How Canva Uses Recorded Future to Outmaneuver Bad Actors and Safeguard Millions of Customers

Recorded Future provides Canva with a high-quality source of rich, flexible threat intelligence that speeds detection, informs strategy, and maintains a proactive defense as the business scales globally.

As one of the world's fastest-growing design platforms serving millions of users, Canva faces a unique security challenge: protecting massive amounts of personal data and creative content while preventing platform misuse—all with a lean security team. To stay ahead of increasingly sophisticated threats during their period of hyper-growth, Canva's security leadership knew they needed more than reactive defenses. They needed a comprehensive threat intelligence solution that could scale with their business, automate routine tasks, and empower their small team to proactively detect and neutralize risks before they impact users. Recorded Future became that solution, transforming how Canva anticipates, investigates, and responds to emerging threats across their expanding global attack surface.

Goal

Building a scalable, threat-intelligence-driven cybersecurity program to safeguard a graphic design platform trusted by millions of users.

Challenge

Managing a rapidly expanding attack surface and increasingly sophisticated threats during a period of global hyper-growth.

Outcomes

• Proactive detection stops risks before they escalate
• Time saved from using a comprehensive, unified threat intelligence platform leaves more time for analysis
• Increased scalability of threat intelligence without increasing headcount

Challenge

Securing a rapidly expanding global platform

When Jasmina Zito joined Canva, the company was growing at an unprecedented pace. Along with more opportunities, this hyper-growth brought more risks and a need for enterprise-grade defenses.

“Canva has millions of users and countless personal designs, documents, and user profiles,” Zito says. “Customers trust us with that data, so we work hard to protect it.”

Beyond data theft, bad actors could misuse Canva’s tools for malicious purposes or nefarious activities. As the threat landscape continues to expand, Canva’s lean security team has a larger footprint to protect.

“Our platform empowers people to design anything they want,” Zito adds. “We need to be sure it’s used to create the right things — not materials that could be used to further attacks.”

Reactive security wasn’t enough for such a massive task. Canva needed a more integrated, threat-intelligence-driven approach to understand the best ways to outmaneuver attackers.

Solution

A new nerve center for threat detection

Canva chose the Recorded Future Intelligence Cloud, primarily because the team was impressed by the platform’s depth, breadth, and quality of threat intelligence.

“The Platform offers greater flexibility through various data sources, which means we can build out a bunch of different use cases,” Zito explains. “Whether monitoring cybercrime forums or looking at technical data feeds, we can get started much quicker.”

A threat intelligence platform is the central aggregator of all your data streams, so a seamless integration with Canva’s existing Threat Intelligence Platform (TIP) was equally critical.

“With Recorded Future, we can pull commercial feeds, open-source intel, and alerts into one place to contextualize our work and focus on what matters most,” Zito adds.

Real-time threat intelligence and incident response

The team quickly put Recorded Future to work continuously monitoring the external threat landscape. It offers the Canva team immediate context about suspicious activity.

“Recorded Future helps us be more proactive by empowering our threat intelligence team to monitor for the latest trends,” Zito says. “With all that data curation done by Recorded Future, we can focus on analyzing and answering the big questions.”

The Platform supports both tactical operations and strategic initiatives. Automated feeds inform SOC workflows and detections, while analysts conduct ad-hoc research, develop threat-hunting packages, and validate detections.

“Recorded Future provides a solid foundational base that we can then put the Canva lens on and ship over to our threat hunting team,” Zito says.

Automated threat tracking

Canva creates Watch Lists for vendor products or technologies used and builds rules around them. These Watch Lists are far more efficient than keyword searches when identifying threats like brand impersonation and phishing activity.

“As things change over time and we integrate new technologies, we just update the Watch List and automations handle the rest. The value from this was pretty much immediate,” Zito says.

Recorded Future also caches volatile content from dark-web forums and GitHub, preserving evidence even if it disappears from the internet. The cached information ensures the team can get a comprehensive picture of specific threats during investigations.

Integrations and automations make trendspotting easy

Recorded Future is integrated into Canva’s daily workflows, making it easier for the team to catch patterns and generate trend reports that guide strategic recommendations for defense.

If a Watch List shows attacks targeting a specific technology, the team can go straight to the relevant threat Intelligence Card. There, the activity is already contextualized with MITRE ATT&CK TTPs and related entities. Over time, they can track trends, update Watch Lists, and use that insight to guide internal tests.

Further integrations with Canva’s TIP have automated routine tasks, freeing analysts to spend more time on high-priority activities.

“When data gets pulled into our TIP, we validate and curate it, then decide which security tools we want to send it to based on automations we’ve set up. For example, a malware hash is contextualized, analyzed, and automatically routed to our EDR solution or alerting rules, saving the team a lot of time,” Zito says.

While automations handle routine detections, Zito uses Recorded Future to support ongoing triage, gathering background intelligence for her team's investigations.

“I can jump into the platform, examine a risk area, and conduct ad hoc research with added context. This lets me build an accurate picture of what we need to address internally and provide clear recommendations to the business,” Zito says.

Results

A strong defense that catches emerging risks

Anyone can respond to security threats after they’ve become realities. Recorded Future gives Canva what they need to make their proactive vision a reality.

“With Recorded Future, we often see threats before they hit the news, giving us a critical head start,” Zito says. “Instead of wasting time manually shifting data around or jumping into disparate security platforms, Recorded Future aggregates that data so we can focus on business priorities and understand how threats affect us.”

Adopting Recorded Future means Canva doesn’t need to build a large team or cobble together expensive tools to protect themselves. They’ve scaled threat intelligence without adding additional headcount, and now their security measures can keep pace with business growth.

Strong security protects people, not just information. Canva is dedicated to being a force for good and empowering others, which means fortifying their defenses so their users can create freely and safely.