In this interview from the theCUBE + NYSE Wired: Mixture of Experts series, James White, CTO at CalypsoAI, joins theCUBE’s John Furrier to unpack CalypsoAI’s newly launched Security Index – the first comprehensive safety ranking of major generative AI models. White explains how the weekly updated leaderboard and the CASI (CalypsoAI Security Index) score enable apples-to-apples comparisons that blend quality and security, helping enterprises move beyond POC purgatory and toward ROI. The discussion connects model selection and risk posture to enterprise strategy at the intersection of tech and finance – where governance, vendor constraints and performance/latency considerations shape deployment choices at scale.
White details CalypsoAI’s Red-Team product and three attack lenses: signature attacks, operational attacks (e.g., overwhelming outputs that mimic denial-of-service) and “agentic warfare,” which uses autonomous agents to probe for jailbreaks and prompt-injection gaps. He breaks down CASI’s inputs across severity, complexity, decay of older tactics (like DAN variants) and defensive breaking points, alongside an average performance column so teams can weigh capability vs. security. Highlights include Anthropic models leading the safety pack (with Microsoft among the leaders), Claude 3.5 scoring 96.25, Claude 3.7 trending into the #2 slot with different security trade-offs, DeepSeek-R1 landing mid-table and GPT-3.5 Turbo dropping from the top 12. White also previews a human-in-the-loop Purple-Team approach, and shares guidance for continuous testing in CI/CD, model family choices across cloud stacks and real-world implications for POCs, benchmarks and production hardening.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Mixture of Experts Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Mixture of Experts Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Register For theCUBE + NYSE Wired: Mixture of Experts Series
Please fill out the information below. You will recieve an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for theCUBE + NYSE Wired: Mixture of Experts Series.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
theCUBE + NYSE Wired: Mixture of Experts Series. If you don’t think you received an email check your
spam folder.
Sign in to theCUBE + NYSE Wired: Mixture of Experts Series.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open this link to automatically sign into the site.
Sign in to gain access to theCUBE + NYSE Wired: Mixture of Experts Series
Please sign in with LinkedIn to continue to theCUBE + NYSE Wired: Mixture of Experts Series. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Sanjay Mirchandani, Commvault
In this interview from the theCUBE + NYSE Wired: Mixture of Experts series, James White, CTO at CalypsoAI, joins theCUBE’s John Furrier to unpack CalypsoAI’s newly launched Security Index – the first comprehensive safety ranking of major generative AI models. White explains how the weekly updated leaderboard and the CASI (CalypsoAI Security Index) score enable apples-to-apples comparisons that blend quality and security, helping enterprises move beyond POC purgatory and toward ROI. The discussion connects model selection and risk posture to enterprise strategy at the intersection of tech and finance – where governance, vendor constraints and performance/latency considerations shape deployment choices at scale.
White details CalypsoAI’s Red-Team product and three attack lenses: signature attacks, operational attacks (e.g., overwhelming outputs that mimic denial-of-service) and “agentic warfare,” which uses autonomous agents to probe for jailbreaks and prompt-injection gaps. He breaks down CASI’s inputs across severity, complexity, decay of older tactics (like DAN variants) and defensive breaking points, alongside an average performance column so teams can weigh capability vs. security. Highlights include Anthropic models leading the safety pack (with Microsoft among the leaders), Claude 3.5 scoring 96.25, Claude 3.7 trending into the #2 slot with different security trade-offs, DeepSeek-R1 landing mid-table and GPT-3.5 Turbo dropping from the top 12. White also previews a human-in-the-loop Purple-Team approach, and shares guidance for continuous testing in CI/CD, model family choices across cloud stacks and real-world implications for POCs, benchmarks and production hardening.
>> Hi, everybody. Welcome to the New York Stock Exchange. This is theCUBE's Mixture of Experts series. NYSE Wired, and theCUBE are here at the buttonwood podium. We have a special guest. Sanjay Mirchandani is here. He's the CEO of Commvault, many-time CUBE alum. Great to see you, my friend.
Sanjay Mirchandani
>> Good to be here.
Dave Vellante
>> Thanks so much for taking some time and-
Sanjay Mirchandani
>> Good to see you....
Dave Vellante
>> and coming here. And we've watched your career... We first met you when, of course, you were the CIO of EMC.
Sanjay Mirchandani
>> That was a long time ago.
Dave Vellante
>> And we were chatting earlier about some of the innovations you brought. IT was the department of no when you joined it, and I think you turned it into... And we've seen other companies, like ServiceNow, change that mindset, but you were really early on there. And of course, a lot of people don't know, it's rare to see a CIO then become a CEO, but you're not a historical CIO. You came from the business world when you were at Microsoft and-
Sanjay Mirchandani
>> It was accidental.
Dave Vellante
>> Right? And so, you're now in the right spot and you've had it just an amazing career, so congratulations on that. You've done an amazing job at turning Commvault into a new company, we want to talk about that. But first of all, what are you doing in New York?
Sanjay Mirchandani
>> It's good to be here. So, we have our flagship event this week, starting today.
Dave Vellante
>> SHIFT?
