Scroll Top

Rubrik Forward 2026: Cyber Resilience in the Agentic Era

abstract-polygonal-padlock-hologram-on-blurry-new-2026-01-11-08-36-51-utc (1)

Cyber events are capital events. That was one of the strongest executive messages from Rubrik Forward 2026. A material cyber incident is not just an IT disruption; it can become a board, investor, disclosure, and market confidence issue in days. For executives whose compensation is often tied partly to equity performance, resilience is directly connected to enterprise value protection.

That context changes the recovery conversation. The goal is no longer limited to having backups or proving that data can be restored. Those capabilities are the foundation, not the finish line. The next phase is about whether organizations can recover the business, govern AI agents, and make trusted recovery decisions at machine speed.

Rubrik Forward made one thing clear: recovery can no longer be treated as an after-action process. It has to be designed, tested, governed, and continuously updated before the incident occurs.


From Backup to Agentic Cyber Resilience

Rubrik framed its strategy around agentic cyber resilience: the idea that cyber recovery platforms must reason, recommend, and act across data, identity, applications, infrastructure, and AI agents.

In the old model, backup software created copies and waited for an administrator to decide what to restore. In the agentic model, the platform understands business context, identifies clean recovery points, maps dependencies, recommends recovery plans, and helps orchestrate action. Human approval and oversight still matter, but the system does more of the analysis before the pressure of an active incident.

This is the right direction for enterprise recovery. During a cyber event, speed without trust is dangerous. Restoring quickly from a compromised point can reintroduce the attacker. Restoring cautiously without automation can extend downtime for days. The goal is not simply fast recovery. The goal is fast, clean, explainable recovery.


RPO, RTO, and the Missing WRT Metric

Most recovery conversations focus on Recovery Point Objective and Recovery Time Objective. RPO measures how much data the business can afford to lose. RTO measures how long recovery should take. But cyber recovery introduces a third metric that deserves more attention: Work Recovery Time.

WRT is the time required to determine the attack vector, remediate the vulnerability, identify a valid clean recovery point, restore, and verify that the system and data are safe. In a cyber event, the RTO clock is misleading if it starts only when the restore begins. The larger delay is often the work before recovery can safely start.

This is where storage and recovery intelligence matter. The joint Rubrik and EverPure platform demonstrated why speed and trust must coexist: near-zero RTO is only meaningful when the recovery point is known to be clean. Continuous threat intelligence, immutable snapshots, and recovery validation reduce the uncertainty that can otherwise dominate WRT.

Click to learn more on Presidios cybersecurity solutions


Minimum Viable Business Becomes the Real Target

A recurring theme at the event was Minimum Viable Business: the essential set of processes, applications, data, identities, and dependencies required to keep the organization operating while the full environment is investigated and rebuilt.

That framing is important because most recovery plans still think in systems. The business thinks in outcomes. A finance application, for example, is not just a database. It depends on cloud configuration, network rules, key management, identity policy, storage, application dependencies, and current infrastructure state. If those pieces are restored inconsistently, the data may be present but the business process still fails.

Cloud resilience makes this even more complicated. Infrastructure as Code can drift from production reality. Emergency changes may never make it back into Terraform or CloudFormation. Managed service defaults can change. Security teams may patch a configuration manually during an incident. Recovering from an outdated blueprint can rebuild the wrong environment.

Rubrik’s four-level Cloud Cyber Resilience maturity model gives leaders a way to assess this gap. Many organizations believe they are resilient because they have durable cloud data or conventional backups, but still lack isolated recovery, immutability, enterprise-wide visibility, clean recovery point identification, or a tested isolated recovery environment. Rubrik offers a public assessment at www.rubrik.com/assessment/cloud-cyber-resilience.


Identity Recovery Is Now Core to Cyber Recovery

Identity was another major focus. That is appropriate because identity compromise remains one of the most common paths into enterprise environments, and the identity surface is Presidio AI Blueprint expanding. Human users are only part of the story. Machine identities, service accounts, automation tokens, API keys, and AI agents now act across the environment at scale.

When identity systems such as Active Directory, Microsoft Entra ID, or Okta are compromised, recovery becomes more than a data restore. Organizations must understand what changed, separate malicious modifications from legitimate business activity, and restore trust without rolling the entire environment backward unnecessarily.

