Share with your CISO
Rubrik is betting that the biggest security gap in enterprise AI isn’t your models, it’s your agents. The company launched Rubrik Agent Cloud for Anthropic’s Claude Code and Claude Cowork, a purpose-built resilience and governance layer for autonomous coding agents. The product includes five distinct capabilities: a real-time AI governance engine (SAGE), agent inventory with permissions visibility, action rewind, immutable codebase snapshots stored outside GitHub and Azure DevOps repositories, and configuration backup for Claude agent system prompts and tool permissions.
What this means for your business
Autonomous coding agents don’t just read your codebase, they write to it, push commits, and trigger deployments without a human reviewing every action. That changes the blast radius of a single compromised agent from “bad commit” to “force-pushed history deletion across every branch before anyone notices.” Traditional DevSecOps controls, code review policies, branch protection rules, credential rotation, were designed around human velocity. Agents operate at machine speed and those controls don’t hold.
Rubrik’s real argument here is that version control is not a security control. Git’s own mechanics can be weaponized: force pushes overwrite history, branch deletions are instant, and a prompt injection attack that hijacks a Claude Code session has write access to everything the agent has write access to. Storing immutable snapshots outside the repository itself, beyond the reach of compromised credentials, is the right architectural response. The same logic already won in data backup. It took ransomware hitting production databases to make offsite immutable backups standard practice. The same cycle appears to be starting now for code infrastructure.
The configuration resilience piece is the less obvious but more consequential capability. System prompts, tool permissions, and files like CLAUDE.md are the behavioral constitution of a Claude agent. Drift in those files, whether from a malicious insider, a supply chain injection, or an accidental overwrite, changes how the agent acts across every downstream task. Most organizations have no visibility into that layer today, let alone versioned recovery. The signal worth watching: whether Anthropic builds this class of capability natively into its enterprise tier, or whether it stays a third-party integration layer that Rubrik and competitors can own.
Concept deep-dive: Prompt injection in agentic environments
Prompt injection is an attack where malicious instructions embedded in content an agent reads, a code comment, a pull request description, a README file, override the agent’s original instructions. In a chat interface, the damage is a bad response. In an agentic coding environment with write permissions, the same attack can instruct the agent to exfiltrate API keys, modify deployment configs, or delete repository history. It exists because agents treat retrieved content and trusted instructions through the same channel. For a CISO, it means every external input to a Claude Code session is an attack surface.
Based on reporting from Rubrik Launches Agent Cloud for Anthropic Claude Code & Claude Cowork to Secure AI Agents, originally published 2026-06-11 20:20:00.

