Inside Recorded Future: Startup vibes, classic rock and the future of cybersecurity

Christopher Ahlberg was running on a treadmill in the basement of his home back in 2007 when he suddenly had a eureka moment.

He had been studying really big data sets for most of his life, but he then realized the “motherlode of all data sets” was staring at him for much of that time.

“The idea struck me — what about if instead of thinking about a data set being an Excel spreadsheet or an Oracle database, what about the internet itself as the data set?” he said.

This idea became the driving force for Recorded Future, a threat intelligence company that Ahlberg co-founded and has led as CEO. Mastercard acquired the company in December, and it will continue to operate as a separate entity. The Massachusetts company’s cybersecurity work, which involves meticulously digging through various corners of the internet, has become increasingly important over the last decade, as attacks are now more global, more frequent and more sophisticated.

For private companies, the potential damage from a cyberattack is “almost uncapped,” said Colin Mahony, Recorded Future’s president, as criminals today can steal money via ransomware attacks, harm an organization’s reputation through disinformation campaigns and snoop on facilities by hacking internet-connected cameras. “Even in a nation that’s not in a physical war,” Mahony added, “they would still tell you they are in a war. They’re in a cyberwar every day.”

But while protecting digital spaces is much harder than before, the good guys’ tools are becoming far more advanced, too. Recorded Future is one of the places where these tools are created and honed. I recently visited Recorded Future’s headquarters, housed in a simple, red-painted building on a quiet street in Somerville, a small city outside Boston. On its façade is a sign for a laundromat — a former tenant — giving the location the air of a superhero hideout.

I was there to see firsthand how this company’s workers comb the internet for clues and use that information to make the digital world a safer place. Moving forward, the new tie-up with Mastercard, which already provided cybersecurity and fraud-prevention services, creates the opportunity to strengthen threat intelligence for financial institutions, governments and businesses worldwide.

“The crossover between financial crime, fraud and cyber is just increasingly important for everybody,” Johan Gerber, head of Security Solutions at Mastercard, told a crowd of Mastercard employees after the acquisition was announced. “No matter which CEO you speak to, cyber will be one of the top three areas which they are concerned about.”

‘Who are you’

For the uninitiated, walking around the Recorded Future office can be disorienting, likely because the company took over different sections of the building over the years, making the space somewhat like a puzzle to solve. The motif is industrial-startup, with a free snack pantry, stickers of the company’s mascot, a shuffleboard set and a bookcase of tech awards set against a backdrop of poured concrete floors and bare brick walls. While I was there, classic rock hits — Bon Jovi, The Who, Jackson Browne — were often playing in the bullpen housing the strategy, sales and marketing teams.

There’s one room that makes no sense in this setup — a former recording studio created by a prior tenant that looks like someone’s living room, with wood-accented walls, a coffee table, floor lamps and a tan leather couch with throw pillows. According to company lore, the song “Stacy’s Mom” was recorded in that very spot.

I stopped by one of the conference rooms to meet with Amanda McKeon, on the client success team, to get a demo of Recorded Future’s threat intelligence platform, which Ahlberg often likens to a Bloomberg trading terminal for cyber intelligence. This platform is used by cybersecurity experts all over the world to thwart many of the most sophisticated and notorious cybercriminal groups.

Threat intelligence, by the way, is a flavor of cybersecurity and is exactly what it sounds like: identifying pieces of information, ranging from publicly available online sources to data that’s more difficult to reach and often used by cyber threat actors. That information is then analyzed and used to get ahead of a potential threat or fight a new one that’s already spreading. This intelligence can be something specific, like uncovering a suspicious domain name or malware signature, or something strategic, like understanding what threat actors are planning to do over the next year.

While there’s always been a need to research and plan for potential threats, Recorded Future pioneered the concept of threat intelligence by bringing that need into the digital age and creating a platform that can provide these insights quickly and on a global scale.

“We see that increasingly the attacks are getting worse and worse. The threat actors don’t rest,” Christopher Wilke, head of cybersecurity operations at Merck KGaA, Darmstadt, Germany, a Recorded Future customer, recently said. “The tactics, techniques and procedures from the threat actors are really important for us to understand, because with that information we will be able to know exactly what these threat actors are targeting. You have to know your enemy.”

