“I have always been a data and analytics person,” says Colin Mahony, CEO of Recorded Future. “It’s one of the things I love about Recorded Future: the incredible intelligence graph of data and that mission of using this intelligence to fight off the cyber threats we all know too much about.”
Indeed, the potential of those threat intelligence capabilities to help counter cyber threats was seen by Mastercard, which acquired Recorded Future for $2.65bn in 2024.
Mahony, who became Recorded Future’s CEO in September this year after initially joining as president in 2023, was in London for Predict Europe 2025, the company’s customer event in King’s Cross, one of the city’s major tech hubs.
The area is home to a range of tech startups and the European flagship offices of technology giants such as Meta and Google, with The Alan Turing Institute – the UK’s national institute for data science and artificial intelligence (AI) – is just a stone’s throw away. So, perhaps it’s no wonder that AI was top of mind for many of those attending the two-day event at King’s Place.
“The combination of AI and automation is really exciting for customers,” Mahony says. “We’re spending a lot of time making sure that we can augment and speed up the actions that are taken with threat intelligence, using automation and AI to push out the threats as quickly as possible.”
These tools automate the generation of personalised threat intelligence customers can use to detect and analyse threats or vulnerabilities in real time, helping them to secure their networks against cyber threats. However, the customer is still responsible for undertaking that remediation – Mahony believes that automating the updates might be a step too far, at least for now, adding: “We still leave that to the customer – I don’t think people are fully comfortable automating everything.”
The rise of AI-powered cyber threats
But as with any new internet connected technology, cyber criminals are already exploiting AI tools to help facilitate attacks and scams. They also don’t need to think about data privacy or ethical considerations in how the tech is used – or abused.
“The bad guys are definitely using this. They’re unconstrained in how they’re using it – and it’s almost zero cost for them to have some very sophisticated capabilities to pretend they’re someone else or run interactive programs to break into things,” says Mahony.
One example of attackers exploiting AI is what he describes as “a huge uptick in synthetic identity” particularly from North Korea. These campaigns see North Korean citizens – at the behest of the regime in Pyongyang – exploiting AI tools to apply for remote jobs at technology suppliers, cryptocurrency firms and even cyber security companies. Not only do they use AI to help send off CVs and covering letters for their initial applications, they’re also using live deepfake technology to alter their image and voice on video calls to hide who they really are.
“They need these synthetic identities to get jobs and money. They also want to use these identities to get into places and exfiltrate information,” says Mahony.
But where nation-state cyber threat operations go, cyber criminal groups don’t take long to follow – and they’re already abusing AI to illicitly make money. Just look at how cyber criminals have exploited deepfakes to pose as company executives steal millions with wire fraud, or using voice cloning to pose as high-profile individuals to facilitate scams against the general public.
“The commoditisation of these tools is already happening. You don’t necessarily need the backing or purse of a nation-state – you can do it with tools that are almost free to use,” says Mahony.
But while malicious cyber attackers can – and do – exploit the latest technologies to conduct campaigns, Mahony points out how so many hacks scams still occur through tried and tested tools, techniques and procedures – particularly those targeting cloud-based services and login credentials.
“When we look at corporate credentials that are exposed, when you trace back where the exposure occurred, most often it comes from the home computer of the person, which isn’t up-to-date with security,” he says.
It could be as simple as someone using their personal laptop to quickly check emails. But their personal computer isn’t likely to have security controls which are as strong as those on their corporate device, making it less difficult for them to accidentally follow a phishing link or install malware. But that’s something which could compromise the whole company.
“There’s nothing intentional about it, but someone made a decision about what to do and that decision might have compromised the information,” adds Mahony.
The importance of getting cyber security basics right
Mahony recommends that organisations should follow standard cyber security procedures to ensure their accounts, employees, customers and partners are defended against cyber threats.
“Sometimes, people forget about the basics – but you’ve got to do those things,” he says. “Turn on two-factor authentication for everything – there should be nothing you’re logging into without it.”
Mahony also stresses the importance of regularly making backups of critical data and storing it offline: “It seems so basic, but if you have a clean backup, if you get attacked with ransomware, then you have your data – you can still operate.”
“2025 has been the year of the mid-market ransomware. It’s not all these big companies that you hear about – the ransomware gangs have gone after mid-market and lower market victims”
Colin Mahony, Recorded Future
Ransomware has remained a major cyber security issue throughout 2025 with significant incidents affecting major companies including Marks & Spencer and Jaguar Land Rover. But while these attacks against well-known corporations have created headlines – and had significant economic impacts – Mahony argues that more attention needs to be focused on ransomware attacks against smaller targets.
“2025 has been the year of the mid-market ransomware. It’s not all these big companies that you hear about – the ransomware gangs have gone after mid-market and lower market victims, extorting them, even for lower amounts of money,” he says.
While these attacks might not be as lucrative as “big-game hunting” campaigns, they still cause significant damage and disruption. Smaller businesses could be more tempted to pay a ransom, because the alternative is going out of business. Mahony expects this trend to continue into 2026. “I think we will see more of these attacks,” he warns.
Defending networks and keeping unauthorised intruders from breaking in is understandably a key focus of cyber security. But with attackers increasingly turning to social engineering and deepfakes to get hold of legitimate login credentials, detecting an active intrusion is getting harder.
“There’s a realisation that the bad guys are already in,” says Mahony. “The next 12 months are going to be about working across environments and technologies to leverage autonomous capabilities to get ahead of it – to find what’s in the systems and to root them out.”
He believes playbooks should be prepared to help identify and remediate threats which are already inside the network. “One of the best things that organisations can do is run different exercises and drills. Every security team can run capture-the-flag exercises to find the threats and know what they’re going to do when there is a threat.”
Mahony argues that incident response isn’t something that the information security team alone should be prepared for – business operations and leadership should be involved to ensure that everyone knows their role in the event of a cyber attack as it could save the business.
“Running simulations and exercises to make sure the leadership organisation can function well can be the difference between a company that gets shut down or a company that keeps operating,” he says. “That’s not just a technology thing, it’s a ‘Do we have a properly functioning crisis capability?’ thing. It’s great to practice this for cyber attacks – but if you do practice that, it’s great practice for any crisis management situation you may encounter. Every organisation should do that.”
