The new cyber deterrent isn’t a weapon. It’s cyber recovery.  

The traditional cyber shield is obsolete. Artificial intelligence-powered, autonomous agents can generate zero-day exploits on demand, and defense agencies cannot patch fast enough to keep pace. Acquisition hurdles, organizational red tape and limited technical understanding have left them at a significant asymmetric disadvantage, with no realistic ceiling on how far adversaries can escalate.

AI-enabled attacks launched through space-based systems or software-driven vectors defy traditional attribution and outpace conventional response. The United States cannot fight its way out of this threat. Victory in modern agentic warfare will not be defined by how hard we strike back, but by how quickly and reliably the mission recovers. Immutable backups and data recovery are now the new frontline.

Most kinetic attacks are preceded by operations in the cyber domain. Winning, or denying adversarial success, in that domain will provide a decisive advantage in future military campaigns. When adversaries are forced to question whether they can succeed in the cyber domain, it deters them from pursuing any follow-on kinetic strike. For this reason, cyber recovery must be a core component of the Cyber Golden Dome effort.

Mission recovery requires AI-powered backup

Deterrence through punishment won’t be effective enough in the cyber domain, especially when AI agents launch attacks in the future. If the data environment becomes impossible to defend, the important metrics to track are cyber survivability and data resilience. Therefore, the Defense Department must shift from relying on offensive cyber or prevention alone to ensure mission data remains secure even if defense agencies are breached.

AI agents do not fear punishment. The only way to deter adversaries from launching AI-driven attacks is through deterrence by denial. If adversaries understand that their attack won’t halt the mission because the military’s recovery is immediate and irreversible, the attack loses its strategic value.

AI-powered backup is essential for mission recovery against agentic AI threats because it goes beyond passive storage to offer real-time, autonomous protection against fast-changing, AI-driven attacks. These intelligent systems detect, isolate and recover from advanced, automated threats, such as data poisoning or ransomware, by identifying anomalies and ensuring clean, unalterable data restoration, greatly reducing downtime.

Why resilience must be part of cyber deterrence

Resilience should be the emerging nuclear triad in the face of modern cyber threats. A nuclear triad is a three-part military system designed to deliver nuclear weapons through land-based missiles, submarine-launched missiles and strategic aircraft. It guarantees nuclear deterrence by maintaining survivability and redundancy. For instance, if one part is disabled in a surprise attack, the others can respond. However, this approach does not translate directly to the cyber domain, especially when AI agents conduct attacks. Unlike the nuclear triad’s emphasis on assured retaliation to prevent a first strike, cyber resilience accepts that breaches are unavoidable and focuses on reducing impact and enabling quick recovery.

To understand why resilience is so vital, consider the increasing threats now breaching U.S. defense and critical infrastructure.

• Salt Typhoon and the pre-positioning doctrine refer to the threat actor affiliated with the People’s Republic of China that has moved beyond simple espionage to actively targeting critical infrastructure. They are not just stealing data; they are infiltrating U.S. telecommunications and National Guard networks. Their goal is to gather intelligence, disable power and disrupt operations during a kinetic conflict, preventing mobilization and blindsiding command and control before a shot is fired.
• Volt Typhoon and living off the land attacks describe another China-linked advanced persistent threat group that deploys malware-free intrusions using legitimate, pre-installed system tools to carry out attacks. The group also targets critical infrastructure to pre-position for cyberattacks that hinder U.S. military mobilization during a crisis.
• The agentic AI “Russian nesting doll” scenario describes an emerging nightmare where a multi-layered, nested cyberattack embeds a compromised AI agent into legitimate software supply chains. Like a Matryoshka doll, the initial breach produces secondary, hidden AI agents. These agents operate independently, making human-in-the-loop defense physically impossible. By the time an alert reaches a human, the agent has already corrupted the kernel.
• Space-based vulnerabilities leave no margin for error, as assets moving at thousands of miles per hour depend on precise timing. A small AI-driven disruption to a satellite’s telemetry can cause a catastrophic loss of orbital position. In space, there is no physical reset button. Meanwhile, AI attacks on Earth’s networks can come from satellites or data centers in space.

