Protecting the AI Stack & Building True AI Resiliency at Scale

Protecting the AI stack refers to securing every component that supports AI—from legacy databases and data lakes to vector databases, developer environments, cloud-native AI, private on-prem AI, and large language models (LLMs). It requires unified protection strategies that address the entire interconnected ecosystem, not just a single AI application.

AI environments are evolving rapidly, with traditional databases gaining vector capabilities, new data pipelines emerging, and multiple AI layers tied together across cloud and on-prem systems. This expansion increases the attack surface and makes it harder for organizations to maintain consistent governance, security, and data protection.

Organizations often lack clear guidance on securing vectorized databases, protecting training data, and managing dependencies across code repositories, pipelines, and AI models. Many are seeking expert support to ensure they maintain data stewardship while adapting to modern AI architectures.

AI relies on interconnected components, meaning a single vulnerability anywhere in the stack—data ingestion, code repositories, vector stores, or model training—can compromise the entire system. Holistic protection ensures resilience across cloud, on-prem, and hybrid AI environments.

Please view video here for a time-stamped transcript

Welcome to this SHIFT podcast, coming to you live from New York City at Commvault SHIFT
2025.

What’s today’s topic?

Protecting the AI stack.

What you need to know.

And I am very, very pleased to be joined by two special guests.

First, Deb Singh, CIO of Persistent Systems.

Thank you for being here.

Thank you.

to have you.

And Michael Fasulo with Commvault, senior director of portfolio marketing.

and 22 years, I may say, with Commvault.

That is it.

Impressive.

So what we’re going to do today is tackle just a small subject, tiny subject on protecting
the AI stack.

I mean, as it is, we know AI is already moving at light speed and actually figuring out a
way to protect it is the real challenge.

So thank goodness we have these two gentlemen here today.

So, Michael, I’m going to put you on the spot first.

Let’s just start here.

We got a lot of layers.

We’ve got legacy.

data lakes, databases, right, that we’ve got, they’ve been there at the base layer.

On top of that, we have vector databases, and then of course all of this feeding into our
AI systems.

So maybe just start us off, how complex of a task is this to just figure out a way to
protect these three, and how often are you having conversations already about this?

Quite frequently, I would say.

So,

I think people are still trying to figure out all the different minutiae and there’s
obviously new databases from the traditional, some of the traditionals are now adding

vectorization to them, so, you know, we find that customers are first calling us up to get
some advisory, right?

Trying to be really good advocates and data stewards.

And then obviously, you know, with the robustness of our platform, we’re able to protect
it from people building code on their laptops to their GitHub repositories, to the vector

databases.

to all the inner minutiae and stitching together of those applications, whether they be
cloud native or even private AI on-prem, along with the LLMs themselves.

So really protecting that wide sweep, I think, is important, much more than just, hey, I
have this piece of the AI application that needs to be protected.

Yeah.

So, Deb, you have the tough job, so, CIO.

We were just chatting before we started 26,000 let’s call it folks at your company, right?

So maybe if you could start us a little about what you all do right for those that are
familiar and your role specifically in how you’re tackling this challenge, both maybe

externally, which I’m sure you’re involved with and internally.

Absolutely so persistent is a digital engineering company based out of India, but works
for the global customers and primarily North America.

If look at my role

as the CIO, I have got two different sides to look at.

One, of course, uh I drive four priorities on my internal facing role: growth,
profitability, optimization, so on and so forth, driving employee experience, keeping

compliance and security in mind.

So there are four different priorities for me from internal facing point of view.

But if you look at my external side of the role, I create solutions and, of course, the
best of the techs,

apply across my 26,000 employees, test it out, and we take it to our customers for that.

So that is what my larger role is.

And looking at the changes, what is happening in our current time, and I keep on saying
this every time I got into this kind of opportunity and stage, that we possibly have going

through one of the most interesting time of technology era.

While whatever past has happened, this is a phase wherein with AI coming into every single
aspect of business that we’re talking about, it is touching life of your business, your

services, your employees, your customers, everywhere , and it is happening at a really,
really massive speed, and what matters the most is how quickly you are aligning your

services

with all the controls we spoke about, security, compliance, of course, rest of the stuff,
to deliver those assurance and the services and the quality driving the business

priorities.

