Name: Accelerate Your AI Transformation with Confidence: Introducing Rubrik Agent Cloud
Uploaded: 2026-02-18T19:31:07.344Z
Duration: 34 min 52 s
Description: Accelerate Your AI Transformation with Confidence: Introducing Rubrik Agent Cloud

Transcript for "Accelerate Your AI Transformation with Confidence: Introducing Rubrik Agent Cloud": Hey, everyone. Welcome to our webinar on accelerating your AI transformation with confidence. Today, we have a very exciting announcement. Rubrik Agent Cloud, the control layer for AI is now GA. My name is Varun Grober. I lead product marketing for AI and SaaS here at Rubrik. I'm joined by Dev Rishi, GM of AI, and Jackie, who leads product for AI. And together, they're gonna dive deeper into why Rubrik Agent Cloud is going to help you accelerate your AI transformation. Over to you, Dev. Thank you very much, Vern, for introducing us. And I have to say that after working on the Rubrik Asian Cloud for the last several months, I'm very excited to be able to see that it's actually in GA now today. When we started off, we had this thesis that we wanted organizations to be able to unleash AI and not risk. Now I wanna tell you a little bit about the background on where did that come from? What's been driving our momentum so far? And what does the real product look like today? We started the journey actually at the start that I co founded in 2021, Pradabase. We were a generative AI infrastructure company that helped organizations all the way from faster moving tech companies to larger enterprises, deploy and serve large language models in production tuned on their data. We were built on top of open source foundations and really had a core thesis that generative AI was interesting as general intelligence, but that the real gains came when you were able to specialize it towards the context of your organizational data, identities, and applications. Last summer, we had an opportunity to join forces with Rubrik. And together, our mission is to secure and accelerate the world's AI transformation. It's a big mission, but it's one that I've started to increasingly build conviction in that we're actually at the right moment in time for the larger enterprises of the world to start to get on board. We partnered with cio.com recently and surveyed many CIOs and security leaders globally. What we found really mirrored everything that we've been hearing when we actually speak with enterprise customers live and one on ones. The first is that AI is here and it's real and that organizations are starting to spend real money behind it. The folks that we surveyed were everything from IT leaders, security leaders, and engineering and technology leaders. And what they told us was that in consensus when they thought about just their organization, what they were looking at was on average a multimillion dollar spend when it came towards the development of AI and especially Genentech AI. But when we dig into what's actually stopping them from being able to achieve that future today, the number one blocker tends to be actually a solution not that helps them better orchestrate their AI or, you know, the next best model that needs to come out before they can deploy this agent into production. But it's really having a consistent framework around AI governance. And of all the folks that we were able to survey, we saw that the vast majority of them, over 73%, were looking for security and guardrail solutions actively today. To double click into some of this actual data, what we started to see is that AI agentic adoption is being tied to multimillion dollar budgets that are actually increasing over time. So if we saw a chart like this, a couple of years ago, what we found were budgets that were more reflective of early experimentation phases. Organizations that might be able to go roll out some minimal spend because they're looking to be able to experiment a tool like ChatGPT or Anthropix APIs. But as we started to see that those actual initial experiments have started to show what we call demo value. Organizations have started to unlock a significant and growing AI budget That really confirms that we're looking at making a long term and strategic investment in AI initiatives. Not just the short term experimental initiatives and demos. So this is really exciting because I think what we see and what's mirrored in a lot of the Fortune 500 organizations that I speak to, is that you have a strong ambition and aspiration when it comes towards AI. And I've spoken to fortune 200 companies to tell me that their ambition is to become quote AI native. The thing that's stopping them from getting there in our view, is no longer waiting on the next model release or the next framework. In fact, the number one concern when we asked the same group of IT security and engineering leaders. What was stopping them as being the barrier towards being able to roll out and deploy AI at the next level, is actually around governance guardrails and compliance. There's a set of things that are important and folks need to think about. Testing and sandboxing is of course important. Performance reliability for those of us that have built production applications is really at the core of making sure we can ship a really critical function. But if we ask people to just pick one thing that's actually stopping them or holding them back from being able to go into production as quickly as they would like or as that their board might like. The number one thing that I think on a recurring