Sanjay Mirchandani
>> Yep, SHIFT. And we inaugurated that two years ago here in New York. And so, we're back, we did it in London last year. And it has two real purposes. One is to bring our customers, partners, industry luminaries together to really discuss trends and what's happening, so that's all happening this week. And second is we use it as our platform to launch our new technology and we're doing that as well with our Commvault Cloud Unity platform. So, it's all happening today.
Dave Vellante
>> So, the hot topic, of course, is cyber resilience. Business resilience was in vogue during COVID because we realized disaster recovery doesn't equal business resilience.
Sanjay Mirchandani
>> Or supply chain-
Dave Vellante
>> But AI has taken this to a new level. Cyber, of course, you guys are at RSA, we're there as well. I mean, it's a massive show. And so, the traditional backup, the data protection business, it really has become a fundamental component of cyber resiliency. Why now? Why is cyber resilience suddenly so top of mind?
Sanjay Mirchandani
>> Dave, I don't think it's sudden. I think it's been top of mind since probably COVID because we saw a massive increase as people worked remotely, as you couldn't get into your data centers as the world changed, where the bad actors really took advantage of that to start attacking, to start really exploiting companies. And we saw a massive increase of attacks and sophisticated attacks. Now, that hasn't necessarily gone down. So, we took a bold move two years ago here and said, "The world has evolved from data protection to true cyber resilience." And what does cyber resilience mean to us? It means the ability for a company to really come back to life predictably after a catastrophic cyber attack and all the nuances that go into a cyber attack. So, knowing how to recover from that and to be prepared for that. So, it's been a while. The difference is though, I think what you're noticing is it's gone from a backroom conversation about backup to a boardroom conversation about resilience, and that's the difference.
Dave Vellante
>> And, of course, cyber has gone to that boardroom. And now, your world has also done that. Of course, in COVID it was the remote work that created the exposure. And now, AI is creating greater exposures. Explain why.
Sanjay Mirchandani
>> So, you and I both know this, we talk about it, AI is going to be the single most catalyzing technology that we've seen and it's moving at a pace is unprecedented. The opportunities are what we are all excited about, what it can do for us, what it can change for us, how fast we can move things around. But with that unbridled enthusiasm comes the responsibility around being able to really govern it. And I don't mean regulatory governance, I mean inside of the enterprise, making sure that as you enable it, as you deploy it, as you encourage it inside your business, you're also putting the guardrails to manage it. Because the heart of AI, regardless of where everyone's focus might be on infrastructure, it's data. And what we know is data, and that's what we've done for 30 years is protect data. And so, this is about really taking data that a company has, which is now further away from where it is ever intended to be used in AI systems, in lakes, in other places. Harness it. Harness the power of the data that an organization has, but give it automatic guardrails, so it's protected while it's being used and that's the approach we're taking.
Dave Vellante
>> Now, your peeps, if I can use that term, had traditionally been IT and that's changing. Cyber resilience is becoming a fundamental component of overall cyber strategy. So, now, you're talking chief security officers, chief information security officers, SecOps teams, DevSecOps teams, those are your new people. Are those worlds coming together? How is that persona shift?
Sanjay Mirchandani
>> I think I go back four years at one of the earnings that we did, earnings calls, where I said, "The world of data security and the world of data protection are fast colliding, in a good way because if there's light between those, the bad actors can definitely exploit it." So, as the technologies have started coming closer together and we've been doing a lot of work building out a cyber resilience platform that brings those components together, roles and responsibilities have changed. To your point, there's different folks in different companies that do cyber, but what it is end to end. You have to go from defending the business to recovering the business. And so, in most cases, I'll sit down in a meeting if it's not with the C-suite, with the CISO and the CIO, because they are responsible for resilience. Now, pieces of that puzzle can be solved by either team, but really they have to come together to take care of it. So, yeah, we do talk to both of them.
Dave Vellante
>> Explain how you transform the company because you made some acquisitions, you leaned heavily into the cloud. Now, AI comes into play. You just sort laid out you got to defend against the bad guys getting in. You have to assume they're going to get in. And then, once they're in, you got to discover what happened and then you got to recover and make sure that data is of high quality. So, how did you reconstruct your product portfolio for that era?
Sanjay Mirchandani
>> So, when it comes to the classic defend model, we partner because that's an area of expertise that is different. So, whether it's the Microsoft suite of products, whether it's CrowdStrike, we partner. And we have two-way intelligence between our platform and their feeds. And so, what we do is once we know there's something happening, our platform has evolved from being a leading backup and recovery platform to a true cyber resilience platform. And now with AI, we're incorporating everything we've done in that with the nuances of AI. So, we will continue to partner on intelligence, but we're saying that for AI, if you're training your models, if you've got data coming from multiple sources, if you've got changes that are real-time, even incredible pace, you can't wait to do a recovery. You have to be at the front-end of that process because it's too late if you don't know what happened. At that point, trying to unravel a complicated high-speed, high-velocity AI system is probably not the right approach. So, what we're doing with the platform is we've taken everything we've learned with cyber resilience and now we're adding a shell of all the AI capabilities. We built this platform ground up. And what you'll do is you'll see things like through an acquisition we made say Satori Cyber. And what Satori Cyber, for example, does is it's constantly observing what is changing on your structured, unstructured data, on your LLM feeds. And so, with a single policy engine, without geeking out on you, what you can do is preemptively train that and watch for that. And then, if you see something changing in your Active Directory, which we've incorporated into this technology, security, you can then correlate that with AI. So, in this platform, what we've done is we've integrated essentially security, identity and the ability to recover. Those things have to come together and it's not optional.
