Tech
The Security Interviews: Colin Mahony, CEO, Recorded Future | Computer Weekly
“I have always been a data and analytics person,” says Colin Mahony, CEO of Recorded Future. “It’s one of the things I love about Recorded Future: the incredible intelligence graph of data and that mission of using this intelligence to fight off the cyber threats we all know too much about.”
Indeed, the potential of those threat intelligence capabilities to help counter cyber threats was seen by Mastercard, which acquired Recorded Future for $2.65bn in 2024.
Mahony, who became Recorded Future’s CEO in September this year after initially joining as president in 2023, was in London for Predict Europe 2025, the company’s customer event in King’s Cross, one of the city’s major tech hubs.
The area is home to a range of tech startups and the European flagship offices of technology giants such as Meta and Google, with The Alan Turing Institute – the UK’s national institute for data science and artificial intelligence (AI) – is just a stone’s throw away. So, perhaps it’s no wonder that AI was top of mind for many of those attending the two-day event at King’s Place.
“The combination of AI and automation is really exciting for customers,” Mahony says. “We’re spending a lot of time making sure that we can augment and speed up the actions that are taken with threat intelligence, using automation and AI to push out the threats as quickly as possible.”
These tools automate the generation of personalised threat intelligence customers can use to detect and analyse threats or vulnerabilities in real time, helping them to secure their networks against cyber threats. However, the customer is still responsible for undertaking that remediation – Mahony believes that automating the updates might be a step too far, at least for now, adding: “We still leave that to the customer – I don’t think people are fully comfortable automating everything.”
The rise of AI-powered cyber threats
But as with any new internet connected technology, cyber criminals are already exploiting AI tools to help facilitate attacks and scams. They also don’t need to think about data privacy or ethical considerations in how the tech is used – or abused.
“The bad guys are definitely using this. They’re unconstrained in how they’re using it – and it’s almost zero cost for them to have some very sophisticated capabilities to pretend they’re someone else or run interactive programs to break into things,” says Mahony.
One example of attackers exploiting AI is what he describes as “a huge uptick in synthetic identity” particularly from North Korea. These campaigns see North Korean citizens – at the behest of the regime in Pyongyang – exploiting AI tools to apply for remote jobs at technology suppliers, cryptocurrency firms and even cyber security companies. Not only do they use AI to help send off CVs and covering letters for their initial applications, they’re also using live deepfake technology to alter their image and voice on video calls to hide who they really are.
“They need these synthetic identities to get jobs and money. They also want to use these identities to get into places and exfiltrate information,” says Mahony.
But where nation-state cyber threat operations go, cyber criminal groups don’t take long to follow – and they’re already abusing AI to illicitly make money. Just look at how cyber criminals have exploited deepfakes to pose as company executives steal millions with wire fraud, or using voice cloning to pose as high-profile individuals to facilitate scams against the general public.
“The commoditisation of these tools is already happening. You don’t necessarily need the backing or purse of a nation-state – you can do it with tools that are almost free to use,” says Mahony.
But while malicious cyber attackers can – and do – exploit the latest technologies to conduct campaigns, Mahony points out how so many hacks scams still occur through tried and tested tools, techniques and procedures – particularly those targeting cloud-based services and login credentials.
“When we look at corporate credentials that are exposed, when you trace back where the exposure occurred, most often it comes from the home computer of the person, which isn’t up-to-date with security,” he says.
It could be as simple as someone using their personal laptop to quickly check emails. But their personal computer isn’t likely to have security controls which are as strong as those on their corporate device, making it less difficult for them to accidentally follow a phishing link or install malware. But that’s something which could compromise the whole company.
“There’s nothing intentional about it, but someone made a decision about what to do and that decision might have compromised the information,” adds Mahony.
The importance of getting cyber security basics right
Mahony recommends that organisations should follow standard cyber security procedures to ensure their accounts, employees, customers and partners are defended against cyber threats.