basis comes up is having a solution and a centralized framework for being able to provide AI governance, guardrails, and help them with the level of compliance they need to be able to manage the AI risk inside of their ecosystem. I think because of this, it's not surprising to me that the vast majority of the leaders that were surveyed tell us that now is the time that they're actually starting to look for solutions today. And that they're actually actively exploring vendors and looking at spedding up potential pilots. What I've learned in speaking with organizations both firsthand and really see reflected here in our survey data as well, is that while governance is this top of mind challenge, a lot of the current landscape of tools has not caught up to the unique set of governance challenges that agents and AgenTic really start to bring out. And as we see that ambition start to scale for what agents are gonna be doing inside of an organization, The bulk of enterprise customers are actively starting to get ahead of it. And think about what are the ways that we might be able to have some part of our agenda governance in house today. And I think it's perfect timing, because our thesis really here at Rubrik, is that agents are coming. And that the difficulty with agents is no longer building them, but how you're actually going to securely deploy, operate, and govern them at scale. I always find it helpful to be able to start off with a definition of agents. Which we think about as really LLMs with access to tools. So you can think about this as models that can not only chat with the user, but also start to take action. And what we've noticed is that enterprises are starting to unlock more and more styles of agentic applications. As they're looking for the productivity gains that can justify a strong multiple on the investment that they're actually putting in. But governing and operating and securing agents at scale presents its own unique set of challenges. The first is that agents are in some ways superhuman. They often operate with nonhuman identities and credentials like service accounts that give them access to a broad swath of enterprise IT applications that might not have actually initially been built for them. And then the second thing about them being superhuman is that agents can operate quite quickly. I've heard agents be described by others as, you know, the ability to have access to infinite minds. And one of the key things that I think we've started to see is we're starting to put these AI agents as ones that are associated with non human credentials and really getting loose inside of your enterprise IT apps. The second challenge I think with agents beyond the superhuman nature of how quickly they can operate and the fact that they're operating with NHI credentials or nonhuman identities to be able to get access is that they're fundamentally based on top of LLMs. And LLMs are really non deterministic in nature. Which means that while they're often great as we start to use them for productivity tools, they can make mistakes and they can hallucinate. And we've seen this time and time again. I think through the history of where agents have started to become deployed in more forward leaning organizations. Coding agents are probably some of the best examples of this. Where coding agents get access to a large amount of surface area inside of an organization. So they can actually start to help engineers do work. But that introduces a unique capabilities and sets of risk. There's one famous example where coding agents had access to a production database and went rogue during coding freeze, where it decided that the best way to be able to optimize something would be to be able to drop that actual production database. And I think what we start to really get the question asked from our customers is if these aren't just hallucinations, but they're actually executed actions that the agent was able to take due to the access that it had. How do I get comfortable with the fact that I need to be able to govern these IAA agents? But they might be able to do 10 x the damage in one tenth the overall time. The truth is when we speak with enterprise IT, security, and engineering leaders, AgenTeq access is one that raises a strong set of concerns because there's no real single pane of glass or single control plane that helps the organization leaders be able to answer questions. Everything from something as simple but needed as how do I know what AI agents are actively running inside of my ecosystem And what kind of tools and data they can access? So how do I actually enforce some of these custom policies that a lot of organizations have when it comes towards AI in real time and in practice? And then finally, what to do when someone makes an AI mistake. What we've noticed is that today, AI governance oftentimes lives on paper, but not necessarily in practice. And that's really led to what we think about as the long road to being able to productionize agents. Building an agent in my experience, can be pretty fast. It can take a couple hours, days, or just weeks, But it's oftentimes the deployment that can take months. And the reason for that is that, the very first thing you might do is build an initial proof of concept. You could use a great low code tool in order to be able to do this. Or start to roll your own using direct access to APIs that are provided from LLM providers. But the core is where you see this is the point where you see a lot of the