AI Resilience: Commvault Cloud Unity Platform

Please view video here for a time-stamped transcript

Thanks, Rajiv. 

So what you just heard is the foundation, our next generation architecture built for
scale, for security, and for AI. 

Now let’s talk about what it makes possible. 

Commvault Cloud Unity isn’t just another platform. 

It is how we bring every deployment model, cloud, SaaS, and on-premises, together under
one intelligent control plane. 

And it’s how we integrate every layer of resilience, protection, security, identity and
governance into one experience. 

That is what makes Commvault Cloud Unity transformational. 

Unity delivers across five pillars, cloud, hybrid, identity resilience, cyber resilience,
and AI. 

Each solves a distinct customer challenge, but together they redefine 

true AI resilience. 

Now let’s start with cloud, where SaaS workloads are reshaping the enterprise resilience. 

Now, Commvault already protects the platforms that power the modern enterprise. 

Microsoft 365, Google Workspace, Salesforce, Dynamics 365, and with DevOps environments
like GitHub, GitLab, and Azure DevOps. 

Now what sets us apart isn’t coverage, it’s depth. 

With Microsoft 365, our new native integration with Microsoft Backup Storage cuts recovery
time from hours to seconds. 

For Google Workspace, air-gapped protection and built-in e-discovery keep data secure and
compliant by default. 

And for DevOps, it’s not a git dump. 

It is application-aware protection for your code, pipelines, and all the metadata. 

For CRM, it isn’t a flat backup. 

It’s configuration-aware protection powering rapid sandbox seeding and clean
metadata-aware recovery. 

And we’re expanding fast with Atlassian Jira, Power BI, and Slack coming soon, bringing
the same enterprise-grade protection to collaboration, analytics, and communication 

workloads. 

Now, Commvault Cloud now delivers the broadest and the deepest SaaS protection portfolio
in the industry unified under one platform. 

But SaaS is just half the cloud story. 

The real test of resilience is cloud native. 

Now, think about just one of your critical cloud native applications. 

Think about a global CPG brand running a high traffic digital storefront. 

Your front end runs on OpenShift. 

Your product catalog lives on MongoDB Atlas. 

Transactions flow through Oracle on AWS. 

Analytics runs on Databricks. 

And as your open AI powers real-time recommendation, that is a modern cloud stack. 

Inherently multi-cloud, multi-platform, deeply integrated, and massively distributed. 

And then a call comes in at two in the morning. 

A bad code push. 

Or worse, ransomware. 

The hyperscaler tools, they stop where their clouds end. 

Your critical workloads, OpenShift, MongoDB, Oracle, left exposed. 

So the team scrambles, stitching together scripts, snapshots, and tools, a patchwork
recovery plan in a moment that demands precision. 

That is a failure of traditional cloud backup. 

Now, why do recoveries fail? 

Three reasons. 

First, 

Inconsistency and risk. 

The data comes back, but the metadata and configurations don’t. 

Permissions, network ACLs, load balancers, all out of sync. 

Your applications are dead on arrival. 

That is the difference between restoring data and restoring the business. 

Second, limited security. 

Cloud-native backups have a critical flaw in the face of today’s threats. 

Destructive attacks are surging up 87 % according to Microsoft. 

This means when you’re forced to recover, you’re likely recovering from one of those cyber
incidents and attacks and you have no idea whether your backup copies are clean. 

The attackers malware their back doors. 

They’ve been sitting in that snapshot for weeks. 

So when you hit restore, you’re not recovering. 

You’re reinfecting. 

And third fragmentation and cost. 

Too many consoles, too many workflows, too many builds, no single source of truth. 

Every layer of fragmentation adds cost, complexity, and chaos. 

It doesn’t just slow down recovery, it drives up spending and, in a crisis, it simply
doesn’t work. 

Commvault Cloud Unity solves these problems with three differentiators. 

First, 

we give you one platform, one console for everything. 

We are truly multi-cloud by design. 

AWS, Azure, and Google Cloud all managed as one. 

We recover more than data. 

We rebuild entire applications with Cloud Rewind, restoring both the data and the metadata
automatically. 

And it’s all built for simplicity and flexibility right out of the box. 

You can make snapshots and full backups, 

span storage tiers, regions, or even different clouds, and recover any level of
granularity from a single file to an entire application stack. 

One automated workflow that adapts to any recovery scenario. 

Fast, flexible, and resilient. 

It just works. 

Second, true cyber resilience. 

Our default storage for cloud-native backup comes bundled and it’s air gap by design. 

We provide multi-cloud replication for true disaster recovery, and Threat Scan and
Cleanroom capabilities are built into the platform, not bolted on. 

Now, I’ll talk a lot more about that later. 

But the result is that you’re more resilient, you’re more secure, and you’re more
compliant, period. 

