Rubrik unveiled Rubrik Agent Cloud for Google's Gemini Enterprise Agent Platform on April 22, 2026, at Cloud Next, then spent the following week amplifying the launch as enterprise security buyers absorbed the implications. The headline feature is the first commercial "Agent Rewind" — a capability that lets administrators undo a destructive action taken by an autonomous AI agent, the same way they would restore a deleted file from backup. Rubrik also announced Cloud SQL cyber resilience, extending immutable backups and air-gapped ransomware protection to Google's managed PostgreSQL service.

The bet is bigger than two integrations. Rubrik is wagering that the resilience and recovery muscle it built for data — immutable backups, point-in-time restore, ransomware rollback — translates directly into the new control plane every enterprise needs as agents take autonomous actions on production systems. With Gartner forecasting 40% of enterprise applications will integrate task-specific AI agents by year-end 2026, and Google's A2A protocol already running in 150+ organizations, the question every CIO is being asked by audit, risk, and security teams is the same: when an autonomous agent makes a wrong call, what is your undo button?

Rubrik's answer is Rubrik Agent Cloud (RAC), powered by a new Semantic AI Governance Engine called SAGE. Wiz, Okta, Cisco, and Google's own Model Armor are racing for the same layer. Here is what Rubrik shipped, why the timing matters, and the procurement decisions enterprise leaders should be making before agent governance becomes a multi-vendor sprawl problem.

What Rubrik Actually Shipped

Rubrik Agent Cloud connects directly to the Gemini Enterprise Agent Platform Runtime and provides three capabilities that did not exist as a unified offering before this launch:

1. Agent Inventory with auto-discovery. RAC continuously scans the Gemini Enterprise environment and surfaces every agent running on the platform, with visibility into the agent's identity, the tools and APIs it can call, the data it can access, and any policy violations it has triggered. Most enterprises today do not know how many agents are running in production. RAC turns that into a single list, in the same way data security posture management (DSPM) tools turned shadow data into a discoverable inventory.

2. SAGE — the Semantic AI Governance Engine. The differentiator Rubrik is leaning on. Conventional governance tools enforce static rules — agent X cannot call API Y, role Z cannot access dataset W. SAGE adds intent-driven oversight: it interprets what the agent is trying to do at the semantic level and applies real-time guardrails based on whether that intent is consistent with policy. The marketing claim is that SAGE "replaces static rules with continuous oversight of agent behavior." The technical reality is that semantic governance is an emerging research area, and this is one of the first commercial implementations carrying that label.

3. Agent Rewind. The capability that is generating the most attention. If an autonomous agent takes a destructive action — deletes a record, modifies a database row, sends an email, transfers a file — Agent Rewind lets an administrator undo that action and restore prior state. Rubrik calls it "the industry's only rewind capability to undo mistakes." For enterprise risk teams, that is the bridge between "we cannot deploy agents in production because we have no undo path" and "we can deploy agents in production because we can recover from a mistake." For Rubrik, it is the most direct lift from the company's data-resilience DNA into the agent governance market.

Cloud SQL cyber resilience is the second leg of the announcement. The integration extends Rubrik Security Cloud to Google's managed PostgreSQL service and provides immutable, automated backups, air-gapped ransomware protection, cross-region recovery, automatic discovery of new Cloud SQL instances under global policies, and uncapped retention with tag-based SLA enforcement. It is a more conventional product extension — but it matters strategically because agents running on Gemini Enterprise increasingly read from and write to Cloud SQL, and the recovery story for one without the other is incomplete.

Rubrik did not disclose pricing or general availability dates for either offering. That is a gap worth flagging in any near-term procurement evaluation.

Why This Is the Opening Shot in the Agent Governance War

The agent governance layer is the next major enterprise software category, and the vendor positioning is happening fast. Rubrik is one of four meaningful entrants making moves on Google Cloud alone:

• Google Model Armor — runtime protection for model and agent interactions, native to the Gemini Enterprise Agent Platform itself
• Google Agent Identity and Agent Gateway — unique scoped identities for each agent and policy enforcement on agent-to-agent and agent-to-tool connections
• Wiz (Google-acquired) — extending its cloud security posture management to AWS AgentCore, Gemini Enterprise, Azure Copilot Studio, and Salesforce Agentforce, with AI Bill of Materials tracking and inline security hooks
• Rubrik Agent Cloud — semantic governance, inventory, and rewind, sitting on top of all of the above

The architecture question is whether agent governance is a platform-native capability that the foundation-model vendor owns, or a third-party control plane that spans clouds and platforms. Google is investing in both directions simultaneously — building Model Armor and Agent Gateway natively, then partnering with Wiz and Rubrik to extend the layer. AWS is doing the same with AgentCore plus a partner ecosystem. Microsoft has Copilot Studio governance plus Azure-native controls.

For enterprise buyers, that bifurcation creates a familiar pattern. Native vendor controls tend to be free or bundled, but they only cover the vendor's own platform. Cross-platform governance vendors charge separately, but they cover the multi-cloud, multi-vendor agent estate that real enterprises actually run. The same pattern played out in cloud security posture management, identity governance, and data security posture management. Agent governance will follow the same template, and the cross-platform vendors will earn premium pricing if they can prove their controls are deeper than the natives.

Rubrik's specific bet — that "agent rewind" is the differentiated capability that justifies its premium — is a strong narrative but an unproven moat. SAGE's semantic governance claim is partly a marketing wrapper around guardrail evaluation that several other vendors are also building. Agent Rewind is more defensible because it leverages Rubrik's existing journaling, change-data-capture, and point-in-time-restore infrastructure, which competitors would need to either build from scratch or license. Whether that gap holds for two years or twenty-four months is the company's central commercial question.

