Sonnet Code
← Volver a todos los artículos
AI & Machine Learning17 de mayo de 2026·8 min read

Veeam Just Launched the Agent Data Trust Layer — "Control at the Data Source, Not the Agent" Is a Real Architecture Position

Sonnet Code Editorial Team

The release, in one paragraph

On May 12, 2026, at VeeamON 2026 in New York City, Veeam launched the DataAI Command Platform — built on the prior acquisition of Securiti AI (the #1-ranked DSPM platform) and bundled with Veeam's twenty years of recovery and resilience IP. The platform ships six integrated capabilities: DataAI Command Graph (a 300+ connector intelligence foundation spanning cloud, SaaS, and on-prem), DataAI Security, DataAI Governance, DataAI Compliance (mapped against EU AI Act, DORA, GDPR, HIPAA, NIST, AI RMF, and 95+ other frameworks), DataAI Privacy, and DataAI Precision Resilience (surgical recovery on the granularity the command graph provides). The product targets the 550,000+ enterprises Veeam already protects — including 82% of the Fortune 500 and 77% of the Global 2000 — and is positioned as the data-trust substrate for an enterprise where autonomous agents are now operating against operational data at machine speed.

The headline framing is "unified data and AI trust infrastructure." The substance is one tier deeper, and it's the architectural position worth holding on to: "control enforced at the data source, not at the agent." That single design principle reorganizes the agent governance conversation that Microsoft Agent 365 opened on May 1, and it's the part platform teams should be reading carefully.

Why "data-side control" is a different category than "agent-side governance"

For the last six months, the enterprise agent governance conversation has been organizing around two adjacent layers:

Agent-side governance — what Microsoft Agent 365 productized on May 1. The control plane sits above the agent runtimes: a registry of every agent, policy that gates what each agent is allowed to do, audit of every action the agent takes, and a kill-switch for when something goes wrong. This is the layer that says "agent X is allowed to do action Y on resource Z."

Data-side governance — what Veeam is staking a claim on now. The control plane sits under the agent and next to the data: a graph of every sensitive data element in the enterprise, policy that gates which identities (human or agent) can touch which data class, real-time enforcement at the source rather than at the runtime, and audit of every access against the underlying data classification. This is the layer that says "resource Z is governed by policy P, and any identity — including agent X — gets the same enforcement regardless of which runtime they're calling from."

The two layers are complementary, not redundant. A regulated enterprise needs both, and the failure mode of having only one is well known:

  • Agent-side only: the policy plane knows which agents exist and what they're allowed to do, but it doesn't know whether the data the agent just retrieved was PHI or a public marketing asset. If the agent has a broad scope and the data turns out to be sensitive, the audit log shows the agent acted within policy and the compliance team still has to do the breach review.
  • Data-side only: the data plane knows which queries returned which sensitive data, but it doesn't know whether the calling identity was a sanctioned agent, a rogue agent, a curious developer, or an attacker who compromised an API key. The forensic answer is "the data left the building"; the attribution question is open.

The Veeam pitch — and the reason the launch is interesting beyond the press release — is that the combined posture is the architecture every regulated enterprise needs and almost none have. Agent 365 gave the industry the agent registry and the policy plane above the agents. Veeam is shipping the corresponding data registry and the policy plane beside the data. Buyers who deploy both will have an agent posture that's coherent end-to-end; buyers who deploy only one will continue to discover the gap the hard way.

What "control at the data source" actually means in practice

Three concrete shifts in how an agent deployment is shaped, if the data-side control plane is real.

The agent's effective permissions become the intersection of its agent-side scope and the data-side policy, enforced at retrieval time. Today, an agent that's nominally scoped to "customer support tickets" can, if the underlying database isn't policy-aware, pull every ticket in the corpus including ones marked confidential by a different department. With data-side enforcement, the same query returns only the rows the calling identity is allowed to see, regardless of what the agent's runtime thinks its scope is. The defense-in-depth posture is the thing — the agent-side scope is the intent, and the data-side enforcement is the guarantee.

The audit trail becomes joinable across the agent runtime and the data plane. When the compliance team asks "show me every time any agent retrieved PHI on customer X between March and May," the answer requires querying the agent's action log and the data plane's access log and matching them. Today, most enterprises can do one or the other; few can do both coherently. The combined Agent 365 + Veeam posture is the first credible answer to that question.

