Rubrik launches Agent Cloud to secure Anthropic’s Claude AI code deployment

The agent era is here: AI agents like Anthropic Claude Code are writing, testing, and shipping code entirely on their own, moving faster than any human review cycle. That’s productive—until something goes wrong. Enterprises adopting autonomous AI see new risks emerge at machine speed: silent prompt injection, rogue commits that escape notice, even the prospect of AI-driven repo ransomware. Rubrik Agent Cloud (RAC) for Anthropic Claude launches as a direct answer: an observability, governance, and recovery control plane built to keep up with the new velocity. RAC’s core: watch everything, control in real time, and—when needed—rewind the tape on agent mistakes, even after they propagate beyond version control.

What is Rubrik Agent Cloud and how does it work with Anthropic Claude?

Rubrik Agent Cloud (RAC) is a control, observability, and resilience platform designed explicitly for autonomous AI agents like Anthropic’s Claude Code and Claude Cowork. RAC integrates directly with Claude-powered agents, acting as a watchtower and a safety switch: it tracks agent actions across code repositories, configuration files, and deployment pipelines—giving enterprise security and ops teams the visibility and control they require at scale.

Here’s what stands out:

Agent observability: RAC inventories every agent instance, continuously surfaces what code, systems, or data agents can access, and highlights unusual behaviors.
Real-time control: Through RAC’s Semantic AI Governance Engine (SAGE), organizations replace manual, after-the-fact reviews with intent-based, real-time guardrails. SAGE enforces policies and permissions, limiting what AI agents can initiate or modify in production.
Comprehensive recovery: RAC enables not just backup of the codebase, but also immutable recovery of both the working branch and the very configuration files that drive agent policy (what’s permitted or denied)—closing the gap when an agent’s rogue action “outruns version control.”
Agent rewind: If an agent makes an unintended or malicious change, RAC lets you roll back just those actions, restoring system state even when the agent has already pushed to prod.

The promise: secure, observable, and governable autonomy, so large-scale Claude deployments don’t turn day-one productivity into week-one incident response.

[[DIAGRAM: RAC integrates as a middleware and control fabric between Anthropic Claude agents, enterprise code repositories, and deployment pipelines, providing real-time monitoring, policy enforcement, and instant rollback.]]

Why do autonomous AI code deployments need new security layers?

Autonomous AI agents invert a core DevSecOps assumption: that a human is always reviewing and gating production changes. When Anthropic Claude Code can write and deploy with no pause, risk compounds at machine speed. Traditional controls (manual code review, branch protection, even “two pairs of eyes”) can’t intercept a fully autonomous pull request or halt high-velocity prompt injection attacks.

New threats we’re seeing:

Rogue commits: Autonomous agents can introduce errors or malicious changes, sometimes without human intervention or notification.
Repo ransomware: If an agent is compromised or prompted maliciously, it can encrypt or wipe critical code in seconds.
Prompt injection and data exfiltration: Clever prompts or subverted functions may cause agents to leak IP, credentials, or sensitive internal logic.
Human-out-of-the-loop gaps: Controls designed for human workflows—manual merges, periodic reviews, “code freeze”—are irrelevant when the AI is shipping 24/7.

Recent industry data points to 70%+ of enterprises accelerating autonomous AI adoption in development workflows (source: Anthropic adoption trends in 2026), with security incidents involving machine-driven code changes up sharply. RAC exists because the old boundaries are now porous—autonomous agents don’t wait for reviews or care about off-hours.

How does Rubrik Agent Cloud provide observability and control over Claude agents?

RAC for Anthropic Claude surfaces every agent, every action, and every exception. Security teams get dashboards showing—

Agent inventory: All Claude agents deployed, what repositories or systems each can touch, and a real-time risk matrix.
Permission governance: Policies define exactly what actions an agent can take—down to the file, repository, or pipeline. Changes outside policy raise flags, block pushes, or trigger rollback.
Anomaly detection: RAC inspects agent behaviors, surfacing deviations from expected patterns—like a codegen agent pushing to the deployment branch without a matching review.

The Semantic AI Governance Engine (SAGE) is the heart of this control:

# Example: Declaring policy via SAGE
policies:
  - agent: "claude-cowork-dev"
    allow:
      - repo: "mycompany/app"
        actions:
          - "pull"
          - "unit-test"
    deny:
      - actions:
          - "push"
          - "delete"

With policies like these, RAC enforces guardrails programmatically, not through tribal knowledge or as a post-mortem.

