HYCU Wakes up Backup with aiR; Launch Adds New AI Capabilities Across Protected Systems of Record Within Its Market-leading R-Cloud Resilience Platform

HYCU, Inc., an AI resilience company, announced HYCU aiR (AI Resilience), an AI-native solution that turns backup data across dozens of applications into a live and actionable intelligence for security, compliance, and IT teams.aiR lets organizations search, query, and run purpose-built agents to surface insider risk, sensitive data exposure, identity drift, and AI agent activity, using their backup data. Every backup is a timestamped record of what happened inside an organization’s applications. HYCU aiR is the first solution built to read it.

AI activity has outpaced human-scale oversight. Atlassian, Microsoft 365, Salesforce, GitHub, and other applications and platforms are no longer playgrounds, but rapidly evolving systems of record where AI agents and copilots do most of their work. The conventional response is to buy more visibility: DSPM for sensitive data, insider risk platforms, identity governance, behavioral analytics. Each is useful, narrow in scope, and priced for enterprises that can afford a dedicated team to run it. Stack the categories together and the visibility bill alone exceeds what most midmarket organizations spend on their entire security stack. 

Most organizations cannot make that math work. The applications their people work in, including Salesforce, GitHub, Jira, Confluence, Box, and Okta, remain unclassified and unmonitored. The questions never get asked. Is there PCI data in Confluence? Is there PHI in Salesforce? Is there a user systematically exporting critical data in Box? The tools built to answer them are priced for the Fortune 500, not the midmarket healthcare and financial services firms where the gap is widest.

Click to enlarge

“For two decades, security tools watched what happened inside applications and backup tools stored the record of it. The two never spoke,” said Simon Taylor, founder and CEO, HYCU. “That worked when data changed slowly, and humans were the only ones touching it. Neither is true anymore. Between SaaS sprawl and AI agents acting at machine speed, most companies can’t tell you what they have, let alone what changed in the last hour. Resilience now means knowing what you had, what changed, who changed it, what data was impacted, and recovering immediately. aiR delivers intelligence. R-Cloud delivers recovery. That’s what resilience looks like.”

How HYCU aiR Works
HYCU aiR adds significant capabilities to HYCU R-Cloud. 

• Natural language search across backups. Organizations can ask plain-language questions of their backup data: “Show me all files containing passport numbers across our Salesforce and Microsoft 365 backups.” “Flag every permission change in our Okta environment over the last 90 days.” “Identify which AI agents accessed customer records in the past month.” With the information already contained in HYCU backups, aiR makes it queryable, from the first snapshot, with no configuration required

• An Agent Garden of purpose-built agents. Each agent reads the same backup data and answers a different question. Regulated Data and IP finds PII, PHI, financial records, and intellectual property scattered across protected applications. Insider Risk detects unusual access patterns and behavioral anomalies. Configuration Drift compares snapshots over time to identify settings that changed without authorization. IAM Posture Management tracks identity drift and access policy violations. Anomaly Detection spots unusual data patterns that signal compromise. Agent Governance monitors AI agent activity across the protected estate. Customers extend the garden by building and publishing their own templates, creating agents that ask the questions specific to their compliance regime, their industry, and the way their organization actually works

Click to enlarge

Every agent reads from the same source: data the organization was already protecting. Because every query runs across every protected application at once, HYCU can surface thousands of cross-application insights no point tool could produce. The intelligence was always there. HYCU is the first to treat backups as a memory rather than as insurance. 

“AHMC Healthcare backups are very important to our ability to respond safely and efficiently in an event that requires us to recover quickly,” said Ash Shehata, CIO, AHMC Healthcare, Inc. “With HYCU aiR it will provide us the first way to read what our backups already know. This capability offers us a complete, time-stamped record of every file touched and every configuration adjusted, empowering AHMC to ask our backups in plain English for quick and efficient understanding of the data landscape. Prior to this it would take days or weeks to review logs and significant manpower. With aiR it’s a game changer and it puts the power back in our hands! I feel that CIOs can sleep better now knowing their backups are AI-enabled and are safeguarding their data.”

Click to enlarge

Coverage That Compounds Intelligence
The value of backup intelligence scales directly with what you back up. A vendor protecting virtual machines and Microsoft 365 can surface insights only from those two environments. HYCU protects more than 100 unique workloads, including on-premises infrastructure, every major cloud, SaaS systems of record, DevOps toolchains, identity platforms, collaboration tools, databases, and AI workloads such as vector databases and data pipelines. 