Dave Vellante
>> So, you'll feed a CrowdStrike security lake or Microsoft or Amazon, it doesn't really matter, any cloud I'm sure you feed and that's a two-way interaction-
Sanjay Mirchandani
>> On the identity, on the security side-
Dave Vellante
>> On the pieces that are not your specialization where you partner?
Sanjay Mirchandani
>> Correct.
Dave Vellante
>> Okay. And then, double down on your platform is I want to understand what you are the best at, where your partners say, "No, we'll let Commvault take care of that."
Sanjay Mirchandani
>> Right. So, what we do and have done, essentially since we've been a company for 30 years, is recover. Our job, what customers pay us for whatever incarnation of the platform over the years that we've had, they've paid us to be there last stop. "Everything else has failed. Bring us back," and we take that very seriously. So, even if my competitors try to portray themselves as something else, at the heart of it, we are proud of the fact that we have the best recovery capabilities on the planet.
Dave Vellante
>> It's the roots.
Sanjay Mirchandani
>> And we've evolved it and evolved it to the point where today it's incredibly applicable in the world of AI, where provenance of your system, all the data, all the changes, all the components have to come back together. And so, we've taken that ability and built it right into our platform. We've also taken a huge step forward by saying security... In other words, who touched your data? With agentic, you have non-human touches and autonomous and moving at a speed that is unprecedented. Who touched it? What did they touch? What did they change? What were the downstream effects of that? Being able to correlate that with privileged access. CrowdStrike will tell you 80% of breaches are because of credentials being abused. And so, we take credentialing or identity, we take security, and then we add that to our years of knowledge about how to recover. And we've got thousands of patents. This stuff really works. And so, our platform now incorporates all of that. I could spend hours telling you about the keynote. Attend the keynote, you'll see what we're going to talk about, synthetic recovery or things that we've invented that people haven't thought of yet.
Dave Vellante
>> You called it synthetic recovery?
Sanjay Mirchandani
>> Yeah. Yeah.
Dave Vellante
>> What, so that you can actually test and run simulations?
Sanjay Mirchandani
>> Dave, here's a problem that's been a problem for years on recovery. If you were cyber attacked and you're trying to do forensics and you're following the breadcrumbs and it can take you weeks to figure out what happened, you can't just wait as a business saying, when they figure it out, we'll know what to do. So, everybody tries to experiment with recovery. Okay, maybe it was then, maybe it was here. Let's take this back up. And you end up usually having a dilemma. Either you go when you have a really clean backup and you say, but that was two weeks ago. Or you look at the backup you have from yesterday and go, but that may be tainted. So, our engineers who live and breathe this stuff said, "what if I took this and I took this and I sliced out the middle and then we go fix the middle, and we did it all with AI?"
So, our Metallic AI underpinning says it's synthetic. We're synthetically creating a recovery point for you. And then, we're spinning up a cloud, a clean, clean room in the cloud for you, zero-trust environment in any cloud of your choice, and we'll start the recovery process. And so, while people are trying to follow the breadcrumbs and figure out what exactly happened and when, we are giving you pretty good AI-enabled, fully-automated capability to say, "Dave, I think you'll be okay with this. You're missing probably this. We've quarantined it. We'll scan it, we'll test it, maybe clean it and bring it back to you, so the business can get back to life."
Dave Vellante
>> So, you pick a safe recovery point and then focus on the potential area that was tainted to the business. And then, you're saying you use AI to do that. What kind of AI?
Sanjay Mirchandani
>> We've branded it Metallic AI. That's our platform, that's our AI intelligence capability, which powers all of this. And so... Here we go. And so, the ability to really understand what happened, understand what's clean, understand what isn't, threat scan it. So, we scan it using AI, different components within our AI intelligence process and give you a pretty good recovery point. At the end of the day, you as a CEO, Dave, can't wait for the investigation to finish. You have to get your business back to life and this is what we're trying to enable.
Dave Vellante
>> So, you just heard the test bell. It's a little early for the bell to ring. We'll get it in a minute. I want to ask you about your platform because you said something that caught my attention, you built it from the ground up. These days platform beats product. CEO, you want to have a platform, so you can grow the value of your company and deliver for your customers. What do you mean by platform? How did you build it from the ground up? You've made acquisitions, how does that fit into the platform? What makes it a platform?
