In this theCUBE exclusive from the Rubrik "Resilience for Everything: Cloud, Identity, AI" interview series, Rubrik CTO and co-founder Arvind Nithrakashyap joins Michael Ortega, director of AI marketing, to unpack 2026 predictions for cyber resilience in an AI-accelerated threat landscape. Nithrakashyap explains how coding agents and deepfakes are lowering the barrier for attackers, making “assume breach” more urgent than ever, pushing organizations to rethink recovery as a core security discipline, not an afterthought.
The conversation also dives into why identity will dominate CISO priorities as agentic AI drives a surge of non-human identities – and how visibility across sprawling identity providers becomes critical to detecting privilege escalation and long-dwell intrusions. Nithrakashyap outlines the governance controls needed to keep agents in check (what they access, what they can do and policy-based enforcement), then connects it all to multicloud realities. As AI workloads chase scarce GPUs, enterprises will need a unified control plane and a single metric that matters most – speed to recovery – to stay operational when things go wrong.
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Resilience for Everything: Cloud, Identity, AI. If you don’t think you received an email check your
spam folder.
Sign in to Resilience for Everything: Cloud, Identity, AI.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open the link to automatically sign into the site.
Register for Resilience for Everything: Cloud, Identity, AI
Please fill out the information below. You will receive an email with a verification link confirming your registration. Click the link to automatically sign into the site.
You’re almost there!
We just sent you a verification email. Please click the verification button in the email. Once your email address is verified, you will have full access to all event content for Resilience for Everything: Cloud, Identity, AI.
I want my badge and interests to be visible to all attendees.
Checking this box will display your presense on the attendees list, view your profile and allow other attendees to contact you via 1-1 chat. Read the Privacy Policy. At any time, you can choose to disable this preference.
Select your Interests!
add
Upload your photo
Uploading..
OR
Connect via Twitter
Connect via Linkedin
EDIT PASSWORD
Share
Forgot Password
Almost there!
We just sent you a verification email. Please verify your account to gain access to
Resilience for Everything: Cloud, Identity, AI. If you don’t think you received an email check your
spam folder.
Sign in to Resilience for Everything: Cloud, Identity, AI.
In order to sign in, enter the email address you used to registered for the event. Once completed, you will receive an email with a verification link. Open the link to automatically sign into the site.
Sign in to gain access to Resilience for Everything: Cloud, Identity, AI
Please sign in with LinkedIn to continue to Resilience for Everything: Cloud, Identity, AI. Signing in with LinkedIn ensures a professional environment.
Are you sure you want to remove access rights for this user?
Details
Manage Access
email address
Community Invitation
Arvind Nithrakashyap, Rubrik
In this interview from Rubrik’s “Resilience for Everything: Cloud, Identity, AI” series, theCUBE’s Savannah Peterson sits down with Rubrik CEO Bipul Sinha to unpack what “resilience” really means in an era of agentic AI. Sinha explains how Rubrik is approaching AI transformation with guardrails – including visibility into which agents are running, what they’re doing and how to recover quickly when things go wrong – so organizations can move faster without losing control.
The conversation also explores the new risk profile of AI-powered operations: agents that can assume identities, execute business processes and amplify impact at unprecedented speed. Sinha shares why governance, accuracy and cost control become the make-or-break factors when enterprises move from pilots to production, plus what Rubrik is seeing in the threat landscape as AI accelerates attack volume and sophistication.
In this theCUBE exclusive from the Rubrik "Resilience for Everything: Cloud, Identity, AI" interview series, Rubrik CTO and co-founder Arvind Nithrakashyap joins Michael Ortega, director of AI marketing, to unpack 2026 predictions for cyber resilience in an AI-accelerated threat landscape. Nithrakashyap explains how coding agents and deepfakes are lowering the barrier for attackers, making “assume breach” more urgent than ever, pushing organizations to rethink recovery as a core security discipline, not an afterthought.
The conversation also dives into...Read more
exploreKeep Exploring
What are the implications of AI on identity management in organizations?add
What considerations do IT leaders need to take into account when hiring for identity expertise and securing identity systems?add
What is the most important metric for ensuring multi-cloud resilience in the face of potential cyber attacks?add
>> Hello, this is Mike Ortega from Team Rubrik, joining you here at the Reinvent show floor in the Noma Kai restaurant, the Rubrik space. I'm happy to be joined by Arvind, CTO and co-founder of Rubrik. Arvind's pulled together some predictions for 2026 on cybersecurity, AI resilience. We're going to talk about those topics today and dive in here, hear what's going on, and whatever CISO needs to know to stay ahead of the curve. So Arvind, let's start with recovery and resilience. AI is obviously accelerating attacks at rapid speed, a lot of opportunity, but creating a new attack vector, right? The crucial question is how must organizations change the recovery mindset in the face of AI-driven attacks now that we're in 2026?