That breadth is what makes aiR’s economics work. Insights from 100 protected applications are not ten times the insights from ten. They reveal cross-application patterns no single-workload tool can surface: 

• An identity change in Okta that quietly cascades into Salesforce and GitHub permissions 
• An AI agent that read customer records in Confluence and wrote output to SharePoint 
• Regulated data that left a sanctioned application six months ago and now lives in three places no compliance team has mapped 

“HYCU built the broadest protection coverage in data protection precisely because the organizations they serve cannot afford gaps,” said Enrique Salem, partner, Bain Capital Ventures. “aiR turns that coverage into a security intelligence advantage that purpose-built visibility tools spend years and hundreds of millions in customer budgets trying to replicate. The economics here are fundamentally different, and that matters enormously to the midmarket organizations that make up the largest underserved segment in security.”

Availability
HYCU is opening an early access waitlist for aiR today. Organizations joining the waitlist enter the early adopter program alongside existing HYCU customers currently testing the capability.  

What the Industry is saying about HYCU aiR
“We’ve watched HYCU build toward this for a while, and the thesis has only gotten sharper. Security budgets keep growing and the visibility gap keeps widening. That’s not a tooling problem, it’s a math problem, and stacking more point solutions on top of it has stopped working for everyone outside the Fortune 500. HYCU’s insight is almost embarrassingly simple in hindsight: the data is already there, in the backups, waiting to be asked the right questions. aiR is what happens when someone finally asks them,” said Theresia Gouw, founding partner, Acrew Capital.

“Every ten years, this industry rediscovers two truths and reaffirms the same goal: The truths are 1) the stakes for comprehensive backup and agile restore continue to heighten, and 2) as the defacto production landscape shifts, new leaders emerge that are purpose built for where organizations are going instead of where they are. HYCU’s breadth of SaaS undeniably puts them ahead for the next generation of modern hybrid IT for organizations of all sizes. The goal has always been ‘What else can I do with my backup data?’ — and aiR finally gives them an answer. What’s exciting is that HYCU built it on their core foundation, so every past and future backup just unlocked more value and actionable insights, where the meta might be even more important than the data itself,” added Jason Buffington, principal analyst and founder, Data Protection Matters.

“The number of SaaS applications a data protection software product can support is a major consideration for enterprise customers, but it’s not the only factor. As more organizations are treating their backups as a queryable record of what happened inside their applications and not just a static safety copy sitting in cold storage, it’s important that data protection tools can inform as well as they protect,” commented Johnny Yu, research manager, infrastructure software platforms, IDC.

“Sensitive data discovery, insider risk, identity posture, and agent governance seek to answer the same questions: what happened inside our applications, who accessed what data, and what did they do with it. Teams that can answer these questions form a single source of truth will gain the necessary visibility and action needed to keep data secure and protected. Combining these tools into a single platform also offers a more affordable and manageable solution for organizations that lack the budget and resources to run four separate platforms,” confirmed Jennifer Glenn, research director, information and data security, IDC.

“For most of its history, backup was insurance. You paid for it, hoped you never used it, and forgot the data was there. HYCU aiR represents the first credible attempt to treat backup as an operational intelligence asset, and the timing is right. Organizations find themselves drowning in SaaS tool sprawl and paying what amounts to an API tax to get visibility they should already have. HYCU aiR unlocks the value of the backup data they already maintain to answer governance, risk, and AI oversight questions and represents the kind of structural shift this category has needed for a decade,” said Jerome Wendt, CEO and principal analyst, DCIG.

“The data protection market has spent the last decade competing on workload coverage. HYCU now reframes the question entirely. The breadth of what you protect determines the breadth of what you can analyze, and that turns a vendor selection criterion into an intelligence advantage. aiR is one of the first products I have seen that makes the case for coverage as the foundation for something beyond recovery and even advanced browsable, searchable and queryable backup images and repositories capabilities. Other vendors will have to respond with architectures not really tailored for such evolution,” concluded Philippe Nicolas, founder and analyst, Coldago Research.

“Sensitive data accumulates in Atlassian environments in ways that are hard to track. Confluence pages with credentials in old runbooks, Jira tickets containing customer records, attachments with contract details. For clients, standing up a separate DSPM platform to find it is cost-prohibitive and cumbersome. HYCU aiR takes a different path by working from the Atlassian backup data already in place, which means our clients can get a useful view of where sensitive content lives and who has access to it by using their backup data. It’s a great fit for teams that need answers without adding another system to manage,” said Nick Sommerfeld, director of client solutions, Isos Technology.