Predict is our annual, community-led conference where global threat intelligence leaders converge to share insights and collaboratively tackle the most pressing challenges in cybersecurity. Recently, we wrapped up events in New York City and London that focused heavily on drawing connections between intelligence and its impact on the cybersecurity landscape. Presenters fervently urged attendees to make precision intelligence central to their operations, enabling them to not only comprehend the threats that matter but also actively outmaneuver those threats.
“The future of intelligence is not just about seeing more threats,” stated Colin Mahony, CEO of Recorded Future. “There’s always going to be more threats. It’s about stopping them. Automatically. Every. Single. Time.”
Read on for our top 10 takeaways from Predict 2025, highlighting key strategies and insights shared at this year’s event.
Takeaway #1: Proactive Defense Requires Knowing Your Adversary
Throughout various sessions led by industry leaders such as Jack Watson from Global Payments and Steve Range and Patrick Davey from Mastercard, a key theme emerged: successful organizations are profiling threat actors, tracking the evolution of attack campaigns, and simulating adversary behaviors to inform their defenses.
“Analysts are only as strong as their toolsets,” shared Watson. He highlighted how the Recorded Future Platform enhances any analyst’s capability to detect and mitigate malicious activities. By utilizing tools such as custom Alerts and the malware sandbox, his team can create a comprehensive visualization of adversary behavior. “When you put all the adversary activity in a single visualization,” Watson explained, “you can start to observe interesting patterns that lead to actionable hypotheses.”
Range and Davey presented Mastercard’s adversary emulation program, which mirrors threat actors’ tactics and assesses the efficacy of different security controls. “It’s easier to play defense if you’ve seen the offense’s plays before,” remarked Range. This comprehensive approach allows for a refined method of writing detections, empowering teams to defend proactively.
Looking to translate signals into invaluable stories? Understanding the actor behind an alert can significantly expedite triage, facilitate precise response, and enhance prioritization. Explore Recorded Future Threat Intelligence.
Takeaway #2: Third-Party Risk Management Needs to be a Living, Breathing Intelligence Workflow
The era of static risk assessments is over. As Mastercard’s Kelly White and Recorded Future’s Jerry Hodge emphasized, risks from third-party vendors fluctuate daily due to vulnerabilities, cloud misconfigurations, and geopolitical shifts. With a staggering 30% of breaches linked to third-party vendors, organizations must abandon compliance-driven, point-in-time approaches that no longer suffice.
The duo explained that organizations need an intelligence-driven framework to effectively monitor third-party risks in real-time. Eager to pivot from audits to action? Adopting continual threat intelligence can be the key to managing the complexities of today’s digital environments. Explore Recorded Future Third-Party Intelligence.
Takeaway #3: AI Isn’t Replacing Analysts—It’s Empowering Them
One of the central discussions at Predict was the evolution of threat intelligence from manual triage tasks to AI-driven decision-making. Each session illustrated how AI tools can enhance analysts’ effectiveness without overshadowing human judgment. Robert Moody from The Home Depot noted that while AI outpaces human response speeds, it should complement rather than replace human capabilities.
“The ideal situation involves humans defining remediation and risk-scoring strategies,” he explained. This collaborative approach allows analysts to remain crucial decision-makers while leveraging AI for scalability. Grammarly’s Igor Tarpan and Erich Harbowy echoed this sentiment, explaining how their adaptive systems enable proactive threat hunting while keeping humans in the loop.
Prepared to enhance your analytical capabilities? AI should amplify analysts’ throughput without overriding their judgment. Learn more about Recorded Future AI.
Takeaway #4: The “Noise” Your SOC Ignores May Be Your Next Breach Warning
Sanjay Kumar of Landis + Gyr brought attention to an often-overlooked aspect of cybersecurity: blocked domains, phishing attempts, and low-severity alerts can yield valuable insights when analyzed collectively. “Together, enrichment and pattern recognition allow us to reveal the larger campaigns hidden in plain sight,” Kumar stated.
His team utilizes Recorded Future’s Collective Insights capabilities to construct a cohesive narrative from disparate data points. In an age where vulnerabilities can outnumber available resources, they emphasized the necessity of focusing not just on CVSS scores but rather on real-world exploitations. John Bock and Dr. Jared Smith from Recorded Future advocated for recognizing attackers’ reconnaissance methods and enhancing defenses accordingly.
How can you ensure you’re not overlooking crucial signals? Don’t dismiss the breadcrumbs; they could be your primary alert. Explore Recorded Future Attack Surface Intelligence.