Interesting time.

Unbelievable.

So I have to ask, first, fascinating, right?

You get to use your client base or your internal employee base as an incubator for these
things, right, before they go external, and to Michael’s point a moment ago, you’ve dealt

with these different pieces, maybe not the AI piece, but…

How fast are you trying to pivot those internal teams that may have been classic RDBMS
experts into understanding all of the new tools that are just moving so quickly?

Or do you have to hire for that?

Well, that’s again an interesting question.

If you look at in current time, understanding of tech is slowly becoming secondary.

What is the primary priority that we see is understanding of the business,

and of course the requirement around that.

As long as you have complete clarity of understanding business, in current time using AI,
you can build practically every single solution without knowing or getting into the

details of tech core stacks, right?

And that is what’s interesting about it.

So we are looking at the change in the skill set from getting into the core development
side, while that still continues, but it is definitely kind of

reducing in terms of the speed and kind of with the enablement that we get from different
AI models, it is happening in very, very rapid, fast time.

So that is getting reduced.

So what’s the time you spend is translating the business problems into the actual solution
and using the tech with the power by AI to deliver those services.

The speed of that, the speed of the changing tool, just ecosystem in general,

but how are you keeping your hands wrapped around that?

Or do you have like special Tiger teams who are just fast following?

Or how does that work?

Well, very, very interesting question.

And there are two parts to it, again.

One, of course, you need people with right intent and attitude.

That is what matters the most than understanding deep tech.

While deep tech continues to be there, but in current time, there are enough and more
models available

to kind of double click on those models and utilize that for your solution that you are
driving.

So you need to have the right people, and we do have a team who primarily focuses on the
business problems and translating those problems into the solution side using different AI

models to kind of get the solution out, and whatever we do today, possibly we have got the
largest number of AI agents running internally, delivering every single

services for the employees and of course enabling the business intelligence to take
decisions.

Both happening.

In the news cycle, whether you’re a bull or you’re a bear, is this real?

Is it not?

It’s funny to me when you hear people say, this is going to take a long time.

But you talk to somebody like yourself who is in charge of a very large company focused on
these solutions and really seeing them in everyday life and they’re permuted everywhere,

and you ask yourself,

How do people stay on the bear side of this?

Because it’s just it is so prevalent.

I mean, we see it at Commvault as well, right?

Right, Michael?

So I got to ask all of these incredible things.

They’re doing all this stuff.

How many people are thinking, resilience first, Michael?

I was going to ask security first.

How are you balancing speed and security?

Right?

So you’re saying like everyone wants to move with max velocity.

But how do you make sure they do that in a secure way where you’re not leaking sensitive
data,

patents and stuff like that, how are you addressing those concerns?

So I will possibly put it this way, look, anything and everything we do, security has to
be part of the integral solutioning itself rather than afterthought, right?

Security cannot be afterthought.

So with AI coming in, it becomes much easier, not difficult.

Let me just possibly help double-click on the different models and the approach that we
drive today.

We have got set of data.

We just spoke about different series of data.

So data is one side of it.

Second comes your language models, LLMs, whatever you call it, AI models, simplifying
that.

And third comes the prompts, where you consume the services, prompt engineering, or the
names you put it.

These are three different aspect of creating as an tech world inside whatever businesses
that you drive.

So you have to look at security for every…

segment inside it.

Let’s talk about data fast.

You have got, I think the challenges used to be in the earlier time, processing of those
data used to be very, very difficult, right?

Used to take a lot of time.

That is changing very fast with compute being available and processing becoming so easier.

So you can possibly churn out trillions of data very, very fast, almost near real time.

When that happening,

are you defining the right controls with authorization authentication and need to know
basis access at is it defined for every single component?

Otherwise, what happens is your model doesn’t understand that they consume everything and
you just put a command in terms of your prompt or whatever you write that’s immediately

visible to you.

So you have to start with the data layer first right?

That is the first part you do.

Next comes,

what kind of models that are using it?

Does it support any kind of ring fencing, the guardrails, whatever you generally talk
about?