And third, lower total cost of ownership. 

Now, by consolidating tools and operations, optimizing storage, and auto-scaling, 

we consistently deliver 25 % to 50 % lower TCO than the fragmented approach you use today. 

One platform, better resilience, at a lower cost. 

Now let me show you exactly what it looks like. 

Protecting cloud data shouldn’t be complex. 

With Commvault Cloud, customers can easily discover, subscribe, and start trials directly
from AWS or Azure marketplaces. 

No extra setup or integrations required. 

It’s the simplest way to experience enterprise-grade data protection from day one. 

First step is to create a cloud connection. 

With cloud connections, we can discover all subscriptions initially as well as future
subscriptions automatically. 

Once connected, Commvault automatically discovers your entire cloud estate, giving you a
unified view of every workload across accounts and subscriptions. 

From a single dashboard, you can see what’s protected, what’s not, and where your
compliance or business continuity risks may exist. 

And with the built-in cost estimator, 

Commvault makes it easy to understand the total cost of protection, helping you compare
cloud-native backup costs, identify savings opportunities, and make informed decisions 

that optimize spend without compromising resilience. 

This combination of visibility and cost transparency helps customers take control of both
risk and value. 

Onboarding new workloads is just as simple. 

Using tags and filters, you can automatically identify and protect unprotected resources,
whether you’re onboarding a few resources or thousands. 

Commvault delivers policy-driven automation that scales with your environment, freeing
teams from manual setup and reducing operational risk. 

Commvault offers multiple protection options tailored to your recovery objectives. 

Snapshots for instant RPO and RTO, immutable storage vaults, now inclusive of storage and
backup services, for long-term resilience and cross-region or cross-cloud copies to meet 

compliance requirements like DORA. 

You get flexibility without complexity, all managed through one platform. 

The same seamless experience applies across Azure and AWS, giving you a true multi-cloud
data protection solution from one pane of glass. 

No point tools, no silos, just unified, automated, and intelligent protection for all your
cloud data. 

That’s the power of Commvault Cloud, simplifying protection, amplifying resilience, and
delivering confidence in every cloud. 

Cloud-native protection, conquered by Commvault Cloud. 

Extremely proud of the team. 

Now Commvault Cloud Unity is the definitive platform for cloud-native resilience. 

It’s built for the scale, speed, and the security demands of the cloud-first era. 

We’re deployable directly from the marketplace and we protect over eight exabytes of data
in the cloud today. 

Now we knew we couldn’t have built this future alone. 

We built it in partnerships with the world’s leading cloud platform. 

So I’m excited to bring someone on stage 

I’ve had the pleasure of working with. 

He’s the general manager of data and generative AI ISV sales at AWS. 

Please welcome Andy Perkins. 

Andy, uh always, always, always great to have you. 

First, welcome to Commvault. 

Thank you for being here. 

Thank you for having me. 

It’s truly a pleasure. 

Morning, everybody. 

So Andy, uh look, for those who don’t know, I would love for you to actually just give
everybody the appreciation for the sheer scale of AWS. 

And look, you talk to a lot of customers. 

So from your vantage point, what are the biggest challenges that you see our joint
customers facing together as it pertains to cyber resilience? 

Sure, absolutely. 

So raise your hand if you’ve heard of AWS. 

So for those who aren’t familiar, AWS is the world’s most comprehensive and really broadly
adopted cloud. 

It enables customers to build pretty much anything they can imagine by offering the
greatest choice of innovation or innovative cloud capabilities and expertise. 

And we’re one of the most extensive global infrastructures with industry leading security,
reliability, and performance. 

And we have millions of active users 

a month and more than 140,000 plus partners. 

So as a cloud provider, our customers are telling us that they want to build. 

They’re telling us they want to innovate in the cloud and they’re telling us that they
want to take advantage of generative AI and deploy agents and really realize an agentic 

future. 

And they want to know that as they build, that they’re protected across all layers of
their stack, across all threat surfaces. 

And of course, they want to know that they have the resilience in place to really weather
any unpredicted events. 

And they’re also saying it’s challenging to really ensure uninterrupted business
operations and to implement effective disaster recovery strategies that align with their 

business objectives. 

And this becomes even more complex when you start layering and managing data sovereignty
issues and ensuring regulatory compliance across different geographical regions and 

industry standards. 

So simply put, customers are looking for ways to get more value out of their data and to
sleep very well at night knowing that their cyber risks and security concerns are 

mitigated. 

uh Andy, I think you nailed it. 

You know, the tension between moving fast and adopting AI and, of course, like maintaining
your cyber resilience posture. 

So I’d love to actually hear how you think AWS and Commvault are, and this partnership
removes that friction today. 

Yeah. 

Well, certainly it starts with our shared mindset. 