velocity, the quick builds, and the very cool demos. What comes next oftentimes though, is in some ways death by committee. Agents need to be reviewed because they have access in a broad way inside of the organization. Oftentimes by both IT, InfoSec, as well as legal. And this requires you to be able to in a document, be able to explicitly share. What are the types of data this agent supposed to access? What is it able to do? But today a lot of these processes still live in paper. And that means that you're giving a point in time description to something that generally changes over time. We see that the next step you have to do is now get this agent ready for production, which means all the edits that you've gotten from the AI committee need to make it back into that initial proof of concept, so that you can actually deploy it. There's usually another cycle of review until you can finally get ready to actually deploy into production. The real impact I think of this is that we've seen that when you think about the agent operations journey, it's not happening at the pace that a lot of the rest of AI is intended to operate on, but it's really operating at the pace of the least common denominator in terms of the risk appetite that we're able to go on and take. This today seems to be one of the biggest blockers towards faster enterprise AI and agentic adoption. And what we at Rubrik are really focused on helping organizations solve. The reason we feel uniquely positioned to be able to solve this challenge, is that Rubrik has a unique combination of understanding of the underlying data that lives inside of an organization from our historical roots and being able to service data backup and data protection as well as security. And we've layered on an identity solution as well. That gives us visibility in terms of how to integrate into different identity providers and what their correlation might be inside of enterprise IT applications. With the Pratabase acquisition, we brought in a core understanding of large language models and the underlying infrastructure that those are gonna be deployed on in order to build agents. We think that the mix of these three things, data, identity, and models, gives us the unique right to be able to ship a truly actual and accurate solution for managing agentic operations. And that's why I'm today, I'm excited to be able to really announce the Rubrik Agent Cloud. The Rubrik Agent Cloud looks to be able to solve some of these key security and governance challenges when it comes towards enterprise deployment of AI agents at scale. The Rubric agent cloud is a layer that sits in between your applications as well as the agents that are aligned with them and the background LLMs that those agents are calling. And looks to be able to provide three key pillars of availability. The first is continuous monitoring and observability. We look to be able to automatically scan your environment across different agent building tools that you might use to be able to populate and discover an agentic inventory. This is your list of all the different agents that are actively running inside of your ecosystem, when they were created, how much they're used, which ones are low and high risk, and what kind of tools and data those agents can access. The second core pillar that Rubrik Agent Cloud provides is something we call governance. A governance can mean a lot of different things, but at its core, we think that the important thing for governance is the ability to both define policies and enforce policies on both the inputs as well as the outputs of agents. That means that inside of the Rubric agent cloud, you're able to go ahead and enforce policies on both the prompts as well as the responses and tool calls that are coming directly out of the agents. And the really interesting thing that we're able to do from a governance standpoint, is we not only provide you predefined policies that you can start to institute inside of your agentic applications, but we allow you to define your own policies in custom natural language that we can then use our small language and AI models on to be able to be enforced on every single input and output dynamically that an agent is starting to read. And then lastly, we offer remediation. Remediation and our hallmark feature here called AI agent rewind, really ties our core at Rubrik as a data and cyber resilience company in the new GenTick feature. The idea is that if an agent takes a destructive action on any property that Rubrik protects, we're able to correlate our understanding and observability of that agent's action with the previous healthy snapshot for that property that we have from backup and allow you to effectively undo that destructive action by giving you a simple recovery directly from backup. So if that agent ended up deleting that production database or dropping the wrong opportunities from Salesforce, you can recover it directly from the previous healthy snapshot. We think about these three key capabilities as the infrastructure operating platform that organizations need when they're thinking about deploying agents at scale. And best of all, it's compatible across the different agentic tools and stacks you might be using in order to be able to deploy agents. So you can go ahead and start to build and deploy your agents as you want. And the Rubrication Cloud will ingest, help you monitor, govern, and when something goes wrong, remediate those actions as you need. Now, since we're GA, I not only