On a big screen in the conference room, McKeon showed me the Recorded Future dashboard, which included a slew of alerts, stats and headlines. She clicked through a side panel showing the company’s different services, including Brand Intelligence, which monitors if a new website is impersonating a company by using its name or logo, and Vulnerability Intelligence, which reviews a customer's tech providers for potential exploits. She then clicked into Geopolitical Intelligence and scrolled through a dashboard filled with dots, each signifying a potential threat, alert or Recorded Future report. She picked out a specific alert, noting how employees at an embassy in London would’ve received a notification that day about an unrelated public protest scheduled in their neighborhood.

In this way, a Recorded Future customer can have feelers stationed all over the place to keep tabs on what’s happening both in the real world and online, all in real time.

“That’s where the name Recorded Future came from,” Jamie Zajac, who leads the company’s product team, told me. “Record the past – you can predict the future.”

’Runnin’ down a dream’

That afternoon, I had chance to sit down with Ahlberg in the “Stacy’s Mom” room. During our hour together, he spoke quickly, darting between topics including big-data analysis, geopolitics and potential future cybersecurity risks, like hacking someone’s brain implant. At one point, as I was trying to keep up while taking notes, I pleaded, “hold on,” and he scoffed jokingly, “Hold on? I don’t hold on,” then waited patiently until he could launch into another rapid burst of ideas.

I asked him whether he was a math whiz growing up. “No, I’m not that smart. I’m not very smart at all. I can be fast,” he responded. “So, I make up in not being very smart by being very fast.”

Ahlberg, 56, was clean shaven with close-cropped gray hair, and he wore a dark sweater over a collared shirt and shiny penny loafers. He was born in Sweden, where his father was a sea captain and his mother a teacher. His computer science Ph.D. was about visualizing big data sets. Immediately after graduating in 1997, he moved to the U.S. and used that research to co-found his first startup, Spotfire, whose big-data analytics software was used for pharmaceutical drug discovery, financial analysis and supply chain management. It was acquired by Tibco, an enterprise software company, for $195 million in May 2007.

That very same month, soon after the acquisition, he told me how he had that eureka moment on his treadmill. The analytical engine he wanted to develop would need to ingest an enormous amount of information and then quickly interrogate and organize it, allowing a user to understand patterns and uncover bits of intelligence across the entire web. Such a tool would be “extremely powerful,” he thought, so he set out to build it without yet fully knowing how it would be used by customers.

A few years later, after filing patents and building out the platform, Recorded Future landed on using this tool for cybersecurity. In 2010, funding came in from Google and the CIA’s investment arm.

Recorded Future’s first customers were in government, but the company spread out from there, just as the internet was developing into both a hugely valuable source of information and a new battleground for criminals and scammers.

Today, Recorded Future’s customers are in financial services, telco, tech, media, manufacturing, health care and many national and local governments.

‘Livin’ on a prayer’

I asked Ahlberg what he saw as the future of cyber threats and intelligence.

“I like to say the last 25, 35 years, the world has slowly migrated onto the internet, and so the internet became a reflection of the world in some pretty incredible ways,” he said. “And I've been making the point that during the next 25 years, it actually flips, and the world becomes a reflection of the internet. And that's not such a comfortable thing to think about.”

As the digital and physical worlds merge, sussing out what’s true and what’s fake will be even more important. That means Recorded Future’s work will become even more critical.

In some ways, this outlook connected to Recorded Future’s relationship with Mastercard and how it’s evolved over several years. For example, last year the companies started working together to use generative AI techniques to speed the detection of compromised cards found on illegal websites.

Targeted use of threat intelligence like that can protect Mastercard’s network and its banking customers in new ways. “You should be able to build something pretty incredible,” Ahlberg said about building new connections between Recorded Future’s threat intelligence work and Mastercard’s payments platform. “So trying to match those two worlds together was, for me, something that could be very, very good.”

In a research piece published last year, Nilson Report echoed some of those sentiments, saying Recorded Future stood to benefit from Mastercard’s payments capabilities and global footprint. Meanwhile, Recorded Future will become another important part of Mastercard’s growing cybersecurity story, the researcher said, noting prior acquisitions to strengthen its data analytics, threat protection and identity tools.

“Sophisticated fraud driven by organized criminal networks assisted by generative AI is on the rise,” Nilson wrote, driving demand for the kind of work Recorded Future does every day.

With the acquisition completed, Ahlberg's drive to solve complex problems that others tell him are impossible is still palpable.

“I just love this stuff. You have guys ... whose whole mission is to stay secret and, in that, steal money and secrets — their whole sort of world lives around staying out of view. To be able to get to them,” he said, raising his eyebrows, “that's pretty enticing.”