“Sometimes, people forget about the basics – but you’ve got to do those things,” he says. “Turn on two-factor authentication for everything – there should be nothing you’re logging into without it.”
Mahony also stresses the importance of regularly making backups of critical data and storing it offline: “It seems so basic, but if you have a clean backup, if you get attacked with ransomware, then you have your data – you can still operate.”
“2025 has been the year of the mid-market ransomware. It’s not all these big companies that you hear about – the ransomware gangs have gone after mid-market and lower market victims”
Colin Mahony, Recorded Future
Ransomware has remained a major cyber security issue throughout 2025 with significant incidents affecting major companies including Marks & Spencer and Jaguar Land Rover. But while these attacks against well-known corporations have created headlines – and had significant economic impacts – Mahony argues that more attention needs to be focused on ransomware attacks against smaller targets.
“2025 has been the year of the mid-market ransomware. It’s not all these big companies that you hear about – the ransomware gangs have gone after mid-market and lower market victims, extorting them, even for lower amounts of money,” he says.
While these attacks might not be as lucrative as “big-game hunting” campaigns, they still cause significant damage and disruption. Smaller businesses could be more tempted to pay a ransom, because the alternative is going out of business. Mahony expects this trend to continue into 2026. “I think we will see more of these attacks,” he warns.
Defending networks and keeping unauthorised intruders from breaking in is understandably a key focus of cyber security. But with attackers increasingly turning to social engineering and deepfakes to get hold of legitimate login credentials, detecting an active intrusion is getting harder.
“There’s a realisation that the bad guys are already in,” says Mahony. “The next 12 months are going to be about working across environments and technologies to leverage autonomous capabilities to get ahead of it – to find what’s in the systems and to root them out.”
He believes playbooks should be prepared to help identify and remediate threats which are already inside the network. “One of the best things that organisations can do is run different exercises and drills. Every security team can run capture-the-flag exercises to find the threats and know what they’re going to do when there is a threat.”
Mahony argues that incident response isn’t something that the information security team alone should be prepared for – business operations and leadership should be involved to ensure that everyone knows their role in the event of a cyber attack as it could save the business.
“Running simulations and exercises to make sure the leadership organisation can function well can be the difference between a company that gets shut down or a company that keeps operating,” he says. “That’s not just a technology thing, it’s a ‘Do we have a properly functioning crisis capability?’ thing. It’s great to practice this for cyber attacks – but if you do practice that, it’s great practice for any crisis management situation you may encounter. Every organisation should do that.”
The world’s top AI research conference, the Conference on Neural Information Processing Systems—better known as NeurIPS—became the latest organization this week to become embroiled in a growing clash between geopolitics and global scientific collaboration. The conference’s organizers announced and then quickly reversed controversial new restrictions for international participants after Chinese AI researchers threatened to boycott the event.
“This is a potential watershed moment,” says Paul Triolo, a partner at the advisory firm DGA-Albright Stonebridge who studies US-China relations. Triolo argues that attracting Chinese researchers to NeurIPS is beneficial to US interests, but some American officials have pushed for American and Chinese scientists to decouple their work—especially in AI, which has become a particularly sensitive topic in Washington.
The incident could deepen political tensions around AI research, as well as dissuade Chinese scientists from working at US universities and tech companies in the future. “At some level now it is going to be hard to keep basic AI research out of the [political] picture,” Triolo says.
In its annual handbook for paper submissions, issued in mid-March, NeurIPS organizers announced updated restrictions for participation. The rules stated that the event could not provide services including “peer review, editing, and publishing” to any organizations subject to US sanctions, and linked to a database of sanctioned entities. It included companies and organizations on the Bureau of Industry and Security’s entity list and those on another list with alleged ties to the Chinese military.
The new rules would have affected researchers at Chinese companies like Tencent and Huawei who regularly present work at NeurIPS. The database also includes entities from other countries such as Russia and Iran. The US places limits on doing business with these organizations, but there are no rules around academic publishing or conference participation.