Arvind Nithrakashyap
>> First of all, really glad to be here on the cube. And yeah, so I think one of the things that we have seen with AI is that, for example, we're seeing a lot of adoption in coding agents and things like that. But if you think of what's happening, what it's doing is really democratizing coding. So something that took a sophisticated knowledge of how to code is now being replaced by an agent that can do a lot of the heavy lifting for you. So if you think about the attack vector, and we have always talked about breaches are inevitable, you have to assume breach. But when you think about what's happening here, now somebody can take a zero-day vulnerability, give it to a coding agent, and maybe able to just write up a script that can exploit that very quickly. So the risks are even higher today with AI, not to talk about all sorts of different AI deep fakes and things like that that can breach multifactor authentication and all sorts of existing security tools that we have. So I think most organizations will have to now assume that attacks will happen, attacks, if anything, will increase, and so they have to be prepared for that.
Michael Ortega
>> Absolutely. So attacks are going to happen, agents AI make things move much faster. So what is the new recovery imperative?
Arvind Nithrakashyap
>> Yeah. So I think given that attacks are inevitable, so I think what organizations have to do is to make sure that they are resilient to those. And what that means is if an attack happens, do you know how you can recover? How you can ensure that when you recover, the systems that you recover are now clean, you've removed all sorts of malware. You also made sure that there's been no impact to sensitive information, customer information, so on. And very often this is what takes organizations a long time to go figure these questions out and then be able to recover. So it is important that organizations, one, work through this in peacetime, have drills and stuff that shows them how they would operate if there were a cyber attack, and then have the right kind of platforms and tools that helps them recover quickly.
Michael Ortega
>> Absolutely. I love that peace time/wartime. Be prepared when you don't necessarily need to be prepared. Start the hard work now. So your second prediction for 2026 focuses a lot on identity security. Attackers are exploiting credentials, but the AIR brings a new scale of vulnerability. The question is, why will identity-based attacks dominate the CISO's investments in 2026?
Arvind Nithrakashyap
>> So I think the industry already realizes that identity has become the biggest attack vector. So there's a lot of interest in how to secure identity systems. And the easiest way to bring down a business is to take down your identity system. But if you think about what's happening with AI, you're going to have a lot of agents deployed. Some of them will operate with existing human identities. Many of them will operate with their own non-human identities. So there's going to be an explosion of identities that happen with AI. And so what's going to happen is that organizations are already struggling with managing their existing human entities. And we have heard from many CISOs that number of non-human entities could be five to 10X of human entities. So there's going to be this huge sprawl of identities that organizations have to manage and the scale is only going to increase. So having the right platforms and tools to protect your identity system, making sure that you have full visibility into all these identities is going to become even more critical.
Michael Ortega
>> Absolutely. I think a great analogy I heard recently is like thinking of the agent as a new employee, and would you hire a thousand new employees without having credentials in place and right controls and without managers or onboarding. You wouldn't hand a new employee the keys to the kingdom. So how do we do the same when your identities are exploding? What does this mean for IT infrastructure? Any specific things that IT leaders and CISOs need to think about?
Arvind Nithrakashyap
>> I think IT leaders are already hiring people with identity expertise because they realize that as they continue to scale, securing the identity system is going to become extremely important, but I think they also have to make sure that they have the right set of tools. And what is very common nowadays is that it's not just one ID system. It's not just active directory. It's not just Okta. Very often we see organizations having multiple IND systems that all work in conjunction with each other. So what you need is ... When you think about INT attacks, you need to be able to both secure them as well as recover from any identity attacks, and be able to do this across multiple RND providers. So this is something that organizations have to think about. And again, just like preparing for cyber attacks, they need to make sure that they have the right kind of preparation for any kind of identity attacks. They also need tools that give them visibility on privilege escalation and see how these kinds of identity attacks morph over time. One of our XeroLabs research actually found out that attackers enter organization and sometimes a dormant for up to six months before they attack. So it's important that you're monitoring these kinds of changes and identity privileges and privilege escalation, and be able to take actions against that. That may actually may stop an attack that's brewing.
Michael Ortega
>> Absolutely. So always be monitoring and acknowledge that these systems are ... There's sprawl across tools. So you really need that agnostic sort of central way to mechanism to monitor all of them. You talked about the great AI sprawl in your predictions, which means that the rapid deployment of AI agents is creating chaos for organizations, or going to be creating chaos for those who are on the precipice of deploying agents. The question for IT teams then is, how can organizations safely manage this new great AI sprawl that's coming if not, they're already swimming in?
Arvind Nithrakashyap
>> Yeah. So if you think about it that are going to be, in a short period of time, there are probably going to be thousands of agents running around, helping all sorts of different functions within the company and doing a lot of manual things that humans are doing themselves. They're going to be automating through agents. So if you think about it, they're going to be operating on critical data. They're going to assume human identities with human privileges. So you're going to require a governance system that can truly monitor these agents and make sure that you have full visibility into this. I think all sorts of regulations are going to require that you do that. We're already seeing the first signs of that, both in the Europe and US. So I think there's going to be a big governance renaissance needed from especially governing agents. I think that's going to really take root in the coming year.
