Abnormal Security CEO On Raising $250M, IPO Plans And Doubling Down On AI

The AI-powered cybersecurity vendor is aiming for a 2025 IPO after achieving a $5.1 billion valuation, Abnormal Security CEO Evan Reiser tells CRN.

Abnormal Security plans to use its newly announced funding infusion of $250 million to advance its cybersecurity platform powered by behavioral AI technologies and work toward going public late next year, Co-founder and CEO Evan Reiser told CRN.

On Tuesday, Abnormal announced raising the Series D funding round led by Wellington Management, which brings with it a valuation of $5.1 billion. That’s up from $4 billion in mid-2022.

The vendor—which made its name on email security but has since expanded to protect collaboration and cloud platforms—also disclosed that its annual recurring revenue (ARR) recently surpassed $200 million. That’s double what it was a year ago.

Abnormal is now eyeing an initial public offering for the fourth quarter of 2025, according to Reiser.

With the funding, which brings Abnormal to a total of $546 million raised since its launch in 2018, “this allows us to invest more and build out our customer base, build out new products,” he said. “And that's going to be really important for an IPO.”

Other investors in the round included Greylock Partners, Menlo Ventures, Insight Partners and CrowdStrike Falcon Fund.

The funding comes after Abnormal has been expanding its leadership ranks with a series of notable hires. In January, the company brought on a longtime cybersecurity and channel industry executive, Jonathan Corini, as its new channel chief. The following month, Abnormal hired James Yeager as vice president of public sector sales following seven years in the equivalent role at CrowdStrike.

In the interview with CRN, Reiser said the company is next looking to expand its AI-powered platform to protect a greater number of SaaS applications from attacks that are themselves increasingly driven by AI.

“We feel like the world needs to use the same [AI] technology to defend against these types of attacks,” he said. “There’s a way bigger opportunity for us to further develop some of our behavioral modeling and AI detection and response to go stop those attacks.”

After getting its start in email security and then expanding to protect Microsoft and Google apps more broadly, “now we're going to expand to [secure] all cloud applications,” Reiser said.

During the interview, Reiser also discussed the plans for investment in enabling channel partners, which he described as “incredibly important in this age of AI.”

What follows is an edited portion of CRN’s interview with Reiser.

What prompted making this move right now? What are the major goals for the funding?

Unlike a lot other startups, we have a really reasonable burn rate. We don't waste money on silly things like a lot of startups. So we didn't really have to raise money. We had a path to get to IPO and be cash flow positive without more money. But at the same time, we see a lot of success commercially. We also feel that we're entering a cybersecurity world, where criminals are increasingly using new technology, specifically AI, to supercharge all their attacks. We feel that modern day defenses are too reliant on human-powered operations, where you have a bunch of people try to figure out all the applications, dump all the data into a SIEM, guess what the attacks will be, create alerts, figure out how to how to get all the manpower to investigate those — it's increasingly unsustainable. There's too much data, the attacks are too complex. A couple years from now, emails, FaceTime calls, Zoom calls—[many of them] are going to be fake and they're going to be indistinguishable by humans, even trained analysts. And so we feel like the world needs to use the same [AI] technology to defend against these types of attacks. We do think there needs to be good AI to fight the bad AI. We feel really good about the core business we have today. But we feel like there’s a way bigger opportunity for us to further develop some of our behavioral modeling and AI detection and response to go stop those attacks. We’ve proven that we can do that for email. We've extended it to other products, like our cloud account takeover product, using the same technology. We think there's other surface areas to protect and more use cases that we can apply the technology to.

Where are some of the areas you’re looking to focus on next?

One is to just continue to develop the core behavioral AI detection and response technology. AI is moving really quickly — we need to be ahead of the attackers. [That means] investing in more infrastructure to allow us to connect to more platforms inside the customer’s environment. We want to understand their business and their employees and their vendors and their data better than they do. We want to understand humans better than humans — that's our motto for our core technology. We want to have a 10X higher efficacy than other products, and that's all reliant on the core behavioral approach we’ve taken.

