Arctic Wolf & Abnormal AI strengthen email threat detection

Arctic Wolf has introduced a new integration with Abnormal AI, aiming to improve detection and response to email-based cyber threats. The collaboration joins Abnormal AI's behavioural artificial intelligence with Arctic Wolf's Managed Detection and Response (MDR) offering.

Email risks

According to Arctic Wolf, email has become one of the primary entry points for cybercriminals. Its 2025 threat report found that Business Email Compromise (BEC) accounted for over a quarter of all incident response cases handled. Phishing attacks initiated nearly 73% of these incidents, indicating that technical controls can be bypassed through human manipulation.

The new integration is positioned to enhance customers' ability to detect and respond to a range of email-based threats, including business email compromise, phishing, malware, and potential insider actions. The data signals captured by Abnormal AI's behavioural analytics from Microsoft 365 and Google Workspace can now be analysed within the Arctic Wolf Aurora Platform.

Integrated platform

The Aurora Platform's open Extended Detection and Response (XDR) architecture is designed to ingest and process large amounts of security data. The combined capabilities enable customers to access unified insights into email threats and coordinate active responses, such as message quarantine, to limit exposure and reduce attack dwell times.

Arctic Wolf says customers also receive guided remediation and active support from its AI-driven Security Operations Centre (SOC) team. This support is intended to allow organisations to contain threats with minimal disruption.

Behavioural analytics

The use of behavioural AI is seen as an additional safeguard against newer email attack vectors that rely on social engineering. These attacks increasingly target users directly, sidestepping or undermining technical barriers.

"Email continues to be one of the most complex and exploited threat surfaces for organizations worldwide," said Dan Schiappa, president, Technology and Services, Arctic Wolf. "By integrating Abnormal AI's behavioral detections into the Aurora Platform, we're bringing critical new visibility and response capabilities into our AI-powered SOC-helping customers proactively defend against socially engineered attacks and help ensure email threats are contained before they disrupt the business."

Unified workflow

Abnormal AI's integration with Arctic Wolf is intended to create a more seamless workflow for joint customers, allowing for faster detection, investigation, and response to threats originating from email.

"At Abnormal AI, our mission is to protect humans from cybercrime by using behavioral AI to detect and stop the sophisticated attacks that target people, not just technology," said Stephanie Goodman, vice president, Global Alliances, Abnormal AI. "Partnering with Arctic Wolf extends that protection into the broader security operations ecosystem, allowing joint customers to detect, investigate, and respond to email threats through a unified workflow-powered by AI and human expertise."