The ground under enterprise data protection is shifting faster than most security teams can track. At Tech Field Day Extra at RSAC 2026, Veeam laid out a sobering argument: the industry has already survived two distinct eras of disaster, and the third — driven by AI — is the most insidious yet.

It started with the era of fire, flood, and blood — operational resilience against hardware failures and natural disasters, where humans drove recovery from well-understood failure modes. Then came cyber resilience, defined by targeted ransomware campaigns and the terrifying ambiguity of not knowing exactly when attackers first touched your environment. Now, organizations have entered a third era: AI resilience, where overprivileged AI agents and non-human identities execute automated mistakes at machine speed, causing surgical-scale damage that traditional recovery playbooks were never designed to handle. As Emilee Tellez, Field CTO, put it, “these threats are evolving… we need to still be prepared for all three and maybe for all three to be taking place at once.”

That convergence — all three eras colliding simultaneously — is not hypothetical. It’s the operating reality security leaders must plan for today.

Dynamite, Meet Toddler

The threats Veeam is addressing aren’t born from sophisticated nation-state tradecraft. They’re born from velocity — the organizational pressure to ship AI capabilities faster than security controls can follow.

The result is what Veeam’s VP Product Strategy, Rick Vanover, calls the “toddlers with dynamite” scenario: non-engineers deploying thousands of AI agents with effectively unlimited access to sensitive data, with no meaningful governance layer in place. Vanover quoted Ivon Peplac to crystallize the risk: “Automation — in this case AI — allows me to do stupid things faster than I could have ever imagined possible.” The blast radius of a misconfigured agent isn’t a single deleted file. It’s a cascade across every system that agent touched, often with no clean audit trail.

Layered beneath this is the compounding problem of “ROT” data — redundant, obsolete, and trivial information that expands the attack surface while delivering zero business value. Organizations that haven’t cleaned their data estates are handing attackers a larger target than they realize.

More Than a Backup Company

Veeam arrived at Tech Field Day carrying significant institutional weight. Clearing over $2 billion in annual revenue with half a million customers, the company has long since outgrown its original identity as a virtual machine backup specialist. Today, Veeam holds the position of the most widely deployed backup solution for both Microsoft 365 and Kubernetes — two of the most consequential workload surfaces in the modern enterprise.

Their stated ambition for 2026 reflects that scope: establish a common visibility lens across both primary and secondary data, so that “good data stays safe from bad things” regardless of where it lives.

Four Pillars, One Mandate

Veeam’s strategy is organized around four interconnected pillars that represent a progression of maturity, not a menu of options:

1. Understand — Know precisely where sensitive data lives and who — or what — can access it. You cannot protect what you cannot see.
2. Secure — Reduce risk through proactive posture management and continuous visibility. Reactive security at AI speed is a losing bet.
3. Resilient — The core of the portfolio: the ability to recover anything, anywhere, with confidence that the recovered environment is clean. Michael Cade, Global Field CTO, emphasized that customers can enter the framework here, prioritizing resilience before moving up the stack.
4. Unleash — Extract operational intelligence from backup data for AI insights, sandbox testing, and continuous improvement. Secondary data stops being a cost center and becomes an asset.

The sequencing matters. Cade made clear that “unleashing” data’s potential is only responsible when the first three pillars are solid.

The Arsenal: From Data Graphs to Agent Undo Buttons

Veeam backed its strategy with a set of capabilities that address the AI threat surface directly.

• The Data Command Graph functions as a social network of your data estate — mapping structured and unstructured systems, surfacing overprivileged access paths, and identifying exposed personally identifiable information before an attacker or a rogue agent finds it first.
• For AI-specific threats, Agent Commander introduces three core primitives: detect, protect, and — critically — undo AI. The ability to surgically reverse the actions of an autonomous agent is an emerging requirement that almost no enterprise security stack currently addresses.
• On the infrastructure side, the Veeam Software Appliance now runs on a hardened Rocky Linux deployment, pre-packaged with the DISA STIG hardening profile at no additional cost. For organizations navigating federal compliance requirements or simply demanding a higher security baseline, this is a meaningful differentiator that competitors haven’t matched at this price point.
• Rounding out the incident response story is the integration of Coveware technology, which enables recon scanners to identify threat actor TTPs before a backup even executes — turning the backup pipeline into an early warning system rather than a passive archive.

The Clean Room Imperative

Speed is not the metric that matters in a cyber recovery scenario. Confidence is.

Recovering too fast after a ransomware attack doesn’t restore the business — it reinfects it. Veeam’s answer is the “clean room” methodology: restore data to an isolated sandbox environment, run it through Veeam Threat Hunter and integrated scanning tools, and reintroduce it to production only after validation. The discipline here is intentional friction at the right point in the process.

Vanover captured the underlying philosophy with characteristic directness: “Spray and wash will get drawn butter out of my shirt, but the solution is to wear a bib when I’m eating.” Prevention and recovery are both necessary, and the order of operations during recovery is as important as the recovery itself.

Administrators should also note that the appliance enforces mandatory, automatic updates — a sound security decision that requires deliberate configuration of update windows to avoid unplanned reboots during critical backup jobs.

Why This Matters

The convergence of data security posture management and traditional backup is no longer an architectural nicety. It’s a strategic imperative.

Veeam’s evolution from safety net to active data estate overlord reflects a broader shift in how security leaders must think about secondary data. Through integrations with Microsoft Sentinel, Palo Alto Networks, and CrowdStrike, Veeam transforms backup telemetry into a live feed for the security operations center — closing the visibility gap that attackers have historically exploited.

The AI era doesn’t eliminate the operational and cyber resilience challenges that came before it. It stacks on top of them. Organizations that treat backup as a checkbox will find themselves navigating all three disaster eras simultaneously, without the visibility or the tooling to know which one hit them first. In that environment, the difference between a recoverable incident and a business-ending event comes down to whether secondary data is part of your primary security strategy — or an afterthought sitting in a vault.