Sanjay Mirchandani
>> I think since our first release of Commvault Cloud, we've had a platform, but it was focused around recovery, it was focused on cyber resilience. Now, with AI, we believe one size doesn't fit all. The way you recovered an application stack from when I was CIO looks a lot different than virtual machines 10 years ago to a cloud-native application you built yesterday that runs entirely in the cloud. You can't use the same technology to do that. Now, the reason we rebuilt the platform again was because of scale. We've always been a scale company. And with AI, scale means a whole different thing now. And so, we went back and built it completely cloud-native, transparently scalable. We've got patents in our ability to really build this thing out. And we give customers this platform. And if you're a hybrid customer, which a lot of our customers are, we have a HyperScale X technology. You plug it in, you dock it, basically like you dock it, and it connects to our Commvault Cloud Unity platform, which is the big announcement we're making. And from that point on, you have access to all our technology, whether you're on-premise customer, a cloud-native customer or on the edge, the beauty of that, they're telling me to go testing. It's funny, the beauty of that is it's absolutely seamless and it is a platform and it's been built for scale. So, in the AI era, it's all about scale, bit parts won't work.
Dave Vellante
>> Okay, so you had to retool for cloud-native, but then gen AI comes along. Now, the buzzword is AI-native. So, I mean you could build on cloud, cloud's probably the best place to build AI-native. But I want to hear more about Unity. How have you built AI into Unity? What does it mean to be AI-
Sanjay Mirchandani
>> So, I'll tell you something that might amuse you, and you'll see it in my keynote, but people have said, "Oh, we've all fixated on UX. What is the user interface? How modern is that? How easy it is? How enabled is it?" And then gen AI comes along and everybody wants a prompt. So, you want to do this. So, we built both. So, we've given you both. You can have a conversation with the power of our platform in a conversational way and say, "Hey, which jobs failed yesterday? What is unprotected?" This is a big question. Customers say, "How do I know what's not protected in the cloud?" It's easy to sprawl. And we'd just tell you conversationally, "This is not protected. Would you like to protect it? And would you like to apply this policy because this workload looks just like this?" And boom, you're on your way. And from that point on, you're on your way. So, what we've done on the platform is really invest in our Metallic AI engine, which takes anomaly detection that we've known well, that we've built some technology on encryption capabilities, just taking that whole detection to another level, built a scalable fabric. And we've made a few acquisitions over the years that are enabling some of this. I talked about Satori Cyber. This gives you the visibility and the observability around what is changing. We bought a company called Clumio that gives us incredible depth on anything S/3 related. And S/3 is often the underpinning of any big AI system, the data. And so, we've got incredible capabilities there. We bought a company called Appranix. The product is rebranded as Rewind, and it does exactly that. You click a button and it rewinds a cloud-native app, all of it, data, metadata and everything that makes up the app. So, we've incorporated all of that into this platform. And of course, our own innovation engine is as robust as it ever was. So, when you look at the speed of what we're bringing this platform to market, I think we're ready for the AI era, as you put it.
Dave Vellante
>> So, in the example you just gave, you got a human in the loop. How do you see agents playing in to this world? How do you govern those agents? At what point will we be able to trust the agents so they can actually take agency without the human in the loop? And maybe you don't ever want that, but maybe someday that happens. What are your thoughts on that?
Sanjay Mirchandani
>> Trust but verify. Trust but verify.
Dave Vellante
>> Okay,
Sanjay Mirchandani
>> Agents, I think they're going to be... They are and they'll continue to grow. You're going to give them more power, they're going to be more autonomous, they're going to be more non-human elements of agents that evolve and they're very powerful done right. So, you can't be unbridled about it, but you have to be thoughtful about how you do it. So, we just released our first MCP server, which allows customers to use our capabilities without logging into our UI. So, as much as we love the new UI, some want to use conversational ability, gen AI type approaches. So, agents are real, I think they're going to continue to grow, but you have to be careful because they're incredibly powerful and the enthusiasm can't outpace the carefulness.
Dave Vellante
>> So, with the new generative conversational interface, how does that change the day-to-day activities that your customers perform? Does it free them up to do other things? Of course, agents are bringing new risks. How do you see that whole thing changing?
Sanjay Mirchandani
>> I think the whole generative AI and agentic AI as a part of that is definitely... First and foremost, we are using these capabilities in effectively three ways. One, making it easier for you as a customer to get up, running and protected. So, as much of AI as I can give you, I can prompt you, I can give you best practice, I can help you self-heal and build that capability right into the product, the better you are as a customer for us and for you. Number two, can I protect your AI workloads. Getting back to our roots. All the components, vector to databases, all the S/3, all the things that make up your app. Do we have the best recovery capabilities for your componentry? Absolutely. And the third is where I'm personally super excited. In fact, they're allowing me to demo this, allowing the CEO to demo this. They won't let me demo anything. We've put a lot of our energy into recovery, because at the end of the day, what you as a customer want me to do is give you recovery, help you when everything else fails. We're taking that to another level. We're saying, "It's not about a passive recovery anymore, it's about an active capability." So, you have to be constantly observing AI systems so you can recover them intelligently-
Dave Vellante
>> In real time, essentially.
Sanjay Mirchandani
>> In real-enough time.
Dave Vellante
>> Yeah. Yeah. I mean, real time, I guess dramatically compressed time.
