Business of Tech

The episode highlights a structural shift from automation that suggests actions to automation that executes actions autonomously, thereby transferring substantial operational risk and accountability to technology vendors and their AI-driven platforms. This transition is exemplified by Atera's deployment of their autonomous AI agent, Robin, which is positioned to handle a significant proportion of Tier 1 and complex Tier 2 IT tickets for managed service providers (MSPs). The company's commercial strategy, including performance guarantees, signals an increased expectation that AI can assume core IT operational responsibilities that were traditionally reserved for human engineers. Atera has introduced a policy wherein Robin is guaranteed to autonomously close at least 50% of all Tier 1 and complex Tier 2 tickets within 90 days of onboarding, or fees are waived. According to Atera, this commitment is supported by a backend analysis of MSP tickets and live demonstrations using historical data. The company asserts that Robin's mean time to repair is approximately 120 seconds, that onboarding is managed collaboratively, and that the rollout is more akin to hiring and training a human engineer than a standard software deployment. This approach is backed by patent filings and a business model integrating AI as the foundation rather than an add-on. The episode further examines the implications of mandatory AI bundling in Atera's redefined RMM and PSA platform offering. The company has faced pushback from segments of the MSP community dissatisfied with bundled AI services and associated pricing changes, particularly from those wishing to maintain control over their technology stack. Atera responds by describing a re-conceptualization of their platform as inherently AI-driven, distinguishing between “platform AI” and the autonomous Robin agent, and clarifying that preexisting AI users would not incur additional costs. There is also discussion around the impact of automation on human roles and the need for new approaches to training and accountability, particularly for junior staff. For MSPs and IT service providers, these developments signal an increase in infrastructure dependency on vendor-managed AI agents, as well as new layers of contract risk linked to performance guarantees and platform integration. The operational reality described involves a significant reduction in required headcount, a shift in staff responsibilities from routine incident response to higher-order business and security tasks, and the necessity for designated internal management of AI tools. There remain unresolved concerns about skill degradation and the long-term risks of over-automation, including the narrower pathways through which junior personnel may acquire foundational experience. Sponsored by:  ScalePad https://scalepad.com/dave/ Nerdio https://nerdio.co/MSP-Radio Sign up for the SMB Online Conference: www.smbonlineconference.com

Vendors supplying AI-driven technologies are experiencing sustained margin pressure from high operational costs and underwhelming business-level returns, leading to the rapid creation of new product categories that are pushed into the MSP channel. Companies such as Atomic Work, Silverfort, and Guards are releasing governance tools for managing AI agents, while Connect Secure is offering patch management products targeted at MSPs. These launches are not indicators of competitive differentiation, but of structural cost challenges being passed from vendors to their partners.   Business media reports and internal industry data reveal that while individual productivity from AI implementations increases—for example, by accelerating engineer output—the promised business-level gains in productivity, revenue, and profit have not materialized to the extent vendors projected. According to analysis cited by Dave Sobel, high operational costs are forcing large firms like Microsoft, Google, Amazon, and Uber to restrict or cap AI usage internally, reflecting an industry-wide retreat from premium pricing models due to an unclear return on investment at the organizational level.   Additional developments reinforce this margin-driven shift. The federal Cybersecurity and Infrastructure Security Agency (CISA) has mandated 72-hour patching of high-risk vulnerabilities, underscoring heightened compliance requirements. Simultaneously, vendors are accelerating the rollout of governance, identity, and patch velocity tools. However, a study analyzing over 13,000 US MSPs found that those surpassing $1 million in revenue are distinguished by market positioning, online visibility, and business maturity, not by the breadth or novelty of their toolsets.   For operators, the implication is clear: stacking up new vendor products is now a baseline requirement rather than a path to competitive advantage. Firms that rely solely on vendor frameworks and toolsets risk absorbing more complexity without improving margin or differentiation. Practical separation will come from owning the "judgment layer"—defining, governing, and pricing how AI functions within client environments—rather than reselling tools. Positioning, documented governance, and clear operational standards will be more defensible than investing exclusively in vendor-driven offerings. 00:00 Manufactured Urgency  03:58 The Cost Confession 06:09 Out-Buy vs. Out-Position 08:35 Why Do We Care?    Supported by:  Nerdio  Sign up for the SMB Online Conference:  www.smbonlineconference.com