So how are you defining your models to follow the guardrails?

Is it defined correctly, defined for the data structure that you have, defined for the
application that you are going to consume it for?

So you have to see both the side, right?

And the third component is at the consumption layer,

Who is actually going to consume it?

Are you defining that?

What kind of prompts will be allowed?

I’ll just give an example.

Let’s say any large enterprise for that matter puts entire data structure in the back in
data lake or whatever you do it, put multiple agents or other models, AI models to kind of

consume that data.

Now AI understand all aspects of data in that enterprise.

And let’s say a threat actor just come in as a consumption layer,

types of command, give me the possible vulnerabilities, open areas, or whatever available
can be exploited.

It is visible in fraction of second.

That’s right.

right.

right.

right.

What used to take them long time to reconstitute, and they were pulling it from disparate
sources, like, wow, you’ve served this up on a silver platter.

That’s right.

I only need to take one LLM for the entire keys of the kingdom, which I’m sure everybody
listening is saying

my goodness, please give me a couple nuggets to take away because this is what scares
everybody.

That is what matters the most.

And hence, you need to have security as part of design at every single component, data,
model, and the consumption layer, which is a prompt engineering.

Who can prove what kind of prompt?

What prompts are allowed?

What is not allowed?

Whose models can consume which data?

And of course, the data layer security.

All three has to be combined together to give you the output that you’re looking forward.

So data, data identity and the actual application itself.

Absolutely.

Now what about the resiliency of the app?

As your teams are becoming more dependent on these technologies, you know we saw the last
couple weeks there’s been some outages at the hyperscalers, Claude’s been frequently going

down.

As we continue to use these tools in our day to day when they go down they become
catastrophic.

What about the actual resiliency of the application itself?

Very pertinent question.

When possibly we’re doing in a traditional tech solution approach,

your one particular system not available for X amount of time, you are still able to
manage with Excel, offline data, whatever it is, right?

In current time, that option is not available to you anymore.

Everything is processed on real time and you see the real time intelligence to take
decisions.

And if it is not available, just think about the impact.

You are practically stopping your entire business.

So you don’t take that risk.

Right, so you have to start looking at how I am protecting my resiliency factor for every
component.

The three components spoke about data layer, your AI model layer, and the consumption
layer.

Many a time, I look at large enterprises, may possibly not focusing on the consumption
layer.

Think about it, when you are developing a particular application or agent, you are

allowing the agent to learn with different prompts engineering that we call it.

Let’s say the prompt engineering is not available.

The prompts are not available, right?

How are you going to recover?

You have the data, you have the engine, but you do not know how to consume it.

So you have to focus every single component when you look at the resiliency.

So then only you’re able to kind of recover and bring it back and run the business the way
it’s supposed to happen.

So can I ask this?

You know, as probably folks that are listening or saying, look, I’m already writing
feverishly.

I know that.

But asking about how you’ve organized your entire team, maybe a couple of, you know,
golden nuggets for us as to how you’ve structured things.

I know that may not be perfectly applicable for everybody, but it’ll give folks a chance
to say, hey, look,

that’s a big company.

If this is how he’s organizing things, maybe there’s something I can take away there from
a taxonomy.

How did you, over the last year or two, twist the dials for your organization?

I will say focus on one aspect.

While all three components we spoke about, the data and the AI models, that is generally
managed centrally.

So the IT team generally manage those components.

And you will find more or less

very controlled application of those two component, and there is definitely the right kind
of mechanism to back it up, it in the regular frequencies, and so on so to ensure the

resiliency is maintained.

The biggest challenge comes is the AI engineers, who are actually working on ground,
putting those, making the data really give you the intelligence, right?

So that is where the challenges come,

and AI engineers, they have definitely a huge challenge in terms of allowing the prompts
to be copied.

Because many a time, and that’s human tendency, is that I feel if everything that I’m
doing is kind of getting backed up, then there is no value that I’m kind of going to say I

bring to the table.

That is what happens.

So that component,

driving change and driving culturally, aligning the priority for your AI initiatives, how
you are ensuring that component is also getting captured?, and that happens at the end

device.