Michael Ortega
>> Absolutely. You got to have that system in place. You don't want to be operating without visibility and controls to protect against this new digital workforce. What specific controls are required actually in these kind of governments teams and how to manage this?
Arvind Nithrakashyap
>> Yeah. So I think as I said, so if, for example, you have an agent that is going to help you do your work, A, it probably has to assume my identity in many cases. It also has to be able to operate on data that you have access to. So I think the number one critical governance point is going to be what kind of applications are my agents accessing? What kind of data are they accessing? What kind of privileges do they have? And being able to monitor that is going to be very critical. And if you think about it, in your daily life, you're probably sending tons of emails, but maybe you don't want your agents to send out emails because they could send all sorts of crazy stuff in emails to potentially customers. So you may want to create policies saying, "Yes, the agent can do everything, can read my email, but cannot send emails." So there has to be some policy based governance and enforcement that is in place. And I think that is going to be even more critical as agents start doing really autonomous things, especially those backend remote agents that are doing their own processing through the business processes of the organization. I think that's going to be very critical.
Michael Ortega
>> Absolutely. And I know we talked to a lot of organizations today who have agents that have read access. They know they have to move the right access so agents can start to take action, but there's a real concern around that. And it's exactly the sort of problems we're solving with this, as you mentioned, unified governance later. How do you create policies that can monitor and then act upon and prevent your agents from misbehaving, so to speak? Your final prediction deals with the chaos that comes with multi-cloud environments. Every organization ... No one just uses one cloud, right? So in this world, the key question about survival is, why will a unified control plane be necessary for enterprise to prevent issues?
Arvind Nithrakashyap
>> So one of the key things is all the stuff that we talk about AI is all happening on the cloud. So it is pretty much ground zero for all AI development activity and so on. And what we're realizing is that because of things like GPU shortage and things like that, organizations are not just sticking to one cloud. They will go wherever they have access to GPUs. They're using combinations of tools, maybe running a bunch of agents in one cloud platform and maybe in another cloud platform. So I think the reality is that organizations will have to have, first of all, a unified control plan across their cloud resources, because that's where most of the agents are going to be running. And secondly, because of this, I think the attack vector is going to increase in the cloud. So you need to have a good, again, a cyber resilience strategy for your cloud applications, which are predominantly going to be taken over agents over the next year or two. So cloud cyber resilience is becoming even more important today, and people have to have a clear strategy. So far, I think people have relied on native tools for all of that, but if you think about it, you have 100 agents operating on 100 different applications. Do you want 100 different native tools to manage that? You need a unified way in which you can ensure resilience across all these agents, running across all these applications.
Michael Ortega
>> Yeah. And I imagine with agents and all these, things are evolving all the time. So you kind of have to evolve your strategy for this sprawl of different technologies that organizations are adopting. So what is ... If you've talked to CISO, what is, or CTO, CIO, what is the most single important metric for multi-cloud resilience? What would you advise them?
Arvind Nithrakashyap
>> So I think CISOs have to assume that breaches will happen. That attacks will happen. So then the biggest question is, how can you ensure that your business is up and running in the shortest period of time possible? So I think that would be the number one ... And with AI attacks, you just have to be prepared for that. Obviously they have to bolster all their identity systems and so on to manage the new agentic world. But again, being resilient to attacks is going to be critical. This is how other engineering disciplines operate. Even when you build a bridge, you assume that things will go wrong and you build for that. So they have to assume that things will go wrong, there'll be cyber attacks and they have to be prepared for that and know how they can recover from that very quickly.
Michael Ortega
>> Yeah. So speed to recovery, critical in this new AI and evolving cyber era. I think one of my favorite quotes that we've talked about internally is agents are very powerful. You can get 100X improvement and efficiencies, but you can also do 10X damage in one 10th at time. So evolving for and being faster recovery is critical in this day and age.
Arvind Nithrakashyap
>> Yep, 100%. And these things can do a lot of damage. The one other thing is, as we all know that models hallucinate, and agents are going to make mistakes.
Michael Ortega
>> Absolutely.
Arvind Nithrakashyap
>> So you have to have ways in which you can recover from those mistakes as well. So this is, again, going to become a norm that you have to deal with. So again, I think these are things that CISOs should be aware of and really take into account as they build out their initiatives for the next year or two, they have to think about how they incorporate these kinds of tools and platforms into their plans for the next few years.
Michael Ortega
>> Absolutely. So assume a breach, be faster recovery, be ready for the agentic world and how to manage identities, and keep innovating while keeping it all safe. Governance being the critical pillar that holds it all together. Awesome. Well, Arvind, really appreciated the time here. Super excited to enjoy the rest of Reinvent with everybody. And for those watching, we look forward to hearing how you're preparing for some of these challenges. So thanks again, Arvind.
