Security
Customer Trust
At Rubrik, we care about you - Our Customer. To succeed and earn your trust, Rubrik needs to meet your expectations every single day, with every interaction. Rubrik also knows that trust starts with security and transparency. This page will help you find information on Rubrik's security, privacy and compliance practices.
Security & Privacy Certifications
Rubrik Security Cloud (RSC) Products and Support Services
ISO 27001
ISO 27001 is an internationally recognized information security standard that provides the requirements for an information security management system (ISMS), outlines best practices, and details security controls to help manage information risks.
The 27001 standard does not require specific information security controls, but it provides a framework upon which Rubrik is constantly building to ensure a comprehensive model of information security controls.
ISO 27017
ISO 27017 provides guidelines supporting the implementation of information security controls for cloud service customers and cloud service providers based on the ISO 27002 standard.
ISO 27018
ISO 27018 is a reference for selecting personally identifiable information (PII) protection controls when implementing a cloud computing information security management system based on ISO 27001, or as guidance for implementing commonly accepted PII protection controls for organizations acting as public cloud PII processors based on the ISO 27002 standard.
ISO 42001
Rubrik is among the first companies globally to be certified for establishing a responsible Artificial Intelligence Management System (AIMS). This confirms our commitment to the ethical and secure governance of AI technologies within our products.
SOC 1 Type II
Rubrik undergoes annual audits to evaluate the design and operating effectiveness of controls relevant to our customers internal control over financial reporting. These reports provide transparency into the fiscal integrity of our service operations.
SOC 2 Type II
SOC 2 reports on the controls at a service organization relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy. At Rubrik, we are SOC 2 Type II certified against the security, confidentiality and availability criteria.
Rubrik Security Cloud SaaS platform and Cluster Software Support Services undergo SOC 2 compliance annually with regards to the security, confidentiality, and availability criteria. Rubrik regularly undergoes a third-party audit to ensure continued compliance with these criteria.
HIPAA
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.
Rubrik Security Cloud SaaS platform and Cluster Software Support Services undergo an independent third-party audit review against HIPAA on an at least annual basis.
HITRUST
Rubrik aligns with the HITRUST CSF to manage data protection and information risk through a unified framework. By integrating requirements from ISO, NIST, and HIPAA, Rubrik provides a high level of assurance for customers in highly regulated industries.
CSA STAR Level 1 and 2
Rubrik demonstrates high security maturity by maintaining both Level 1 self assessments and Level 2 independent third party audits. This dual approach ensures maximum transparency regarding our cloud security posture through the Cloud Security Alliance.
IRAP
Rubrik utilizes the Information Security Registered Assessors Program to ensure our systems are independently assessed against Australian Government security policies. This allows Australian public sector agencies to utilize Rubrik with confidence in the platform rigor.
BSI C5
C5 is a criteria catalogue setting a baseline security level for cloud services. It aims at illustrating information security in a transparent way based on a standardized examination and report.
Rubrik Security Cloud SaaS platform and Cluster Software Support Services undergo an independent third-party audit review against BSI C5 on an annual basis.
TISAX L2
Rubrik maintains TISAX L2 certification to provide a standardized, globally recognized verification of our information security maturity within the automotive supply chain. This assessment and exchange mechanism ensures our high security standards are seamlessly recognized by participants, reducing audit overhead while confirming our commitment to protecting sensitive customer and supplier data.
SEC 17a-4 | FINRA
Rubrik provides data retention and recordkeeping capabilities that satisfy the strict requirements for immutable storage in the financial services sector. This ensures that regulated entities can meet their legal obligations for electronic record preservation and searchability.
US Government Solutions
FedRAMP (Moderate)
The Federal Risk and Authorization Management Program is a United States federal government-wide compliance program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Rubrik Security Cloud-Government (RSC-G) has achieved FedRAMP Moderate authorization.
GovRAMP (Moderate)
GovRAMP promotes cybersecurity best practices through education and policy development to improve the cyber posture of public institutions and the citizens they serve. GovRAMP’s governance committees adopt policies and procedures that standardize security requirements for providers. GovRAMP’s Program Management Office then verifies that those cloud offerings utilized by government satisfy adopted security requirements through independent audits and continuous monitoring. Products that are working towards or have achieved GovRAMP Authorizations are included on the GovRAMP Authorized Products List. Rubrik Security Cloud - Government (RSC-G) has achieved a Moderate level authorization. The list of participating governments is growing.