It doesn’t happen centrally.

That’s the biggest challenge, right?

Your prompt engineering, many a time, happens at the edge.

How you are ensuring that is getting stitched together when you look at resiliency end to
end.

As long as you focus on that, I’m sure the first two component,

any standard matured organization does it pretty well.

But the third component is where people generally miss it.

That is something has to be stitched together.

Otherwise, you recover the data, you recover the model, you can’t consume it.

So for that, that is the biggest challenge.

And of course, approach, I would say.

We have learned it hard way, but we definitely focus it.

And that’s something possibly for the audience to kind of focus on when you are looking at

creating a resilience model, definitely focus on the prompt side of it, aid side of it,
and what the engineers are doing.

Is it available to you to recover your overall end-to-end system?

Chris, can I jump in?

Yeah, jump in.

So you said something I’d love to know a little bit more about.

So you said you learned it the hard way.

How is your organization improving the literacy of AI in their organization to make sure
that they completely understand

these powerful tools that they have at their disposal?

All right.

If we look at in the last 18 months or so, right, the AI has come to the mainstream.

Of course, it was there for ages, the last 12 to 15 years, AI was always there.

But generative AI with the computer being available uh easily, so generative AI has come
to the forefront.

With that, enterprises like us,

have created a lot of accelerators and IPs which we use for managing the life cycle of
product development, solutioning, and so on and so forth.

And many a time, and that is why I said hard way, many a time when you build those
solutions, you tend to probably ignore the requirement of ensuring the prompt engineering

component is getting the equal

importance or equal a priority on your overall ecosystem.

And when you do it at a scale, because you’re talking about thousands of users or AI
engineers working on it, so you miss certain component because every AI engineer brings

certain value and to ensure things are kind of really distributed.

So you want to ensure every single component is just together there and bring that
component of intelligence, whatever is getting created.

Because at the end of the day, those are the IPs that you are building, and it’s getting a
kind of part of your overall resilience model so that you can really kind of use it with

confidence for, of course, internal users, customers, or whatever you do.

Awesome.

You know, it’s interesting.

You’re big enough that you have AI engineers, can afford them, have multiple.

And I’m sure a lot of folks listening saying, we want to

get to the point where we could afford multiple W-2s to do that.

And there’s a lot of fractional renting of these type of very smart people, right?

Everything you’re talking about, especially prompt engineering, all of these issues even
get exacerbated when you’re not in control of those people full time.

So I can imagine that the importance you’re saying is even elevated, right, if you’re
doing this fractionally.

So Michael, if I can ask, mean, we know our corner of the world.

We’re trying to grow, right?

Because we have to do all the things that Deb is talking about.

How are we tackling this?

I how is Commvault trying to both stay grounded on one side of what we do and expand to
make sure we’re covering these new vectors?

Yeah, so I think early on in our AI journey, we took a hard step back and said, you know,
how do we build a whole bunch of design principles that we’re going to stick to,

regardless of how the technology changes

so that it could be grounded in security and ultimately the solutions we deliver are
trustworthy?

I think that’s the most important thing is you really wanna be trustworthy and if we’re
good data stewards or the best data stewards, that trust is imperative.

We just simply can’t waver on it.

So the executive team took a hard look at the information that we had then with the
crystal ball foreshadowing how this was gonna evolve.

And I think we created those principles and then we built upon those principles as we
design solutions, not only to protect AI, but to leverage AI within the product, not using

customer data.

And then also providing data sets to AI to enrich those data sets.

So I think having that grounding, and again, that’s why I asked about literacy, because we
went through a similar exercise internally, where it was like, if we know that this

behemoth is in front of us, we want to make sure everyone kind of understands how to
process information the right way, not using their own stuff

all the time.

So I think all of those kind of provide that that perfect storm of how we’ve tackled that
so we can remain trustworthy and deliver trustworthy data to our customers.

I’ve got to ask right.

I mean, I don’t want to put you on the spot, but what we think and how we’re doing is one
thing.

How we’re really doing for you as a client is the most important thing.

And maybe if I can even expand that to just, you know, data protection industry in
general.