Security, reliability and resiliency are Commvault and AWS’s top priorities. 

We’re relentless. 

And our shared pursuit of delivering cyber resiliency for our customers and really
empowering them to accelerate innovation and achieve their most important business 

outcomes. 

We’ve already helped numerous enterprise and digital native companies by driving deep
AWS-Commvault service integrations and deploying unique solutions to help them achieve 

cyber resiliency. 

Let’s take one example, Atlassian. 

They turned to Clumio for scalable AWS data protection for over 35 petabytes of data 

across 150 billion S3 objects with millions of object changes every hour. 

And they were able to achieve a near continuous RPO of 15 minutes, backup and recovery and
restore success rate of 100 %, and 70 % cost savings. 

So with Commvault now natively deployed on AWS, we’re combining the reliability of AWS
services and infrastructure with Commvault’s deep expertise in cyber resiliency. 

We’re enabling customers to really eliminate the heavy lifting of managing backup
services. 

And Commvault solutions can be procured through the AWS Marketplace, which makes it super
easy for customers to purchase and deploy Commvault on AWS. 

So together, I think it’s safe to say we serve as trusted advisors. 

We’re trying to make it easier for customers to achieve predictable value from the cloud,
the safeguard against existing investments, and to really reduce the complexity of 

innovating. 

Listen, the Atlassian proof point is awesome because not only because of the results that
we created, but also because it’s the blueprint that we can actually take to all our 

existing customers. 

And you mentioned innovation, which actually brings me to my last question, which is, as
you see sort of AI and agentic where do you see the industry evolving over the next 12 to 

18 months? 

Yeah, well, that’s a great question, 

and I will be uh offering stock picks later. 

No, no, I’m kidding. 

So customers are looking really to get maximum value out of the data they store and to be
extremely confident in the resiliency of their systems as they deploy AI and agentic 

workloads. 

And as we’ve already touched on, we’ve already developed a host of new products that are
poised to really disrupt the market. 

uh And our customers are really looking to capitalize on AI and they’re going to be able
to leverage these solutions, whether it’s Clumio’s iceberg-aware backup 

recovery capabilities that help builders confidently develop AI and analytic solutions on
AWS, or delivering isolated immutable storage built on the security and scale of Amazon S3 

through AirGap Protect, or automated recovery as code with cloud formation across regions
and accounts, or the ability to test your response plan in any scenario, making sure 

you’re ready to recover when the stakes are high with Cleanroom Recovery. 

Customers should expect to see us continue to deliver unique 

Commvault-AWS services designed to reduce risk and complexity for digital native and
enterprise customers as they accelerate their AI and agentic journeys. 

And our shared customers are also looking to expand their global reach while maintaining
enterprise-grade security and regulatory compliance. 

And with Commvault now running in, I think, 27 AWS regions, we’ll help customers achieve
resiliency and growth pretty much wherever they are in the world. 

So I think it’s safe to say the present is extremely bright for the AWS-Commvault
partnership, but the future is looking even brighter right now. 

And I’m excited about this partnership. 

I’m really excited about how we can continue to innovate together and really help our
customers achieve their most important business outcomes and leverage the full power that 

AI can bring to their businesses. 

Andy, first off, thank you for taking a late flight. 

Ah, it’s truly a pleasure. 

Look, we really appreciate the partnership. 

The honor and privilege is genuinely ours. 

Thank you so much. 

Now, I think that was a perfect summary of our shared innovations. 

From deep data protection to true cyber resilience. 

It’s clear how we are helping enterprises accelerate into the AI first world with
confidence. 

But for many of our large customers, the story doesn’t end with cloud. 

Not all critical data lives there. 

In industries like manufacturing, healthcare, finance, and retail, petabytes of
operational and transactional data still runs on-premises. 

It’s driven by latency, regulation, and cost. 

For the world’s largest enterprises, resilience is a brittle battle against massive
complexity. 

A Fortune 50 financial institution has tens of thousands of applications with every
transaction regulated to the millisecond. 

A top five global retailer has thousands of stores where an outage doesn’t stop sales. 

It severs the supply chain. 

For both, the mission is non-negotiable. 

Keep the operations running no matter what. 

That’s why when it came to resilience at scale, they chose Commvault Hyperscale. 

Because at petabyte levels, speed and safety can’t be theoretical. 

They must be proven. 

That is why we built the Hyperscale portfolio, the foundation for on-premises resilience
at enterprise scale. 

Hyperscale delivers scale-out performance, architectural freedom, and secure by design
recovery from the data center to the edge. 

It has three deployment options under one unified experience, bringing true flexibility to
any hybrid environment. 

First, Hyperscale X for scale-out performance, 

our flagship scale-out solution built for the enterprise cores. 

Add nodes, expand instantly, and deliver linear scalability for petabyte scale
environments. 

