Conventional cybersecurity defenses are no longer sufficient. AI-driven autonomous systems can create zero-day exploits instantly, and defense organizations struggle to patch vulnerabilities quickly enough to keep up. Bureaucratic procurement processes, institutional inertia, and a lack of deep technical expertise have created a major imbalance, with adversaries facing no practical limits on how aggressively they can escalate.
AI-fueled attacks routed through space-based platforms or software-based channels bypass traditional attribution methods and overwhelm standard response protocols. The U.S. cannot simply overpower this threat through force. Success in today’s agentic warfare will be measured not by the strength of a counterattack, but by how fast and dependably operations bounce back. Immutable backups and rapid data recovery have become the new battlefield.
Most physical attacks are preceded by cyber operations. Gaining the upper hand—or denying adversaries success—in cyberspace will offer a critical edge in future military engagements. When adversaries doubt whether they can achieve their objectives in the cyber realm, they are far less likely to proceed with a physical strike. For this reason, cyber recovery capabilities must be a foundational element of the Cyber Golden Dome initiative.
Mission recovery demands AI-driven backup
Relying on punishment as a deterrent will fall short in cyberspace, particularly as AI agents become the primary attack vector. If the data environment becomes indefensible, the key benchmarks to monitor are cyber survivability and data resilience. The Department of Defense must therefore move beyond depending solely on offensive cyber operations or preventive measures, and instead ensure mission-critical data stays protected even after a breach occurs.
AI agents are not deterred by the threat of retaliation. The only effective way to discourage adversaries from launching AI-powered attacks is deterrence through denial. If adversaries recognize that their assault won’t stop the mission—because the military’s recovery is swift and permanent—the attack becomes strategically meaningless.
AI-powered backup is critical for mission recovery against agentic AI threats because it goes far beyond simple data storage, delivering real-time, self-directed protection against rapidly evolving, AI-orchestrated attacks. These smart systems detect, isolate, and recover from sophisticated automated threats—such as data poisoning or ransomware—by spotting anomalies and guaranteeing clean, tamper-proof data restoration, dramatically cutting downtime.
Why resilience must anchor cyber deterrence
Resilience should serve as the modern equivalent of the nuclear triad when confronting today’s cyber threats. A nuclear triad is a three-pronged military architecture for delivering nuclear weapons via land-based missiles, submarine-launched missiles, and strategic bombers. It ensures nuclear deterrence through survivability and built-in redundancy—if one leg is knocked out in a surprise strike, the remaining legs can still respond. However, this model doesn’t map cleanly onto cyberspace, especially when AI agents are conducting the attacks. Unlike the nuclear triad’s focus on guaranteed retaliation to prevent a first strike, cyber resilience acknowledges that breaches are inevitable and instead prioritizes minimizing damage and enabling rapid recovery.
To grasp why resilience matters so much, consider the escalating threats now penetrating U.S. defense systems and critical infrastructure.
- Salt Typhoon and the pre-positioning doctrine refer to a threat actor linked to the People’s Republic of China that has evolved beyond mere espionage to actively targeting critical infrastructure. They aren’t just exfiltrating data—they’re embedding themselves in U.S. telecommunications and National Guard networks. Their objective is to collect intelligence, knock out power, and disrupt operations during a kinetic conflict, blocking mobilization and crippling command and control before a single shot is fired.
- Volt Typhoon and living-off-the-land attacks describe another China-associated advanced persistent threat group that executes malware-free intrusions by leveraging legitimate, built-in system tools to carry out their operations. This group also targets critical infrastructure to pre-position for cyberattacks designed to obstruct U.S. military mobilization during a crisis.
- The agentic AI “Russian nesting doll” scenario describes an emerging worst-case situation in which a multi-layered, nested cyberattack plants a rogue AI agent inside legitimate software supply chains. Much like a Matryoshka doll, the initial compromise spawns secondary, concealed AI agents. These agents act autonomously, rendering human-in-the-loop defense physically unfeasible. By the time a human operator sees the alert, the agent has already corrupted the kernel.