Vendor channel consolidation continues to restructure the MSP landscape, with private equity-backed rollups driving both market concentration at the top and increased deal volume. This episode centers on the sale of Worksighted, a 25-year-old, $27 million revenue MSP with strong vertical focus in healthcare and construction, to Thrive in a 35-day close. The structural mechanism at play is an increasing market segmentation where larger MSPs systematically acquire or merge with similarly sized providers, often leaving a gap for smaller operators as larger entities move upmarket. Primary evidence for this consolidation includes direct transaction data and workflow. According to Abraham Garver, his team handled 132 vetted buyer candidates for Worksighted, resulting in eight competitive offers after 76 signed NDAs. Thrive, having completed 27 MSP acquisitions, was able to accelerate the deal's timeline due to deep experience and preparation by both buyer and seller. The trend is further supported by Q2 market updates indicating 22 U.S. MSPs likely to come to market in 2026 and over 120 M&A transactions in Q1 alone, as reported by Drake Star. Related developments highlight the bifurcation of deal opportunities by provider size and the associated liquidity for MSPs. Private equity buyers increasingly favor acquisitions with a minimum of $3 million in revenue and $500,000 in EBITDA, while smaller MSPs are more commonly left to pursue peer-to-peer mergers or organic growth strategies. The episode also addresses the operational pitfalls of optimizing solely for high recurring revenue percentages, with evidence suggesting buyers offer premiums for organic growth and new client acquisition rather than rigid recurring revenue thresholds. For operators, these dynamics generate clear tradeoffs and risks. Larger MSPs face the challenge of integrating acquired firms and potentially divesting smaller clients who do not meet their revised minimums. Smaller MSPs may find opportunity by acquiring divested clients or targeting niche segments that fall beneath larger consolidators' thresholds. For all providers, the importance of thorough preparation, clean financials, and strategic clarity on post-transaction roles emerges as a key safeguard against value loss and disruption. Rigid adherence to target metrics not grounded in buyer behavior—such as focusing excessively on monthly recurring revenue—carries the risk of reduced flexibility and diminished exit prospects. Sponsored by:ScalePad ABCS Sloutions LLC

Platform vendors are transferring liability and delivery responsibility for AI services onto MSPs by building structured AI practice frameworks, training programs, and service delivery methodologies. This approach is motivated by mounting economic pressures on vendors, as seen with large-scale infrastructure investments and the need for sustainable revenue models. PAX8, Ingram Micro Cloud, ConnectWise, and others are formalizing AI partner programs that enroll MSPs to deliver vendor-defined services, while shifting operational complexity and accountability downstream. The episode highlights PAX8's Managed Intelligence initiative, aimed at helping small and midsize MSPs deliver AI services to SMB clients with minimal prior expertise. PAX8 cites its own research, which notes that 62% of SMBs view AI as essential for competitiveness and 74% plan to increase AI spending in the coming year. The economics of AI scaling are underscored by data on projected data center buildout costs—up to $15 trillion by 2030 and requiring $1.75 trillion annually just to maintain. OpenAI's public offering, with an $850 billion valuation and $180 billion in funding, is attributed to the need for capital that private markets can no longer supply, prompting vendors to leverage channel partners for both revenue generation and market validation. Supporting developments include expanded programs at the distribution and platform levels: a PAX8-Nocdoc partnership providing managed NOC/SOC services for smaller MSPs, Ingram Micro Cloud's collaboration with PartnerStack to formalize AI service delivery infrastructure, and ConnectWise's introduction of an AI-native platform for predictive and autonomous IT operations. Research from Omnia and the IBM Institute for Business Value indicates underutilization of vendor market development funds and widespread deployment of AI frameworks despite only 11% of tech leaders feeling prepared—demonstrating the gap between vendor offerings and operational readiness. The implications for MSPs are significant. By enrolling in these vendor-driven AI programs, providers take on delivery risk, contractual accountability, and potential liability for AI outcomes they did not design. The structural split is clear: MSPs can either create and govern their own AI methodologies—pricing accountability as a service—or become vehicles for vendor frameworks, absorbing complexity without full compensation or control. Practical recommendations include updating service agreements for AI-related risks, building internal governance around AI deployments, and not allowing vendor or community consensus to substitute for explicit accountability for outcomes. 00:00 Channel AI Shift  03:59 Enrollment, Not Enablement 06:55 Methodology vs. Liability 10:01 Why Do We Care?  Supported by:  Zero Networks  CometBackup 

