Enterprises racing to deploy AI are discovering that the biggest barrier to success is not the technology itself but the risk it introduces, highlighting the operational resilience needed to keep the business running when things go wrong.

As the cybersecurity landscape shifts toward agentic workflows, expanding attack surfaces and regulatory pressure, that concept of operational resilience is moving from aspirational to essential. The challenge is two-sided — protecting AI and using AI to protect — according to Vidya Shankaran (pictured, left), field chief technology officer for security at Commvault Systems Inc.

“When it comes to resilience for AI … it’s definitely fraught with risk,” Shankaran told theCUBE. “If that entire AI stack is inaccessible to the business, what does that mean for the business? We want to make sure that customers are protecting every layer of that AI stack, starting from the source data, building all the way up to the vector databases [and] the analytics layer.”

Shankaran and Anna Griffin (right), chief market officer of Commvault, spoke with theCUBE’s Christophe Bertrand at the RSAC 2026 Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed operational resilience as a continuous discipline, their resilient operations framework and Commvault’s new (with Time USA LLC) “CISO of the Year Award.” (* Disclosure below.)

Operational resilience becomes a continuous discipline

Commvault introduced its ResOps framework at its SHIFT conference, drawing a parallel to the developer operations movement that transformed software delivery. The approach brings people, processes and technology into a continuous loop rather than treating recovery as a final step in a waterfall process, Griffin explained.

“You take backups that had traditionally been static and you make them very active,” Griffin said. “You’re constantly looking at what data you have, how it’s classified, who has access [and] how is it protected. You’re constantly scanning and looking at threats and changes in that policy assignment or access.”

Operationalizing that vision requires breaking down organizational silos, Shankaran noted. Cyber resilience must be treated as a business problem, not a technology problem alone, with planning, preparation and testing embedded across the enterprise to build a “muscle memory” for incident response, she added.

“It is definitely a standard, but it’s a continuous standard because it’s not a point in time,” Shankaran said. “The very strategy is a living and breathing strategy. It doesn’t stop just because you finished something yesterday. It’s continuously iterative.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSAC 2026 Conference:

(* Disclosure: Commvault sponsored this segment of theCUBE. Neither Commvault nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE