Recorded Future kicked off its Predict Global 2025 conference in the Big Apple (aka NYC) during the week of October 6, drawing about 500 attendees. Special guests, the “Saturday Night Live” duo of Colin Jost and Michael Che (of “Weekend Update” fame), stole the spotlight among all the cyber launches. 

Like every major cyber vendor event, the show opened with glitz, followed by mentions of the obligatory buzzwords: “AI” and “autonomous,” which were sprinkled throughout the keynote.

This blog provides a recap of the event, with key highlights and insights as well as a look ahead to the vendor’s Predict Europe 2025 event.

Autonomous Threat Operations: A Supplemental Layer To Tackle Feed Chaos

Enterprises drown in a sea of regulatory, commercial, and government threat feeds. Most of these generate more noise than actionable insight. Recorded Future hopes to change this with its Autonomous Threat Operations launch, which seeks to consolidate these disparate sources into a single, correlating, continuously updated intelligence graph. This isn’t a new platform; it’s an operational layer that sits atop existing deployments, powered by its Intelligence Graph.

The vendor promises contextualization at scale by pulling in data from across the organization, subsidiaries, tech stack, and integrations with tools such as Qualys, Tenable, and Microsoft as well as building a dynamic threat map. This will reduce noise by de-duplicating, validating, enriching, and prioritizing a variety of ingested feeds for teams overwhelmed by redundant feeds.

The launch also introduces custom risk lists to define requirements, apply temporal factors, assess geographic relevance, and align threats dynamically with evolving business priorities. The caveat: While continuous validation/correlation without added overhead is impressive, the real test for prioritization algorithms is to consistently deliver without creating bias and blind spots.

Intelligence prioritization also gets an upgrade with a promise of deeper customization and accuracy. This can reduce risk if it dynamically and accurately aligns detections with your attack surface, industry threats, and known vulnerabilities. The promise will be met if it delivers fewer irrelevant alerts, faster triage, and better resource allocation. If it only tweaks scoring logic, it’s incremental tuning at best, thus being a cosmetic rather than a transformative upgrade.

Inching Toward Autonomy, One Advanced Automation At A Time

Recorded Future is doubling down on the term “autonomous” with the launch of Autonomous Threat Hunting.

Autonomous Threat Hunting is an agent that runs tailored hunts across your logs and security stack and lets you create Sigma rules. This is a good first step but far from true autonomy. Running searches with captured indicators and artifacts is useful, but true autonomy requires the ability to interpret TTPs and apply relevant search logic across diverse telemetry types and fields. This assumes that the agent can handle multiple query languages across vendors, a challenge that remains unsolved in today’s market.

While this aims to cut the cost of operationalizing intelligence, the vendor provided little clarity on its testing/validation mechanisms, which is critical when dealing with such nondeterministic technology. These launches show promise, but autonomy isn’t magic. Without addressing these prerequisites, autonomy risks never becoming anything but a buzzword.

Vanity Metrics And The Art Of Threat Intel Justification

Recorded Future also launched intelligence impact, a feature designed to answer subjective and difficult questions, such as:

  • Is your team producing the right intelligence?
  • Is it operationalized effectively?
  • What’s the ROI?

Beyond that, it helps bridge security and business with support for executive summaries, compliance documentation, and performance metrics.

The purpose of any metric is to drive decisions and not to validate actions/assumptions. Calculating ROI for threat intelligence often leans on hypothetical figures that add little value. Additionally, if reporting adds overhead instead of clarity, adoption will stall. Instead, enterprises should focus on:

  • Outcome-driven KPIs: Success must be measured by how intelligence improves detection, response, and risk posture.
  • Integration with workflows: If reporting doesn’t tie back to operational processes, it becomes shelfware.

For example, if the cost of a department is $100 million and threat intel costs $2 million, that’s already a strong return without any ROI calculations. The real priority is tracking how intelligence translates into decisions and strengthens security programs.

One Platform, Two Promises: Brand Protection And Supply Chain Risk Redefined

Recorded Future’s 2026 roadmap includes two new digital risk protection (DRP) capabilities and a supply chain intelligence upgrade:

  • The malicious website playbook goes beyond traditional typosquat detection. Instead of just spotting look-alike domains, it scans the entire internet for sites impersonating your brand whether through similar domains, cloned pages, or malicious use of logos using HTML content analysis. The challenge here is scale and accuracy, as false positives cripple efficiency.
  • A DRP operations hub will be available to operationalize DRP intelligence. Its headline feature is AI-driven alert triage, designed to filter brand misuse alerts using customer-provided context. This is coupled with its automatic takedowns, simplified configuration management, and enhanced reporting, which are helpful but are not yet revolutionary. AI-driven alert triage aims to increase efficiency for these tasks, but customers should evaluate this based on effectiveness and not just efficiency. If AI-driven triage becomes a black box, it risks failing on both fronts: accuracy won’t improve materially, and manual validation will negate any promised efficiency gains.
  • Supply chain intelligence will unite RiskRecon with Recorded Future. This will give customers a holistic view as RiskRecon provides cyber hygiene ratings for over 13 million companies while Recorded Future adds continuous monitoring, dark web exposure alerts, and vulnerability tracking. Success depends on timely and accurate data correlation. Misaligned or context-lacking signals will leave customers with fragmented risk insights.

Let’s Connect

Forrester clients who have questions about this topic or anything related to threat intelligence can book an inquiry or guidance session with me.

Join us at Forrester’s Security & Risk Summit from November 5–7 in Austin, Texas. I’ll be leading a panel and a roundtable on AI for threat intelligence. Check out the full agenda to learn more about other sessions.