Cohesity builds guardrails for rogue AI agents and their data access

Cohesity says AI agent adoption is bringing new security risks to organizations and is introducing features to fend them off.

Think of agents as digital employees. If they make mistakes or go rogue, they can do the same damage as an incompetent, misguided, or malicious member of staff, and do so from inside the IT environment. Cohesity has identified three risk areas: AI and agent infrastructure; rogue, accidental, or malicious agent actions; and governing sensitive data for AI. Cohesity is introducing functionality to better protect all three areas. It say it'll wall off sensitive data, manage AI agents and help recover from agentic data mishaps.

Sanjay Poonen, Cohesity CEO and president, said: "By strengthening defense and enabling secure data activation, Cohesity is establishing enterprise AI resilience as the foundation for responsible, high-velocity AI adoption. Enterprises need the confidence to manage AI-driven risk and recover quickly when disruptions occur. Cohesity provides the resilience foundation that protects AI infrastructure, governs data access, mitigates agent-driven risk, and unlocks the transformative power of trusted enterprise data."

Cohesity Identity Resilience for on-prem Active Directory (AD) protection, plus Entra ID in the cloud, was announced in September last year. Cohesity fortified its Identity Resilience functionality to better protect Microsoft's Active Directory and Entra ID in January this year.

Now the company is extending its identity resilience scope to AI agents and the three enterprise AI risk areas it has identified. For AI and agent infrastructure, it says it already "preserves immutable snapshots of AI environments and enables synchronized, point-in-time recovery of agents, data, and supporting infrastructure, including files, databases, object storage, SaaS applications, vector stores, and agent memory, reducing downtime without full system rebuilds."

The new threat area of rogue, accidental, or malicious agent actions is being handled by "deep integrations with leading control and observability platforms, including ServiceNow and Datadog." These enable, it says, agent risk signals – anomalous behavior or policy violations – to trigger automated, API-driven, point-in-time recovery workflows.

We're told ServiceNow enables customers to build, register, and orchestrate AI agents across the enterprise with governance, visibility, and security. Cohesity has a relationship with ServiceNow to deliver agent resilience, with Cohesity protecting and restoring the data accessed by the agents to a verified baseline when disruptions occur.

Poonen said: "Cohesity brings the same immutable, point-in-time recovery that enterprises rely on for critical data, now applied to the AI agents driving their operations. Together with ServiceNow, we're making AI agents trustworthy by design."

Bill McDermott, ServiceNow chairman and CEO, echoed this "trustworthy by design" idea, saying: "The smarter AI agents become, the more they require a control tower to orchestrate their work across systems with audit-grade proof at every step. Cohesity adds a critical recovery and resilience layer that, combined with the ServiceNow AI Platform, makes agentic AI trustworthy by design."

Governing sensitive data for AI is being looked after by Cohesity introducing Data Security Posture Management (DSPM) powered by Cyera. This "discovers and classifies sensitive data, monitors access patterns, and supports governance controls across AI-accessible environments." The software "closes the loop from discovery and classification to data protection and recovery, helping organizations reduce AI-related data risks and increase cyber resilience."

An integration with Israeli data security firm Cyera was announced in September last year. This embeds data classification and governance directly into the Cohesity Data Cloud platform. The sales pitch is that it lets customers identify sensitive and regulated data within backups, eliminate redundant or obsolete data, and enforce compliance requirements in near real-time to avoid risks like sensitive data restoration to unauthorized locations.

Cohesity says DSPM continuously discovers, classifies, and monitors sensitive data at scale, using Cyera’s AI-native classification and remediation across petabytes of structured and unstructured data stores, unifying discovery, classification, and posture analysis.

Yotam Segev, co-founder and CEO of Cyera, said: "Cyber resilience in the agentic AI era starts with understanding your data, because you cannot protect or recover what you cannot see."

Cohesity says it has several upcoming security enhancements:

• Integrated threat scanning for self-managed Cohesity FortKnox environments. Enables threat scanning of vaulted data for customers with digital sovereignty requirements or those operating in isolated dark-site environments. This capability identifies malware and verifies clean recovery points before restoration.
• Integrated threat scanning for dark site Cohesity Data Cloud deployments. Allows malware and indicators-of-compromise scanning in environments fully disconnected from the public internet. This ensures resilience even in highly restricted deployments.
• Self-encrypting drives and integrated malware scanning for Cohesity NetBackup Flex Appliance. Protects data at rest and embeds malware detection directly within the appliance. These capabilities strengthen compliance and physical security, even if a device is removed.
• Cloud application environment recovery using declarative design. Rebuilds cloud environments from infrastructure-as-code configurations as a trusted baseline. This approach accelerates recovery, reduces configuration drift, and limits the risk of reintroducing vulnerabilities.
• The Cohesity Gaia Catalog extends the Gaia AI platform, so teams can securely access protected data directly from leading analytics platforms such as Databricks and Microsoft Fabric, without duplicating data or rebuilding ETL (extract, transform, load) pipelines.

All capabilities are delivered through the Cohesity Data Cloud. 

Integrated capabilities between ServiceNow's AI Agent Control Tower and the Cohesity Data Cloud are expected to be available later this year. More details about Cohesity DSPM, powered by Cyera, are available here.