Takeaway #5: Cross-Team Coordination is Critical
The Insights to Impact panel emphasized the extreme importance of aligning threat intelligence with operational workflows. Michelle McCluer of Mastercard illuminated the necessity of eliminating silos within organizations by uniting stakeholders across various departments. Mastercard’s Nexus program exemplifies this by fostering collaboration between business lines, threat assessment vendors, and other stakeholders.
“Intelligence without context is just information,” stated McCluer. By streamlining the integration of contextualized intelligence, organizations can respond directly to emerging risks while ensuring that threat intelligence is aligned with business outcomes.
Want your teams to break down barriers? Foster collaboration among internal stakeholders to facilitate swift intelligence sharing and effective incident response.
Takeaway #6: Cybercriminals’ PR Skills Can Be as Dangerous as Their Hacking Skills
In a captivating breakout session, Recorded Future’s Megan Keeling shared insights on how cybercriminals are honing their public relations tactics to positively influence their operational effectiveness. By engaging with the media and crafting a favorable narrative, they can manipulate negotiations and bolster their reputation, which sometimes dictates the ransom amount.
“Recognizing these PR tactics is essential in building resilience against such manipulations,” Keeling warned.
Looking to mitigate the impact of adversarial narratives? Shift focus from sensational claims to data-driven insights. Explore insights from the Insikt Group.
Takeaway #7: Collection Without Context is Just More Data
Chris Holden and Kathleen Kuczma from Recorded Future emphasized that merely collecting data is insufficient; what truly matters is the context in which that data is viewed. Their overview highlighted how enriched and prioritized intelligence translates into actionable insights relevant to an organization’s mission.
“Collective Insights aggregates and enriches detections, turning fragmented data into prioritized actions,” stated Kuczma, referencing successful case studies where organizations converted complex data into operational responses.
Eager to advance from mere collection to actionable insights? Seek intelligence that provides context, attribution, and operational next steps. Learn more about Recorded Future Collective Insights.
Takeaway #8: Threat Intelligence Isn’t Just Defense—It’s a Business Accelerator
Justin Klein Keane, an Associate Director in Cyber Threat Intelligence & Incident Response at CSL Behring, made a compelling case for aligning threat intelligence with business objectives. When cybersecurity teams demonstrate how threat intelligence contributes to protecting revenue or brand reputation, they transform their image from a mere cost center to a valuable asset in strategic planning.
“Root your initiatives in observable impacts,” advised Klein Keane. By developing priority intelligence requirements (PIRs) aligned with business risks, cybersecurity professionals can effectively showcase their value to organizational leadership.
Ready to harness threat intelligence as a strategic asset? Align your efforts with corporate objectives to foster both trust and enhanced operational agility. Explore Recorded Future Threat Intelligence with AI reporting.
Takeaway #9: Track Your Adversary to Protect Your Organization
As the landscape shifts, nation-state actors take a nuanced approach, often probing silently to establish footholds for espionage. Recorded Future’s Sveva Scenarelli and Kathleen Kuczma shed light on these RedMike (Salt Typhoon) campaigns, illustrating how network intelligence can identify systematic targeting of critical infrastructure.
“Our proprietary dataset allows us to monitor threat actors’ interactions in real-time, providing immense visibility into potential risks,” Scenarelli noted. Such proactive oversight can reveal adversaries’ reconnaissance efforts, enabling early intervention.
Curious about monitoring nation-state activity? Leverage Network Intelligence to gain insight into adversaries’ targeting behaviors and enhance your defenses. This service is available with Recorded Future’s SecOps and Threat Intelligence Modules.
Takeaway #10: Threats Don’t Sleep, and Neither Should Your Detection
As supply chains become increasingly intricate, your attack surface can extend far beyond immediate control. Adam Thimons from JPMorganChase shared insights on operationalizing threat intelligence within their vendor workflows to swiftly identify and manage risks.
Thimons noted that understanding your suppliers’ vulnerabilities is crucial. His team uses algorithms to assess cyber incident potential through intelligence overlay, allowing for better-targeted investigations.
Furthermore, Jon Miller and Laura Hoffman from Recorded Future presented a new paradigm for continuous threat detection—integrating human intelligence with autonomous systems to enable constant hunting for threats instead of relying solely on alerts.
The innovations they discussed aim to reduce manual workloads and facilitate real-time tracking of threat behaviors.
Ready to enhance your detection capabilities? Adopt an intelligence-driven approach that operates as continuously as the threats you face. Learn about Recorded Future Autonomous Threat Operations.
Advance Your Journey with Our Threat Intelligence Maturity Assessment
Our free assessment provides a thorough evaluation of your current capabilities, actionable next steps for enhancement, and resources tailored to your unique needs. Take the assessment today.
