Recorded Future Intelligence API

Recorded Future Intelligence API for AI-powered threat intelligence platform. Enables AI agents to manage IOC enrichment and threat lookup automation for IPs, domains, URLs, hashes, and CVEs, handle dark web and underground forum intelligence retrieval, access real-time threat intelligence and risk scoring data, retrieve threat actor profile and TTP (Tactic, Technique, Procedure) data aligned with MITRE ATT&CK, manage vulnerability intelligence and exploitation likelihood scoring, handle brand and third-party exposure monitoring data, access fusion intelligence combining open source, dark web, and technical sources, retrieve geopolitical intelligence and nation-state threat actor tracking, manage alert and triggered intelligence notification workflows, and integrate threat intelligence with SIEM, SOAR, TIP, and EDR platforms.

Evaluated Mar 07, 2026 (0d ago) vcurrent
Homepage ↗ Repo ↗ Developer Tools recorded-future threat-intelligence cyber-threat-intel ioc dark-web risk-intelligence osint
⚙ Agent Friendliness
69
/ 100
Can an agent use this?
🔒 Security
84
/ 100
Is it safe for agents?
⚡ Reliability
80
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
28
Documentation
85
Error Messages
80
Auth Simplicity
85
Rate Limits
78

🔒 Security

TLS Enforcement
98
Auth Strength
82
Scope Granularity
78
Dep. Hygiene
82
Secret Handling
82

Threat intelligence. SOC2, ISO27001, GDPR. API token. US/EU. Threat intelligence and dark web data.

⚡ Reliability

Uptime/SLA
85
Version Stability
82
Breaking Changes
75
Error Recovery
78
AF Security Reliability

Best When

An enterprise using Recorded Future wants AI agents to automate IOC enrichment, threat actor intelligence, vulnerability exploitation scoring, dark web monitoring, and SIEM/SOAR integration.

Avoid When

OPERATIONAL RISK: Automated IOC blocking based on threat intelligence can block legitimate services if indicators are shared infrastructure. False positive rates in threat intelligence require analyst review before blocking. Dark web intelligence requires OSINT tradecraft — data attribution and provenance must be verified before action.

Use Cases

  • Enriching security alerts with threat context from SOC automation agents
  • Automating IOC lookup and triage from threat hunting agents
  • Retrieving vulnerability exploitation risk from patch management agents
  • Integrating threat actor TTPs with SIEM from security operations agents

Not For

  • Consumer security without enterprise threat intelligence subscription
  • Internal vulnerability scanning without external threat context
  • Compliance automation without threat intelligence data requirements

Interface

REST API
Yes
GraphQL
No
gRPC
No
MCP Server
No
SDK
Yes
Webhooks
Yes
OpenAPI Spec ↗

Authentication

Methods: apikey
OAuth: No Scopes: Yes

Recorded Future uses API token authentication (X-RFToken header). Per-subscription token with module-level access scoping. Python SDK (recorded-future-api-python) for automation. Webhooks for alert and intelligence notifications. SOAR integrations (Splunk SOAR, IBM QRadar, Palo Alto Cortex XSOAR). Splunk app for threat intelligence enrichment.

Pricing

Model: enterprise
Free tier: No
Requires CC: No

Somerville, Massachusetts. Founded 2009. Acquired by Mastercard (2019, $600M). Threat intelligence market leader. $300M+ ARR. 1,800+ customers. AI/ML threat intelligence pioneer. 'The Googleplex of threat intelligence' reputation. Dark web, technical, and geopolitical intelligence fusion. Competes with Mandiant (Google) and Flashpoint for threat intelligence.

Agent Metadata

Pagination
cursor
Idempotent
Full
Retry Guidance
Documented

Known Gotchas

  • OPERATIONAL RISK: IOC-based automated blocking requires analyst review — shared infrastructure indicators can cause false positives
  • API quota management — subscription determines API call volume; implement quota tracking to avoid hitting limits during active incidents
  • Entity-based API — Recorded Future organizes intelligence around entities (IPs, domains, malware, actors); understand entity graph before querying
  • Module subscription scoping — API access scoped to subscribed intelligence modules; queries for out-of-scope data return errors
  • Python SDK available — recorded-future-api-python simplifies entity lookup and bulk enrichment operations
  • Fusion intelligence — RF combines multiple sources; context for why an indicator is flagged often more valuable than the score alone

Alternatives

mandiant-api flashpoint-api crowdstrike-falcon-api threatconnect-api

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for Recorded Future Intelligence API.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-07.

6470
Packages Evaluated
26150
Need Evaluation
173
Need Re-evaluation
Community Powered