Recovery becomes surgical rather than catastrophic. When an agent mis-fires — writes a malformed record, leaks a dataset, modifies a policy file it shouldn't have — the recovery story today is usually "restore the full database to the previous snapshot," which is operationally painful and politically expensive. Veeam's "Precision Resilience" capability is the claim that the command graph's granularity lets the recovery be limited to the exact records the misbehaving agent touched, leaving the rest of the system as-is. Whether that claim holds in practice depends on the workload; the architectural shape is the right one.

What the Securiti AI acquisition actually brings

The Veeam-Securiti combination is the operational substance underneath the launch. Securiti was a top-rated Data Security Posture Management (DSPM) vendor before the acquisition, with two pieces of IP that are load-bearing for the new platform:

The data discovery engine. Securiti's product crawls cloud, SaaS, and on-prem data stores, classifies what it finds, identifies sensitive data elements by type (PII, PHI, PCI, IP, regulated content), and builds a real-time map of where each data class lives. This is the hard part of DSPM, and it's the part most enterprise security teams have been doing manually for years with inadequate tooling.

The identity graph. Knowing who can access what is the other hard part. Securiti's identity intelligence layer correlates the access permissions across IAM systems, SaaS apps, and data warehouses to produce a unified view of "identity X has effective access to data class Y through path Z." When an agent identity is added to that graph, the same correlation logic applies — and the answer to "what could this agent access if it tried" becomes a query against the graph instead of a multi-week audit.

Veeam's contribution to the merged platform is the resilience and recovery IP at scale, plus the existing 550,000-customer install base that becomes the distribution channel for the new platform. The combined product is what neither company could have shipped alone in this timeframe.

What it doesn't change

Three things worth saying out loud.

Data-side control is not a substitute for agent quality. A perfectly governed data layer still hands correct, properly-scoped data to an agent that may then hallucinate, take the wrong action, or produce a wrong-but-plausible output. The agent's eval rubric, its trajectory traces, and the senior practitioner's grading of its outputs remain the work that defines whether the agent is good, separate from whether the agent is safe. Veeam's platform addresses the second question; the first remains the customer's problem.

Six capabilities in one platform is an integration story, not a feature claim. The DSPM + governance + compliance + privacy + resilience stack has, until now, been deployed as five or six separate vendors with five or six separate operational stories. Bundling them into one platform reduces the integration tax — but it also creates a single dependency and a single vendor relationship. Enterprises that have invested heavily in alternative DSPM, governance, or compliance tooling will not switch overnight, nor should they.

The 300+ connectors are real, and the long tail of enterprise data sources is longer. Every enterprise has some homegrown system, some acquired-company database, some legacy mainframe that won't show up in the connector list on day one. The mature posture is a combination of the platform connectors plus custom integration; the platform doesn't eliminate that work, it absorbs the common 80%.

Where we'd push back on the launch narrative

"Trust infrastructure for the agentic era" is a positioning, not a guarantee. Trust in an agent deployment is built by senior practitioners writing rubrics, by red teams probing failure modes, by audit trails that survive review, and by recovery procedures that have been exercised before they're needed. Veeam's platform is the substrate that makes those activities tractable; it does not replace them. A buyer who reads the launch as "check this box and our agent posture is solved" is going to be surprised the first time something goes wrong.

"Control at the data source" is a strong design principle and a moderately complete implementation. Source-level enforcement works best when the source itself is policy-aware — cloud data warehouses, modern SaaS apps with API-level scopes, well-instrumented on-prem databases. It works less well for unstructured file shares, legacy systems with no scope concept, and SaaS apps that expose all-or-nothing API tokens. The platform will help where it can; the gaps remain a customer problem.

The integration with the agent-side governance plane is the unanswered question. Microsoft Agent 365 is the agent-side leader in market share terms; the Veeam launch coverage does not detail how the two will compose operationally — shared identities, shared policy language, joinable audit trails. The two products will need to interoperate for the combined posture to be real; that interop is a roadmap item, not a shipped feature.