The episode identifies a growing governance gap as a central structural issue for MSPs and IT service providers, driven by rapid AI adoption through subscription-based tools and platforms. Rather than being introduced as controlled, IT-led initiatives, AI services are entering organizations piecemeal—often through end users and business units—undermining established accountability and management practices. This dynamic is exemplified by ConnectWise's dismantling of its ASIO platform in favor of a new AI-native operating layer designed to unify PSA, RMM, security, and automation functions, and by clients independently layering on AI-powered tools without centralized oversight or cost control. A primary example of ungoverned risk involves unsustainable AI cost exposure. According to Axios and TechCrunch, an enterprise amassed around $500 million in a single month on Anthropic's Claude due to unlimited, unmonitored usage. Freshworks' survey of over 12,000 IT professionals quantifies the industry's operational friction, finding mid-market companies waste about 25% of AI budgets on complexity, for a total of $16 billion in annual waste. Despite 89% of respondents planning to increase AI spend, only 15% have actively integrated these tools into daily workflows—revealing widespread governance lag behind adoption. Supporting developments highlight the breadth and persistence of this governance deficit. Organizations such as the Linux Foundation have responded by forming the Tokenomics Foundation to standardize AI cost tracking. Meanwhile, AI tool adoption is occurring outside IT, leading to agent sprawl, unclear permissions, and cost scaling linked to agent behavior rather than headcount. Roll-up strategies in adjacent sectors—such as Thrive Holdings' $1 billion commitment to consolidate accounting firms under an AI operational platform—demonstrate capital's move toward operationally governed, AI-enabled service models, suggesting a parallel risk for IT providers. For MSPs and IT leaders, these trends underscore the urgency of operationalizing AI governance as a billable, contractual service rather than an informal or embedded support task. Risks include absorbing liability for unmanaged AI usage, exacerbated operational complexity, and relinquishing margin to platform or capital entrants. Practical steps involve conducting AI tool audits, inventorying agent access and spend, instituting usage controls, and reframing account segmentation around governance and liability exposure. MSPs who define, price, and contract for governance can mitigate inherited risk and avoid being displaced by vendors or capital-backed consolidators. 00:00 ConnectWise Rebuilds  03:59 Ungoverned Agents 06:06 Roll-Up Warning 09:38 Why Do We Care?    Supported by:  Moovila  ScalePad 

