidence low · verify before betting on a detail.