wanna give you the high level sense of how we think about the product, but I'd love to be able to show it to you in action. So in order to be able to do that, I'd like to introduce Jackie, who's gonna walk us through a live demo of the Rubrik Agent Cloud. Hey, I'm Jackie, and welcome to Rubrik Agent Cloud, your centralized governance platform for monitoring agents across your organization. So for the first pillar, monitor, we support various connection methods for discovering your agents. You can deploy a rubric managed model gateway, which works with custom agents built using all popular large language model providers, as well as privately hosted open or closed source models such as Azure OpenAI. If you already have an existing AI gateway or router, no problem. We can also plug into the AI gateway of your choice such as Light LLM. We also support integrations with popular agent builder platforms such as Microsoft Copilot Studio as well as endpoint agents, which are agents that run on your laptop such as Cloud Code or Cursor. After connecting your platforms, we'll automatically discover the agents running across your organization and provide a centralized view of active agents in surface risk areas for you to investigate. Let's take a look at the customer provisioning agent. Here's everything you need to know about the agent. You can see a quick summary of what this agent is for, what applications it has access to, and what tools have been configured for its use. You can also have an audit trail of all the actions taken by this agent in the activity log. For the next pillar, govern, let's take a look at our policies. The agent operations platform lets you configure system or custom policies based on your organization's needs. You can get best practice recommended policies out of the box, which follow popular agent frameworks such as MITRE Atlas or OWASP, or you can create custom policies using natural language. You can also enable default policies such as PII detection or minimal authorized tool scope, which is similar to least privilege access in identity. Let's go ahead and create a custom policy. So with custom policies, you can apply the policies that are set by your AI governance committee and see if your agents are actually following them. So I'll go ahead and actually enter in a particular policy that we actually have here at Rubrik. For example, agents should not make financial recommendations, provide financial advice. This then will fill out a more fully fleshed out policy definitions. So this has sections such as instructions, key definitions, behaviors, as well as reference examples. The policy editor also gives you a score and recommendations for how you can improve the policy. The scoring is based on criteria such as clarity, specificity, and actionability. So it looks like, for example, I could provide some clarity on what exactly I mean by financial recommendation. So I'll go ahead and modify it. I'll go ahead and modify this definition as well here. So here, I wanna say financial advice. I would consider any sort of guidance, suggestions, opinions, and general financial advice. Let's go ahead and say, you know, that is allowed as long as we don't provide any particular recommendations. And I can go ahead and reanalyze that. So it looks like there's a few recommendations still, but much fewer and much more clear. I can go ahead and also run test examples. So this is the way for you to see if your policy is well defined enough to your liking. So for example, let's say I wanna test a tool call, sample tool call that says something like, I think you should go buy some Google stock, which would be a violation of our policy. I go ahead and run a test to see if my policy definition would get in. Great. Looks like indeed the violation is found. This is a very obvious example, but this is a good way for you to kinda test some of those gray areas as well. So I'll go ahead and save my policy, and I'll set it to monitor for now. So what do we do with the policies afterwards? So policies trigger violations and alerts, which can be viewed across all your agents or also per agent in that agent details page. Violations are things that are essentially based on agent configuration. So, for example, an agent has access to a read a delete tool, for example, which violates the read only tools policy. And we can observe that in the tools list, which has been configured on the agent. We can also set policies to block. So for example, for the no unauthorized tools policy, I've actually already gone ahead and set to block. So rather than just monitoring, you can actually stop agents from using certain tools or taking certain actions. For this particular policy, I can go in the tools inventory, which is the collection of all the tools that we've discovered, and I can mark a tool, for example, this first one, I can go ahead and mark that tool as unauthorized. And because my policy has been set to block, now anytime we see an agent using this tool, we'll go ahead and block it. So let's actually go ahead and see that in action. So here I have a script which runs a customer provisioning agent, which I can trigger via a Python script. The agent uses the model gateway to hit Claude Sonnet 4.5 and has several tools configured that go through a provisioning workflow. I can see that the agent takes in the user prompt to provision a customer account. It tries to invoke a series of tools, but some of those tools have already been blocked by the no unauthorized