Book demo
30 January 2025

Is There a Role for Agentic AI in Cyber Recovery and Cleanroom Orchestration?

Agentic AI systems are gaining attention as a potential game-changer for overstretched security and infrastructure operations teams tasked with maintaining cyber resilience. But what exactly is meant by ‘agentic’ in this context?

Let’s start with a definition:
Agentic (adjective): Able to express agency or control on one’s own behalf or on the behalf of another.

Put simply, agentic AI is Artificial Intelligence that is able to make its own decisions. Think of any AI or robotics themed movie and there is probably an agentic machine at the heart of story. I,Robot, The Terminator, or our favourite… Short Circuit. Yes, Johnny 5 is alive, and is undeniable proof that agentic technology can be positive force in the world 😂.

Today, most AI is non-agentic. It’s generally used as a reactive tool and aims to deliver a specific type of output defined by a user or programmer. A human is setting the problem, and defining the type of solution required.

Agentic AI on the other hand, will independently plan and take day-to-day actions towards long-term objectives, adapt dynamically to changing environments, and interact with the world – without requiring constant human intervention.

Clearly, we’re not predicting that humanoids will be running the world – or your storage, but the core principles of agentic AI will prove to be invaluable for boosting and maintaining data resiliency. Storage and backup operations represent a fertile ground for its application. With less than 1% of backup data validated annually for efficacy and cleanliness, the need for smarter tools to address time constraints is undeniable.

This article explores the incremental steps on the path to fully autonomous, agentic, cyber recovery orchestration.

Step 1: Scheduled Recovery Automation

The journey begins with basic automation. Scheduled recovery testing and malware scanning can be proactively added to daily operations. At this stage:

  • Human operators maintain full control over what gets recovered, when, and how to respond to detection events or failed restores.
  • Automation reduces manual effort but doesn’t replace human decision-making.

This foundational step builds confidence in automation while freeing up valuable time for other critical tasks.

Step 2: Self-Directed or AI-Driven Recovery Automation

The next phase involves introducing systems that respond autonomously to detected anomalies. Here’s how it works:

  • The system uses behaviour monitoring or integrates with third-party APIs, such as storage SaaS control planes or SIEM tools to detect potential threats.
  • Affected systems are recovered into isolated cleanroom environments and tested for malware.
  • Over time, AI algorithms refine themselves to reduce false positives, lightening the workload for human operators.

Even at this stage, humans retain control over final actions, ensuring trust and oversight remain intact. While highly efficient, this level doesn’t yet meet the threshold of ‘agentic’ autonomy.

Step 3: Fully Agentic Cyber Recovery Automation

In the final stage, systems achieve full agentic capabilities, executing complex, multi-step tasks and making independent decisions. Examples include:

  • Removing malware from infected production systems as well as the backups.
  • Isolating compromised systems in a secure vault.
  • Applying software patches to remediate vulnerabilities across the network.

These advanced capabilities could raise concerns among operators about relinquishing control. However, the trade-off is significant: reducing repetitive work and accelerating the response to evolving threats.

Pros and Cons for Storage and Backup Professionals

The rise of agentic AI in cyber recovery presents both opportunities and challenges.

Pros:

  1. Enhanced Oversight: By automating repetitive tasks, professionals can focus on strategic initiatives.
  2. Improved Efficiency: Faster recovery processes minimise downtime and mitigate the impact of ransomware and other cyber threats.
  3. Adaptive Learning: AI-driven tools continuously learn from new threats, improving accuracy and reducing false alarms.

Cons:

  1. Potential for Edge Cases: Systems might encounter scenarios unfamiliar to the AI but recognisable to experienced operators, leading to potential vulnerabilities.
  2. Training Requirements: Storage administrators may need to adapt to managing and refining AI systems, adding a layer of complexity to their job description.
  3. Loss of Direct Control: Trust in autonomous systems requires cultural and procedural shifts, which may not come easily.

Conclusion: A Welcome Development

For many organisations, the processes governing backup and recovery have remained largely unchanged for decades, even as threats have evolved dramatically. Agentic AI offers a way to modernise these systems, addressing the growing cyber resiliency challenge with tools that are both efficient and adaptive.

While the shift to full autonomy will require careful implementation and oversight, agentic AI systems promise to revolutionise cyber recovery, empowering teams to stay ahead of threats and enabling a more resilient future. For now, incremental adoption—starting with scheduled automation and progressing towards self-directed systems—is the key to building trust and demonstrating the value of these transformative technologies.

Start Your Journey to Agentic AI in Cyber Recovery Today

Organisations around the world have already introduced scheduled and AI-powered cyber recovery automation for backups and snapshots with the Predatar Recovery Assurance platform. Starting your journey to resilience with automation and AI is easier than you think.

Watch this video to Discover Predatar in less than 2 minutes.

Learn more about
Predatar recovery assurance