A decade ago, securing identity meant securing a directory. One place held every account, one gate decided who got in, and locking it down was the job.
That directory is now a fabric, and a fabric has no single gate.
Where the Seams Open Up
A modern environment establishes federated trust between a central IdP and downstream service providers — Workday, Salesforce, and dozens of SaaS apps — each issuing their own short-lived tokens and enforcing discrete role-based access controls. Each provider can be locked down on its own, but no tool reads across all of them, so the gaps live in the seams. An attacker who clears the sign-in is past the only checkpoint most stacks have, and everything after goes unwatched.
It compounds with non-human identities (NHIs). Service accounts, API tokens, and OAuth grants outnumber humans many to one, and they are chained together: one grant inherits another's access, accumulating reach nobody approved. Most organizations Abnormal works with can't say who owns half of their NHIs.
Stronger Locks Don't Close the Gap
The instinct is to harden the front door with stronger MFA and tighter conditional access, or another identity tool bolted on. Those best practices help at the login, but they do little for the activity after it, which is where modern identity attacks actually play out.
What the seams need is something that reads behavior across the fabric, not stronger authentication at one point in it. Behavioral AI applies a holistic principle to both email and identity security. Abnormal builds a behavioral profile of every identity: what it touches and when. An account that has never changed payroll in Workday or exported a Salesforce report stands out when it does. The signal was already there. Reading it takes a model that doesn't stop at the sign-in.
See the latest from Abnormal's product and engineering teams.