TX-RAMP (Level 2) (Rubrik Security Cloud - Government)
The Texas Risk and Authorization Management Program (TX-RAMP) is a program that provides review of security measures taken by cloud products and services that transmit data to Texas state agencies. Cloud service providers like Rubrik must demonstrate compliance with the security criteria to receive and maintain a TX-RAMP certification for a cloud computing service. Rubrik Security Cloud - Government (RSC-G) has achieved a Level 2 authorization.
CJIS Attestation (Rubrik Security Cloud - Government)
The U.S Federal Government’s Criminal Justice Information Services (CJIS) Security Policy provides participating Criminal Justice Agencies (CJA) and Noncriminal Justice Agencies (NJCA) with a minimum set of security requirements for access to FBI CJIS systems, and information requirements for the protection and safeguarding of CJI. Rubrik’s third-party attestation confirms that Rubrik Security Cloud - Government (RSC-G) is maintaining a cyber security program consistent with the applicable federal and state laws, regulations, and standards. States wishing to ensure their full compliance with CJIS policy must also execute an Information Agreement and CJIS Security Addendum between their state’s CJIS Authority and Rubrik.
HIPAA
Rubrik is a Business Associate to Covered Entity Customers under the Health Insurance Portability and Accountability Act (HIPAA). HIPAA is focused on ensuring the privacy and security of protected health information of individuals. Rubrik Security Cloud - Government (RSC-G) has a third party Attestation of Compliance with HIPAA Requirements covering HIPAA’s Privacy, Security, and Breach Notification Rules.
FERPA Attestation
The U.S Federal Government’s Family Education Rights and Privacy Act (FERPA) refers to requirements that U.S. academic institutions must adhere to when handling sensitive student data, including educational information and PII. These requirements cover cybersecurity, administrative privacy measures, and disclosures of rights to parents and students.
To the extent Rubrik handles student education records within Rubrik Security Cloud - Government (RSC-G), our cloud service aligns to the limitations and requirements imposed by 34 CFR 99.33(a).
Cybersecurity Maturity Model Certification (CMMC)
The Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC) establishes software conformance to the NIST 800-171 standard (Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations). Rubrik Security Cloud - Government has a third party Attestation for CMMC L2. Rubrik Security Cloud - Private / CDM has a Controls Analysis Summary against the CMMC L2 controls set.
DoDIN APL
The Department of Defense Information Network (DoDIN) Approved Product List (APL) provides a consolidated list of products that are approved for purchase by the U.S. Department of Defense (DOD), including Rubrik Security Cloud - Private (RSC-P) and Cloud Data Management (CDM).
Common Criteria
Common Criteria is an internationally recognized set of guidelines that define a framework for evaluating security features and capabilities of IT security products. Rubrik Security Cloud - Private (RSC-P) and Cloud Data Management (CDM) maintain EAL2+.
FIPS 140
FIPS 140 is a government computer security standard used to approve cryptographic modules for use in government departments and regulated industries. Rubrik Security Cloud - Private (RSC-P), Cloud Data Management (CDM), and Rubrik Security Cloud - Government utilize FIPS 140-2 and FIPS 140-3 validated cryptography.
Executive Order 14028
Executive Order 14028 on Improving the Nation’s Cybersecurity is intended to enhance federal cybersecurity. In accordance with this EO, Rubrik adheres to certain baseline security standards for development of software sold to the government and supply chain security associated with the software. We maintain Attestations for Rubrik products meeting Executive Order 14028 requirements within the government’s Repository for Software Attestations and Artifacts web site.
Privacy
Data Privacy Framework
Rubrik is certified under the Data Privacy Framework (DPF) which covers EU-US, Swiss-US and UK-US data transfers. The DPF Certification highlights Rubrik’s dedication to upholding the highest standards in data privacy and protection. The DPF certification demonstrates that Rubrik's data handling practices fully comply with the rigorous requirements of the DPF, ensuring your information is managed securely and responsibly. By partnering with Rubrik, you can trust that we adhere to globally recognized privacy standards, providing you with peace of mind and a competitive advantage in safeguarding your data across borders.