Rubrik’s CPO Anneka Gupta makes the pitch:

"Rubrik Agent Cloud gives organisations a resilience layer for Claude, which allows them to see what agents can access, govern what they do, rewind their actions, and recover both the code and the agent's own configuration when something is destroyed or tampered with."

Takeaway: RAC doesn’t just watch; it intervenes, reducing the blast radius before a bad commit or deployment becomes an outage.

What is the agent rewind feature and immutable codebase recovery?

Two features matter most the moment things go wrong:

Agent rewind: When a Claude agent takes an unintended action (whether prompt-injected, bugged, or maliciously steered), RAC tracks a full action log and lets you undo discrete changes—even after they reach prod. Think “git revert,” but at the semantic/workflow level, for both code and infra state.
Immutable codebase recovery: Sometimes, a compromised agent or pipeline erases history, “force-pushes” over main, or even deletes itself. RAC’s backup engine snapshots not only the codebase but also the agent’s governance/configuration files. Recovery is “immutable”—no in-band agent or leaked API token can mutate the backup or prevent rollback.

These become critical at “AI speed”: agents make thousands of code changes, running regression and hotfix loops that outpace human detection. RAC puts a real undo button in the hands of security and engineering leads.

[[COMPARE: agent rewind vs traditional manual code review. Show RAC can revert machine-generated changes instantly, while legacy review only flags after the fact.]]

How to deploy and use Rubrik Agent Cloud with Claude agents today?

RAC is built for large orgs running autonomous Claude agents at production scale. Here’s how teams can integrate:

Prerequisites:
- Deployed Anthropic Claude Code or Cowork agents (configured with enterprise scopes/tokens)
- RAC cloud account (provisioned via Rubrik console)
- Code repository integration (GitHub, GitLab, Bitbucket)
Installation:
- Link RAC with your code repos via the Rubrik UI or CLI—authorize via an OAuth app or service account.
- Enable agent inventory and connect your Claude agent fleet:

   rac-cli agents register --provider=anthropic --token=$CLAUDE_TOKEN

Monitoring & governance configuration:
- Define policies in SAGE (YAML or UI), mapping each agent to its allowed actions, access scopes, and notification settings.
- Activate observability dashboards and set up real-time alerts:

   rac-cli agents monitor --watch=all --alert=slack,teams

Enable recovery features:
- Schedule codebase and policy snapshot intervals.
- Test agent rewind and recovery drills:

   rac-cli agents rewind --agent=claude-cowork-dev --since="2026-06-10"
   rac-cli backup recover --repo=mycompany/app --mode=immutable

Best practices:
- Rotate Claude agent access tokens regularly.
- Start with conservative permissions; open up as governed activities prove safe.
- Integrate RAC monitoring with your SIEM and incident response playbooks.

Rubrik’s docs and support teams offer guidance for onboarding and customizing RAC deployments. RAC is designed to sit alongside, not replace, your existing DevSecOps stack—its value is in closing the human-out-of-the-loop risk gap that standard tools miss.

What are the enterprise benefits and future outlook for AI autonomous agent security?

With RAC, enterprises can deploy Anthropic Claude agents confidently—removing the veto point where security risk blocks automation. You get:

Reduced operational risk: Real-time monitoring and rewinds mean fewer expensive incidents from agent mistakes.
Safeguarded IP and compliance: Data exfiltration and unintended actions draw instant attention, not just when someone reviews logs.
Acceleration of trusted AI adoption: Teams don’t have to choose between AI speed and governance—they get both.

The market is clear: enterprise adoption of autonomous agents is surging, but headlines on AI-driven outages or “prompt-exfil” attacks are growing too. Resilience and observability will be the competitive edge. As the agent landscape evolves, expect RAC to expand to support more AI ecosystems, richer behavioral policies, and even more granular recovery primitives.

Industry signals point to a world where “AI as teammate” is the default rather than the experiment. RAC is an early answer to the trust and control questions every CISO is already facing.

Takeaway: a new standard for AI agent security in the enterprise

Rubrik Agent Cloud is not just another compliance checkbox—it’s a hard engineering response to a new class of risk. As Anthropic Claude agents take on more autonomous code deployment, blind spots in old tools turn into real enterprise exposure. RAC’s observability, policy enforcement, agent rewind, and immutable recovery are the new safety net. Enterprises adopting RAC get to move at the speed of AI—without leaving their codebase, their config, or their reputation unguarded.

To stay on top of the agent curve, secure the automation fabric, and finally enable safe AI-scale development, RAC is the first control plane built for the challenge.