A central structural mechanism highlighted in this episode is the exposure and amplification of technical and organizational weaknesses by enterprise AI initiatives, particularly as organizations pursue rapid AI adoption without adequate investment in data and process fundamentals. The episode draws on findings from an MIT Media Lab report, which found that 95% of enterprise AI pilots had no measurable impact on profit and loss, despite $30–40 billion in investment. Michael Privat, representing the healthcare technology firm Availability, discusses the consequences for organizations that apply “thin” AI overlays on top of unaddressed legacy data infrastructure and processes. The most consequential data point centers on AI's amplifying effect. According to the MIT Media Lab report cited by Michael Privat, 74–75% of companies expect revenue growth from AI, but only 20% are realizing gains. The root cause identified is not AI itself, but foundational failures: organizations use pilots as procurement exercises rather than outcome-driven initiatives and neglect to address data consistency and process integrity. Pilot projects, in many cases, simply accelerate the visibility and scale of existing dysfunctions rather than creating new value. Further evidence is provided through discussion of operational methodologies and organizational approaches. Michael Privat details a shift from pre-AI process benchmarks, such as DORA metrics focused on predictability and velocity, toward new models that account for AI's speed and amplification risks. He points to increasing investments in engineering capacity—in particular, tripling headcount in India—while emphasizing that efficiency gains from AI only materialize where discipline, standardization, and solid engineering “plumbing” is already in place. Both the need for audit trails and rigorous governance, especially in regulated sectors like healthcare, are flagged as structural safety requirements rather than optional layers. Operationally, the implications for MSPs and IT leaders include the risk of exposing latent deficiencies when implementing AI-driven offerings, particularly when layering automation and analytics atop fragmented or inconsistent infrastructure. Key areas of impact are the need for robust governance frameworks—especially with agentic AI, where dynamic system behaviors require ongoing accountability and auditability—and the risk that AI investments made without process and data “spring cleaning” can actually accelerate failure modes. For IT service providers, the material risks are in unexamined process debt, tool misalignment, and the temptation to prioritize velocity over resilience, ultimately increasing operational and contractual exposure. Supported by:NerdioScalePad  

The current structural shift centers on the transfer of accountability for AI risk from vendors and regulators to managed service providers (MSPs). Vendors such as Anthropic and Microsoft are expanding their enterprise-focused AI channel programs and services tracks, while regulators pull back from enforcement, leaving MSPs as the de facto accountable parties for AI deployments. Reports and data indicate that vendor-driven channel expansion and regulatory laxity are converging to make service providers the liable layer in AI delivery. Anthropic is broadening its CLAUDE partner network from around 100 to several thousand partners, organized in tiers with outcome-based incentives and a dedicated services track targeting MSPs and system integrators. Microsoft, responding to low Copilot adoption rates (reported at 3.3% of eligible users), is allowing full removal of Copilot from systems. An IDC/Expereo survey of 800 companies found 70% are budgeting for AI, but investment is driven more by competitive anxiety than proven results. Additionally, a concentrated group—top 5% of users—accounts for the bulk of enterprise AI-related risk, according to a separate analysis. Supporting developments include the emergence of Lemhi, an early-stage platform aimed at enabling MSPs to package and sell AI transformation as a recurring service, and warnings from lawmakers about cuts to CISA that undermine federal cyber defense capacity. The episode also highlights a consistent theme: government agencies such as the White House and NIST are shifting toward voluntary measures and measurement frameworks, declining to create enforceable accountability standards for AI in production environments. For MSPs and IT leaders, these developments translate to increased contract and operational risk. Without renegotiated agreements specifying usage ceilings, approval workflows, and liability terms, providers may inherit unpredictable financial exposure and compliance gaps. The absence of effective governance requirements from both vendors and authorities places the operational burden on MSPs to define, monitor, and enforce safe use of AI, including recurring governance services such as data boundary enforcement and audit evidence. Failure to address these issues may result in MSPs acting as uninsured support for unmanaged AI deployments they cannot fully control or price. 00:00 MSP AI Play  04:24 AI's Accountability Gap 06:50 MSP Risk Transfer 09:49 Why Do We Care?  Supported by:  ScalePad Moovila 

