Cohesity has announced an expanded multi-year strategic partnership with Google Cloud with an ambitious goal: to turn data protection — including immutable backups, “clean” recovery, and governance — into the foundation that allows companies to adopt large-scale artificial intelligence without compromising security risks or conflicting with regulatory requirements related to
The announcement, dated December 16, 2025, comes at a time when many organizations feel caught between two simultaneously growing forces: on one side, the pressure to extract value from large volumes of data (many unstructured) using models and assistants; on the other, the reality that cyber incidents don’t just aim to take systems down but also corrupt or contaminate information to complicate recovery efforts. Cohesity and Google Cloud aim to address this tension with integrations that combine AI, cyber resilience, and security operations, along with a clear message about “sovereignty” as a competitive advantage—not a burden.
AI “with feet on the ground”: data-driven, traceable responses
One of the pillars of the partnership is Cohesity Gaia, Cohesity’s enterprise AI assistant. According to the company, organizations can now use Gemini models to enable Gaia in both cloud and on-premises deployments, making it easier for employees to extract value from unstructured data through natural language queries.
The roadmap goes further: Cohesity plans to integrate Vertex AI Search into Gaia to deliver “grounded” responses to structured queries, accompanied by relevant citations extracted from source files stored in the platform’s immutable data lake. In business terms: fewer generic responses and more ability to indicate “where each statement comes from,” which is key when AI is used for internal decision-making, audits, or compliance.
Additionally, there is mention of planned integration with Gemini Enterprise, a “domain-specific” platform aimed at delivering AI capabilities to employees and workflows. The promise is that these agents — from Google or its ecosystem — can securely access the corporate data history stored in Cohesity Data Cloud, connecting seamlessly with existing processes.
At the same time, Cohesity emphasizes that a GA version of Cohesity Gaia hosted on Google Cloud is already available, “right now,” to improve speed, availability, and the value of responses by leveraging Google Cloud’s global infrastructure.
Security: Threat detection even where no one is watching… in backups
The second major pillar is cybersecurity, particularly the idea that an attacker’s “gold” isn’t just in production systems but also in backup repositories, where traces, artifacts, or even payloads could compromise future recovery efforts.
Cohesity states that its Cohesity Data Cloud platform incorporates Google Threat Intelligence to help clients detect and eliminate threats that may have infiltrated enterprise data stores. The approach relies on high-fidelity Indicators of Compromise (IOCs) to enable both proactive threat hunting and reactive scanning, with a very specific goal: to execute more reliable cyber-clean recoveries.
On an operational level, the company also highlights incident response capabilities: its Cohesity CERT will collaborate with Google Cloud’s Mandiant Incident Response team to support joint clients with rapid recoveries from potentially destructive incidents.
Further integrations are announced, such as deeper connections with Google Security Operations to automate SOC workflows, detect threats lurking in backup data, and reduce response times. A particularly notable element in this line is the upcoming launch of a SaaS product for cyber resilience with isolated recovery in Google Cloud, designed to restore data from a “clean room,” even if primary systems have been compromised.
Digital sovereignty: the “frontier” where AI adoption decisions are made
In Europe — and increasingly in other regions — the enterprise AI conversation often centers around one word: sovereignty. Cohesity and Google Cloud emphasize this as a fundamental pillar of their partnership, noting that Google has already certified Cohesity as a Google Cloud Ready – Regulated & Sovereignty Solutions partner.
The idea is that organizations can deploy Cohesity Data Cloud within the Google Cloud Data Boundary to meet residency and control requirements. For maximum resilience, Cohesity promotes FortKnox, its “cyber vaulting” solution, which in Google Cloud would allow for immutable, isolated copies stored within specific regions, with policy controls to ensure these vaults are only stored and recovered within approved jurisdictions.
In a market where regulation continues to tighten, the implicit message is clear: since AI feeds on data, where it resides, how it’s protected, and the controls around recovery are no longer technical details—they are essential conditions for scaling AI initiatives.
Enhanced cloud service protection and simplified purchasing
The announcement also dives into the layer of workload protection within Google Cloud. Cohesity highlights DataProtect as a solution for safeguarding critical services like Google Compute Engine and Google Cloud Storage, as well as multiple databases, with immutability options stored either in Google Cloud or on-premises infrastructure.
Future support will include expanded options for GKE and BigQuery, alongside more regional storage choices tailored to resilience and compliance needs. To simplify adoption, Cohesity indicates that components of Cohesity Data Cloud are available in the Google Cloud Marketplace, and plans are underway for joint go-to-market programs, co-selling, and integrated marketing campaigns.
A key caveat: not everything announced is available today
The announcement includes a standard but critical disclaimer: services and features are future promises that may not arrive as scheduled or may not materialize at all. Practically, this means organizations should differentiate between what is ready for deployment now and what is still on the roadmap.
Frequently Asked Questions
What does integrating Vertex AI Search into Cohesity Gaia provide for companies?
According to the announcement, the goal is to deliver responses that are more “grounded” in corporate data and supported by references to source files, which is useful for internal queries, audits, and reducing “hallucinations”.
Why is threat detection in backups important, beyond production?
Because recovery can fail if restored data contains traces of intrusion. The approach aims to improve the chances of executing “clean” recoveries supported by threat intelligence and indicators of compromise.
What role does data sovereignty play in this partnership?
It’s increasingly a requirement: deploying within bounds like Google Cloud Data Boundary and using regional immutable vaults helps meet residency, jurisdictional control, and local governance standards.
What is “clean-room recovery” in this context?
Refers to restoring data from a secure, isolated environment in the cloud, designed to recover operations even if primary systems have been compromised during a cyberattack.
via: cohesity