Keep your agents close and your agent-monitoring software closer. Commvault’s new AI Protect can discover and monitor AI agents running inside AWS, Azure, and GCP environments and even roll back their actions when something goes wrong.

It is part of a broader set of new products as the 30-year-old data protection company hopes to position itself at the center of AI resilience, which is a rapidly growing subset of tools.

Identity access and management platform Okta last month announced the general availability of its Okta for AI Agents, which gives customers the ability to locate agents, see what they're doing, and shut them down if need be.

The other two new Commvault products, Data Activate and AI Studio, focus on preparing backup data for machine learning pipelines and giving organizations tools to build and deploy their own agents.

Commvault’s field CTO Vidya Shankaran told The Register that the products come at a time when enterprises are racing to deploy AI agents but struggling to govern them.

"A lot of organizations tend to miss the fact that you need to start protecting the vector databases, which is essentially the brains of your entire AI stack," Shankaran said.

The vector database stores the embeddings that large language models rely on, she said. If it’s compromised or lost, she said, "you would either have to rebuild it from scratch or retrain the model. No one has that luxury of time anymore."

AI Protect is designed to track and respond to what AI agents are doing across cloud environments including AWS, Azure, and GCP. The tool discovers agents, maps their dependencies, and monitors their behavior for anomalies. Shankaran described it as a baseline deviation model: the system ingests events over time, establishes normal behavior patterns, and then flags deviations like an agent that suddenly gains access to payroll data it previously could not reach.

“We will bubble up to the surface any anomalous behavior. First we notify and then, of course, provide the options to roll out the configuration files of those agents or fix the data that was already being protected,” she told The Register.

When something does go wrong, AI Protect can restore an agent’s configuration or repair the data it corrupted by reverting to a known good state, Shankaran said. She noted that it can only monitor and revert; it cannot stop or control third-party agents directly.

"We would rather stay in our own swim lane," she said, "and not really overreach and say, ‘Hey, Salesforce agent, don’t do that.’ "

• Snowflake manager explains the 'Spider-Man' theory of AI agent data access
• AI agents can't teach themselves new tricks – only people can
• Yes, you can build an AI agent – here's how, using LangFlow
• AI agents are 'gullible' and easy to turn into your minions

Data Activate lets organizations use the backup copies Commvault already manages to train AI models, which puts less strain on live systems.

Those copies can be classified to exclude personally identifiable information, then published in formats like Apache Iceberg and Parquet for use with platforms such as Snowflake and Databricks, Shankaran said. This is a way for Commvault customers to get more value from data that would otherwise sit idle.

"You’re already protecting that data with Commvault," she said. "You’re just going to use that protected copy to feed into the AI pipeline."

Of course, even as Commvault promises to help you lock down rogue agents, it's also going to add to the morass: AI Studio is a group of prebuilt agents that Commvault customers can use for common data-protection tasks, the company said. It also has tools for organizations to build their own agents. The idea is to let Commvault’s agents interact with agents from other platforms – so a Salesforce agent, for example, might coordinate with a Commvault agent to ensure data is both accessible and protected, Shankaran said. The studio also supports Commvault’s Model Context Protocol (MCP) server for integration with other enterprise systems. ®

More about

• AI
• Commvault

More like these