The NeurIPS handbook has since been updated to specify that the restrictions apply only to Specially Designated Nationals and Blocked Persons, a list used primarily for terrorist groups and criminal organizations.
“In preparing the NeurIPS 2026 handbook, we included a link to a US government sanctions tool that covers a significantly broader set of restrictions than those NeurIPS is actually required to follow,” the event’s organizers said in a statement issued Friday. “This error was due to miscommunication between the NeurIPS Foundation and our legal team.”
Before they reversed course, the conference organizers initially said that the new rule was “about legal requirements that apply to the NeurIPS Foundation, which is responsible for complying with sanctions,” adding that it was seeking legal consultation on the issue.
Immediate Backlash
The new rule drew swift backlash from AI researchers around the world, particularly in China, which produces a large quantity of cutting-edge machine learning papers and is home to a growing share of the world’s top AI talent. Several academic groups there issued statements condemning the measure and, more importantly, discouraging Chinese academics from attending NeurIPS in the future. Some urged Chinese academics to contribute instead to domestic research conferences, potentially helping increase the country’s influence in relevant science and tech fields.
The China Association of Science and Technology (CAST), an influential government-affiliated organization for scientists and engineers, said Thursday that it would stop providing funding for Chinese scholars traveling to attend NeurIPS and would use the money instead to support domestic and international conferences that “respect the rights of Chinese scholars.”
CAST also said it will no longer count publications at the 2026 NeurIPS conference as academic achievements when evaluating future research funding. It’s unclear if the organization will reverse course now that NeurIPS has walked back the new rule.
Handala’s second claim, however—that it hacked the FBI—seems, for now, to be fiction. All evidence points to Handala having breached Patel’s older, personal Gmail account. Widely believed to be a “hacktivist” front for Iran’s intelligence agency the MOIS, Handala suggested on its website that the emails contained classified information, but the messages initially reviewed by WIRED didn’t appear to be related to any government work. TechCrunch did find, however, that Patel appears to have forwarded some emails from his Justice Department email account to his Gmail account in 2014.
Handala, which cybersecurity experts have described to WIRED as an “opportunistic” hacker group whose cyberattacks and breaches are often calculated more for their propaganda value than their tactical impacts, has nonetheless made the most of Patel’s embarrassing breach. “To the whole world, we declare: the FBI is just a name, and behind this name, there is no real security,” the group wrote in its statement. “If your director can be compromised this easily, what do you expect from your lower-level employees?”
Handala Hackers Put $50 Million Bounty on Trump and Netanyahu’s Heads
For further evidence of Handala’s bombastic rhetoric, look no further than another post on its website earlier this week (we’re intentionally not linking to it) that offered a $50 million bounty to anyone who could “eliminate” US president Donald Trump and Israeli prime minister Benjamin Netanyahu. “This substantial prize will be awarded, directly and securely, to any individual or group bold enough to show true action against tyranny,” the hackers’ statement read, along with an invitation to any would-be assassins to reach out via the encrypted messaging app Session. “All our communication and payment channels utilize the latest encryption and anonymization technologies, your safety and confidentiality are fully guaranteed.”
That bounty, Handala explained, was posted in answer to a statement about Handala published on the US Department of Justice website last week that offered $10 million for information leading to the identity or location of anyone who carries out “malicious cyber activities against US critical infrastructure” on behalf of a foreign government.
“Our message is clear: If you truly have the will and the power, come and find us!” Handala wrote in its response. “We fear no challenge and are prepared to respond to every attack with even greater force.”
In yet another post on its website this week, Handala also claimed to have doxed 28 engineers at military contractor Lockheed Martin working in Israel and threatened them with personal harm if they didn’t leave the country within 48 hours. When WIRED tried calling the phone numbers included in Handala’s leaked data, however, most of them didn’t work.