Second, Hyperscale Flex for architectural freedom. 

Only Commvault lets you integrate our protection directly with the storage arrays you
already own. 

We already support Pure and Vast with NetApp, HP, and Dell coming soon. 

This means you get hyperscale protection while preserving the investments and performance
tiers you’ve already paid for. 

And third, Hyperscale Edge for distributed environments built for remote sites, retail
stores, factories, branch offices, compact, secure, and fully manageable from a central 

console. 

Resilience travels all the way to the edge. 

Now using a combination of these three deployment configurations, customers can protect
any IT architecture with confidence. 

What differentiates Hyperscale isn’t just speed, it is choice and security. 

First, scale and performance. 

Across the portfolio, we deliver 40 % faster write throughput and 30 % faster read speeds,
shrinking recovery windows and reducing downtime. 

Second, 

architectural flexibility. 

You choose how you deploy, scale out, bring your own storage or edge optimized all under
one operating model. 

No other vendor offers this range of design options without fragmenting management. 

And third, security by design. 

Like Rajiv mentioned, everything runs on Vault OS, our hardened Linux-native foundation, 

the same operating system that powers Air Gap vaults and isolated recovery environments. 

So you can recover safely, not just quickly. 

And here’s where the story gets even better. 

As Sanjay mentioned, for the first time, cloud and on-premises are coming together under a
single pane of glass. 

With SaaS docking for hyperscale powered by Commvault Cloud Unity, customers can discover,
deploy, and manage hyperscale clusters directly from the cloud. 

From that single interface, apply global policies, monitor posture, enforce compliance,
and even launch recoveries exactly the same way you manage your cloud workloads. 

That is the promise of Unity. 

One experience, one ecosystem, one recovery workflow wherever the data lives. 

Let’s take a look. 

Protecting data across hybrid environments shouldn’t slow you down. 

SaaS docking for Hyperscale gives you the power to deploy fast, simplify management, and
stay in control from a single platform. 

It all begins in the Global Command Center, your single pane of glass for managing hybrid
and cloud-native workloads. 

From one SaaS console, you can configure, monitor, and control every site, device, and
workload. 

Creating a new Hyperscale Edge configuration is quick and guided through Command Center. 

Start by entering storage information, including the device name and time zone, to
establish the system identity and location. 

Next, configure network information such as IP settings, gateways, and DNS details to
enable seamless connectivity to Commvault Cloud. 

Finally, add system credentials used for secure access during maintenance, repairs, and
troubleshooting. 

Each step follows built-in best practices so setup remains fast, consistent, and secure. 

Or using the Commvault API, 

IT teams can rapidly onboard and configure multiple systems at once, automating deployment
across sites and regions. 

Once the system is connected and powered on, it automatically links to Commvault SaaS to
establish a secure connection. 

Simply enter the provided authorization code in Command Center to complete activation. 

The system validates the configuration, registers with the platform, and begins
installation automatically. 

Once deployment begins, the Global Command Center provides unified management across all
locations. 

You can track installation progress, monitor health, and manage operations from one
central interface. 

Each Hyperscale Edge system remains connected to Commvault SaaS for continuous updates,
maintenance, and optimization. 

From this single platform, you can deploy, patch, scale, and maintain every system with
confidence. 

With SaaS docking for Hyperscale, you can deploy faster, manage smarter, and protect data
everywhere. 

Commvault delivers hybrid protection with the speed and simplicity of SaaS. 

I mean, this is a game-changing capability. 

Now, let’s turn to one of my favorites, the most critical dimensions of resilience,
identity. 

Now, in the AI era, identity has become the new perimeter. 

Every person, every machine, every API, an AI agent authenticates before it acts. 

And when identity is compromised, everything else follows. 

We’re no longer protecting against just users. 

We are protecting non-human identities, service accounts, machine credentials, and APIs,
and now, agentic identities, autonomous AI systems making decisions in real time. 

Now, Gartner projects that by 2027, more than 70 % of cloud breaches will stem from
mismanaged machine identities. 

An identity compromise remains the root cause of 90 % of ransomware intrusions today. 

Now here’s what it looks like in practice. 

Almost every major breach starts the same way. 

An attacker gets in using stolen or phished credentials. 

They elevate privileges, quietly map out the systems and roles, and only then launch
ransomware or exfiltrate data. 

At this point, the attacker has entrenched himself 

and is hard to dislodge. 

This pattern reveals three crucial failures. 

First, you can’t fully understand all your identity system’s vulnerabilities. 

Second, you can’t detect malicious changes in real time. 

And third, when an attack hits, you’re trapped. 

You can’t recover with precision, like restoring individual objects or policies. 

And a full all or nothing forest recovery is a complex error prone nightmare that breaks
down when you need it most. 