Global CBPR
Rubrik is certified under the Global Cross Border Privacy Rules (CBPR) Certification. This certification confirms that Rubrik's handling of personal information as a data controller meets internationally recognized data protection and privacy standards. The certification ensures that our clients can trust that we adhere to a globally recognized framework for privacy excellence.
Global PRP
Rubrik is certified under the Global Privacy Recognition for Processors (PRP) program.
The certification confirms that Rubrik activities as a personal information processor meet internationally recognized data protection and privacy standards. This certification fosters global trust and facilitates seamless cross-border data transfers by ensuring that Rubrik remains consistently aligned with the privacy requirements of its global clients and regulators.
APEC PRP
Rubrik has achieved the APEC Privacy Recognition for Processors (PRP) Certification, which underscores our commitment to handling your data with the highest privacy standards. This internationally recognized certification ensures that Rubrik's data processing practices meet stringent APEC requirements, providing you with confidence in the security and integrity of your information. By partnering with Rubrik, you benefit from our ability to facilitate secure cross-border data flows within the APEC region, offering a competitive edge through our recognized commitment to data protection.
APEC CBPR
Rubrik has achieved the APEC Cross-Border Privacy Rules Certification (CBPR), reinforcing our dedication to protecting personal data throughout its global lifecycle. This certification validates that Rubrik’s privacy policies and practices align with the comprehensive APEC Privacy Framework, ensuring a robust level of protection for data subjects across participating economies. By leveraging our CBPR certification, we can streamline international data transfers and simplify compliance with regional privacy laws, fostering trust and operational efficiency in an increasingly regulated global market.
Privacy Policy
Rubrik maintains a privacy program that monitors regulatory requirements with oversight from dedicated privacy personnel. Learn more about Rubrik’s privacy policy by navigating to https://www.rubrik.com/en/privacy-policy.
GDPR Compliant
The General Data Protection Regulation is a European regulation to ensure that companies who do business both within and outside the European Union protect the personal data and privacy of EU citizens by giving individuals greater control over their personal data. Compliance with the GDPR is a top priority here at Rubrik. We are dedicated to ensuring that your data is secure.
CCPA Compliance
The California Consumer Privacy Act is a law regulating how companies can use, store, or otherwise handle the personal data of California residents. Rubrik is committed to complying with the CCPA.
Product Security
Rubrik integrates defense-in-depth strategies and security best practices across the product lifecycle to protect customer data, maintain platform integrity, and uphold industry-leading standards. Security is embedded in architecture and development workflows, and enforced through testing, vulnerability management, and incident response.
Secure by Design
Rubrik builds products with security and privacy incorporated from the earliest stages. Security requirements are defined during planning, validated through formal architecture reviews, and continuously reassessed as the platform evolves.
Security-First Architecture: Components are designed following zero trust principles, with strong tenant isolation, controlled access, and built-in mechanisms for risk reduction.
Privacy & Compliance by Design: Features and workflows are architected to protect customer data and support regulatory obligations, aligned with industry-standard frameworks.
Secure Defaults: Systems are provisioned to minimize exposure and enforce least privilege.
Secure Development Lifecycle
Rubrik maintains a structured secure software development lifecycle (SDLC) covering design, coding, testing, and release. Security is integrated at every stage to detect, mitigate, and remediate vulnerabilities.
Threat Modeling: Potential risks are evaluated during design and architecture reviews, with mitigation measures implemented before release.
Secure Coding Standards: Engineers follow secure coding practices to prevent risks such as injection attacks and broken authentication.
Peer Review & Change Management: All code changes are subject to mandatory peer review and approval workflows to ensure security, quality, and accountability.
Source Code Access Controls: Only authorized personnel can modify source code, and roles are segregated to prevent conflicts of interest.
Software Composition Analysis (SCA) & Secrets Detection: Monitors open-source and third-party components, generates Software Bills of Materials (SBOMs), and identifies known vulnerabilities. Additionally, to prevent accidental credential exposure, Rubrik enforces secrets detection at multiple layers.
Security Testing & Assurance
Security testing is integrated into the development lifecycle to identify and remediate vulnerabilities before deployment.
Dynamic Application Security Testing (DAST): Simulated attacks in pre-production environments validate runtime security and application behavior.
