Druva adds Agentic Memory to speed forensic compliance probes

Data protector Druva's Agentic Memory enables new Deep Analysis Agents to complete multi-modal, multi-day, forensic compliance investigations in minutes.

Druva has a portfolio of data, help, and action AI agents in its DruAI product set. These operate on backup and security metadata in two ways: the usual LLM/agent vectorization approach, and graph intelligence via MetaGraph, announced last September, which captures the relationships between events and items in the backup metadata. Insight and Lifecycle agents used MetaGraph to query aggregated backup data in real time and summarize risks with recommended actions (Insight Agent) and identify stale and non-compliant data (Lifecycle Agent). Now it has added Agentic Memory and new agents to run forensic compliance tasks.

Stephen Manley, Druva CTO, said: "IT teams are drowning in evidence collection and manual reporting. This release turns AI from a conversational assistant into a partner that completes work. We are enabling teams to delegate multi-day investigations to agents that finish in minutes and deliver a final report that can be immediately shared with security, compliance, or operations teams."

The Agentic Memory "allows DruAI to store, recall, and apply information over time. Unlike traditional chat-based tools, DruAI maintains both short-term session context and structured long-term memory of an organization's environment, terminology, and investigative history."

It enables personalized agent intelligence, recognizing whether a user is a SOC analyst, IT administrator, or compliance officer, and tailors dashboards, responses, and reports according to the role. Agentic Memory "adapts to user preferences, such as reporting formats, areas of historical focus, and common investigative paths, reducing repetitive setup and accelerating decision-making."

Druva says its MetaGraph connects and contextualizes data, enabling Deep Analysis Agents to conduct extended investigations independently and deliver complete, ready-to-share reports in minutes. These Deep Analysis Agents "conduct extended investigations across telemetry, logs, identity data, configurations, and historical signals. They break complex tasks into steps, coordinate across systems, and analyze findings over time to produce clear, actionable insights and reports. Investigations that once took two to three days can now be completed in 8 to 10 minutes, with results formatted for direct use by security, compliance, or operations teams."

Taken literally, reducing a three-day (4,320 minutes) exercise to ten minutes is a 432x speedup, which is obviously impressive, but forensic compliance checks are not regular workloads. These are ad hoc requests, and a Deep Analysis Agent request example provides a flavor of this: "We are investigating a cyber attack this month. There may be some signals of the attack in the admin logs. Can you review them and compare them to last month's baseline? Use the MITRE ATT&CK framework as the methodology to analyze the logs and keep your analysis to two pages in length."

A "Notify Me" workflow feature means users can trigger a deep analysis and let it run while they do other work. DruAI "processes the investigation in the background and emails a comprehensive report upon completion."

The DruAI agent portfolio supports screenshot data, with users uploading images of errors, alerts, configuration pages, or system behavior directly into the console. Druva says: "DruAI interprets the image, understands the technical context, and provides guided steps to resolve the issue, bringing the speed and intuition of frontier AI into practical enterprise workflows."

Deep Analysis Agents, Agentic Memory, and Image-based Assistance are now generally available.

More details are available in a Druva  blog and a downloadable datasheet. 

Comment

Druva appears to be one of the few data protection and cyber-resilience suppliers with graph-powered AI. Other suppliers such as Cohesity, Commvault, Rubrik, and Veeam are using LLM and vectorization-based agents.

Cyber-resilience suppliers that don't come from a backup/data protection background such as CrowdStrike, Darktrace, Check Point, and Persistent Systems do use graph technology. We think that graph-powered AI technology will be taken up by more data protection suppliers.

Bootnote

Druva operates on a zero-trust architecture and meets global compliance standards, including FedRAMP, SOC 2, GDPR, and IRAP. Druva says customer data is encrypted and never used, accessed, or analyzed to train large language models (LLMs). DruAI uses isolated LLMs and private retrieval-augmented generation (RAG), and operates exclusively on an organization's metadata.