Commvault adds undo for cloud AI agents

Commvault has launched AI Protect, a feature that discovers, records and reverses actions taken by autonomous AI agents across AWS, Microsoft Azure and Google Cloud. The tool aims to restore cloud environments to a prior known-good state after an agent performs unwanted or damaging operations.

AI Protect continuously scans an organization’s cloud footprint to find active agents that developers may have deployed without notifying security teams. When it detects an agent, the system records the agent’s API calls and data interactions, logging database reads, storage changes and configuration modifications so administrators can review the agent’s session.

The product targets a governance gap created by autonomous agents that can chain approved permissions to perform unplanned sequences of actions. In tests and incident reports, such behavior has included deleting production databases, changing network rules, invoking serverless functions and altering identity and access policies within seconds.

The rollback feature is designed to reverse complex chains of automated activity rather than only restoring individual files. Commvault combines continuous monitoring with backup architecture and ledger-style tracking to map an agent session’s blast radius. The software separates changes made by an agent from legitimate human changes occurring in the same timeframe, allowing targeted reversions that preserve valid transactions and engineering work.

Commvault highlighted the speed difference between models and human response: autonomous agents can loop through thousands of API requests per second, executing destructive sequences faster than security operations centers can react. Precise, session-level recording is used to capture the full set of actions an agent performs across services and resources.

Shadow AI — developers experimenting with agents using corporate credentials and connecting models to internal data stores without notifying IT — is a driving reason for the product. AI Protect brings those agents into visibility and provides monitoring of agent behavior in real time.

Pranay Ahlawat, Commvault’s chief technology and AI officer, described agents as “mutating state across data, systems, and configurations in ways that compound fast and are hard to trace,” and said teams need to recover applications, agent configurations and dependencies back to a known good state.

Commvault presents AI Protect as a tool to log every interaction and enable immediate rollback when models hallucinate, misinterpret commands or behave unexpectedly, with the aim of restoring full cloud stacks after an agentic incident.