That is why we have completely reimagined identity protection. 

Introducing Commvault Identity Resilience, a single solution for Active Directory,
Microsoft Entra ID, and soon Okta. 

It’s already our fastest growing SaaS offering, 

trusted by some of the world’s largest enterprises to secure their new identity perimeter. 

And here is how it works. 

It starts with detection. 

Commvault continuously scans active directory for common vulnerabilities and
misconfigurations, things like weak passwords, plain text credentials, and insecure 

communication protocols. 

And we tell you every object, every human and non-human identity that suffers from these
vulnerabilities, 

and how do you close them before they result in a breach. 

Then comes visibility. 

And this is where we have truly raised the bar. 

With our new real-time auditing, you can see how permissions, privileges, and trust
relationships are changing in real time, revealing risky privilege drift, lateral 

movement, or early indicators of attack. 

In a single view, 

you can watch the story of your identity environment unfold and trace exactly what changed
when and by whom. 

This means your security team isn’t chasing ghosts at three in the morning. 

They’re seeing the attack arc before it becomes an incident. 

But we don’t stop there. 

We allow you to roll back unwanted changes on the spot. 

Whether it’s a single change 

or an entire attack chain, we help stop the attacker before they can do damage. 

And finally, when compromise happens, Commvault recovers with precision and skill. 

You can do in-place granular restores or roll back entire attack chains. 

You can also execute a fully automated forest level recovery with Clean OS Restore. 

And with Commvault Cleanroom, you can test that entire process regularly. 

This means that when disaster hits, it’s not hope. 

It’s a proven workflow. 

Now let’s see our next generation identity resilience platform in action. 

Active Directory sits at the center of enterprise identity. 

When credentials are stolen or admin rights abused, every second counts. 

This unified dashboard gives you continuous visibility across machine and user identities
to monitor backup health, audit events, 

and vulnerability posture across your entire AD forest. 

Every day, millions of identity changes flow through Active Directory. 

Many triggered automatically. 

In this case, the story doesn’t start with the person at a keyboard. 

It starts with the service account, SVC Deploy, used to push routine updates. 

Attackers compromised it, turning trusted automation into a weapon. 

The compromised account creates a new user, grants domain admin rights, and links a
malicious group policy, 

all executed by a non-human identity meant to make IT’s job easier. 

What looks like normal system activity is, in reality, an automated breach in motion,
invisible until it’s too late. 

Commvault AD auditing doesn’t just show what changed. 

It reveals how automation was used against you. 

Here, we see the compromised SVC deploy account linking a malicious group policy to the
domain head, spreading ransomware automatically. 

With one click, we roll it back, 

restoring the domain to a known good state and stopping the automated attack in its
tracks. 

Entire chains like this can be reversed in a single action. 

True resilience means preventing the next breach. 

Our vulnerability assessment flags that same account because its password never expired,
leaving a clue as to how automation became the attacker’s entry point. 

From this same interface, we can move from real-time events to full forest recovery. 

Commvault automates restoration, rebuilding domain controllers on clean, ransomware-free
VMs to accelerate certification. 

From detection to prevention to ransomware-free recovery, 

Commvault makes identity resilience real. 

See your risks. 

Stop attacks. 

Recover clean. 

Now with Commvault Identity Resilience, you get three integrated capabilities working
together as one. 

See the gaps before they’re exploited. 

Spot malicious changes as they happen and recover clean automatically when it counts. 

Others restore systems, we restore trust. 

Now we’ve locked down the front door identity. 

But what if an attacker is already inside? 

How do you know if your data is clean? 

How do you recover safely without re-injecting the very threat that hit you? 

That is a cyber resilience problem. 

It’s a scenario that played out for a large U.S. 

manufacturer. 

They thought they were ready. 

Replication, immutable snapshots, isolated recovery. 

Then one identity was compromised. 

Privilege escalation, lateral movement, encryption. 

In hours, production went dark. 

And when they failed over, they realized the hard truth. 

Replication isn’t resilience. 

They had perfectly replicated the ransomware, and they didn’t know if their backups were
clean. 

That is what customers face. 

Data everywhere. 

Risk everywhere. 

And it’s why our cyber resilience framework is built on five non-negotiable pillars, each
one answering a critical question. 

First, data visibility. 

Where’s my sensitive data? 

Second, data security and governance. 

How do I protect it from unauthorized access? 

Third, data integrity. 

How do I know if my backups are clean? 

Fourth, safe recovery. 

How do I restore safely without losing weeks of work? 

And fifth, automation and orchestration. 

How do I automate complex recoveries and test the entire plan so I’m not improvising in a
crisis? 

Now, Commvault Cloud Unity is the only platform built to deliver on all these five
pillars. 

Let’s walk through them. 

The first challenge is visibility. 

The enterprise data estate today is massively fragmented. 

