Hot Takes on Resiliency, AI, and Recovery: Spicy Bytes with Commvault

If you’ve never seen Hot Ones, it’s an interview show with a simple twist: every question comes with a hotter chicken wing than the last. It works because the heat has a way of burning off the safe answers. By wing six, nobody is sticking to a script.

That’s the idea behind Spicy Bytes, the new video series from Wasabi where we bring in smart people and ask the questions teams are wrestling with right now: security, cloud storage, recovery, AI, all while the Scoville units climb. Ten wings. Ten questions. Ten hot takes. The only rule: keep it real.

For this episode, I’m joined by Michael Fasulo from Commvault and Wasabi’s own Drew Schlussel inside the NESN Studio at historic Fenway Park to talk about what resiliency looks like heading into 2026. The result? It’s the kind of fast-moving discussion you only get when you put industry experts in a room who’ve seen every kind of failure… and then hand them Da Bomb.

Before I give too much away, here are three hot takes that stuck with me, the kind of quotes you’ll still be thinking about the next time cyber resilience comes up. We dig into each one in the episode, and the conversation gets more honest as the heat rises.

When the plan meets reality

“Hope is not a strategy.” (Drew)

Drew Schlussel doesn’t hold back on some of his favorite expressions. This line comes up in the middle of a broader point about ransomware, human error, and the uncomfortable truth that most environments don’t fail in clean, predictable ways.

Ransomware fatigue is real, and the stakes aren’t getting smaller. Threats keep evolving, and attackers don’t need to rely on the standard playbook anymore (encrypting everything) to cause serious damage. They can win by making recovery slower, riskier, and more uncertain, or by compromising what you thought was recoverable in the first place.

Michael adds another layer with the kind of story you only collect after years of watching real environments fail in surprising ways. It’s not always the obvious scenario that takes you down. Sometimes it’s the weird edge case, the one nobody planned for, and resiliency is what keeps you operational anyway.

“It’s not always what you plan for. It’s what you don’t.” (Michael)

The good, the bad, and the scary of AI

“AI makes it that much easier to infiltrate, to find your weaknesses, and […] scale social engineering.” (Drew)

AI comes up in this episode for the same reason it’s coming up in every strategy meeting right now: it’s expanding the scope of what you have to protect, and raising the stakes on what recovery actually means. It’s not just about safeguarding a model or a single system. It’s about protecting an entire chain of assets, decisions, and data flows that most organizations are still learning how to inventory, let alone secure.

Michael and Drew get into what that looks like in practice: where AI introduces new risks, the places it amplifies old ones, and why the fundamentals still decide whether you recover cleanly or recover into more chaos. The conversation also lands on a reality we’re seeing everywhere: as complexity rises, more teams are leaning on managed service providers because it’s hard to be great at your actual business when you’re also expected to be a 24/7 security and recovery shop.

“The complexity of modern IT is exceeding the capabilities of your average business owner.” (Michael)

AI isn’t the whole story, but it’s absolutely accelerating the need to simplify, operationalize, and prove you can recover when the environment gets messy.

When prevention fails, recovery is the test

“Storage is a strategic security decision.” (Drew)

Rob Black, founder of Fractional CISO, recently wrote a great breakdown of why cloud storage is a security decision, and he says it better than I can. The short version is this: most security energy goes into prevention, but the real test is what happens after something goes wrong.

That’s why cloud storage is inseparable from security now. Storage is where you decide:

• whether attackers can delete or tamper with your recovery copies.

• whether compromised applications can reach everything they shouldn’t be able to.

• whether you can prove your recovery path works without turning testing into a budget fight.

Drew explains the logic behind separation: keep distance between the applications you run every day and the copy you will bet the business on when things go sideways.

“Break glass in case of emergency […] The cloud is a great place to put that Nth copy.” (Drew)

That “Nth copy” is your insurance policy. It is harder to reach, harder to compromise, and there when you need it. And it only works if you can actually afford to use it as intended. Yes, you need to store it, but you also need to test it.

That’s where Wasabi fits in this story: affordable, predictable pricing for the in-case-of-emergency copy. The one you can validate without turning every test restore into a budget debate.