The episode examines a structural shift in the MSP business model driven by the introduction of AI-linked consumption-based pricing layered on top of traditional per-seat fees. This emerging mechanism, typified by Microsoft's E7 license, adds variable AI consumption charges to otherwise predictable monthly service costs. Vendors are restructuring partner payment models, with Microsoft's move closely watched by others, signaling a wider potential for volatility in the recurring revenue foundations of MSPs, according to analysis from Jay McBain and recent channel data. The most consequential development is Microsoft's E7 pricing, which explicitly adds an AI consumption cost to the standard per-seat license. This move introduces variability at “machine speed,” in contrast to previous examples such as cloud storage, where consumption remains predominantly human-driven and thus more predictable. Analysts note that similar micro-consumption models—charging per conversation, process, or API call—are being adopted by hundreds of companies. Market data from Omnia and referenced industry research places the global IT spend at $6 trillion in 2026, with two-thirds delivered by channel partners and a rapid shift from fixed, subscription models toward micro-consumption billed at a granular, usage-based level. Supporting evidence includes the lack of sufficient vendor-provided controls for variable consumption, leaving MSPs exposed to unplanned cost spikes. While large enterprises are introducing robust FinOps practices and loading up cloud credits, smaller MSPs serving SMB customers are not prepared with similar governance structures. There is also vendor-led encouragement for AI adoption—such as persistent in-app assistants—that drive up consumption before adequate controls or cost-passing mechanisms are established. The sustainability of current pricing models is further questioned by the fact that providers like OpenAI and Anthropic are themselves subsidizing significant portions of token usage, distorting true costs throughout the value chain. For MSPs and IT service leaders, these developments mean greater exposure to unpredictable costs, potential margin pressures, and increased contractual risk tied to AI consumption. Operators cannot rely on vendors to provide spend caps or consumption governance today; failure to build internal controls or pass-through mechanisms may result in absorbing unpaid liabilities. Accountability for AI-driven actions, remediation, and configuration changes will rest with the MSP, elevating both operational complexity and liability exposure. The current environment requires building governance, audit trails, and spend management capabilities now, ahead of broader market adoption of AI consumption models. Supported by: CometBackup

Outcome-based managed security and attached vendor warranties are driving a new form of coverage-based vendor lock-in for MSPs and IT service providers. Vendors such as Intezer and SPECTRA are introducing performance guarantees, SLAs, and cyber resilience warranties that require MSPs to fully standardize on their architectures. This evolving model shifts accountability for enforcement and risk management from the individual MSP to the vendor's operating model, thereby altering the independent role of the MSP within client environments. A notable example is Intezer's Amplify Partner program, which asserts that its platform can process 100% of security alerts while escalating fewer than 2% for human review—claims the company frames as outcomes rather than product specifications. SPECTRA's use of certification-linked warranties, distributed via Ingram Micro, establishes channel-distributable assurance products with explicit conditions attached at every level. According to a Check Point report, while 77% of organizations report having adopted AI for cloud security, only 26% feel capable of enforcing those strategies, revealing a gap between security intent and operational ability. This structural shift is further illustrated by Merlin Cyber's FedRAMP managed service offering, Lumen's MDR enhancements targeting mid-market MSPs, and Trustlogix's addition of intent-based authorization controls. The FBI's announcement regarding Microsoft 365 OAuth token hijacking and recent vulnerabilities in widely used platforms like ConnectWise Automate underscore the real-world risks of automation platforms being targeted. These developments collectively point to growing operational complexity, rising compliance burdens, and the need for MSPs to separate their commitments from upstream vendor claims. For operators, the trend demands increased scrutiny of warranty terms, claim denial conditions, and SLA language before making any client-facing assurances. MSPs risk absorbing liability if they repeat vendor marketing claims without contractual clarity or operational control. Effective governance now requires independently produced, audit-ready evidence that documents compliance and enforcement separate from vendor portals. As assurance sales proliferate, the operational gap between acting as an underwriter versus a reseller will drive market differentiation, affecting both pricing structures and eligibility for vendor-backed coverage. 00:00 Channel-Ready Security 03:41 Policy vs. Reality 05:59 MFA Isn't Enough 09:12 Why Do We Care?    Supported by:  ScalePad Moovila   