Building resilient and trustworthy security

Many organizations have network-level intrusion prevention systems (IPS) to defend against cyberattacks. However, they keep them in passive mode because they fear enabling automatic blocking, which might disrupt operations. The range of what an IPS can block is quite limited. Using AI to stop attacks has a wider range of options and offers a greater chance of disrupting legitimate traffic or actions. Historically, IPS always needed someone in the loop to monitor its actions. Using AI on security and IT systems to detect attacks raises concerns about trust. Adversaries don’t need to worry about trust because they don’t care. From a defensive perspective, it’s crucial to focus on attack detection and response.

How can defense agencies ensure their most critical assets (i.e., data and key infrastructure) survive and recover?

Systems and infrastructure must be resilient and restore data fast.

Trust in data and systems is vital. To address the trust challenge, defense agencies should develop a cyber risk management strategy and then implement it thoroughly. They must clean and organize data, triage assets, eliminate single points of failure, establish defense-in-depth measures, and update threat models to reflect current adversary tactics, not those from 20 years ago.

Implementing data sources for visibility

Zero trust is a framework that assumes no user or device is automatically trusted, requiring rigorous identity verification for every access request, whether inside or outside the network. Having robust data and metadata across all zero trust pillars, such as data, network, user and physical device visibility, is critical. Such an approach ensures that data sources are diverse or complementary to the data.

If an endpoint is compromised and analytics only focus on data from that endpoint, the adversary can spoof the data to make it appear secure or normal. In such cases, the security analyst lacks validation data for system security. They need a comprehensive set of data sources covering all zero-trust pillars, obtained through various mechanisms. For example, data from backups, which are out-of-band copies of production data, remain accessible even if the production system fails. Similarly, visibility from network device monitoring allows detection of activity even if the endpoint is compromised because it operates out of band. The result is a resilient security posture that extends beyond the attack’s radius. Feeding this data into AI further strengthens defensive capabilities.

The goal is to drive visibility that is independent of the data itself.

Deploying AI-powered backup builds resilience

As agentic threats increasingly outpace human defenses, AI-driven systems are no longer optional; they are essential. Continuous AI monitoring detects anomalous data activity in real time, identifying, isolating and neutralizing ransomware before it can cause irreparable damage. Unlike static, legacy tools, AI agents dynamically assess recovery options and reallocate resources during a crisis, accelerating the path to restored operations. They also validate backup integrity, ensuring data remains untainted and trustworthy. In an era of relentless, evolving threats, AI-powered backup and recovery capabilities are the foundation upon which agencies must build their path to a trusted, resilient state.

However, defense agencies’ reliance on antiquated infrastructure has made the cyber domain a critical vulnerability. In this environment, immutable backups act as a secure, Write-Once-Read-Many (WORM)-compliant vault. They offer a specific point-in-time recovery, but they are only effective if paired with segmented, zero trust architectures that prevent attackers from breaching the broader network, compromising the management plane, or corrupting backups before they are locked.

Ensuring immutable resilience in a compromised network

Adversaries have already breached the network. The imperative now is ensuring mission-critical data is validated through sources the adversary cannot reach or manipulate. Without out-of-band verification, defense agencies are operating blind.

In the age of agentic warfare, leaders must accept that breaches are inevitable and build accordingly. Immutable resilience is not a contingency plan. It should be the strategy that ensures the mission continues.

Travis Rosiek is public sector chief technology officer at Rubrik.

The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of Rubrik. These views are for informational purposes only and do not constitute business or legal advice. Organizations should consult with legal and compliance professionals to ensure their cybersecurity strategies meet all applicable federal, state and international requirements.

Copyright © 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.