- Space-based vulnerabilities leave zero room for error, since assets traveling at thousands of miles per hour rely on exact timing. Even a minor AI-driven disruption to a satellite’s telemetry can result in a catastrophic loss of orbital position. In orbit, there is no physical reset button. At the same time, AI attacks on terrestrial networks can originate from satellites or orbital data centers.
Building resilient and trustworthy security
Many organizations deploy network-level intrusion prevention systems (IPS) to guard against cyberattacks. However, they often run them in passive mode because they’re concerned that enabling automatic blocking could disrupt legitimate operations. The scope of what an IPS can actually block is fairly narrow. Leveraging AI to halt attacks provides a broader set of options but also carries a higher risk of interfering with legitimate traffic or actions. Historically, IPS solutions always required a human in the loop to oversee their behavior. Applying AI to security and IT systems for attack detection raises legitimate trust concerns. Adversaries don’t face those concerns because they have no such constraints. From a defense standpoint, the priority must be on attack detection and response.
How can defense agencies guarantee that their most vital assets—namely, data and critical infrastructure—survive and recover?
Systems and infrastructure must be built for resilience and capable of restoring data rapidly.
Trust in data and systems is essential. To tackle the trust challenge, defense agencies should craft a comprehensive cyber risk management strategy and then execute it rigorously. They need to cleanse and organize data, prioritize assets, remove single points of failure, implement defense-in-depth measures, and refresh threat models to reflect current adversary tactics—not those from two decades ago.
Implementing data sources for visibility
Zero trust is a framework that operates on the assumption that no user or device is inherently trusted, mandating strict identity verification for every access request, regardless of whether it originates inside or outside the network. Maintaining comprehensive data and metadata across all zero trust pillars—such as data, network, user, and physical device visibility—is essential. This approach ensures that data sources are varied and complementary.
If an endpoint is compromised and analytics rely solely on data from that endpoint, the adversary can manipulate the data to make it appear
Security specialists often lack the necessary validation information to verify system security. To achieve comprehensive protection, analysts need access to diverse data sources encompassing all zero-trust principles, gathered through various methods. For instance, offline data backups provide access to copies of production data even when the main system is down. Similarly, monitoring network devices enables the detection of suspicious activity even if an endpoint has been compromised, as monitoring functions run externally from the main system. The outcome is a robust security framework that effectively counters the scope of an attack.
Integrating this collected data with AI further enhances defensive measures.
The objective is to foster data-independent transparency.
Deploying AI-driven backup systems to enhance resilience
As sophisticated threats increasingly challenge human defenders, AI-powered systems have become essential rather than optional. AI-driven surveillance identifies unusual data behavior in real time, detecting, isolating, and eliminating ransomware before it can cause lasting harm. Unlike conventional, static tools, AI systems can evaluate recovery options and dynamically redistribute resources during a crisis, accelerating the restoration of normal operations. They also confirm the integrity of backups, ensuring that data remains clean and reliable. In a landscape of relentless, adaptive threats, AI-enhanced backup and recovery capabilities form the foundation for a secure and resilient state for organizations.
However, the reliance of defense agencies on legacy infrastructure has created significant vulnerabilities in the cybersecurity landscape. Within this context, unchangeable backups function as a secure vault compliant with Write-Once-Read-Many (WORM) standards. They enable specific point-in-time recovery, but are fully effective only when deployed alongside segmented, zero-trust architectures that prevent attackers from expanding their attack surface, compromising the management plane, or altering backups before they are secured.
Guaranteeing unchangeable resilience within a compromised network
Attackers have already gained access to the network. The priority now is to ensure that mission-critical data is validated through sources that the adversary cannot access or alter. Without isolated verification, defense agencies are effectively operating without clear visibility.
in the age of advanced digital warfare, leaders must acknowledge that breaches are inevitable and design their defenses accordingly. Unchangeable resilience is not a mere fallback plan. It must be the core strategy that guarantees mission continuity.
Travis Rosiek serves as the public sector chief technology officer at Rubrik.
The perspectives expressed in this article are solely those of the author and do not represent the official stance or position of Rubrik. These views are provided for informational purposes only and should not be considered business or legal counsel. Organizations are advised to consult with legal and compliance experts to verify that their cybersecurity strategies comply with all relevant federal, state, and international regulations.
Copyright
© 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