For CIOs and CTOs: The Architecture Read

Three decisions to put on the next architecture review while the agent governance market sorts itself out.

1. Decide native versus cross-platform before agents proliferate.

The cheapest moment to make this call is now, before you have hundreds of agents running across Gemini Enterprise, AgentCore, Copilot Studio, and Agentforce. If your AI strategy concentrates on a single hyperscaler, native controls — Model Armor for Google, Bedrock Guardrails for AWS, Copilot governance for Microsoft — will likely be sufficient through 2027. If your AI strategy is genuinely multi-cloud or multi-vendor (most enterprises with $1B+ revenue are), a cross-platform governance layer is the right architectural pattern, and Rubrik, Wiz, and a small number of others are the credible vendors. Picking later, after sprawl, is significantly more expensive.

2. Build an agent inventory before you need one.

Whatever vendor you choose, the first capability that matters is auto-discovery. Treat it the same way you would treat shadow IT discovery or shadow data discovery: assume you have more agents than you think, run continuous discovery against every platform that can host one, and require that every production agent be registered in a single inventory with an owner, a documented purpose, and the data and tools it can access. This is the foundation that every subsequent governance control depends on. Rubrik's Agent Inventory does this for Gemini Enterprise; equivalent capabilities exist for other platforms. The inventory is the prerequisite, not the deliverable.

3. Define your agent rewind requirements before evaluating vendors.

Agent Rewind sounds like a single feature, but in practice it is a category of capabilities with very different implementation depths. Ask the questions:

• What classes of agent action can be reversed? Database writes? File operations? API calls to third-party systems? Money movement? Email sends?
• What is the rewind window — minutes, hours, days?
• Does rewind capture full transactional context, or only the agent's local state?
• How does rewind interact with downstream systems that already saw the agent's action — partners, customers, regulators?
• What is the recovery time objective for a single agent rollback versus a fleet rollback?

Rubrik's Agent Rewind is positioned as the most complete option on the market. The questions above will tell you whether that claim survives contact with your specific risk profile.

For CFOs: The Capital and Procurement Read

Three financial considerations as agent governance moves from concept to line item.

Pricing remains undisclosed, which means optionality stays on your side. Rubrik did not publish pricing for Agent Cloud or the Cloud SQL resilience extension. Hyperscaler-native controls are generally bundled into broader platform spending. Cross-platform agent governance — when it becomes a separate category line — will likely price somewhere between cloud security posture management ($5-$15 per cloud asset per month at enterprise scale) and data security posture management ($10-$25 per data store per month). Plan for $0.50-$2.00 per agent per month as a working estimate until vendors publish official pricing, and revisit after Q3 2026 once two or more vendors have public price lists.

Treat agent governance as a separate budget line, not an extension of existing security spend. The temptation will be to fold it into the existing CSPM or SIEM contract. Resist that. Agent governance has different vendors, different metrics, and a different rate of change than traditional security. Bundling now creates the same procurement headaches that hit teams who folded DSPM into legacy DLP contracts in 2023 — by the time the bundled vendor caught up, the standalone vendors had two product cycles of lead.

Cap multi-year governance commitments until the vendor map clarifies. The agent governance market is in its first 90 days. Native platforms are still adding capabilities every quarter. Rubrik, Wiz, and at least three other credible cross-platform vendors are racing to define the category. Two-year contracts with explicit out-clauses tied to capability gaps are reasonable. Five-year deals are not — you will be locking in vendor architectures that may be obsolete by the second year.

What to Watch Next

Three signals over the next 90 days will indicate whether Rubrik's positioning holds.

1. Agent Rewind in production at a named enterprise customer. Rubrik did not disclose adoption numbers. The first customer reference where Agent Rewind is used to recover from a real autonomous-agent mistake — published as a case study, not a press release — would validate the capability.

2. Native platform response. If Google ships a comparable rewind capability inside Gemini Enterprise itself within 90 days, the cross-platform vendor pricing thesis weakens. If Google explicitly defers rewind to its partner ecosystem, the cross-platform vendors hold pricing power.

3. Wiz versus Rubrik on Gemini Enterprise. Both are Google partners. Both are pursuing agent governance. Wiz brings a broader cloud security footprint; Rubrik brings the resilience and recovery angle. The first major enterprise account that picks one over the other in a public RFP will set the early competitive pattern.

For enterprise leaders writing 2027 AI strategy through the back half of 2026, the practical action is straightforward. Agent governance is now a procurement category, not a research curiosity. Build agent inventory before you build agent fleets. Decide native versus cross-platform before sprawl forces the choice. Cap commitments until the vendor map clarifies. And ask every vendor — Rubrik, Wiz, Google, AWS, Microsoft — the same question every audit team will ask you next quarter: when an autonomous agent makes a wrong call, what is the undo button, and how confident are you that it actually works?

Rubrik shipped a credible answer this week. The market will spend the rest of 2026 deciding whether it is the answer, or just the first one.

Sources

• SiliconANGLE: Rubrik rolls out Cloud SQL cyber resilience and Gemini agent governance at Google Cloud Next
• Virtualization Review: Rubrik Unveils Google Cloud AI and SQL Security Tools
• SecurityBrief: Rubrik launches Google Cloud tools for AI governance
• SiliconANGLE: Google rolls out new Security Operations agents, Wiz integrations and agent governance tools
• Simply Wall St: How Rubrik's Gemini Agent Governance and Cloud SQL Resilience Launch Has Changed Its Investment Story