Commvault urges identity-first cyber resilience in AI age

Commvault used its SHIFT event in Melbourne to argue that identity protection and validated recovery should sit at the centre of cyber resilience strategies as organisations roll out more AI systems across hybrid and multi-cloud estates.

The forum brought together enterprise, government and channel representatives from Australia and New Zealand. Discussions focused on how data protection, governance and recovery are changing as generative AI use expands and regulators increase scrutiny of operational resilience.

Industry forecasts framed much of the conversation. Gartner predicts that by 2027, 40% of AI data breaches will stem from improper cross-border use of generative AI. Organisations are also contending with a familiar entry point for ransomware and other intrusions: compromised credentials, which remain a common initial attack vector and are putting identity controls under renewed pressure.

"The AI era is not simply increasing risk - it is reshaping it," said Martin Creighan, Vice President for APAC at Commvault. "Organisations are scaling intelligence, automation and access at unprecedented speed. The question is whether resilience architectures are scaling with them. Identity integrity and validated recovery are no longer optional safeguards - they are operational imperatives."

Identity exposure

A recurring theme was that identity has moved from an IT security concern to a core pillar of operational resilience. As AI agents, AI-enabled applications and API-based integration spread, more systems request access to data and services. That shift changes the risk profile, particularly where privileged access is already hard to track across multiple clouds and legacy systems.

Gartner estimates that by 2026, more than 80% of enterprises will have deployed generative AI-enabled applications or APIs. Speakers linked that expansion to a growing set of privileged access pathways that can be abused if controls are weak or poorly governed.

Commvault executives and other speakers described digital risk as persistent rather than episodic. They pointed to automation as a factor that compresses the time between misconfiguration, credential compromise and impact. The same automation that speeds deployment cycles can also accelerate disruption once an attacker gains access.

Creighan highlighted the implications for critical infrastructure operators. "Consider a major enterprise operating under the SOCI Act deploying 30,000 AI agents as part of an AI transformation program," he said. "Each agent requires system and data access similar to a human user. While agentic AI unlocks new opportunities, it also creates new pathways for organisational risk that must be governed."

The discussion also reflected how boards and executives now treat identity risk. A growing population of machine identities and service accounts alongside human users complicates access reviews and accountability. For regulated sectors, the challenge extends beyond good practice: they also need evidence that controls work across organisational boundaries and cloud providers.

Proving recovery

SHIFT Melbourne also emphasised recoverability as ransomware tactics evolve. Attackers increasingly target backup and recovery environments as part of extortion campaigns, changing recovery-planning assumptions and raising expectations for isolation, monitoring and clean restoration methods.

Commvault showcased its Synthetic Recovery product, which it described as a way to generate clean, production-like environments for recovery testing, incident response and AI development. The approach is designed to reduce the need to use sensitive production information in testing scenarios.

The program included a ransomware simulation, "Minutes to Meltdown", in which participants worked through a real-time incident scenario that tested decision-making under pressure. A Cyber Resilience Workshop then asked attendees to examine whether existing recovery strategies would remain effective if attackers attempted to corrupt or disable recovery systems.

These exercises reflected a broader shift in cyber risk management. Organisations increasingly face expectations that they can demonstrate continuity in practice, not just document preventative controls. Recovery drills and verification are becoming more visible in audits and executive reporting as regulators and stakeholders ask how quickly services can be restored after disruption.

Partner ecosystem

Commvault's partner ecosystem also featured prominently. The event was supported by AWS, ExaGrid, Hitachi Vantara, HPE, Kyndryl, Pure Storage and Wasabi Technologies. The presence of cloud, infrastructure and services providers highlighted the reality that recovery plans often span multiple vendors and operating models.

Channel partners were positioned as taking on a larger advisory role as customers combine AI programs with security and compliance requirements. Commvault linked this shift to the need for coordinated planning across identity, data governance, cloud configurations and recovery processes.

"AI is reshaping not just customer environments, but the role of the channel. Our partners are evolving from solution providers to resilience advisors. With a unified ResOps approach, they are helping customers simplify complexity across cloud, data and identity while ensuring recoverability and trust remain intact. That is where real value is created," said Jo Dean.

Commvault framed the Melbourne event as part of a wider conversation about cyber resilience in an AI-driven decade, positioning identity resilience and recovery validation as foundations for organisations facing expanding digital ecosystems and increasing regulatory attention.