Abnormal Security Outage History

Abnormal Security experienced a service disruption affecting SOAR API functionality, Portal data retrieval, and Threat Log display for US customers from May 2-4, 2026. Customers with SOAR API integrations encountered errors when querying messages, attachments, and threat data, while some Portal functionality was also intermittently impacted. The engineering team deployed a fix after 1.7 hours of active investigation, restoring all affected services to normal operation while email detection and remediation remained fully functional throughout the incident.

Abnormal Security's email detection service experienced degraded accuracy from 00:30 UTC to 07:05 UTC on April 28, 2026, causing some legitimate emails to be incorrectly flagged as threats. The issue affected the Inbound Email Protection component for approximately 6.5 hours while email remediation services remained operational. Engineering identified the root cause, implemented a fix to restore full detection accuracy, and replayed all messages from the impact window to ensure complete protection coverage.

Starting at approximately 19:00 UTC on April 8, 2026, customers experienced intermittent or complete inability to access Abnormal Security's Customer Support Portal, with issues affecting both login attempts and portal navigation. The disruption lasted 1.8 hours until the engineering team identified and resolved the underlying cause. Full portal access was restored by 16:40 UTC on April 9, 2026, allowing customers to successfully log in again.

Abnormal Security experienced a 4.2-hour outage of email-based support case submissions starting at 13:30 UTC on April 8, 2026, caused by a vendor issue. Customers were unable to submit support requests or replies via email to support@abnormalsecurity.com or support@abnormal.ai, but could use the web-based Customer Support Portal as an alternative. The vendor restored service and Abnormal confirmed email submissions were functioning normally again.

Abnormal Security experienced a disruption in AI Security Mailbox report processing from approximately 16:00 UTC to 23:50 UTC on March 26, 2026, affecting US and EU customers who were unable to process new security reports. Engineers deployed a fix at 23:50 UTC to restore real-time processing and began reprocessing any reports submitted during the outage window. The incident lasted approximately 7 hours and 50 minutes, with full recovery expected within hours of the fix deployment.

Abnormal Security experienced a service disruption affecting Inbound Email Security detection and remediation for some US customers starting at 22:23 UTC on March 16, 2026. The incident impacted inline email processing, causing some malicious emails to not be properly detected or remediated. All services were fully restored by 23:56 UTC after 43 minutes, with detection and remediation returning to normal operation.

Starting around 14:40 UTC, the Abnormal Security EU Portal became inaccessible and displayed errors, preventing EU customers from accessing the portal application. Email detection and remediation services continued operating normally throughout the incident. Portal access for EU customers was fully restored at 15:01 UTC.

Between 18:00 UTC and 20:40 UTC on March 12, 2026, Abnormal Security experienced delays in displaying flagged messages (attack, spam, or borderline) within the Threat Log for Government customers. Email security detection and remediation continued to function normally throughout the incident, with all threats being identified and acted upon as expected. Engineers resolved the issue by redeploying affected services, and all queued messages from the incident window were subsequently processed.

Abnormal Security experienced a Threat Log visibility issue affecting GovCloud customers from February 23, 2026 at 19:55 UTC to February 24, 2026 at 03:30 UTC. During this incident, newly detected threats did not appear in the Threat Log and previously flagged messages showed "content unavailable" on the Email Details page, while email processing, threat detection, and remediation continued operating normally. Engineers restored full Threat Log visibility and confirmed services returned to real-time processing.