A typical customer has 25 plus SaaS applications, 13 different data warehouses, and 90 %
plus are multi-cloud. 

Data is everywhere, and most companies can’t answer, where’s my sensitive data? 

With our data security service, including Satori, you can now discover and classify data
across both structured and unstructured data. 

You can run custom searches, redact sensitive fields, and perform real-time classification
for regulated data sets. 

But visibility isn’t enough. 

The next challenge is protecting that data from unauthorized access. 

With Satori data access governance, you control who or what can touch your data. 

We cover row, column, and table level policies. 

We enable dynamic masking and support real-time enforcement across multiple cloud-pass
databases and platforms, including Snowflake, Databricks, and MongoDB. 

And as AI adoption grows, Satori extends protection to AI and LLMs, inspecting prompts and
responses and preventing data leakage. 

With data governance and Active Directory auditing, you can see identity changes 

and data access attempts in real time together. 

It’s visibility, governance, and forensics unified. 

Now, even with strong governance, every CISO asks, are my backups clean? 

You don’t know if malware has been sitting in your environment for weeks. 

So backups need to be scanned regularly to expose hidden risks and verify what’s safe
before you restore. 

And that is why we built Threat Scan, because anomaly detection alone isn’t enough. 

Now, most tools… 

stop at detecting anomalies. 

They’ll see something different between two backups, flag it, and call it protection. 

But difference doesn’t always mean danger. 

We go further. 

Threat Scan uses AI to correlate four independent signals. 

Anomaly detection to spot changes like file sizes, encryption and entropy analytics to
detect early ransomware behavior, direct malware scanning 

of backup content to confirm what’s clean, and real-time intelligence from leading EDR and
XDR and cybersecurity tools, including CrowdStrike, Palo Alto Networks, Microsoft Sentinel 

and others to enrich the security picture. 

The result, better signal, better security outcomes and verified confidence that your data
is clean before you restore. 

This is objectively better defense, 

multi-signal, AI enhanced, and built for scale. 

Now, even after you found out your clean data, recovery itself has always been a
trade-off, like Sanjay mentioned. 

You could roll back far enough to be clean, but you would lose days of data. 

Or you could stay current and risk bringing the infection back. 

We have eliminated that compromise with Synthetic Recovery. 

Instead of rolling back to an old snapshot, 

Synthetic Recovery goes back in time and brings forward the last known clean files,
automatically reconstructing the most verified and current data set. 

You recover both clean and current automatically with no manual diffing, no scripting. 

And you can pair synthetic recovery with pave and Repave, reinstalling a clean operating
system and an application stack from a golden image 

and reattaching only the verified data. 

We’ve eliminated the trade-off between losing data and recovering clean. 

Let’s see it in action. 

Cyber threats don’t just disrupt production. 

They threaten your ability to recover cleanly. 

Commvault Threat Scan correlates threat signal in one dashboard, helping you quickly find
safe recovery points and restore with confidence. 

Investigating a critical resource showcases Commvault’s Lair Defense, blending anomaly
detection, bi-directional integrations with leading operations and threat intelligence 

platforms, and AI-driven malware and encryption detection to isolate threats quickly. 

Click on the resource to see an overview of all active signals. 

You’ll notice threat activity across a timeline. 

This helps you spot exactly when a threat first began and how it has impacted the recovery
points over a period of time. 

In addition, Arlie turns complex threat data into clear AI-driven actionable insights to
summarize threats and remediation steps guiding teams toward accelerated recovery 

outcomes. 

Now let’s recover the system. 

From the Resource page in Threat Scan, we’ll select Restore from the Actions menu. 

Commvault simplifies cyber recovery with clean point detection and patent-pending
Synthetic Recovery. 

The recovery calendar displays recovery points and their status so you can immediately
identify clean and compromised recovery points. 

Synthetic Recovery is a Commvault game changer that minimizes data loss while preserving
cleanliness by using threat information to compose the optimal recovery point. 

It starts with the most recent data and surgically rewinds only those files where malware
or malicious encryption is detected. 

Commvault reports the proportion of files retrieved from previous backups relative to the
most recent, helping you understand exactly how much content was rolled back. 

Now we’re going to execute a Synthetic Recovery in Commvault Cleanroom so it can be
validated before restoring to production. 

Recovering to the clean room provides the last validation step to ensure your data is
ready for production. 

When recovering to the clean room, you can either use an existing clean room or create one
on the fly, and you can use Pave-Repave to ensure the OS or application machine image is 

free of malicious code. 

Click Next to start the recovery. 

Once the recovery has completed, you can observe behavior safely in Commvault’s isolated
clean room. 

In summary, Commvault is raising the bar on clean recovery. 

Now with Synthetic Recovery, ThreatScan allows you to maximize data preservation while
ensuring your recoveries are clean and problem-free. 

