The D&O Diary has been chronicling how securities plaintiffs continue to expand litigation theories beyond traditional “AI-washing” claims. The recent securities class action against data protection company Commvault Systems, Inc. demonstrates how AI hype and strategy can become entangled with traditional securities claims, even when actual AI integration is not the central issue of the lawsuit.
By contrast to AI-washing claims, in which the allegation is that the defendant company overstated its AI capabilities, this new complaint involved alleged overstatement of AI capabilities. The following discusses the allegations against Commvault in more detail, compares the Commvault complaint to other AI-related securities litigation and considers the potential D&O underwriting takeaways.
The Commvault SCA
On May 18, 2026, the complaint against Commvault (Commvault SCA) was filed, in the District of New Jersey and alleges that Commvault and certain executives overstated the sustainability and predictability of the company’s annual recurring revenue (“ARR”) growth, while failing to disclose that these projections did not adequately account for the changing mix of sales underpinning that growth.
At the same time, Commvault management allegedly emphasized the company’s “AI-enabled cyber resilience platform,” linking these capabilities to customer demand and long-term growth expectations. The alleged misstatements, however, do not turn on whether those AI-related descriptions were false. Instead, plaintiffs focus on whether the company’s revenue guidance and supporting disclosures adequately reflected the impact of shifting deal structures on ARR performance.
According to the complaint, Commvault failed to accurately project how its rapid shift toward AI-driven SaaS offerings would impact ARR calculations. As customer demand pivoted heavily toward these modern SaaS and cloud-isolated tools, new contract structures carried lower average selling prices. This structural change diluted near-term ARR metrics, meaning the company’s financial guidance fell short even though overall market demand for its AI cyber-resilience platform remained robust.
Even so, the complaint alleges that, during the company’s October 2025 earnings call, the CFO stated that second-half performance implied “$45 million of net new ARR,” above the $40 million baseline discussed earlier in the fiscal year. However, despite high demand for Commvault’s AI-enhanced cybersecurity tools, when the company reported third-quarter fiscal 2026 results on January 27, 2026, the lower pricing structures of those AI SaaS deals caused ARR growth to miss expectations at $39 million (versus the guided $40–45 million), causing a 31% stock price crash.
Discussion
What makes the Commvault lawsuit notable is precisely that it does not fit neatly within the now-familiar category of “AI-washing” cases. In earlier suits, plaintiffs typically alleged that companies overstated the existence, sophistication, or readiness of their AI capabilities. Here, by contrast, the complaint does not meaningfully challenge Commvault’s AI-related statements as false.
Instead, the core allegation concerns ARR guidance, specifically, that the company overstated the sustainability and predictability of its recurring revenue growth while failing to disclose key operational variables affecting those projections.
The AI references matter in a different way. Their significance is not that they were allegedly misleading in isolation, but that they indicated increased growth. By repeatedly highlighting its “AI-enabled” platform and linking it to increasing demand and long-term opportunity, the company arguably conveyed a sense of durability and momentum that plaintiffs claim was undermined by the underlying shift in sales mix and contract structure.
In this respect, the alleged disconnect is not between AI capability and reality, but between messaging and metrics. The complaint can be understood as asserting that the company’s emphasis on AI-driven growth contributed to an overall disclosure framework that did not fully or clearly communicate the factors limiting the predictability of ARR performance.
This framing places the case within a broader, emerging category of AI-adjacent disclosure claims. In these cases, AI is not the actual source of the misstatement, but it serves to contextualize and shape investor expectations. In these cases, the litigation risk arises not from overstating AI technology itself, but from how AI-related themes are incorporated into broader discussions of business performance, strategy, and outlook.
The Commvault securities class action should not be conflated with disclosure cases like the one filed against Reddit, which strictly alleges a failure to warn investors about external threat vectors from Google’s AI search summaries. Commvault represents an internal disruption: the mathematical miscalculation of revenue metrics during a structural shift to an AI SaaS model. However, looking past those functional differences reveals a broader shared truth. In neither case is the underlying AI technology alleged to be broken or fraudulent; instead, both actions target how AI developments reshape the context of a company’s broader financial and operational reporting.
These cases suggest that AI-related litigation exposure may increasingly arise not from what companies say about AI technology, but from how AI influences the assumptions, risks, and uncertainties embedded in their disclosures.
This comparison highlights an important evolution in AI-related securities litigation. Rather than focusing on whether AI capabilities are overstated, these cases focus on whether companies have adequately disclosed the business implications of AI, whether as a source of disruption, as in Reddit, or as part of a broader operational and revenue model shift, as in Commvault. In that sense, the emerging risk is less about “AI-washing” and more about AI-related disclosure incompleteness or contextual distortion.
For D&O underwriters, the Commvault SCA underscores how AI-related securities litigation risk is evolving beyond traditional “AI-washing” allegations into a broader category of disclosure-driven claims tied to business model transitions and financial metrics. The complaint focuses on whether management adequately conveyed how AI-related strategic shifts, particularly the move toward SaaS and cloud-based offerings, affected key performance indicators such as ARR. Companies emphasizing AI-enabled growth while simultaneously undergoing changes in pricing models, contract structures, or customer acquisition dynamics may present elevated disclosure risk if those complexities are not clearly articulated.
In addition, as illustrated by both Commvault and the Reddit action, AI-related exposure may arise where companies understate risks or fail to explain how AI-driven changes affect core business performance. For D&O underwriters, this means evaluating not only the presence of AI in a company’s strategy, but also how management discusses associated uncertainties, assumptions, and potential variability in forward-looking statements. Ultimately, AI-related risk appears increasingly embedded within ordinary disclosure practices, making it critical for underwriters to assess disclosure controls, consistency of messaging, and the robustness of assumptions supporting guidance, rather than focusing narrowly on AI technology claims alone.
From this perspective, even if the Commvault complaint is not, strictly speaking, an “AI case,” it reflects how AI has become embedded in the disclosures companies use to explain performance and growth. As a result, litigation risk may emerge where those disclosures, AI-related or otherwise, outpace the underlying operational realities or fail to fully capture sources of variability.
For D&O underwriters, the implication is that assessing AI-related risk requires looking beyond representations about technology and focusing instead on how AI-driven strategy is translated into disclosure, particularly where it intersects with key performance metrics, guidance, and investor expectations.