Penetration Testing & Red Team Exercises: Rubrik performs both internal and independent penetration testing to validate security assumptions, identify exploitable weaknesses, and assess the effectiveness of security controls across products and environments. In addition, Rubrik utilizes its internal Threat Research & Operations team to execute a continuous cycle of offensive validation and defensive hardening. The Internal Red Teaming service conducts quarterly adversary simulations designed to stress-test security controls against real-world attack scenarios.
Vulnerability Management
Rubrik continuously monitors, prioritizes, and remediates vulnerabilities to reduce risk.
Vulnerability Identification & Prioritization: Security vulnerabilities are identified, assessed, and scored based on severity.
Remediation & Updates: Patches and updates are deployed promptly, with expedited action for critical or high-severity vulnerabilities.
Responsible Disclosure & Vulnerability Response
Rubrik maintains a structured program for reporting and remediating security vulnerabilities. Customers, partners, and security researchers can report potential issues through Rubrik’s Vulnerability Disclosure Program.
Rubrik also operates a vetted Bug Bounty program to validate externally discovered vulnerabilities, ensuring timely remediation and continuous product security improvement. All reports are assessed promptly, prioritized based on severity, and addressed efficiently. Security advisories provide guidance for mitigation and patch deployment, while lessons learned feed back into development practices to strengthen platform security.
Cloud Security
Rubrik protects cloud-based infrastructure, applications, and data through layered security controls designed to reduce the risk of unauthorized access, data exposure, and misconfiguration. These controls support secure operations across public, private, and hybrid cloud environments while aligning with compliance and resilience requirements.
Secure Cloud Platform
Rubrik Security Cloud is built on a secure, cloud-native architecture that supports scalability and resilience. The platform follows a Zero Trust security model that requires strong identity verification for access, including multi-factor authentication (MFA) and integration with customer-managed identity providers using SAML or OIDC.
Cloud Data Protection and Encryption
Rubrik protects customer data in the cloud using industry-standard cryptographic controls that preserve confidentiality and integrity throughout the data lifecycle.
1. Encryption in Transit
Data transmitted across all networks, including public and internal service-to-service communications, is encrypted using TLS 1.2 or higher to protect against interception, unauthorized modification, and unauthorized access during transmission.
2. Encryption at Rest
Customer data stored within Rubrik's cloud platform is encrypted at rest using AES-256 encryption to protect stored information.
3. Key Management
Encryption keys are managed through controlled lifecycle processes, including secure generation, storage, rotation, and access.For supported cloud workloads and storage locations, Rubrik provides customers with the option to configure Bring Your Own Key (BYOK) capabilities for encryption key management. BYOK support varies based on the specific workload, cloud provider, and storage target. Encryption keys are managed in accordance with defined key lifecycle management processes, including periodic rotation and protection controls for key encryption keys (KEKs) and data encryption keys (DEKs).
Multi-Tenant Security Isolation
Rubrik's cloud platform enforces logical isolation between customer environments. Controls are in place to prevent cross-tenant access and protect customer data in shared cloud environments.
Network Security & Continuous Monitoring
Rubrik implements a defense-in-depth approach to network security through layered security controls, strict access restrictions, and continuous monitoring designed to protect systems against unauthorized access and evolving cyber threats. Threat detection and prevention capabilities are used to help identify, monitor, and respond to suspicious or malicious activity across the environment.
Identity & Access Governance
Access to the Rubrik Security Cloud platform is governed by strong identity and access management controls, including role-based access control (RBAC) and the principle of least privilege. Multi-factor authentication (MFA) is enforced to protect access, and internal access to production systems is restricted to authorized personnel on a need-to-know and just-in-time basis. Customers can federate access to Rubrik Security Cloud with their own identity provider via SAML or OIDC.
Threat Detection & Incident Response
Security events are centrally monitored to support timely detection, investigation, and response across Rubrik's cloud platform and supporting infrastructure. Rubrik maintains a dedicated Security Incident Response Team responsible for monitoring, investigating, and responding to security events identified through internal monitoring systems or reported by personnel.
Secure Development and Vulnerability Management
Rubrik embeds security throughout the engineering lifecycle using a secure software development lifecycle aligned with industry-recognized standards (e.g., NIST SSDF, OWASP ASVS). Vulnerability management and security testing identify and remediate security issues, and platform controls are in place to reduce the risk of malicious activity prior to release. Rubrik engages qualified third parties and conducts in-house penetration testing against the Rubrik Security Cloud platform to proactively identify and validate security weaknesses. Additionally, Rubrik operates a coordinated vulnerability disclosure process for externally reported findings.
