HYCU’s springboard: organizations will develop corporate memories

HYCU CEO Simon Taylor and IT Brand Pulse analyst Frank Berry argue that organizations must develop corporate memories to enable conversational AI and agents to query a comprehensive data store for accurate responses. HYCU's new aiR AI Resiliency product uses a context engine with graph relationships to interrogate backups from over 100 SaaS apps and on-premises systems, allowing users to detect insider threats and assess risk scores by analyzing historical data.

HYCU’s springboard: organizations will develop corporate memories Analysis. Organizations will have to develop corporate memories so that conversational AI and agents can query one comprehensive corporate data store to generate accurate responses without blind spots. This insight was presented twice in one week, by HYCU CEO Simon Taylor at a face-to-face meeting, and by Frank Berry, the founder of, and senior analyst at, IT Brand Pulse https://itbrandpulse.com/ . HYCU is a SaaS-based data protection and cyber-resilience supplier which has just announced an aiR https://www.blocksandfiles.com/data-protection/2026/05/14/hycu-adds-agentic-backup-data-intelligence-layer-to-find-and-fill-risk-gaps/5240353 AI Resiliency product. The aiR product is a context engine with graph relationships, which is sed by AI agents and talks to other AI agents to interrogate an organization’s HYCU backups in response to natural language inputs: “Give me a list of IT resources accessed by just departed employee Jimmy Smith” or “Which employees data access privileges have increased in the last three months?” It does this by accessing the backup file and following traces through it. This backup file can contain backed-up data from over 100 SaaS apps, plus VMware, Nutanix and other on-premises applications. If a company’s HR staff, lawyer, or finance people wanted to do this without having access to the HYCU backup then they would find it extraordinarily difficult. Most organizations now have myriad SaaS applications in use, each with their own data stores and admin access procedures: M365, Salesforce, JIRA, Okta, Trello, Box, iManage, etc., etc. The investigator/researcher would have to exhaustively access each one, find the target person’s activity record, understand what it means, and check it out. This could take days and, unless there is an up-to-date and complete SaaS-apps-in-use record, be incomplete. Suppose the employee being checked was suspected of being a misbehaving rogue person in some way. You would want to find out the blast radius of their potential misdeeds and absolutely not want blind spots. Then, Taylor, says, you need two things; a central record of all the SaaS and on-premises application accesses and access rights across your organization, and skilled AI agents that can trawl through this on request, locate relevant activity and access traces, and follow them where they lead to build the picture the requesting person requires. You could then generate a risk score for the employee and decide what to do with that knowledge. For example: “Jimmy Smith has a risk score of a 78 because he's pulling data late at night.” It’s not sufficient to do this just using real-time data. You need a history so you can go back in time to see what happened and when. That’s why a central backup store is good for this. Taylor said: “Okay, I found these insider threats. They've got high risk scores. Show me the blast radius." And it will say, "Okay, Jimmy Smith, he's on the list, click it, and it shows over time, here's the timescale, here's all the applications he usually uses." Two days before he left, he suddenly opened 32 applications and exfiltrated all this data and you see the blast radius, everything he did. So you can go and have a conversation, you can protect yourself, you can safeguard and, if you do it proactively, preemptively, you can make sure those systems get shut down before he's let go.” To do this, you must have agents that can understand data items in the cetral store and connect the dots to see that an increase in access rights was followed by a Salesforce admin request which then led to sales records being exfiltrated. Taylor is coming at this from a cyber-resilience angle. He reckons that the SaaS app blast radius is now huge, with dozens of SaaS apps in use, and HYCU’s 100+ SaaS app coverage, combined with its on-prem coverage, provided a springboard for aiR’s development. He said: “This is cyber intelligence from the perspective of building agents that will go and look at your metadata of your backup data and give you like a flight recorder, real end-to-end insights about your business. You can build reports that allow you to go to your board and say, "Here's these five people. We have an insider risk problem.” And: “You can build reports to go to other departments and say, "Your department's keeping way too much PII and it's out of compliance.” HYCU’s aiR can track what agents are doing as well, and unwind undesirable activities. I noticed shades of - - Rubrik AI https://www.blocksandfiles.com/ai-ml/2026/06/10/rubrik-using-ai-for-a-service-interface-anthropic-claude-safety-net-and-cloud-app-stack-recovery/5253408 here. Taylor said: “Even if Rubrik builds everything that I just said, they still only have eight different SaaS sources that they protect. So until they add 102 more sources, they're still going to be like a person with a memory loss.” Organizational Memory This brings us to Frank Berry. He’s working on a report called “PersonalAI Memory” which will come out shortly. It looks at the need for a Personal AI Memory PAIM . This would be “the solution for unifying fragmented AI memories into a single, portable memory system capable of providing Unified Context across an individual's entire digital life.” This is fascinating stuff but he also looks at the organizational equivalent, more relevant to us, saying: “Organizational Memory represents the collective intelligence of an enterprise. It includes policies, procedures, customer knowledge, project history, product expertise, operational processes, institutional decisions, and the accumulated experience of the workforce. As AI becomes increasingly integrated into business operations, organizations will require memory systems capable of preserving and leveraging this knowledge over time. ” He outlines a concept of an organizational memory vault which “provides a secure, governed platform for storing, organizing, retrieving, and sharing organizational knowledge and becomes the system of record for enterprise memory, enabling AI agents, employees, and business applications to access relevant organizational context when needed.” This is similar to Simon Taylor’s aiR ideas. Both notions require AI chatbot and agent access to a unified memory store which captures all relevant transactions and metadata organizing them into a coherent whole. Taylor brings in another angle, a budget one. Enterprises are thinking about cyber security, DSPM vendors, AI Intelligence vendors, meaning extra costs: “But the beautiful thing about all of it aiR is that it's all based on your backup budget. So unlike all these new AI companies that are trying to create budgets, we can get right in there and people say to people, "Look, it's a 30 percent upcharge on your current backup score." He said: ”We've actually changed the whole HYCU business model around AI resiliency and it's outcome-based. It's completely built around the idea of providing this information and making it available for customers.” Comment Taylor’s aiR agent investigations of an organization’s central activity history store aka backup in old pre-AI agent terms and Berry’s Organizational Memory concepts have similarities to themes coming out of developments at Cohesity, Rubrik and Veeam. Members of finance, HR, legal, production, sales and security departments in organizations will all have the need at some stage to look into the history of activities relevant to some inquiry they need to make. These activities will be multi-dimensional in application terms and, practically speaking, only AI agents will be able to trawl through the organization’s central store and understand the complex sub-infrastructures they find there. We are possibly witnessing, we think, the first appearance of this with HYCU’s aiR and Rubrik’s AI agents. If Taylor is right, the data protection/cyber-resilience vendors are best positioned here because they will have the central data stores needed; their backup records. These must spread their ingest sources so that as many of the myriad digital transactions taking place in an organization each day are captured; all of them ideally. Taylor reckons that this absolutely must include the main SaaS app transactions. Ignore those and you are leaving blind spots. With 106 SaaS apps on HYCU's roster this is, he reckons, HYCU’s springboard.