We want to build new products to address new use cases and future use cases. [In terms of] geographic markets, we're slowly expanding into Asia and Europe. And so this is going to be an opportunity for us to accelerate that international expansion. And the third is new customer segments. Probably within six months we'll have our full FedRAMP authorization so allow us to protect new customer segments.

[Another] area of investment for us is just investing in the company. We'll grow our headcount by more than 50 percent this year. Our aspiration is not just to be a public operating company in the next 18 months, but also to be a really long-term, durable, sustainable, generational company. And so that requires us evolving [all the] processes that we have internally so we can scale from 800 employees today to 8,000 employees at some point in the future.

Are there specific product areas you’re looking at moving into?

The three product lines we have today [are] really focused on Microsoft and Google. We started off as an email security company. We expanded to more comprehensively protect the Microsoft and Google platforms, the core productivity platforms. We're taking those product lines and expanding those to the broader set of everyday applications that knowledge workers use. The three new categories are the identity platforms — we’ve launched our account takeover product for those. The second is common SaaS applications. We eventually want to [secure] all SaaS applications, but today it's ServiceNow, Salesforce and Workday. The third bucket is cloud infrastructure platforms — AWS, Azure GCP. We protect the management consoles. So what are the engineers logging into, what are they doing, and is that appropriate? We're not looking at your virtual machines and trying to figure out if there’s malware on there. But we're trying to make sure that people are not doing things in those environments that they shouldn't be doing. So we want to take those three products and expand those to all those different service areas. The same ways we protect Microsoft today, we want to protect Workday and Salesforce. And that includes not just the account takeover, which we already announced, but those other product lines as well.

So we're expanding Abnormal — we started with an email security company, we became a Microsoft and Google security company. Now we're going to expand to [secure] all cloud applications. That's what we see on our six to 12-month roadmap.

Are there certain types of AI-powered capabilities you’re looking at for the future?

Our long-term thesis as a company is that a higher percentage of attacks will have never been seen before. And the reason is that it used to be very hard and very expensive as a criminal five years ago to send a personalized attack. Now with these generative AI and different machine learning tools, you can write a script that reads everything that has ever been written on the internet and everything about [a target victim] — and then create this attack profile and personalize the message to [them]. So you can have all the threat intelligence in the world, and it’s not going to identify that attack. That's where you need this behavioral-based approach. We think criminals will adopt more technology to use offensively, including generative AI and tools like ChatGPT — which is probably the best tool ever invented if you're a social engineer. We think it's going to be more and more common. Today it's primarily email. But we’ve already seen deepfake Zoom calls, and two to three years from now, that’s going to be way easier. So that's the world we're going into and why we feel that this approach, while it's effective now, just becomes increasingly critical in the future.

Could you talk about some of the channel-related investments you’re planning with this new funding?

We work really heavily with the channel. Our channel partners are the trusted advisors for our customers. And that's incredibly important in this age of AI, where every solution is claiming they have magical AI too. So if you're a CISO today, you’ve got 1,000 startups pitching you 1,000 products — and probably only three work. And so our customers really rely on channel partners to help identify what is legit, what's useful — and how to prioritize and how to evaluate that. We will be investing a lot more in our channel. We’ll keep doing better enablement for channel partners, better incentives for our channel partners, more relationship building.

Where the channel has been very effective for us is helping customers evolve from their third-party gateway to moving to a Microsoft plus Abnormal architecture — which is the most effective at stopping attacks. And it's also operationally more efficient.

How will this funding be useful in terms of working toward an IPO?

We [raised this] to accelerate our growth ahead of an IPO. This isn't a replacement for an IPO. It doesn't change our timeline at all. Our internal plan has always been to target [being] able to operate a public company in Q4 next year.

The thing that does change is, this allows us to invest more and build out our customer base, build out new products. And that's going to be really important for an IPO. Because today, from the outside, many people today think about us just as an email security company. If you're a customer, you know there's a lot more to Abnormal than just blocking phishing emails. This gives us an opportunity to further expand our capabilities to a platform. Eventually our IPO investors will be able to recognize the application of that core behavioral approach to stopping attacks, and the relevance of that in the future threat landscape.