I I think this is another game changing capability. 

Now, even with clean data, you need a safe zone. 

A way to test, validate, and analyze data before promoting data back into live or recovery
environments. 

Commvault Cleanroom acts as your buffer for resilience, making challenging manual
processes like testing and forensics easy and safe. 

Now, we have completely automated Cleanroom Recovery to make recovery seamless and
intelligent. 

It starts with zero touch setup. 

Isolated environments spin up in minutes using standard templates. 

And then end-to-end workflows handle the heavy lifting, driver injection, cross-cloud
recovery and configuration without any manual effort. 

And now we’re introducing Commvault 

Recovery Runbooks, automated playbooks that orchestrate multi-tier recoveries with
interactive sequencing, automated validation, and flexible customization. 

Cleanroom Recovery orchestrates the entire pre-recovery process, so every recovery is
safe, predictable, and fully auditable. 

Let’s see our next-generation Cleanroom in action. 

Cleanroom Recovery is not just about isolated recovery anymore. 

It’s about orchestrating end-to-end cyber resilience, combining automation, validation,
and simplicity into one powerful workflow. 

Let’s start with the new Recovery Readiness Dashboard. 

It gives a snapshot of recovery readiness status, showing which workloads are ready to
recover, which are not, and why. 

Cleanroom Recovery allows you to group related resources together 

to create an application blueprint that can be recovered as a single unit. 

You can even add an entire Active Directory forest along with virtual machines and files, 

enabling full end-to-end application recovery validation. 

Next, we move to Runbooks. 

Cleanroom Recovery automatically generates a step-by-step recovery runbook for your
selected group of resources. 

You can enable automated threat scanning inside the cleanroom to ensure each VM is scanned
for malware and vulnerabilities. 

With Express Configuration, you can securely build a fully isolated cleanroom
automatically 

by simply signing into your cloud account. 

No pre-provisioning, no manual networking. 

Once configuration is complete, the system automatically generates your recovery runbook,
customized for the resources and configurations selected. 

You can now reorder steps, skip unnecessary actions, or add custom steps. 

The system automatically creates all the required infrastructure, networking, storage, and
access nodes on demand. 

You can also repay virtual machines using hardened golden images, ensuring clean OS
restores and eliminating potential backdoors. 

As the recovery runs, the Runbook shows live status of steps and pauses at control points
for acknowledgement. 

You can interact with the Runbook and acknowledge manual steps, and the execution resumes
automatically to completion. 

With the new Cleanroom Recovery, we’ve redefined what modern cyber recovery looks like. 

It’s not just about restoring data. 

it’s about orchestrating trust. 

This is Cleanroom redefined. 

Now, I want to move to my fifth pillar. 

The real, but before that, I want to actually mention the real power of Commvault Cloud
Unity. 

It is how these layers work together seamlessly to deliver end-to-end resilience. 

You see your data with total visibility and control. 

You secure it through governance and real-time auditing and AI-driven protection. 

You verify clean recovery points with Threat Scan Intelligent, and you recover fast with
clean Synthetic Recovery and pave and Repave. 

And you validate everything with Cleanroom Recovery. 

Each layer is powerful on its own, but together, together they create the industry’s most
advanced cyber resilience engine, purpose-built to solve the hardest problem in recovery: 

knowing that your data is clean and current and ready when it matters most. 

This is complete cyber resilience, closing the gap between compromise and clean recovery. 

As we look at history, innovation has never moved this fast. 

The steam engine took nearly a century to reshape the industry. 

The telephone, 75 years to reach 100 million users. 

The internet did it in 10. 

Mobile, in five. 

And AI? 

Generative AI did that in less than one. 

What once took generations now happens between product cycles. 

AI didn’t arrive gradually. 

It landed fully formed rewriting how we learn, build, and compete. 

It is already in every boardroom, every line of code, and every roadmap. 

And we are still in the first innings. 

Yet the curve is steeper than anything in modern history. 

AI is forcing every enterprise to rethink five fundamentals. 

How do we design data architectures? 

How do we secure them 

against new threats? 

How do we run operations at scale? 

How do we turn data into intelligence? 

And how do you automate at speed? 

Those five shifts will define the next era of resilience. 

Now, AI has completely reshaped modern enterprise data architectures. 

Data is no longer structured, stationary, or siloed. 

It’s open, it’s distributed and in motion, spanning warehouses, lakes, and now vector
databases that power AI pipelines. 

We have gone from managing tables to managing context, and from storing information to
feeding intelligence. 

Commvault already leads in protecting the modern data stacks 

with deep support for multiple CloudPass databases, object stores, Apache Icebergs, and
open lake houses. 

And today, we’re announcing support for Databricks, bringing true application-aware
recovery to data and AI workloads. 