Shared Responsibility Model
Rubrik secures the Rubrik Security Cloud platform, including the underlying infrastructure, platform-level security controls, and the integrity and availability of the service. Customers are responsible for configuring the security features available to them within Rubrik Security Cloud, Cloud Data Management, and their cloud tenant accounts, including identity provider integration, role-based access policies, retention configuration, and network restrictions such as IP allowlisting.
Enterprise Security
Rubrik is committed to protecting customer data, corporate assets, and business operations through a comprehensive enterprise security program. Security is embedded across all aspects of our business and guided by industry standards and best practices.
Enterprise Security Program
Rubrik’s enterprise security program is led by the Chief Information Security Officer (CISO) and supported by senior leadership. It is structured around an Information Security Management System (ISMS) that aligns security practices with business objectives, industry frameworks, and continuous improvement principles to maintain a strong security posture.
Governance and Oversight
Governance ensures security policies and procedures are effectively implemented and regularly reviewed, with executive leadership providing strategic direction and oversight for all security initiatives.
Risk Management
Rubrik has a formal risk management approach that identifies, assesses, and mitigates potential risks across people, processes, and technology to protect operations and customer data.
Human Resource Security
Rubrik ensures that personnel are appropriately vetted, trained, and supported to maintain a secure working environment. HR security practices include careful screening during hiring, ongoing security training, and the enforcement of policies and the Code of Conduct to foster accountability and awareness.
Security Training and Awareness
All personnel complete security and privacy training at onboarding and annually, reinforced with role-specific learning and simulated exercises to maintain a security-conscious workforce.
Personnel Screening
Personnel undergo careful background checks and screening during onboarding to ensure integrity and suitability for handling sensitive information.
Code of Conduct
All personnel acknowledge and adhere to Rubrik’s Code of Conduct, which defines expectations for ethical behavior, accountability, and the protection of information and corporate assets.
Identity and Access Management
Access to systems and data is controlled through role-based access management and the principle of least privilege, with periodic reviews to ensure access remains appropriate to responsibilities.
Access Control
Access is limited to authorized personnel, and separation of duties is enforced to reduce the risk of unauthorized or inappropriate access.
Authentication
User accounts are secured through multi-factor authentication and centralized identity management, with enhanced monitoring for privileged accounts.
Access Reviews
Periodic access reviews are conducted to confirm that user permissions remain consistent with current job roles and responsibilities.
Operational and Infrastructure Security
Rubrik maintains a layered security approach to protect systems, applications, and data through continuous monitoring, vulnerability management, and proactive threat detection.
Vulnerability Management
Systems and applications are continuously assessed for vulnerabilities, which are prioritized and remediated to minimize potential risk.
Monitoring and Detection
Security operations monitor environments around the clock, leveraging automated systems and expert oversight to detect and respond to threats promptly.
Endpoint and Network Protections
Endpoints and networks are safeguarded with multiple layers of security, including encryption, malware protection, network segmentation, and intrusion detection.
Physical Security
Rubrik’s facilities are secured with controlled access, video surveillance, intrusion detection, and trained personnel to prevent unauthorized physical access and protect critical systems.
Third-Party Risk Management
Rubrik evaluates and monitors the security posture of vendors to ensure their practices align with organizational standards and support the protection of customer data.
Business Continuity and Incident Response
Rubrik maintains operational resilience through documented continuity plans and a structured incident response program, ensuring timely detection, containment, resolution, and learning from security events.
AI Principles
For years Rubrik has leveraged machine learning to help our customers protect their data. With the advent of modern Generative AI technology and AI agents, Rubrik continues to innovate and build solutions to help customers harness the advantages of this powerful technology. For example, Rubrik offers AI-powered solutions that customers can use to manage AI operations and respond to cyberattacks and operational failures in their environments.
Rubrik is committed to safe, secure, transparent, and ethical use of all technology, including Generative AI technology, in line with our core company values of Relentlessness, Integrity, Velocity, Excellence and Transparency (RIVET). Our commitment to security is backed by our ISO/IEC 42001:2023 certifications for Artificial Intelligence Management Systems (AIMS). This independent validation ensures that our investment in the safe use of Generative AI technology is comprehensive and follows industry best practices.