Sanjay Mirchandani
>> Yeah. It's not passive anymore. It's not, "Okay, everything's failed, so let's go there." No, this is telling you what's changing, so you can prevent it, hopefully, or at least adjust to it.
Dave Vellante
>> Who do you sell to now?
Sanjay Mirchandani
>> A lot to traditional CIOs. Traditionally, we sold to CIOs is what I mean. CISOs. And we're having a lot of conversations with audit committees, boards. C-suites that are making these decisions on resilience for the business and not just what used to be a protection conversation.
Dave Vellante
>> Okay, so the roots of the company, backup and recovery. What is Commvault today in this AI era?
Sanjay Mirchandani
>> You've known us for a long time. We started out as a backup and recovery company and evolved to a data protection company because data types changed. And we evolved that two years ago. We took a stand and said, "It's got to be more than what we've done," so we disrupted ourselves, and you got to be resilient, which means things have to change in the face of cyber. We're changing that again. We're almost challenging ourselves and saying, "But in the era of AI, what worked then may or may not work the same way." For sure there's better ways to do it, and that's what we are. So, at the heart of it, we continue to be a protection company. We are proud of it. Those are our roots. We got thousands of patents on this. We invest heavily on it, but now we're evolving it to help customers really come back to life as a resilience company. And that's what we focus.
Dave Vellante
>> Well, Sanjay, congratulations on your career and what you've done at Commvault, and best of luck in the future.
Sanjay Mirchandani
>> Thank you, Dave.
Dave Vellante
>> Thanks so much for coming on.
Sanjay Mirchandani
>> And you. And you guys.
Dave Vellante
>> Appreciate that.
Sanjay Mirchandani
>> Thank you.
Dave Vellante
>> Thank you. And thank you for watching this Mixture of Expert series. I'm Dave Vellante. John Furrier's also here. From the New York Stock Exchange, NYSE Wired, plus theCUBE. We'll be right back right after this short break.
>> Hi, everybody. Welcome to the New York Stock Exchange. This is theCUBE's Mixture of Experts series. NYSE Wired, and theCUBE are here at the buttonwood podium. We have a special guest. Sanjay Mirchandani is here. He's the CEO of Commvault, many-time CUBE alum. Great to see you, my friend.
Sanjay Mirchandani
>> Good to be here.
Dave Vellante
>> Thanks so much for taking some time and-
Sanjay Mirchandani
>> Good to see you....
Dave Vellante
>> and coming here. And we've watched your career... We first met you when, of course, you were the CIO of EMC.
Sanjay Mirchandani
>> That was a long time ago.
Dave Vellante
>> And we were chatting earlier about some of the innovations you brought. IT was the department of no when you joined it, and I think you turned it into... And we've seen other companies, like ServiceNow, change that mindset, but you were really early on there. And of course, a lot of people don't know, it's rare to see a CIO then become a CEO, but you're not a historical CIO. You came from the business world when you were at Microsoft and-
Sanjay Mirchandani
>> It was accidental.
Dave Vellante
>> Right? And so, you're now in the right spot and you've had it just an amazing career, so congratulations on that. You've done an amazing job at turning Commvault into a new company, we want to talk about that. But first of all, what are you doing in New York?
Sanjay Mirchandani
>> It's good to be here. So, we have our flagship event this week, starting today.
Dave Vellante
>> SHIFT?
Sanjay Mirchandani
>> Yep, SHIFT. And we inaugurated that two years ago here in New York. And so, we're back, we did it in London last year. And it has two real purposes. One is to bring our customers, partners, industry luminaries together to really discuss trends and what's happening, so that's all happening this week. And second is we use it as our platform to launch our new technology and we're doing that as well with our Commvault Cloud Unity platform. So, it's all happening today.
Dave Vellante
>> So, the hot topic, of course, is cyber resilience. Business resilience was in vogue during COVID because we realized disaster recovery doesn't equal business resilience.
Sanjay Mirchandani
>> Or supply chain-
Dave Vellante
>> But AI has taken this to a new level. Cyber, of course, you guys are at RSA, we're there as well. I mean, it's a massive show. And so, the traditional backup, the data protection business, it really has become a fundamental component of cyber resiliency. Why now? Why is cyber resilience suddenly so top of mind?
Sanjay Mirchandani
>> Dave, I don't think it's sudden. I think it's been top of mind since probably COVID because we saw a massive increase as people worked remotely, as you couldn't get into your data centers as the world changed, where the bad actors really took advantage of that to start attacking, to start really exploiting companies. And we saw a massive increase of attacks and sophisticated attacks. Now, that hasn't necessarily gone down. So, we took a bold move two years ago here and said, "The world has evolved from data protection to true cyber resilience." And what does cyber resilience mean to us? It means the ability for a company to really come back to life predictably after a catastrophic cyber attack and all the nuances that go into a cyber attack. So, knowing how to recover from that and to be prepared for that. So, it's been a while. The difference is though, I think what you're noticing is it's gone from a backroom conversation about backup to a boardroom conversation about resilience, and that's the difference.
Dave Vellante
>> And, of course, cyber has gone to that boardroom. And now, your world has also done that. Of course, in COVID it was the remote work that created the exposure. And now, AI is creating greater exposures. Explain why.