A fundamental structural shift underway is the movement of AI from isolated features to operationalized, production-level workloads in MSP tooling and client environments. This transition is not primarily about the capabilities of individual AI models but about their integration into existing operational platforms and workflows. Companies such as PDQ, Senteon, Domotz, and Zoom are incorporating AI agents directly into management layers, endpoint automation, and workflow orchestration, thereby increasing both the scope and complexity of AI impact. The locus of value is shifting from features to workflow control and integration, creating new demands for governance, consumption monitoring, and exit strategies. The most consequential development referenced is the transition in AI billing and operational models from static user or seat licenses to variable, usage-based consumption. He cites TechCrunch's coverage of GitHub Copilot's move to token-based billing and Semafor's reporting of Uber's rapid exhaustion of its 2026 AI budget in four months due to unbounded consumption by generative tools. F5's State of Application Strategy report is referenced to confirm that multi-cloud and parallel model operations are now common, with significant instances of AI-related security incidents already reported. Secondary developments reinforce this structural realignment of risk and accountability. PDQ, for instance, is expanding multi-tenant management and integration capabilities, while Senteon enables endpoint hardening and drift control directly in Rewst's platform. Domotz's MCP server allows AI agents to operate across 40,000 networks globally, and Zoom is packaging AI context protocol features for workflow automation. Each of these changes is designed to increase operational efficiency, but also expand the surface area for unintended consequences, elevated operational complexity, and potential budget overruns. For MSPs and IT leaders, the operational implications center on governance, spend control, and clear accountability over AI-driven tools and workflows. The risk is that without adequate monitoring, policy setting, and contractual clarity—especially around data portability and exit costs—MSPs may face liability for unplanned consumption, misconfigured automation, or governance gaps. The evidence indicates the need to proactively audit AI integrations, set usage thresholds, instrument logging and budgeting controls, and renegotiate vendor contracts to ensure service boundaries and oversight mechanisms are in place before workflows become too deeply embedded. 00:00 MSP Stack Resets  04:09 AI Needs Governance 06:45 Govern AI or Pay 09:22 Why Do We Care?  Supported by:  Nerdio Zero Networks   

Forced arbitration clauses have become embedded as a dominant mechanism in technology vendor contracts, shifting legal risk and accountability away from large vendors and reducing recourse options for managed service providers (MSPs) and IT service firms. This structural change, present in agreements with RMM and PSA vendors as well as hyperscalers such as Microsoft, Amazon, and Google, establishes a private dispute resolution system that operates beyond the traditional court system and is typically non-negotiable for smaller partners. The shift is evidenced by data and case studies outlined by Brendan Ballou. According to supplied figures, while consumers win in 89% of small claims court cases, their success rate drops to between 20% and 30% in arbitration, and even less—sometimes as low as 0.2%—for certain arbitration providers. Arbitration clauses are enforced even in extreme cases, as illustrated by a notable instance involving Disney, in which a forced arbitration clause was applied following a consumer's prior account registration. Legal precedent as far back as the 2011 Supreme Court decision referenced by Brendan Ballou has broadened the Federal Arbitration Act well beyond its 1925 origins, further entrenching this system. Additional developments reference increased litigation in the 1980s, often cited as justification for expanding arbitration, though he attributes much of the legal caseload surge to government actions rather than consumer or employee lawsuits. The technology industry's broad adoption of arbitration, especially in contracts where MSPs have little or no room to negotiate, further cements these power imbalances. Alternatives such as mediation are discussed as potentially less risky, but their adoption remains limited. The operational implications for MSPs, IT service providers, and IT leaders include heightened contract risk and reduced leverage in vendor disputes. Arbitration clauses limit access to open legal processes, restrict discovery rights, and are prone to bias in favor of vendors with repeat arbitrator relationships. For MSPs reliant on large platforms and suppliers, this creates ongoing exposure and complicates risk management. Mitigating measures—such as leveraging peer coordination for "mass arbitration" or negotiating for post-dispute mediation rather than pre-dispute forced arbitration—require proactive planning but may remain unavailable in standard vendor agreements. Supported by:MoovilaHaloPSA  

