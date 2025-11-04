“I have always been a data and analytics person,” says Colin Mahony, CEO of Recorded Future. “It’s one of the things I love about Recorded Future: the incredible intelligence graph of data and that mission of using this intelligence to fight off the cyber threats we all know too much about.”

Indeed, the potential of those threat intelligence capabilities to help counter cyber threats was seen by Mastercard, which acquired Recorded Future for $2.65bn in 2024.

Mahony, who became Recorded Future’s CEO in September this year after initially joining as president in 2023, was in London for Predict Europe 2025, the company’s customer event in King’s Cross, one of the city’s major tech hubs.

The area is home to a range of tech startups and the European flagship offices of technology giants such as Meta and Google, with The Alan Turing Institute – the UK’s national institute for data science and artificial intelligence (AI) – is just a stone’s throw away. So, perhaps it’s no wonder that AI was top of mind for many of those attending the two-day event at King’s Place.

“The combination of AI and automation is really exciting for customers,” Mahony says. “We’re spending a lot of time making sure that we can augment and speed up the actions that are taken with threat intelligence, using automation and AI to push out the threats as quickly as possible.”

These tools automate the generation of personalised threat intelligence customers can use to detect and analyse threats or vulnerabilities in real time, helping them to secure their networks against cyber threats. However, the customer is still responsible for undertaking that remediation – Mahony believes that automating the updates might be a step too far, at least for now, adding: “We still leave that to the customer – I don’t think people are fully comfortable automating everything.”

The rise of AI-powered cyber threats But as with any new internet connected technology, cyber criminals are already exploiting AI tools to help facilitate attacks and scams. They also don’t need to think about data privacy or ethical considerations in how the tech is used – or abused. “The bad guys are definitely using this. They’re unconstrained in how they’re using it – and it’s almost zero cost for them to have some very sophisticated capabilities to pretend they’re someone else or run interactive programs to break into things,” says Mahony. One example of attackers exploiting AI is what he describes as “a huge uptick in synthetic identity” particularly from North Korea. These campaigns see North Korean citizens – at the behest of the regime in Pyongyang – exploiting AI tools to apply for remote jobs at technology suppliers, cryptocurrency firms and even cyber security companies. Not only do they use AI to help send off CVs and covering letters for their initial applications, they’re also using live deepfake technology to alter their image and voice on video calls to hide who they really are. “They need these synthetic identities to get jobs and money. They also want to use these identities to get into places and exfiltrate information,” says Mahony. But where nation-state cyber threat operations go, cyber criminal groups don’t take long to follow – and they’re already abusing AI to illicitly make money. Just look at how cyber criminals have exploited deepfakes to pose as company executives steal millions with wire fraud, or using voice cloning to pose as high-profile individuals to facilitate scams against the general public. “The commoditisation of these tools is already happening. You don’t necessarily need the backing or purse of a nation-state – you can do it with tools that are almost free to use,” says Mahony. But while malicious cyber attackers can – and do – exploit the latest technologies to conduct campaigns, Mahony points out how so many hacks scams still occur through tried and tested tools, techniques and procedures – particularly those targeting cloud-based services and login credentials. “When we look at corporate credentials that are exposed, when you trace back where the exposure occurred, most often it comes from the home computer of the person, which isn’t up-to-date with security,” he says. It could be as simple as someone using their personal laptop to quickly check emails. But their personal computer isn’t likely to have security controls which are as strong as those on their corporate device, making it less difficult for them to accidentally follow a phishing link or install malware. But that’s something which could compromise the whole company. “There’s nothing intentional about it, but someone made a decision about what to do and that decision might have compromised the information,” adds Mahony.