Commvault tests cyber readiness with AI attack simulations
Commvault’s Minutes to Recovery simulation tests cyber readiness by having participants use AI tools to attack and then defend under time pressure.

Commvault has launched a new cyber resilience simulation called Minutes to Recovery, designed to measure how well organizations can recover from AI-driven attacks. The hands‑on exercise lets participants first act as hackers using frontier AI tools, then defend against and recover from the attack under pressure.
The timing matters because attackers are moving much faster than before. The window between discovering a vulnerability and seeing it actively exploited has shrunk to just 29 minutes in 2025 — 65% faster than the previous year, according to the firm’s data.
Playing three roles in two hours
Minutes to Recovery is delivered as a live, scenario‑driven event. It is completed in a single two‑hour session and is available globally onsite in six languages. Participants go through three chapters: first they take the role of an attacker, creating an AI‑driven attack using common frontier tools used by real adversaries.
That gives attendees a realistic look at how fast AI‑accelerated attacks move, how personalized the phishing becomes, and how quickly backup infrastructure gets targeted. The source then flips to the defender role — participants must make real‑time detection decisions with incomplete information and competing priorities under pressure.
Related: Security teams automate tasks with Intezer
Finally, they become recovery experts. The task is to bring systems and data back in a verified clean state without reintroducing the threat. Moving through all three roles, participants learn what each phase demands and where cross‑team coordination breaks down when it is real.
The experience is meant to uncover critical technical and operational weaknesses in recovery plans rather than relying on assumptions in a planning document. The resulting benchmark, Mean Time to Clean Recovery (MTCR), provides a practical measure of recovery readiness based on actual performance under pressure.
Organizations have long treated recovery plans as a checklist item. A binder on a shelf or a once‑a‑year tabletop exercise may not cut it when an attack unfolds in under an hour. The simulation’s design — putting teams through the actual stress of attack, defense, and restoration — shifts the conversation from having a plan to proving that the plan actually works when the clock is ticking.
From planning to proof under pressure
“The question organizations need to answer is no longer, ‘Do we have a recovery plan?’ Instead, they should be asking, ‘Can we prove it will work under pressure?’” said Anna Griffin, Chief Market Officer at Commvault. “As AI compresses the time between compromise and impact, resilience becomes a measurable business capability.”
Related: How mobile phones have impacted interaction in the workplace
Minutes to Recovery is also available through the firm’s global partner network, letting partners host the simulation with their customers. Allen Downs, Vice President of Security and Resiliency at Kyndryl, explained that most organizations believe they are prepared for a cyberattack until they are forced to respond in real time.
“As cyberattacks become faster, more sophisticated, and increasingly unpredictable, recovery strategies must evolve to meet this new reality,” Downs said. “By leveraging this experience, Kyndryl can help customers strengthen their readiness, validate their resilience, and improve their ability to recover from disruption.” He noted that resilience is defined by the scenarios rigorously tested, not by the plans drafted on paper.
The simulation is backed by Commvault’s facilitation infrastructure and the credentialed expertise of the Global Speaker Bureau, according to the announcement. Teams walk away not just with a score, but with a clearer sense of where their actual gaps are — and that, the company argues, is more useful than any spreadsheet.