Sanjay Mirchandani
>> So, you and I both know this, we talk about it, AI is going to be the single most catalyzing technology that we've seen and it's moving at a pace is unprecedented. The opportunities are what we are all excited about, what it can do for us, what it can change for us, how fast we can move things around. But with that unbridled enthusiasm comes the responsibility around being able to really govern it. And I don't mean regulatory governance, I mean inside of the enterprise, making sure that as you enable it, as you deploy it, as you encourage it inside your business, you're also putting the guardrails to manage it. Because the heart of AI, regardless of where everyone's focus might be on infrastructure, it's data. And what we know is data, and that's what we've done for 30 years is protect data. And so, this is about really taking data that a company has, which is now further away from where it is ever intended to be used in AI systems, in lakes, in other places. Harness it. Harness the power of the data that an organization has, but give it automatic guardrails, so it's protected while it's being used and that's the approach we're taking.
Dave Vellante
>> Now, your peeps, if I can use that term, had traditionally been IT and that's changing. Cyber resilience is becoming a fundamental component of overall cyber strategy. So, now, you're talking chief security officers, chief information security officers, SecOps teams, DevSecOps teams, those are your new people. Are those worlds coming together? How is that persona shift?
Sanjay Mirchandani
>> I think I go back four years at one of the earnings that we did, earnings calls, where I said, "The world of data security and the world of data protection are fast colliding, in a good way because if there's light between those, the bad actors can definitely exploit it." So, as the technologies have started coming closer together and we've been doing a lot of work building out a cyber resilience platform that brings those components together, roles and responsibilities have changed. To your point, there's different folks in different companies that do cyber, but what it is end to end. You have to go from defending the business to recovering the business. And so, in most cases, I'll sit down in a meeting if it's not with the C-suite, with the CISO and the CIO, because they are responsible for resilience. Now, pieces of that puzzle can be solved by either team, but really they have to come together to take care of it. So, yeah, we do talk to both of them.
Dave Vellante
>> Explain how you transform the company because you made some acquisitions, you leaned heavily into the cloud. Now, AI comes into play. You just sort laid out you got to defend against the bad guys getting in. You have to assume they're going to get in. And then, once they're in, you got to discover what happened and then you got to recover and make sure that data is of high quality. So, how did you reconstruct your product portfolio for that era?
Sanjay Mirchandani
>> So, when it comes to the classic defend model, we partner because that's an area of expertise that is different. So, whether it's the Microsoft suite of products, whether it's CrowdStrike, we partner. And we have two-way intelligence between our platform and their feeds. And so, what we do is once we know there's something happening, our platform has evolved from being a leading backup and recovery platform to a true cyber resilience platform. And now with AI, we're incorporating everything we've done in that with the nuances of AI. So, we will continue to partner on intelligence, but we're saying that for AI, if you're training your models, if you've got data coming from multiple sources, if you've got changes that are real-time, even incredible pace, you can't wait to do a recovery. You have to be at the front-end of that process because it's too late if you don't know what happened. At that point, trying to unravel a complicated high-speed, high-velocity AI system is probably not the right approach. So, what we're doing with the platform is we've taken everything we've learned with cyber resilience and now we're adding a shell of all the AI capabilities. We built this platform ground up. And what you'll do is you'll see things like through an acquisition we made say Satori Cyber. And what Satori Cyber, for example, does is it's constantly observing what is changing on your structured, unstructured data, on your LLM feeds. And so, with a single policy engine, without geeking out on you, what you can do is preemptively train that and watch for that. And then, if you see something changing in your Active Directory, which we've incorporated into this technology, security, you can then correlate that with AI. So, in this platform, what we've done is we've integrated essentially security, identity and the ability to recover. Those things have to come together and it's not optional.
Dave Vellante
>> So, you'll feed a CrowdStrike security lake or Microsoft or Amazon, it doesn't really matter, any cloud I'm sure you feed and that's a two-way interaction-
Sanjay Mirchandani
>> On the identity, on the security side-
Dave Vellante
>> On the pieces that are not your specialization where you partner?
Sanjay Mirchandani
>> Correct.
Dave Vellante
>> Okay. And then, double down on your platform is I want to understand what you are the best at, where your partners say, "No, we'll let Commvault take care of that."
Sanjay Mirchandani
>> Right. So, what we do and have done, essentially since we've been a company for 30 years, is recover. Our job, what customers pay us for whatever incarnation of the platform over the years that we've had, they've paid us to be there last stop. "Everything else has failed. Bring us back," and we take that very seriously. So, even if my competitors try to portray themselves as something else, at the heart of it, we are proud of the fact that we have the best recovery capabilities on the planet.
Dave Vellante
>> It's the roots.