The strongest identity recovery model is selective and contextual. It should preserve valid changes where possible, reverse malicious changes, and connect detection with recovery. That reduces both downtime and business disruption. It also moves identity resilience out of a narrow security conversation and into the broader cyber recovery strategy.


AI Agents Need Context-Aware Guardrails

The most forward-looking part of Rubrik Forward was the focus on AI agent governance. Traditional controls are not enough for this problem. Human approval can degrade into approval fatigue. Sandboxes can reduce blast radius but still leave paths for data movement. Regex and DLP rules can catch known patterns, but they struggle with semantic behavior, indirect instructions, and multi-step agent actions.

The point landed clearly in a Rubrik Agent Cloud demo. Claude Code was blocked from deleting a GitHub repository directly, then found an indirect path by invoking a GitHub Action through a bash script. Rubrik Agent Cloud restored the repository, generated a policy recommendation, and redirected later attempts toward a safer alternative.

That scenario matters because agents do not simply follow one path. They reason around obstacles. AI agents need controls that understand context: what initiated the action, what data is being accessed, whether the destination is trusted, whether the action fits the agent’s intended role, and whether activity across multiple sessions forms a risky pattern. Rubrik’s Semantic AI Governance Engine (SAGE) evaluates that context across sessions, which is the level of visibility agent security now requires.

Guardrails cannot be limited to blocking. They need to guide, redirect, and help recover when an agent exceeds its intended boundary. As organizations bring coding agents, operations agents, and workflow agents into production, agent governance has to become part of the cyber resilience architecture, not an afterthought.


Resilience Extends Into DevOps and Infrastructure

Rubrik Forward also reinforced that modern resilience must cover the platforms that build and operate the business. DevOps platforms now hold source code, release pipelines, infrastructure definitions, secrets, audit history, and deployment automation. If those platforms are deleted, overwritten, or compromised, the business may lose not only application code but the blueprint for rebuilding its environment.

The same principle applies to infrastructure strategy. Many organizations are evaluating multi-hypervisor environments, cloud recovery patterns, and high-performance storage integrations. In each case, the resilience strategy has to travel with the workload. Recovery confidence should not depend on one hypervisor, one cloud account, or one manual checklist.

That is the broader lesson: cyber resilience is becoming a business platform discipline. Data, identity, applications, DevOps, cloud configuration, storage intelligence, and AI agents all have to be included in the recovery model.


What Leaders Should Do Next

For enterprise leaders, the practical next step is to evaluate cyber resilience against the operating reality of 2026, not the backup assumptions of the past.

Start by defining Minimum Viable Business. Identify the applications, identities, data sets, dependencies, and cloud services required to keep the organization functioning during a major cyber event. Then test whether those capabilities can be recovered into an isolated environment without relying on compromised production systems.

Second, assess whether recovery points are truly clean and discoverable before the incident. Immutability matters, but immutable copies alone are not enough if teams cannot quickly determine which copy is safe to use.

Third, bring identity, DevOps, storage, and AI agents into the resilience plan. These are no longer adjacent systems. They are control planes for how the business operates, changes, and recovers.

Finally, test the full recovery motion. Many organizations test backups. Far fewer test ground-zero recovery, where the assumption is that production cannot be trusted. That is the gap leaders need to close.


Ready to Talk?

Rubrik Forward 2026 highlighted a clear direction for the market: recovery must become more intelligent, more automated, more isolated, and more business-aware. The executive question: which level of cyber resilience are you at, and have you tested it? Presidio helps organizations translate data protection, cloud, infrastructure, cybersecurity, DevOps, and AI capabilities into a practical resilience roadmap for their environment, risk profile, and business priorities.

Some capabilities discussed at Rubrik Forward are newly announced, in preview, or subject to roadmap timing. Availability and feature scope should be validated with Rubrik before final planning or publication.

Data Center Practice Director GTM at  |  + posts

Eric Bursley is Director of Data Center GTM at Presidio Network Solutions, responsible for data center and data protection strategy with a focus on AI infrastructure, NVIDIA and Intel AI hardware solutions, and enterprise data protection.

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.