TL;DR: AI workloads are compressing exploitation and recovery windows, making backup alone insufficient and pushing organisations toward integrated cyber resilience architectures, according to Commvault. The operational question is no longer whether systems fail, but whether identity, data, and recovery controls can still contain impact when attacks move faster than human response.
NHIMG editorial — based on content published by Commvault: AI resilience, hybrid infrastructure, and the evolving HPE partnership
By the numbers:
- When AWS credentials are exposed publicly, attackers attempt access within an average of 17 minutes, and as quickly as 9 minutes in some cases.
- 91% of former employee tokens remain active after offboarding, leaving organisations vulnerable to potential security breaches.
Questions worth separating out
Q: How should security teams govern access used by backup and recovery systems?
A: Treat backup operators, automation accounts, and failover credentials as privileged identities with named owners, explicit scopes, and expiry conditions.
Q: Why do AI-driven attacks change the way organisations plan cyber resilience?
A: AI-assisted attackers compress the time between exposure and exploitation, so organisations have less time to detect and contain incidents before recovery begins.
Q: What breaks when service account ownership is unclear during recovery?
A: When service account ownership is unclear, organisations often cannot determine which identities should be rotated, disabled, or reissued before restored systems return to production.
Practitioner guidance
- Map recovery access as privileged access Inventory the accounts, tokens, certificates, and orchestration credentials used for backup, replication, and failover.
- Build identity validation into restore runbooks Before workloads rejoin production, verify that associated service accounts, secrets, and admin entitlements are current, scoped, and revocable.
- Shorten credential lifetime in resilience workflows Use short-lived credentials for backup operators, automation jobs, and cross-environment migration tasks.
What's in the full article
Commvault's full article covers the operational detail this post intentionally leaves for the source:
- Customer examples showing how hybrid resilience is being implemented across storage, virtualisation, and recovery tooling.
- Specific product integration details for HPE Alletra Storage MP X10000, HPE Zerto, and Commvault Flex in AI-intensive environments.
- The vendor's explanation of why its architecture is being positioned for DORA-aligned recovery objectives in financial services.
- Deployment and go-to-market details for customers evaluating resilience across mixed infrastructure estates.
👉 Read Commvault's analysis of AI resilience, hybrid recovery, and HPE integration →
AI resilience and hybrid recovery: what does it change for teams?
Explore further
AI resilience is becoming an identity governance problem as much as a storage problem. The article correctly shifts the conversation from backup capacity to recovery speed, but the deeper issue is control over the identities that operate recovery itself. If service accounts, automation tokens, and admin credentials are not governed as critical resilience assets, then the restore path becomes an attacker path. Practitioners should treat recovery access as a privileged identity domain, not an infrastructure afterthought.
A question worth separating out:
Q: How can organisations make sure restored systems are actually trustworthy?
A: They need to verify both data integrity and identity integrity before returning workloads to service. That means checking certificates, tokens, entitlements, and automation paths, not only files and snapshots. A restored workload should be treated as untrusted until its access state has been revalidated.
👉 Read our full editorial: AI resilience now depends on faster recovery, not just backup