tools policy. I'll go ahead and let it finish running. So for example, you can see here that these tools were blocked by this policy and certain tools were allowed. I can also go into the alerts to view those blocked actions as well. So you can see these blocked actions here from my customer provisioning agent. Lastly, for the final pillar remediates, Rubrik Agent Cloud helps you recover data that was erroneously modified or deleted by your agent. So for example, here I have a Microsoft OneDrive agent which erroneously deleted a file in OneDrive and violated the read only tools policy. I can go ahead and also view the action timeline to view exactly what led to the deletion of those files. In this particular case, this agent is responsible for scanning for secrets and found some secrets but actually deleted the file instead of simply notifying or modifying those secrets themselves. I can go ahead here and click rewind, and that helps me allows me to restore that data that was deleted. Our platform uses an AI agent to extract the information from the tool call and intelligently figure out what was deleted. Since I can go ahead and click rewind to kick that off, and looks like the rewind has been initiated. Since I wanna also maybe prevent this agent and future agents from accidentally deleting other data or taking other delete actions, I can also go to the policies, back to the policies, and set that read only tools policy to block. This is how Rubrik Agent Cloud goes beyond just observability and actually helps you enforce those policies. So that's a super quick look at the product in action. We couldn't be more excited for you to get your hands on the product to try it out. With that, I'll pass it back to you, Varun. Thank you for that demo, Jackie. We are all really excited for you to try Rubrik Agent Cloud. If you want to learn more, reach out to AI teamrubrik dot com, and we will now dive into Q and A. If you have any questions, please drop them in the Q and A. And thank you to those of you who shared over some questions before the webinar. We'll we'll address those now with Dev. So Dev, the first question we have is, does Agent Cloud require us to standardize on a specific AI framework or model? Or can it work across what we already have deployed? Yeah. It's a great question. You know, I think our point of view on this is that organizations are gonna be building agents in a number of different ways and also deploying off the shelf agents that other tools are gonna offer. And our goal is to be, you know, what I've sometimes heard described as Switzerland like approach for these AI agents. So the short answer is that you can continue to use your AI framework or model. And our goal inside of Rubric Agents Cloud is to be able to ingest that directly. To give you some of the details. If you're building your own AI agents directly using, let's say an open source framework like LangChain or N8N, as well as inference calls to a provider like OpenAI or Claude, we can integrate into that using our standalone AI gateway, which operates similar to a reverse proxy. Or we can integrate into your existing AI gateway. So that's number one. The second is a lot of our customers are using low code platforms to build agents like Microsoft Copilot Studio. And we have direct back end integrations into sources like that to be able to start to monitor and automatically discover those agents that are running in that environment. And then finally, we see agents that get deployed on the endpoint. And so we have a way to be able to deploy and understand any of the agents that are running inside of your endpoint. So if you wanna detect things like Cloud Code or Open Claw even, being able to actually get that type of endpoint discovery is something we support too. So this is really, I think the gamut of what we look at. But for the core of what a lot of our customers wanna know is, hey, if already have centralized on building agents and one or two or three of these tools at these areas, can Rubrik Crowd start to ingest that? And we're looking to be able to provide coverage across those three surface areas. So we support a number of those already today, and please get in touch with us to, you know, make sure that the ways that you're deploying are fully covered. Awesome. Thank you, Dev. We have another question that was shared previously. How are customers thinking about ownership internally? Is this typically driven by security teams or by the AI or platform teams? You know, it's an evolving responsibility as AI is moving really quickly across enterprise organizations. What I most often see is that the security team has a strong level of interest and ownership in making sure that the AI agents have some governance and compliance frameworks within them that they can manage things like shadow AI as well. But typically there is a central working group that I've started to see get formed inside of a lot of organizations, where there's an AI lead. And that AI lead might be someone who sits with an IT. Maybe someone who sits with an engineering or a different governance function. But that AI lead or that AI governance committee, has the stakeholders from security, legal, InfoSec and IT, in order to be able to actually govern what those adjunctive deployments are going to look like. And so the very short version I would say is, if you have someone who's working on an AI platform or looking to be able to enable the organization to adopt AI more generally internally, that