Commvault launches AI Protect to roll back rogue cloud agents

Commvault introduced AI Protect, a tool that discovers autonomous AI agents in enterprise cloud accounts and restores environments after agent actions. The software runs across Amazon Web Services, Microsoft Azure and Google Cloud and can revert data, configuration and infrastructure to a prior state when an agent’s activity causes harm.

AI Protect continuously scans cloud accounts, records agent activity and links each API call to a session. The product logs database reads, storage edits and configuration changes tied to an agent. When an agent performs destructive or erroneous operations, administrators can use the recorded session to restore the environment to the exact state it held before the agent began its sequence.

The product tracks agent behavior across infrastructure, data and identity systems. It captures interactions that span storage, databases, networking and identity access management, and it traces downstream effects such as triggered serverless functions or reconfigured services. Commvault combines continuous monitoring with backup architecture to map the blast radius of an agent’s session and isolate the specific changes the agent made.

Commvault developed the tool in response to governance gaps it attributes to agentic AI. Autonomous agents can chain permissions, make rapid API requests and carry out multi-step plans in milliseconds. Those actions can include deleting datasets, altering network rules or changing access policies at a pace that can outstrip human incident response.

Pranay Ahlawat, Commvault’s chief technology and AI officer, noted, “In agentic environments, agents mutate state across data, systems, and configurations in ways that compound fast and are hard to trace. When something goes wrong, teams need to recover not just data, but the full stack – applications, agent configurations, and dependencies – back to a known good state.”

The rollback capability uses ledger-style tracking to separate agent-made changes from legitimate human edits occurring in the same timeframe. That approach aims to avoid broad restores that would remove valid customer transactions or undo hours of engineering work.

AI Protect is also designed to detect so-called shadow AI, where developers or staff create experimental agents with corporate credentials without notifying security teams. The system brings those sessions into view by logging the agent’s API calls and data interactions and maintaining a timeline of changes for incident review.

Commvault positions the software for enterprises operating across the three major clouds and for teams responsible for cloud security, backup and operations. The company says the tool is intended to provide a recovery option when an agent hallucinates, misinterprets instructions or executes a sequence that causes data loss or configuration drift.

Autonomous AI agents combine large language models and automation tools to perform multi-step tasks such as cost optimization, data queries and infrastructure automation. Vendors are developing monitoring, logging and rollback tools to address the speed and scope of agent actions and to provide faster options for incident response than manual human intervention.