Next up, Snowflake and Pinecone, expanding our coverage across analytical and vector
workloads. 

In short, as data becomes more open, 

we make sure it stays resilient and recoverable. 

Now, AI isn’t only transforming data architectures, it’s redefining the entire threat
model, creating three new attack vectors. 

First, the AI supply chain itself, with poisoned data and malicious models. 

Second, the AI model, which can be turned into an attack surface through prompt injection
and adversarial attacks. 

And third, machine identities. 

As agents grow, 

and they outnumber humans and hold the highest privileges. 

Now, AI-generated code is only accelerating this arms race, automating and speeding up the
discovery of new vulnerabilities. 

If there is a Zero Day, AI will find it and exploit it first. 

So at Commvault, our innovation is focused on your defense. 

We believe that the best way to fight AI-driven threats is with AI-driven resilience. 

Identity Resilience secures the new perimeter, continuously auditing and recovering Active
Directory and Entra ID. 

Threat Scan uses AI to prove your backups are clean before you restore. 

Satori extends that protection to data access and LLMs, stopping leaks in real time. 

Together, they deliver defense in depth for the AI era, protecting data, identities, and
models through one unified platform. 

Now AI isn’t just changing how we defend, it’s also changing how we work. 

Software is becoming headless, context aware and self optimizing. 

Automation is everywhere. 

But at Commvault, we have a simple philosophy. 

Automation must deliver value first, not hype, not experiments. 

It’s about real outcomes, saving time, reducing risks, and scaling cleanly. 

That’s why we built a library of domain-specific agents on top of Metallic AI. 

Arlie Datasense drives faster root cause analysis and pinpoints next steps, cutting hours
of manual effort. 

Arlie Recover, our security-aware recovery operator, automatically triggers recovery
end-to-end, slashing time to recover when it matters most. 

And Arlie Advisor, my favorite, continuously monitors your environment, looking at
existing patterns 

and automatically recommends the best protection settings so you don’t have to worry about
configuration or tuning. 

Together, these capabilities make Commvault the most intelligent platform for resilience. 

One that thinks with you, acts for you, and never stops learning. 

Now, in the AI era, data isn’t just an asset. 

It’s the fuel powering every innovation and insight. 

But here’s the paradox. 

Most of that enterprise data, it doesn’t live in production. 

It sits quietly in backup archives and snapshots, a historical goldmine that’s been locked
away for years. 

Commvault Data Room solves this. 

It’s a secure on-demand workspace that lets you leverage trusted backup data for analytics
and training with full governance and audit trails. 

The best part? 

No lock-in. 

We meet you where you are, integrating natively into platforms like Bedrock and Snowflake. 

This keeps your data portable and safe. 

It’s how you turn backup data into an innovation engine securely. 

And the the fifth pillar is speed. 

We are entering an era where systems won’t wait for people. 

They act on context. 

Now Sanjay showed you how incident response is shifting from human initiated to agentic,
autonomous, policy aware, and always on. 

Our Model Context Protocol server combined with our workflow automation engine is the
foundation of this future. 

It allows trusted AI agents to query Commvault, validate compliance, 

trigger complex workflows and recoveries, and adjust policies securely and automatically. 

By 2027, more than 40 % of IT operations will be autonomous. 

Commvault is already there, turning resilience into an autonomous, context-aware
discipline where every response is fast, precise, and verifiable. 

Now, across these five transformations, one truth is clear. 

AI isn’t a future event. 

It is the operating system of the modern enterprise. 

And Commvault is built for that reality. 

Engineered to meet these challenges today and designed to evolve with whatever comes next. 

Open by design, intelligent by default, and secure from the start. 

Now, before we wrap, let’s anchor on the five things that make Commvault Unity stand
apart. 

First, cloud-native protection. 

Depth across SaaS, Kubernetes, and mission critical workloads, restoring applications, not
just data. 

That is the difference between recovery and resilience. 

Second, unified management. 

Cloud and on-premises together under one pane of glass, 

with hyperscale-x docking, giving enterprises architectural freedom. 

Third, resilience. 

Built-in, not bolted on. 

Continuous visibility and instant recovery for Active Directory and Entra ID securing the
new perimeter. 

Fourth, cyber resilience. 

AI-powered defense that verifies clean data, automates recovery, and restores trust fast, 

safe and at scale. 

And fifth, AI-ready protection. 

We protect the modern data and analytics and AI stack and are helping customers move to
the agentic future with confidence. 

All built on an architecture engineered for scale, security, and the AI first enterprise. 

The real breakthrough though, the real breakthrough is integration. 

For the first time, 

data security, cyber resilience, and identity protection are integrated into one
intelligent fabric, giving enterprises control, confidence, and readiness for the AI-first 

era. 

One platform, infinite resilience.