SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Office worker ai email security green calm vs red phishing streams
#
UC
#
Phishing
#
Advanced Persistent Threat Protection

Abnormal AI rolls out Attune 1.0 to fight AI cyberattacks

Wed, 18th Mar 2026
Author image
By Sofiah Nichole Salivio, News Editor

Abnormal AI has launched Attune 1.0, a behavioural foundation model it positions as a new core layer for detecting and blocking AI-driven cyberattacks that mimic normal workplace communication.

Attune now accounts for 85% of detections across the Abnormal Behaviour Platform. It was trained on more than one billion derived behavioural signals and serves as a shared intelligence layer across the company's product portfolio.

Security teams are facing a rise in attacks that use generative AI to craft convincing messages at scale. These campaigns often mirror an organisation's tone, relationships, and working patterns. In response, vendors have been updating detection tools, with growing emphasis on identity and behavioural signals rather than keyword rules alone.

Abnormal described the launch as a shift away from static threat intelligence and rule-based tooling, arguing that attackers now imitate trusted behaviour closely enough that defenders must treat each incident as potentially new.

"Attackers are leveraging AI to imitate trusted behavior so convincingly that static rules and threat feeds struggle in the era of AI-driven attacks," said Evan Reiser, CEO and co-founder of Abnormal AI.

"Attune 1.0 is how we close that gap-with a behavioral foundation model that understands normal organizational communication patterns. It gives customers a single intelligence layer that understands known good behavior, catches what isn't, and strengthens every product we ship as part of the Abnormal Behaviour Platform."

Unified signals

Attune 1.0 uses a multimodal architecture that combines identity, behaviour, and content signals in one model. Earlier approaches often treated these inputs separately, which can limit the ability to spot inconsistencies that indicate deception.

Attune underpins multiple product areas, including email security, identity, and account takeover protection. The shared behavioural layer can also detect lateral activity after an attacker gains access to one system and attempts to move across accounts and applications.

Attune is detecting about 150,000 more attack campaigns per week than Abnormal's earlier systems, according to the company. It also reported a 50% increase in precision, implying fewer false positives and less time spent by analysts on investigation and tuning.

Abnormal also cited a recent case in which Attune identified and blocked what it described as a novel Microsoft Teams OAuth phishing campaign before it was publicly documented. OAuth phishing attempts often try to trick users into granting permissions to a malicious application rather than handing over a password, which can make them harder to spot with conventional credential-theft controls.

Email security updates

Alongside the model launch, Abnormal introduced two updates focused on visibility and administrator control in its cloud email security offering.

Detection 360 Insights is now generally available. It is intended to show the behavioural reasoning behind each automated determination and explain why the system flagged a message.

Custom AI Models is in early access. The feature lets security teams define organisation-specific patterns using natural-language descriptions, influencing how the AI treats behaviours that may be normal for one organisation but suspicious for another.

Human risk tools

Abnormal also announced changes to its AI Phishing Coach product, which focuses on the user element of security. The company said it is moving away from uniform compliance training and towards coaching based on activity observed in simulations and reported events.

Phishing Risk Scoring is now generally available. Abnormal said the score updates continuously based on simulation interactions, reporting activity, and training outcomes.

BEC and VEC simulations are also generally available. Business email compromise typically involves fraud using impersonation and social engineering. Vendor email compromise often relies on access to a supplier or partner mailbox to insert fraudulent requests into existing invoice and payment conversations. Abnormal said the new simulation types reflect manager, colleague, and vendor interactions and draw on data from what it calls the Abnormal relationship graph.

Attune 1.0 is generally available, and Abnormal said it will continue applying the model across email, identity, and account takeover protection as it expands its security portfolio.

Related stories
Automotive microcontroller market set to hit USD $15.1bn
Vodafone & Google Cloud launch AI & security tools
ISACA launches AI risk certification amid governance gap
Turning security into a story: How managed service providers use reporting to drive retention and revenue
Barracuda spots 7 million device code phishing attacks

Top stories

AI tools widen cyber attack threat, Flashpoint warns
AI flaws & supply-chain risks top new pentesting report
Exclusive: Google Cloud on the road to autonomous SecOps
Zapier expands AI governance controls for enterprise users
Avatier launches offline card after Stryker cyberattack