Why AI needs a command seat in cyber defence

Cybersecurity teams are facing a relentless asymmetry. Attackers automate, adapt and accelerate — while defenders remain stuck behind dashboards, scripts and manual recovery playbooks. As Artificial Intelligence (AI) becomes the defining element in the battle for cyber resilience, the advantage will go to organisations that empower defence systems to think, act and respond at machine speed.

Commvault’s latest innovation lands directly in that slipstream.

This week, the company unveiled a new conversational AI interface that allows enterprise users to manage cyber resilience the same way they talk to ChatGPT Enterprise or Claude — literally through natural language instructions. Behind the scenes, Commvault’s Model Context Protocol (MCP) server acts as a secure bridge between those GenAI assistants and protected data environments, ensuring every action aligns with enterprise policies, identity controls and encrypted communications.

The premise is simple but strategically profound: instead of operators learning complex tools, the tools learn how to operate for them.

A short exchange — “Is my DocuSign instance backed up?” / “Would you like me to set that up?” — illustrates how quickly AI can reduce operational drag. Backup tasks, recovery checks, risk remediation and protection monitoring can now be initiated conversationally, freeing cyber teams from routine friction and enabling faster, more consistent defence workflows.

Crucially, this is not just chat for the sake of convenience. It is a controlled execution environment: authorised actions, full auditability, role-based access controls and strict data isolation from external models. The AI doesn’t train on enterprise data, and Commvault emphasises alignment with frameworks like NIST to maintain trust, traceability and compliance.

Industry observers agree the shift is more than cosmetic. IDC analyst Johnny Yu notes that visibility and accountability are foundational for the next evolution of AI in cyber — where autonomy becomes not just feasible but expected. Commvault’s strategy points directly toward that destination: “agentic resilience”, where AI acts proactively and pre-emptively on behalf of defenders.

If attackers are deploying automated reconnaissance, AI-generated malware and machine-speed lateral movement, then giving defenders a conversational cockpit for resilience isn’t a mere productivity upgrade — it’s a necessity.

The cybersecurity community has long warned that recovery is just as important as prevention. Now, AI may be the missing link between the two: a resilience layer that is simple to command, yet powerful enough to execute policy-aligned actions instantly across cloud, SaaS and hybrid workloads.

Commvault’s Conversational Resilience enters private early access in November, coinciding with the company’s SHIFT 2025 event. If successful, it may signal a new era — where cyber defence becomes less about clicking through complexity, and more about simply saying what needs to be protected, and letting the AI handle the rest.

Because in a threat landscape driven by automation, conversation may be the ultimate defensive weapon.