The Safety Interviews: Colin Mahony, CEO, Recorded Future
“I’ve at all times been an information and analytics particular person,” says Colin Mahony, CEO of Recorded Future. “It’s one of many issues I really like about Recorded Future: the unimaginable intelligence graph of knowledge and that mission of utilizing this intelligence to combat off the cyber threats everyone knows an excessive amount of about.”
Certainly, the potential of these risk intelligence capabilities to assist counter cyber threats was seen by Mastercard, which acquired Recorded Future for $2.65bn in 2024.
Mahony, who turned Recorded Future’s CEO in September this 12 months after initially becoming a member of as president in 2023, was in London for Predict Europe 2025, the corporate’s buyer occasion in King’s Cross, one of many metropolis’s main tech hubs.
The realm is house to a spread of tech startups and the European flagship places of work of know-how giants akin to Meta and Google, with The Alan Turing Institute – the UK’s nationwide institute for knowledge science and synthetic intelligence (AI) – is only a stone’s throw away. So, maybe it’s no surprise that AI was high of thoughts for a lot of of these attending the two-day occasion at King’s Place.
“The mix of AI and automation is de facto thrilling for purchasers,” Mahony says. “We’re spending a number of time ensuring that we are able to increase and velocity up the actions which are taken with risk intelligence, utilizing automation and AI to push out the threats as shortly as doable.”
These instruments automate the era of personalised risk intelligence prospects can use to detect and analyse threats or vulnerabilities in actual time, serving to them to safe their networks in opposition to cyber threats. Nonetheless, the client continues to be answerable for endeavor that remediation – Mahony believes that automating the updates could be a step too far, not less than for now, including: “We nonetheless depart that to the client – I don’t assume individuals are totally snug automating every part.”
The rise of AI-powered cyber threats
However as with all new web related know-how, cyber criminals are already exploiting AI instruments to assist facilitate assaults and scams. In addition they don’t want to consider knowledge privateness or moral issues in how the tech is used – or abused.
“The dangerous guys are positively utilizing this. They’re unconstrained in how they’re utilizing it – and it’s nearly zero value for them to have some very refined capabilities to faux they’re another person or run interactive packages to interrupt into issues,” says Mahony.
One instance of attackers exploiting AI is what he describes as “an enormous uptick in artificial identification” significantly from North Korea. These campaigns see North Korean residents – on the behest of the regime in Pyongyang – exploiting AI instruments to use for distant jobs at know-how suppliers, cryptocurrency companies and even cyber safety corporations. Not solely do they use AI to assist ship off CVs and protecting letters for his or her preliminary functions, they’re additionally utilizing stay deepfake know-how to change their picture and voice on video calls to cover who they are surely.
“They want these artificial identities to get jobs and cash. In addition they wish to use these identities to get into locations and exfiltrate info,” says Mahony.
However the place nation-state cyber risk operations go, cyber prison teams don’t take lengthy to comply with – and so they’re already abusing AI to illicitly earn money. Simply take a look at how cyber criminals have exploited deepfakes to pose as firm executives steal hundreds of thousands with wire fraud, or utilizing voice cloning to pose as high-profile people to facilitate scams in opposition to most people.
“The commoditisation of those instruments is already taking place. You don’t essentially want the backing or purse of a nation-state – you are able to do it with instruments which are nearly free to make use of,” says Mahony.
However whereas malicious cyber attackers can – and do – exploit the most recent applied sciences to conduct campaigns, Mahony factors out how so many hacks scams nonetheless happen by tried and examined instruments, methods and procedures – significantly these concentrating on cloud-based providers and login credentials.
“Once we take a look at company credentials which are uncovered, whenever you hint again the place the publicity occurred, most frequently it comes from the house laptop of the particular person, which isn’t up-to-date with safety,” he says.
It might be so simple as somebody utilizing their private laptop computer to shortly examine emails. However their private laptop isn’t more likely to have safety controls that are as sturdy as these on their company machine, making it more easy for them to by accident comply with a phishing hyperlink or set up malware. However that’s one thing which may compromise the entire firm.
“There’s nothing intentional about it, however somebody decided about what to do and that call may need compromised the data,” provides Mahony.
The significance of getting cyber safety fundamentals proper
Mahony recommends that organisations ought to comply with commonplace cyber safety procedures to make sure their accounts, workers, prospects and companions are defended in opposition to cyber threats.
“Generally, individuals overlook concerning the fundamentals – however you’ve obtained to do these issues,” he says. “Activate two-factor authentication for every part – there must be nothing you’re logging into with out it.”
Mahony additionally stresses the significance of commonly making backups of crucial knowledge and storing it offline: “It appears so fundamental, however when you’ve got a clear backup, should you get attacked with ransomware, then you could have your knowledge – you’ll be able to nonetheless function.”
“2025 has been the 12 months of the mid-market ransomware. It’s not all these large corporations that you just hear about – the ransomware gangs have gone after mid-market and decrease market victims”
Colin Mahony, Recorded Future
Ransomware has remained a significant cyber safety problem all through 2025 with vital incidents affecting main corporations together with Marks & Spencer and Jaguar Land Rover. However whereas these assaults in opposition to well-known companies have created headlines – and had vital financial impacts – Mahony argues that extra consideration must be centered on ransomware assaults in opposition to smaller targets.
“2025 has been the 12 months of the mid-market ransomware. It’s not all these large corporations that you just hear about – the ransomware gangs have gone after mid-market and decrease market victims, extorting them, even for decrease quantities of cash,” he says.
Whereas these assaults won’t be as profitable as “big-game looking” campaigns, they nonetheless trigger vital injury and disruption. Smaller companies might be extra tempted to pay a ransom, as a result of the choice goes out of enterprise. Mahony expects this pattern to proceed into 2026. “I believe we are going to see extra of those assaults,” he warns.
Defending networks and preserving unauthorised intruders from breaking in is understandably a key focus of cyber safety. However with attackers more and more turning to social engineering and deepfakes to pay money for professional login credentials, detecting an lively intrusion is getting more durable.
“There’s a realisation that the dangerous guys are already in,” says Mahony. “The subsequent 12 months are going to be about working throughout environments and applied sciences to leverage autonomous capabilities to get forward of it – to seek out what’s within the techniques and to root them out.”
He believes playbooks must be ready to assist establish and remediate threats that are already contained in the community. “Probably the greatest issues that organisations can do is run totally different workouts and drills. Each safety workforce can run capture-the-flag workouts to seek out the threats and know what they’re going to do when there’s a risk.”
Mahony argues that incident response isn’t one thing that the data safety workforce alone must be ready for – enterprise operations and management must be concerned to make sure that everybody is aware of their position within the occasion of a cyber assault because it may save the enterprise.
“Working simulations and workouts to ensure the management organisation can perform nicely will be the distinction between an organization that will get shut down or an organization that retains working,” he says. “That’s not only a know-how factor, it’s a ‘Do we have now a correctly functioning disaster functionality?’ factor. It’s nice to follow this for cyber assaults – however should you do follow that, it’s nice follow for any disaster administration state of affairs you could encounter. Each organisation ought to do this.”