Sanjay Mirchandani
>> And we've evolved it and evolved it to the point where today it's incredibly applicable in the world of AI, where provenance of your system, all the data, all the changes, all the components have to come back together. And so, we've taken that ability and built it right into our platform. We've also taken a huge step forward by saying security... In other words, who touched your data? With agentic, you have non-human touches and autonomous and moving at a speed that is unprecedented. Who touched it? What did they touch? What did they change? What were the downstream effects of that? Being able to correlate that with privileged access. CrowdStrike will tell you 80% of breaches are because of credentials being abused. And so, we take credentialing or identity, we take security, and then we add that to our years of knowledge about how to recover. And we've got thousands of patents. This stuff really works. And so, our platform now incorporates all of that. I could spend hours telling you about the keynote. Attend the keynote, you'll see what we're going to talk about, synthetic recovery or things that we've invented that people haven't thought of yet.
Dave Vellante
>> You called it synthetic recovery?
Sanjay Mirchandani
>> Yeah. Yeah.
Dave Vellante
>> What, so that you can actually test and run simulations?
Sanjay Mirchandani
>> Dave, here's a problem that's been a problem for years on recovery. If you were cyber attacked and you're trying to do forensics and you're following the breadcrumbs and it can take you weeks to figure out what happened, you can't just wait as a business saying, when they figure it out, we'll know what to do. So, everybody tries to experiment with recovery. Okay, maybe it was then, maybe it was here. Let's take this back up. And you end up usually having a dilemma. Either you go when you have a really clean backup and you say, but that was two weeks ago. Or you look at the backup you have from yesterday and go, but that may be tainted. So, our engineers who live and breathe this stuff said, "what if I took this and I took this and I sliced out the middle and then we go fix the middle, and we did it all with AI?"
So, our Metallic AI underpinning says it's synthetic. We're synthetically creating a recovery point for you. And then, we're spinning up a cloud, a clean, clean room in the cloud for you, zero-trust environment in any cloud of your choice, and we'll start the recovery process. And so, while people are trying to follow the breadcrumbs and figure out what exactly happened and when, we are giving you pretty good AI-enabled, fully-automated capability to say, "Dave, I think you'll be okay with this. You're missing probably this. We've quarantined it. We'll scan it, we'll test it, maybe clean it and bring it back to you, so the business can get back to life."
Dave Vellante
>> So, you pick a safe recovery point and then focus on the potential area that was tainted to the business. And then, you're saying you use AI to do that. What kind of AI?
Sanjay Mirchandani
>> We've branded it Metallic AI. That's our platform, that's our AI intelligence capability, which powers all of this. And so... Here we go. And so, the ability to really understand what happened, understand what's clean, understand what isn't, threat scan it. So, we scan it using AI, different components within our AI intelligence process and give you a pretty good recovery point. At the end of the day, you as a CEO, Dave, can't wait for the investigation to finish. You have to get your business back to life and this is what we're trying to enable.
Dave Vellante
>> So, you just heard the test bell. It's a little early for the bell to ring. We'll get it in a minute. I want to ask you about your platform because you said something that caught my attention, you built it from the ground up. These days platform beats product. CEO, you want to have a platform, so you can grow the value of your company and deliver for your customers. What do you mean by platform? How did you build it from the ground up? You've made acquisitions, how does that fit into the platform? What makes it a platform?
Sanjay Mirchandani
>> I think since our first release of Commvault Cloud, we've had a platform, but it was focused around recovery, it was focused on cyber resilience. Now, with AI, we believe one size doesn't fit all. The way you recovered an application stack from when I was CIO looks a lot different than virtual machines 10 years ago to a cloud-native application you built yesterday that runs entirely in the cloud. You can't use the same technology to do that. Now, the reason we rebuilt the platform again was because of scale. We've always been a scale company. And with AI, scale means a whole different thing now. And so, we went back and built it completely cloud-native, transparently scalable. We've got patents in our ability to really build this thing out. And we give customers this platform. And if you're a hybrid customer, which a lot of our customers are, we have a HyperScale X technology. You plug it in, you dock it, basically like you dock it, and it connects to our Commvault Cloud Unity platform, which is the big announcement we're making. And from that point on, you have access to all our technology, whether you're on-premise customer, a cloud-native customer or on the edge, the beauty of that, they're telling me to go testing. It's funny, the beauty of that is it's absolutely seamless and it is a platform and it's been built for scale. So, in the AI era, it's all about scale, bit parts won't work.
Dave Vellante
>> Okay, so you had to retool for cloud-native, but then gen AI comes along. Now, the buzzword is AI-native. So, I mean you could build on cloud, cloud's probably the best place to build AI-native. But I want to hear more about Unity. How have you built AI into Unity? What does it mean to be AI-
Sanjay Mirchandani
>> So, I'll tell you something that might amuse you, and you'll see it in my keynote, but people have said, "Oh, we've all fixated on UX. What is the user interface? How modern is that? How easy it is? How enabled is it?" And then gen AI comes along and everybody wants a prompt. So, you want to do this. So, we built both. So, we've given you both. You can have a conversation with the power of our platform in a conversational way and say, "Hey, which jobs failed yesterday? What is unprotected?" This is a big question. Customers say, "How do I know what's not protected in the cloud?" It's easy to sprawl. And we'd just tell you conversationally, "This is not protected. Would you like to protect it? And would you like to apply this policy because this workload looks just like this?" And boom, you're on your way. And from that point on, you're on your way. So, what we've done on the platform is really invest in our Metallic AI engine, which takes anomaly detection that we've known well, that we've built some technology on encryption capabilities, just taking that whole detection to another level, built a scalable fabric. And we've made a few acquisitions over the years that are enabling some of this. I talked about Satori Cyber. This gives you the visibility and the observability around what is changing. We bought a company called Clumio that gives us incredible depth on anything S/3 related. And S/3 is often the underpinning of any big AI system, the data. And so, we've got incredible capabilities there. We bought a company called Appranix. The product is rebranded as Rewind, and it does exactly that. You click a button and it rewinds a cloud-native app, all of it, data, metadata and everything that makes up the app. So, we've incorporated all of that into this platform. And of course, our own innovation engine is as robust as it ever was. So, when you look at the speed of what we're bringing this platform to market, I think we're ready for the AI era, as you put it.