If I could ask, how are we doing as a group and what do you need from us as you’re looking
down the tunnel at all the projects, all the requests you’re getting for clients, where

can we improve?

Well, that’s an interesting point.

It was loaded.

It’s a juicy question.

All right.

I think I will go back uh to almost three years,

when we started this relationship, of course we used to use Commvault prior to that as
well, we were kind of working on building a larger revamp of our tech stack, and that is

the time we wanted a partner who will get aligned with our approach of looking at data and
help us to bring that resilience architecture which will give us the assurance of

defining RPOs, RTOs, and of course, doing the regular dry-dance and so on and so forth, so
that whatever you are defined on paper, implementation, and testing, all three aspects has

to be looked into, and, I must say that we definitely did uh the standard approach for a
CIO is look at the possible tech, look at the maturity of the tech that is available, and

the biggest advantage that I saw with Commvault was the flexibility.

Flexibility to work with customer, like a uh persistent, and build solutions which will
align to the industry requirement that we had at that point of time, and at the same time,

carry that flexibility over the period.

Because why I’m saying why that is the most critical one, just think about three years
back.

AI was definitely there, but not to this scale.

And as…

the technology world is changing very, very fast, If we have a backup solution which
doesn’t get aligned to this dynamics of the change, you will immediately get into a

stonies uh solution, right?

That’s not going to help anymore.

As the maturity changes, as the new tech comes in, as the dynamics hits the tech stock,
how flexible we are to get aligned to that requirement and how quickly we are moving in.

Because every solution, every customer is different, every solution is different.

So how quickly you are ready to get aligned.

Very, very comfortable working with Commvault and that continues even today.

Well, thank you for your candor.

Yeah, I appreciate that.

And Michael, I see you smiling over there.

My goodness.

What a testimonial, right?

Like, wow, customers talking about, you know, very purpose-built architecture.

And look, it was very intentional.

And, you know, as Chris said, I’ve been here 22 years.

I saw it when it was like the old school monolith to what it is today.

And that scale and resiliency is baked into the being of what we really built.

That is all powered by the architecture.

So that flexibility and how it operates, especially as you described it, was very
intentional.

And I’m glad that you were able to take advantage of it to solve not only the problems you
had three years ago, but your problems of today.

And of course, the problems that you’re going to have tomorrow.

That was awesome.

I really appreciate you going into that details.

Fantastic.

And we know we have to keep writing because the three year window continues, right?

I know you want to define it.

never.

It never ends.

So, you know, to that in closing anything that you’d like to add ah for for everybody
who’s on notebook six at this point in pen number four scribbling away.

But anything you’d like to leave them with that that we didn’t chat about?

No, I think from a typical take

standpoint focus on your business priorities.

Define very clearly what is that you want to achieve?

Yeah, all right as long as you are clear on your requirement there are solutions there are
partners to work with you to achieve those requirements.

But if you are not very very clear what is that I’m trying trying to kind of drive towards
it creates confusion then you get into a

not so comfortable discussions, which is absolutely need to avoid.

So first thing first, understand your requirement, define the tech priorities, and find a
partner who’s flexible enough to work with you in those dynamics.

So that’s what I will say.

An absolute clinic, absolute clinic.

Thank you for being here.

Coming to SHIFT.

But most importantly, thank you for the business and thank you for your trust in
Commvault.

That means everything to us and we appreciate it.

Thank you, Commvault.

It was really great having you and looking forward.

Thank you.

And Michael, thank you.

Absolutely fantastic.

Your insight is for the years you’ve been here is just just fantastic.

So in closing.

ah

We will reimburse you for all of the paper you’ve used to take down what is just been an
unbelievable uh set of advice.

Deb, thank you and Michael.

And for those that want to learn more, please go to readiverse.com.

We just launched this brand new site and it is chuck full of information, blogs, white
papers, videos, and it is constantly refreshed

to keep you on top of all of the things that Deb and Michael have been talking about, and
we want your feedback.

That’s where you’ll find launch points for everything else, all that is Commvault.

So Chris Mierzwa for this SHIFT Live podcast here in New York City for 2025.

Thank you for joining us.

Have a great day.

Thank you.

Thank you.

you