Rubrik ships Rubrik Agent Cloud for Anthropic's Claude Code

Rubrik used its FORWARD user conference in Las Vegas today to ship Rubrik Agent Cloud, a new control and resilience layer built specifically for Anthropic's Claude Code and Claude Cowork. The product is the first attempt from a major data protection vendor to treat Claude-powered agents as production workloads, with auditable actions, recoverable repositories, and a one-click agent rewind that pulls back code and configuration state when an autonomous action goes wrong.

The launch comes paired with a broader shift: Rubrik itself is now repositioning as an agent, not a backup vendor. Under the new Rubrik AI banner, the same platform exposes an Agentic Mode that reasons across data, identity, and the agents a customer has deployed, with built-in Agentic Guardrails that the company says are auditable, attributable, and reversible on every autonomous action. The Claude Code-specific product is the first of those capabilities to ship to general availability, and the customer quote at the press conference was clear about why Anthropic was the launch partner. "Organizations are adopting Claude faster than any agentic technology we have seen, and every security leader asks the same question: how do we stay in control when an agent can act?" said Anneka Gupta, Rubrik's chief product officer.

The agentic gap Rubrik is selling against

The pitch to CISOs and security leaders starts from a gap that did not exist in 2024. Enterprise security infrastructure was built on the assumption that a human is always in the loop. Pull requests get reviewed, branches are protected by access policy, and recovery is a matter of restoring a known-good snapshot. AI agents break that assumption cleanly: they write, push, and deploy code on their own, and the blast radius of a bad action is whatever the agent can reach in a single network call.

Rubrik's framing is that rogue commits, repo ransomware, prompt injection, and IP exfiltration are now all possible at machine speed, and that the existing DevSecOps control set was not designed for the worst case. The Anthropic partnership is the load-bearing piece of that argument. Rubrik is not building a generic agent governance platform that can be re-skinned for any model; it is shipping a Claude-specific layer that knows about Claude Code's system prompts, tool permissions, skills, and the CLAUDE.md and settings files that govern how an agent behaves inside a customer's repository.

That specificity is what makes the launch interesting. The strongest competing agent identity and governance stories of the last six months, including CrowdStrike's Continuous Identity for AI Agents, the Identiverse 2026 analyst recap, and Snyk's Evo ADS, have all been pitched as model-agnostic. Rubrik is the first to argue that the controls have to live close enough to the agent runtime to read the actual configuration that drives Claude's behavior, not just observe the API calls the agent makes on the way out.

What Rubrik Agent Cloud actually ships for Claude

The product surface is a five-piece stack, and the names matter because they map directly to the failure modes the announcement is trying to address. Semantic AI Governance Engine, branded SAGE, is the real-time policy layer: it replaces static, manual oversight with intent-driven governance, which means a customer can describe the outcome they want and SAGE handles the policy mechanics. Agent Inventory is the 360-degree visibility surface, the dashboard every security team will want first. It tracks every deployed Claude agent's access permissions, risk posture, and any policy violations across the enterprise. Agent Rewind is the headline feature, the one that lets a team instantly reverse an unintended action even when the agent is the one that took it. Codebase Resilience, an extension of Rewind, maintains continuous immutable snapshots of GitHub and Azure DevOps repositories outside the repo itself, beyond the reach of compromised credentials. When an agent or an attacker using one takes an action that version control cannot undo, like force-pushing over commit history or deleting every branch, RAC restores a known-good state with one click. The fifth piece, Resilience for Claude Agents, is the configuration-layer backup. It version-tracks and restores the system prompts, tool permissions, skills, and key files that govern how Claude agents behave, and it continuously monitors for configuration drift. When a change appears malicious or unauthorized, Rubrik's recovery system ties that drift back to a healthy backup snapshot and runs an orchestrated recovery, rather than a blunt rollback.

The price of that specificity is integration surface. Rubrik has to maintain first-party support for Claude Code's runtime shape, which means every Claude Code release is a coupling point. The benefit is that the controls can see the things version control cannot: the conversation history that led to a destructive commit, the system prompt that an attacker just overwrote, the tool permission that an agent just escalated outside the customer's policy. That is also why the launch partner matters. Anthropic's Claude family is the model that enterprise security teams are adopting fastest, and Rubrik is betting that being Claude-native at launch is worth more than being model-agnostic on day one.

The enterprise AI governance question this forces

For enterprise security teams, the launch turns the Claude Code adoption curve into a hard governance problem with a paid answer. Until now, the choice for a team that wanted to deploy Claude Code at scale was to build their own observability and rewind tooling on top of the Anthropic SDK, or to lean on the version control system and accept that some classes of agent-driven failure were unrecoverable. Rubrik Agent Cloud is the first commercial product that argues both options are wrong, and that the right answer is a resilience layer purpose-built for the agent runtime itself.

That is the same argument that has been playing out across the agent identity and agent security market all year. Identiverse 2026 made the case that agent identity is now an IAM front, and that the standards bodies are catching up to the fact that an agent is a first-class non-human identity. The economics and rollout checklist for any enterprise that is shipping Claude Code at scale now have to include a line item for an agent resilience layer, not just an agent identity provider. Rubrik is selling the line item directly to the security and platform engineering buyer who has been asking for it.

The broader Rubrik AI platform, the parent of the Claude-specific product, is the second piece. Agentic Mode is the reasoning surface that pulls together data, identity, and deployed agents across the customer's environment, and Agentic Guardrails are the controls that ensure every autonomous action is auditable, attributable, and reversible. The Orchestrated Workflows that wrap both promise multi-step recovery sequences that once took human teams weeks to run in minutes. The general availability date for the broader Rubrik AI platform is not yet set, and the Claude Code integration is the first production-grade foothold. Customers who need agent governance today are getting the Claude-specific product first, and the broader platform layer arrives later in the year as a follow-on.

This article is built on the official Rubrik press release for the launch, published from the Rubrik FORWARD 2026 user conference in Las Vegas on June 9, 2026. The press release is the canonical source for the product names (Rubrik Agent Cloud, Semantic AI Governance Engine, Agent Rewind), the customer-side capability list, and the executive quotes from Anneka Gupta and Bipul Sinha. A cross-reference article from Techzine Global on June 30, 2026 provided the secondary confirmation of the same names and capabilities. The Rubrik newsroom at rubrik.com/company/newsroom is the right place to track the rest of the Rubrik FORWARD 2026 product wave, which also includes Rubrik Now Available as AI Agent and Rubrik AI on Unstructured Data, both announced on the same day.

For the enterprise security and platform engineering reader, the practical takeaway is short. If your team is shipping Claude Code or Claude Cowork to production, the agent rewind and codebase resilience surface that Rubrik just shipped is the first commercial control plane that knows about Claude's system prompts, tool permissions, and configuration files, and the first to argue that those things are part of the recovery story rather than the runtime story. The earlier assumption, that version control alone was enough to recover from any agent action, is now officially wrong. For the cross-link in the agent governance and identity thread, the Identiverse 2026 analyst recap made the same argument from the analyst side. For the rollout side, the Enterprise AI Governance Checklist for 2026 is the right evergreen reference for any team that is updating their governance model to include an agent resilience layer.