tends to be the person who actually has who agent cloud resonates the most strongly with. And we see a lot of kind of cross pollination and partnership with the security counterparts in that org as well. Awesome. And we have a question around AI governance. Do I need to bring my own policies or do you provide out of the box policies? So a lot of the organizations that I work with tell us, you know, two things. The first is, every organization they agree that every organization is gonna have their own custom policies when it comes to growing AI. But sometimes it's hard to know where to start. So we provide some predefined policies out of the box. So if you remember seeing in Jackie's demo, a set of those policies are predefined. So you can start to use them immediately. A really good example of this might be something like PII detection. Like organizations wanna make sure agents aren't leaking PII either in terms of what's going in or coming back out. So we see that as a pretty consistent thing. And one of the fastest ways to get value out of Rubrik Agent Cloud is hook it up to one of the platforms that you're using to build agents and, you know, enable a few policies. You'll start to see automatically what's happening in real time. But as you actually go deeper, a lot of companies have governance that's pretty bespoke to what they need. And that's where we allow you to be able to define custom policies and bring your own. So start with some of the ones that are predefined and anytime you need to be able to edit, add your own custom policies for enforcement. I think that's one of the things we really do uniquely well using our small language model infrastructure. Yeah. Custom policies are gonna be a game changer for sure. Thank you, Dev. So another question that we have. What's the first step you're seeing customers take once they realize that they need agent operations? Yeah. I often think that, you don't need to necessarily go immediately and say, need a governance solution like today. I think that the first step I often see is like, is somebody in the organization at least experimenting with one of these agent platforms? Copilot Studio from Microsoft, Agent Force from Salesforce, Bedrock Asian Core from AWS, OpenAI has announced some of their own Cloud Code. There's almost no shortage of these really great tools to be able to try. If you're at the point where the company is starting to experiment with some of these tools, you're probably at the point where you're thinking in three, six, nine months, as we go ahead, we're going to need a way to be able to get the controls around them. And so my point of view is the very first step is choose any tool and like be able to start the experimentation. And at the point that you've taken that first step of beginning the experimentation, that's when we should have the conversation around, do we have a strategy in place for governance security around what these agents are gonna look like at scale. Awesome. And then the last question we have before diving into the Q and A from the chat. How do you prevent slowing down innovation while still putting controls in place? So I think that the really important thing for this is that a lot of what we have to acknowledge that a lot of the concerns that it comes towards AI governance are extremely legitimate for good reason. So no one wants to slow down innovation, but we have to be responsible for what that can actually lead out. To me, this is what's made building the agent cloud product actually personally interesting, is I wanna help organizations accelerate when it comes towards AI. And I think the key requirement there is we need to get out of the world where our compliance and our governance only is on paper and actually be able to put it in practice. So when we were developing agents at Rubrik, what we said was that we have a lot of these AI principles, but those principles are ones that kind of get reviewed in one offs. If you remember my timeline for deploying AI agents, there's like a committee meeting and that happens once every few weeks. And we review our agent design and then, you know what could change over two weeks? Do we have a way to be able to even detect if the things that we said in the committee meeting are actually enforced to AI agents? It feels very theoretical in a lot of ways. Instead, what I think we need is actual runtime embedded hooks for your AgenTic Governance platform. So the ability to observe the real time traffic of what's going into an agent and see that the policies you define in paper or as part of your committee are actually being monitored for and enforced in real time. I think if you have that, then you can kind of achieve the world that I think a lot of Gentic developers wanna live in, which is give me the rough guardrails that I need to be able to be operating in. And then let me build, and iterate and experiment as quickly as I can within that context. So that was really the goal for what we wanted to do. We wanted to give people the safety of an environment that they could actually start to ship in, knowing that the guardrails were kind of baked in and batteries were included. And that's what we've looked to build with Rubrik Agent Cloud. That's how we've been using it internally as well. Awesome. Thank you so much for that deep dive, Dev, and for the insightful responses. And thank you all for joining and for all of your questions. We hope you get to try Rubrik Agent Cloud very soon. Thanks, Varun. Thanks, Seth.