For years, HYCU built its reputation on one core promise: protect your SaaS data, no matter where it lives. With coverage across more than 100 workloads — from GitHub and Jira to Salesforce, Okta, and Microsoft 365 — they became one of the most comprehensive backup platforms in the market.
But backup has always had a blind spot. All that protected data sat dormant, timestamped and organized, waiting to be recovered — and nothing else. HYCU wants to change that.
On May 14, the company announces HYCU aiR (AI Resilience), a new capability built directly into its R-Cloud platform that turns backup data into a queryable intelligence layer for security, compliance, and IT teams.
The pitch is straightforward: every backup is already a detailed record of what happened inside your applications. Every file that was touched. Every permission that changed. Every configuration that shifted. aiR makes that record searchable — in plain English.
The Problem With the Current Approach
Most organizations working outside the Fortune 500 face a familiar dilemma. They're running dozens of SaaS applications, deploying AI agents and copilots, and operating with limited visibility into what's actually happening across all of it.
The tools that offer that visibility — DSPM platforms, insider risk solutions, identity governance tools — are priced for large enterprises. Stack a few of them together and the cost exceeds what many midmarket healthcare or financial services companies spend on their entire security stack.
So most organizations don't buy them. The questions go unasked. Is there PHI sitting in Salesforce? Did an AI agent access customer records in Confluence last week? Is someone systematically exporting data from Box?
"For two decades, security tools watched what happened inside applications and backup tools stored the record of it. The two never spoke," said Simon Taylor, Founder and CEO of HYCU. "Between SaaS sprawl and AI agents acting at machine speed, most companies can't tell you what they have, let alone what changed in the last hour."
What aiR Actually Does
HYCU aiR adds two core capabilities to R-Cloud.
The first is natural language search across backups. Teams can query their backup data the same way they'd query a colleague. Ask it to show every file containing passport numbers across Salesforce and Microsoft 365 backups. Ask it to flag every permission change in Okta over the last 90 days. Ask it to identify which AI agents accessed customer records in the past month. No configuration required — if it's protected by HYCU, it's queryable.
The second is the Agent Garden, a collection of purpose-built agents that each read from the same backup data and answer specific questions. Current agents include:
- Regulated Data and IP — surfaces PII, PHI, financial records, and intellectual property scattered across protected applications
- Insider Risk — detects unusual access patterns and behavioral anomalies
- Configuration Drift — compares snapshots over time to catch unauthorized settings changes
- IAM Posture Management — tracks identity drift and access policy violations
- Anomaly Detection — flags unusual data patterns that could signal a compromise
- Agent Governance — monitors AI agent activity across the protected estate
That last one is worth pausing on. AI agents operating inside tools like GitHub, Confluence, and Salesforce are already touching sensitive data at a scale and speed that's hard to audit. Agent Governance is specifically designed to track what those agents are doing — and flag when something looks off.
Organizations can also build their own agents and publish them to the garden, creating custom queries tailored to their specific compliance requirements.
Why Coverage Depth Matters Here
The intelligence aiR produces scales directly with how many workloads HYCU is already protecting. That's not a small detail — it's the whole business case.
A platform protecting only Microsoft 365 can surface Microsoft 365 insights. HYCU's 100+ workload coverage means aiR can connect dots across environments that no single-vendor tool could see. An identity change in Okta that quietly cascades into GitHub and Salesforce permissions. An AI agent that read records in Confluence and wrote output to SharePoint. Regulated data that left a sanctioned application six months ago and now lives in three places the compliance team hasn't mapped.
"HYCU built the broadest protection coverage in data protection precisely because the organizations they serve cannot afford gaps," said Enrique Salem, Partner at Bain Capital Ventures. "aiR turns that coverage into a security intelligence advantage that purpose-built visibility tools spend years and hundreds of millions in customer budgets trying to replicate."
IDC Research Manager Johnny Yu put it in practical terms: "As more organizations are treating their backups as a queryable record of what happened inside their applications — and not just a static safety copy sitting in cold storage — it's important that data protection tools can inform as well as they protect."
What's Next
HYCU is opening an early access waitlist for aiR today at hycu.com/air. Organizations that sign up will enter the early adopter program alongside existing HYCU customers already testing the capability.
The bigger idea here is a shift in how organizations think about backup data. Not as insurance you hope you never use, but as an always-on, time-stamped record of your entire operational environment. For teams that have never been able to afford the enterprise visibility stack, that's a meaningful change.