What we'd build differently this week

  • Inventory the agent identities currently active in the org. Both Agent 365–governed identities and unmanaged ones (script-deployed agents, internal-only agents, vendor-side agents calling your APIs). Most enterprises don't have this inventory and can't make the data-side posture decision without it.
  • Pilot Veeam DataAI Command on one regulated data class. PHI, PCI, or contract-confidential content — pick a class with clear regulatory coverage, scope a 60-day pilot, measure: did the discovery find what your manual mapping missed, did the policy enforcement actually fire when an agent identity violated scope, did the audit trail survive a tabletop compliance review.
  • Author the data-class-to-agent-scope mapping now, before the next agent goes live. Which data classes can any agent see? Which require named-agent approval? Which are agent-prohibited entirely? Write the policy, get it signed by the security team and the data-residency officer, use it as the configuration the platform enforces.
  • Wire DataAI Command audit logs into the same SIEM and trajectory-trace pipeline as your agent-runtime logs. The combined log surface is the artifact compliance and security teams will query; the integration plumbing is one-time engineering work that pays back every incident.
  • Decide who in the org owns the combined agent + data posture. Not the security team alone, not the data team alone — a named role that owns the joint policy, the joint audit, and the joint recovery procedures. Without an owner, the posture defaults to two adjacent teams pointing at each other.

Sonnet Code's take

The Veeam DataAI Command launch is the moment "agent governance" stopped being a single layer and became two — and the right read isn't whether Veeam wins the category. It's that every regulated enterprise deploying agents now has a coherent architecture position to aim for (data-side enforcement under agent-side governance) and a vendor to evaluate against it. The teams that win this cycle are the ones who treat the joint posture as a single design problem, who scope agent identities deliberately against data-class policy, and who staff the senior practitioners who grade what those agents actually do against the rubric that audit, compliance, and security teams can all sign. We staff that work directly: AI development at Sonnet Code is the engineering that wires the Agent 365 + Veeam-style posture into a single operational surface, builds the per-workflow policy that scopes agent identities against data classes, and stands up the trajectory-trace plumbing that makes the audit trail joinable end-to-end. We pair it with AI training engagements where senior practitioners — security architects, compliance specialists, data-governance leads — author the rubrics that grade agent behavior against the policy, and grade the policy itself against the rubric the regulator will eventually ask about. If your team is reading the Veeam launch this week and wondering whether your agent governance posture is complete, the next conversation isn't about which vendor's data plane to buy. It's about the joint policy you haven't written and the practitioner who'd grade whether agents and data actually behave inside it.

Sigue leyendo.

Gemini 3.5 Flash Made Speed the Frontier — Why 289 Tokens a Second Changes Which Agents You Can Actually Ship
AI & Machine Learning9 min read

Gemini 3.5 Flash Made Speed the Frontier — Why 289 Tokens a Second Changes Which Agents You Can Actually Ship

Google's Gemini 3.5 Flash, launched at I/O 2026, runs at roughly 289 output tokens per second — about four times faster than Opus 4.7 or GPT-5.5 — while reportedly beating last quarter's Gemini 3.1 Pro on most benchmarks. The headline is a speed number, but the consequence is architectural: a multi-step agent that reasons, calls a tool, observes, and tries again is a latency-multiplier, and below a certain tokens-per-second threshold those loops are simply too slow and too expensive to run in production. Speed just crossed that threshold for a class of agentic workloads that were demos last quarter. The catch is that 'fast and good enough' redraws your model-selection and lock-in decisions in ways the benchmark table doesn't show.

Sonnet Code Editorial Team · 25 de mayo de 2026
The Frontier Took a Breath in May 2026 — When Models Converge, Your Eval Suite and Routing Layer Are the Moat, Not the Model
AI & Machine Learning8 min read

The Frontier Took a Breath in May 2026 — When Models Converge, Your Eval Suite and Routing Layer Are the Moat, Not the Model

May 2026's most important AI story is the one that didn't happen: no frontier-scale capability jump from Anthropic, Google, Meta, Mistral, or the Chinese labs. The April Intelligence Index ceiling held, and the action moved to architecture, efficiency, and product defaults — Gemini 3.5 Flash running 4x faster while beating last quarter's Pro, Qwen 3.7 Max undercutting the leaders on price-per-quality, the top coding models clustered within a couple of benchmark points. The headline framing is "the frontier is plateauing." The substance is one tier deeper: when models converge, picking the "best" one stops being a strategy, because they're all good enough. The durable advantage moves to the two things that don't commoditize — the eval suite that proves a model works on your workload, and the routing layer that sends each request to the cheapest model that passes. The teams still shopping for the smartest model are optimizing the variable that just stopped mattering.

Sonnet Code Editorial Team · 24 de mayo de 2026