Dave Vellante
>> So, in the example you just gave, you got a human in the loop. How do you see agents playing in to this world? How do you govern those agents? At what point will we be able to trust the agents so they can actually take agency without the human in the loop? And maybe you don't ever want that, but maybe someday that happens. What are your thoughts on that?
Sanjay Mirchandani
>> Trust but verify. Trust but verify.
Dave Vellante
>> Okay,
Sanjay Mirchandani
>> Agents, I think they're going to be... They are and they'll continue to grow. You're going to give them more power, they're going to be more autonomous, they're going to be more non-human elements of agents that evolve and they're very powerful done right. So, you can't be unbridled about it, but you have to be thoughtful about how you do it. So, we just released our first MCP server, which allows customers to use our capabilities without logging into our UI. So, as much as we love the new UI, some want to use conversational ability, gen AI type approaches. So, agents are real, I think they're going to continue to grow, but you have to be careful because they're incredibly powerful and the enthusiasm can't outpace the carefulness.
Dave Vellante
>> So, with the new generative conversational interface, how does that change the day-to-day activities that your customers perform? Does it free them up to do other things? Of course, agents are bringing new risks. How do you see that whole thing changing?
Sanjay Mirchandani
>> I think the whole generative AI and agentic AI as a part of that is definitely... First and foremost, we are using these capabilities in effectively three ways. One, making it easier for you as a customer to get up, running and protected. So, as much of AI as I can give you, I can prompt you, I can give you best practice, I can help you self-heal and build that capability right into the product, the better you are as a customer for us and for you. Number two, can I protect your AI workloads. Getting back to our roots. All the components, vector to databases, all the S/3, all the things that make up your app. Do we have the best recovery capabilities for your componentry? Absolutely. And the third is where I'm personally super excited. In fact, they're allowing me to demo this, allowing the CEO to demo this. They won't let me demo anything. We've put a lot of our energy into recovery, because at the end of the day, what you as a customer want me to do is give you recovery, help you when everything else fails. We're taking that to another level. We're saying, "It's not about a passive recovery anymore, it's about an active capability." So, you have to be constantly observing AI systems so you can recover them intelligently-
Dave Vellante
>> In real time, essentially.
Sanjay Mirchandani
>> In real-enough time.
Dave Vellante
>> Yeah. Yeah. I mean, real time, I guess dramatically compressed time.
Sanjay Mirchandani
>> Yeah. It's not passive anymore. It's not, "Okay, everything's failed, so let's go there." No, this is telling you what's changing, so you can prevent it, hopefully, or at least adjust to it.
Dave Vellante
>> Who do you sell to now?
Sanjay Mirchandani
>> A lot to traditional CIOs. Traditionally, we sold to CIOs is what I mean. CISOs. And we're having a lot of conversations with audit committees, boards. C-suites that are making these decisions on resilience for the business and not just what used to be a protection conversation.
Dave Vellante
>> Okay, so the roots of the company, backup and recovery. What is Commvault today in this AI era?
Sanjay Mirchandani
>> You've known us for a long time. We started out as a backup and recovery company and evolved to a data protection company because data types changed. And we evolved that two years ago. We took a stand and said, "It's got to be more than what we've done," so we disrupted ourselves, and you got to be resilient, which means things have to change in the face of cyber. We're changing that again. We're almost challenging ourselves and saying, "But in the era of AI, what worked then may or may not work the same way." For sure there's better ways to do it, and that's what we are. So, at the heart of it, we continue to be a protection company. We are proud of it. Those are our roots. We got thousands of patents on this. We invest heavily on it, but now we're evolving it to help customers really come back to life as a resilience company. And that's what we focus.
Dave Vellante
>> Well, Sanjay, congratulations on your career and what you've done at Commvault, and best of luck in the future.
Sanjay Mirchandani
>> Thank you, Dave.
Dave Vellante
>> Thanks so much for coming on.
Sanjay Mirchandani
>> And you. And you guys.
Dave Vellante
>> Appreciate that.
Sanjay Mirchandani
>> Thank you.
Dave Vellante
>> Thank you. And thank you for watching this Mixture of Expert series. I'm Dave Vellante. John Furrier's also here. From the New York Stock Exchange, NYSE Wired, plus theCUBE. We'll be right back right after this short break.
Dave Vellante