What tech stack does Abnormal Security use?

Abnormal's backend is written primarily in Python and Go (Golang). The engineering blog documents a deliberate architecture evolution: the team migrated from a Python/Celery task queue model to Golang microservices and Apache Kafka for async event streaming, specifically to handle 100x scale growth in email volume without degrading detection latency. Python remains the primary language for ML model development, feature engineering, and data pipelines.

The data platform is built on AWS and runs Apache Spark for distributed batch processing and ML feature computation, Apache Kafka for real-time streaming of email telemetry, and Apache Airflow for workflow orchestration. DBT (data build tool) handles transformation in the warehouse layer. Storage spans PostgreSQL for relational data, OpenSearch/Elasticsearch for full-text and anomaly search, Redis for caching and session state, RocksDB for embedded key-value lookups at detection latency, and Amazon DynamoDB for high-throughput NoSQL access patterns. Databricks is referenced in job postings as a component of the ML training and experiment tracking platform.

This stack reflects Abnormal's core engineering philosophy: ingest at massive scale, compute behavioral baselines in near-real-time, and serve detection decisions with sub-second latency at the mail flow layer. The proprietary ML layer — custom NLP models, identity behavioral models, and content classifiers — is trained on billions of email signals and is Abnormal's deepest competitive moat. It is not a packaged ML product.

Abnormal's customer-facing portal is built on React with Redux for state management; job postings also reference Next.js and Django as the full-stack web layer. The portal is where security teams review detected threats, manage alert queues, investigate account compromise, and access posture and reporting dashboards. The frontend has evolved significantly as Abnormal expanded from a single-product email security tool to a multi-surface behavioral AI platform.

On GTM tooling, Abnormal is a Salesforce CRM shop — consistent with its enterprise motion at $200M+ ARR and the scale of its revenue operations. Slack is used internally for engineering collaboration and is also a product integration target (Abnormal sells Collaboration Security for Slack, meaning the team has deep Slack API expertise). The company has not publicly disclosed its marketing automation platform or sales engagement tooling, though its scale and enterprise motion suggest a mature stack likely including intent data, sales engagement, and account-based marketing platforms.

Note on detection methodology: all technologies listed have a real public signal from engineering blog posts, job postings, or product integration documentation. Technologies with only a single weak signal or inference without documentation are excluded.

Abnormal is a Python-first, AWS-native, Kafka-driven engineering organization with a strong internal build culture. They have constructed a proprietary ML pipeline, feature store, and detection engine rather than buying packaged ML platforms — which means pitches for off-the-shelf ML infrastructure or data processing tools face a high bar. Abnormal engineers will want to see clear, quantified ROI over their existing bespoke stack, and evaluations are technically rigorous.

However, Abnormal is an active buyer in categories adjacent to its core stack: cloud cost optimization (AWS spend at $200M+ ARR scale is material and growing), developer experience and observability tooling, security testing and pentesting, database management and performance, and MLOps. The migration from Python/Celery to Go/Kafka also suggests periodic re-platforming appetite — the team is not dogmatic about their stack when better solutions exist. If you sell into data engineering, MLOps, or cloud infrastructure, the Bengaluru R&D center and engineering leadership are the right entry points.

For GTM and sales technology, the CRO and RevOps leadership in San Francisco are the buyers. As the company prepares for IPO, it is also actively investing in financial planning and analysis tooling, investor relations platforms, and enterprise GRC software — categories where finance leadership (Lisa Banks) and legal (Jeff True) are the decision-makers.