Due to the cutting edge nature of Generative AI, customers often have questions about how Rubrik utilizes this technology in its offerings. In addition, we recognize that different customers may have different preferences around the use of Generative AI. Accordingly, we are committed to providing customer choice, meaning customers will always have the choice whether or not to use Generative AI solutions in our products. With the below we answer commonly asked questions.
FAQs
Rubrik continues to explore ways to leverage Generative AI to innovate and deliver results for our customers. Rubrik’s generally available Generative AI solutions are Annapurna, Rubrik AI, and Rubrik Agent Cloud.
Annapurna is designed to enable AI-driven applications, including those that handle sensitive data, like customer support or finance, that will meet the needs of business and security leaders. With Annapurna, Rubrik customers can create natively built chatbots and API endpoints all within the Rubrik Security Cloud (RSC) UI to securely query their backup data directly through RSC or with downstream applications. Annapurna users currently have the option to leverage Large Language Models (LLMs) from Microsoft Azure OpenAI Service or Amazon Bedrock.
Annapurna is certified under ISO/EIC 42001:2023 standards for Artificial Intelligence Management Systems (AIMS). Annapurna is not enabled by default and is available for purchase as a separate offering. To learn more about Annapurna, visit https://www.rubrik.com/products/annapurna.
Rubrik AI is an agent that works within RSC. Rubrik AI simplifies and enhances user interactions with RSC and makes it easier for our customers to diagnose issues, troubleshoot their environments, and manage RSC features. Rubrik AI currently leverages Generative AI services from enterprise cloud providers, including Amazon Web Services, Inc., Google LLC, and Microsoft Corporation, and Rubrik-provided content (such as our technical documentation) and matches user intent to a defined workflow based on a pre-trained model.
Rubrik AI has multiple skills, and Rubrik intends to continue launching new skills for Rubrik AI over time. Some skills are available for all customers, while some of the more advanced Rubrik AI capabilities require an Enterprise Edition or Proactive Edition license. Currently, Rubrik AI skills include: answering questions about the customer's RSC environment, providing diagnostic and troubleshooting guidance, facilitating support case creation, and providing recommendations to remediate cyber incidents. When Rubrik AI recommends actions, its recommendations are based on the Role-Based Access Control (RBAC) permissions of the user account. Actions that do not correlate to user account permissions are not available. Moreover, user confirmation is required before Rubrik AI proceeds with any action.
Rubrik AI is certified under ISO/EIC 42001:2023 standards for Artificial Intelligence Management Systems (AIMS). Rubrik AI is not enabled by default and requires opting in. To learn more about Rubrik AI, visit https://www.rubrik.com/products/ai-powered-cyber-recovery.
Rubrik Agent Cloud is a platform that helps enterprises deploy AI agents safely, confidently, and at scale. With Rubrik Agent Cloud, users can monitor, govern, and remediate actions taken by their deployed AI agents. Rubrik Agent Cloud utilizes pre-trained LLMs from Microsoft Azure OpenAI Service as well as pre-trained open source or otherwise publicly available models.
Rubrik Agent Cloud is not enabled by default and is available for purchase as a separate product that must be enabled in the RSC UI. To learn more about Rubrik Agent Cloud, visit https://www.rubrik.com/products/rubrik-agent-cloud.
Yes.
Rubrik is committed to providing customers with choice around the use of Generative AI solutions.
Annapurna is not enabled by default and is available for purchase as a separate product that must be enabled in the RSC UI. To learn more about Annapurna, visit https://www.rubrik.com/products/annapurna.
Rubrik AI is disabled by default and will only be available when enabled by a privileged user in the customer’s account. Certain Rubrik AI capabilities, such as log-based troubleshooting, require a separate opt-in and can be disabled independently. To learn more about Rubrik AI, please visit https://www.rubrik.com/products/ai-powered-cyber-recovery.
Rubrik Agent Cloud is not enabled by default and is available for purchase as a separate product that must be enabled in the RSC UI. To learn more about Rubrik Agent Cloud, visit https://www.rubrik.com/products/rubrik-agent-cloud.