Apple says no device with its Lockdown Mode security feature enabled has ever been successfully compromised by mercenary spyware in the nearly four years since its launch. Amnesty International’s security lab head, Donncha Ó Cearbhaill, also says his team has seen no evidence of a successful attack against a Lockdown Mode–enabled iPhone. And Citizen Lab, which has documented several successful spyware attacks against iPhones, says none involve a Lockdown Mode bypass, while in two cases its researchers found the feature actively blocked attacks against NSO Group’s Pegasus and Intellexa’s Predator. Google researchers, meanwhile, found one spyware strain that simply abandons infection attempts when it detects the feature is enabled.
Lockdown Mode works by disabling commonly exploited iPhone features, such as most message attachment types and features like links and link previews. Incoming FaceTime calls are blocked unless the user has previously called that person within the past 30 days. When the iPhone is locked, it blocks connections with computers and accessories. The device will not automatically join nonsecure Wi-Fi networks, and 2G and 3G support is disabled. Apple has also doubled bounties for researchers who detect any Lockdown Mode bypass, with payouts up to $2 million.
Looking for an all-in-one soundbar that sounds as big as it looks? Sennheiser’s Ambeo Max uses its oversized body to produce beefy, enveloping sound, and right now you can grab it for just $2,000 at Best Buy, a sizable $1,000 markdown from the usual list price. It’s one of our favorite standalone premium soundbars, particularly if you don’t want to deal with an exterior subwoofer but still want bigger bass than you’re likely to find on smaller options.
While it might be a bit larger than your average soundbar, Sennheiser uses the space well, packing a ton of functionality and drivers into the less-than-compact body. There are both full-range and 1-inch tweeters combined in every conceivable direction, and the result is an impressive reproduction of true spatial audio, something few other standalone bars can claim. As a result, it also has an impressive low-end, with bass that doesn’t rival dedicated subwoofers, but comes really close for how much simpler the setup process will be.
The larger footprint also allows for a huge number of inputs, more than you’re likely to find on those tiny soundbars that slide under your screen. In addition to an HDMI 2.1 output with eARC, you’ll get three HDMI inputs with 4K pass-through at 60Hz, USB, Ethernet, and optical audio. There are even RCA ports in case you want to hook this up to your turntable. There’s also a dedicated subwoofer output, in case you decide you want to add one to your setup down the road, giving you a ton of options should you decide to put the Ambeo Max at the center of your home audio setup.
Ready to make the move to a bigger, better soundbar? Swing on over to Best Buy to grab this hefty discount on the Sennheiser Ambeo Max, or check out our guide to the best premium soundbars for some of our other favorite picks. If you’re just out looking for a great deal in general, the Amazon Big Spring Sale is underway, and we’ve got a dedicated post with all the best discounts on everything from smartwatches to water bottles.
EU gains meet a harsh reality in India: War, rupee, energy shock
Hainan free trade port crosses $11.6 bn trade in 100 days
Antonio Banderas opens up on ethnic stereotyping in Hollywood
-
Business1 week agoFlipkart group CFO to leave co amid IPO plans – The Times of India
-
Business1 week agoVideo: The Effects of High Oil Prices
-
Fashion7 days agoChina’s textile & apparel exports surge 17% to $50 bn in Jan-Feb 2026
-
Sports1 week agoRating Adidas’ 2026 World Cup away shirts: Argentina, Spain, Mexico and more
-
Fashion1 week agoThe hidden $1.62 war tax now embedded in every garment you source
-
Sports1 week agoAmerican Conference Commissioner Tim Pernetti thanks Trump for Army-Navy game executive order
-
Tech1 week ago
The Corsair 4000D RS PC Case Keeps Your System Cool
-
Tech1 week ago‘Uncanny Valley’: Nvidia’s ‘Super Bowl of AI,’ Tesla Disappoints, and Meta’s VR Metaverse ‘Shutdown’