Annapurna users currently have the option to leverage LLMs from Microsoft Azure OpenAI Service or Amazon Bedrock. Annapurna’s secure embeddings are stored in Pinecone, a third party vector database. To learn more about Annapurna, visit https://www.rubrik.com/products/annapurna.
Rubrik AI uses enterprise cloud service providers, including Amazon Web Services, Inc., Google LLC, and Microsoft Corporation, to host and support Generative AI-enabled functionality. These providers act solely to support the delivery of Rubrik AI, and do not use customer data to train or fine-tune third-party models.
Rubrik may update the specific models, model versions, or underlying platforms used within these approved environments from time to time as improved functionality becomes available.
To learn more about Rubrik AI, please visit https://www.rubrik.com/products/ai-powered-cyber-recovery.
Rubrik Agent Cloud utilizes pre-trained LLMs from Microsoft Azure OpenAI Service as well as pre-trained open source or otherwise publicly available models. To learn more about Rubrik Agent Cloud, please visit https://www.rubrik.com/products/rubrik-agent-cloud.
Annapurna and Rubrik AI both currently leverage pre-trained LLMs provided by enterprise cloud service providers, and Annapurna customers can leverage pre-trained Amazon Bedrock models upon request. Rubrik Agent Cloud utilizes pre-trained LLMs from Microsoft Azure OpenAI Service as well as pre-trained open source or otherwise publicly available models. No customer data is used to train or fine-tune these models.
Annapurna, Rubrik AI, and Rubrik Agent Cloud currently leverage pre-trained third party LLMs. Customer queries and prompts are not used to train or fine-tune these models.
Some of our Generative AI solutions may ask for optional feedback from users and may give users the option of including the chat transcript as part of the feedback. Such feedback is optional; if provided, it may be used by Rubrik for troubleshooting, analytics, and feature improvement but will not be used to train or fine-tune any Generative AI model.
Chat transcripts generated by use of Rubrik AI and Annapurna by customers are stored in the customer’s tenant-specific database in RSC to provide customers with their chat history. Chat transcripts are stored until deleted by the customer.
For Rubrik Agent Cloud, logs, policies, and agent and action inventories are stored in Rubrik’s secure AWS or GCP storage.
Rubrik is committed to ensuring that its Generative AI solutions are safe, secure, and transparent, and is continually working to improve the accuracy and relevance of AI-powered content. Rubrik has evaluated and tested its currently available Generative AI features to assess their accuracy and reliability and continues to explore ways to enhance the accuracy and performance of these features.
Annapurna uses RSC’s built in Role Based Access Controls (RBAC) to provide permissions to view, manage and use chatbots. Roles can be created and managed at the chatbot level to enable these capabilities for the appropriate users. When an end-user or app requests access to data from Annapurna, it reaches out to the corresponding source application to validate the user's permissions to the source data. This way, permission validation is always up-to-date, and revoked permissions on production are reflected in Annapurna.
Before enabling Rubrik AI, a customer’s privileged users are notified that the tool is AI-powered and that its use is optional. When users interact with Rubrik AI, recommended actions are based on the RBAC permissions of the user account and will always require user confirmation before proceeding with any recovery or quarantine action. RSC audit logs also indicate the user account that confirmed the specific actions performed using Rubrik AI for monitoring and transparency purposes.
Rubrik is continually working on innovative ways to improve cyber resilience and secure our customers’ data.
Rubrik recently launched Rubrik Agent Cloud, a platform that helps enterprises deploy AI agents safely, confidently, and at scale. With Rubrik Agent Cloud, users can monitor, govern, and remediate actions taken by their deployed AI agents. Rubrik Agent Cloud utilizes pre-trained LLMs from Microsoft Azure OpenAI Service as well as pre-trained open source or otherwise publicly available models.
Stay tuned here for more information as we continue to roll out exciting new developments.
SAFE HARBOR STATEMENT
Any unreleased services or features referenced here are not generally available and may not be made generally available on time or at all, as may be determined in our sole discretion. Any such referenced services or features do not represent promises to deliver, commitments, or obligations of Rubrik, Inc. and may not be incorporated into any contract. Customers should make their purchase decisions based upon services and features that are currently generally available.
If you have questions, comments, or feedback about Rubrik’s Generative AI features and practices, please reach out to ai-legal@rubrik.com. If you have a privacy concern, complaint, or question, please reach out to privacy@rubrik.com.