The structural shift highlighted in this episode is a move from simple AI enablement to a managed service model centered on agent governance, enforcement, and workflow automation within IT environments. The episode identifies unmanaged AI agents as a source of escalating risk, citing vendors like Scalepad shifting from remote monitoring to SaaS and AI usage discovery, and referencing research and audits from SNCC and Verizon that identify tangible security flaws and unapproved AI activity within organizations. Managed service providers are increasingly positioned as the operational layer that defines and enforces governance over automation systems, rather than simply deploying AI tools. The primary evidence for this shift is found in audit findings and market reports. SNCC's audit of 4,000 AI agent skills showed over a third had at least one security flaw, while Verizon's data cited by The Register noted a fourfold increase in employees using unauthorized generative AI, with 28% of data loss prevention violations involving code or proprietary data submitted to AI platforms. Gartner, as reported by The Register, predicts 40% of organizations will demote or remove AI agents due to failed governance efforts—attributing the problem to all-or-nothing approaches that lead to operational and compliance failures. Secondary developments reinforce the move toward operationalized governance. Scalepad and Watchguard are bringing AI and SaaS governance capabilities to the MSP channel, with product releases focused on real-time discovery, policy enforcement, and automation control. Incidents like Anthropic's leak of its full source code for Claude Code, exposing permission and sandboxing details, illustrate how transparency in AI agent operations can also create attack vectors—emphasizing the need for robust operational controls and ongoing auditability. The market is shifting to sell "coherence"—packaging identity, permissions, and workflow automation—rather than just technological capability. Operationally, the consequences for MSPs include increased responsibility for defining and enforcing permission boundaries, approval rules, and evidence collection. Failure to address agent governance will expose providers to operational ambiguity, unpriced liability, and recurring support burdens. The guidance is to move beyond AI enablement projects and toward agent operation retainers that include clear workflows, permission maps, execution logs, and contractual clarity on responsibility and incident management. MSPs that cannot prove and control agent behavior risk inheriting the complexity and fallout from system failures or misuse. 00:00 Shadow AI Surge  05:01 Context Is Infrastructure 07:46 Agent Control Plane 11:16 Why Do We Care?  Supported by:  JumpCloud TimeZest 

The episode reveals a growing governance gap as the central structural shift in the IT services sector, driven by accelerated AI adoption and increasing automation. Companies such as OpenAI, Anthropic, Veeam, and Auvik are reframing their market positions around the operational risks and requirements introduced by AI agents, data automation, and new service delivery models. This evolution is underscored by the rising number of AI agents—projected by IDC to reach 2.3 billion by 2030—operating largely outside of current oversight and frequently with excessive or inappropriate permissions. The principal development discussed is Veeam's announcement of its Data AI Command Platform. According to Dave Sobel and Rich Freeman, this platform is intended to address data-centric failures beyond traditional ransomware or accidental deletion. Veeam's platform is designed to handle issues such as AI-generated data hallucinations, inappropriate data exposure, and policy enforcement failures. The platform's architecture builds on the acquisition of Security AI, combining data security posture management with backup, compliance, and governance capabilities, although, as of now, key remediation features are only available for Microsoft 365, with further expansion expected over the coming months. Supporting developments include Auvik's expansion of automated network management based on a large historical dataset and the simultaneous entrance of OpenAI and Anthropic into direct services for mid-market clients, backed by billions in private capital from entities such as Goldman Sachs and Blackstone. Both companies now embed applied AI engineers at client sites, bypassing traditional channel partners. Channel operator feedback, reflected in research by Techisle and discussions at vendor conferences, indicates a lack of MSP readiness and a slow response to developing governance and compliance services, despite evidence from end-user data pointing to significant unmet demand and risk exposure. Operationally, MSPs face a growing liability trap where the speed and delegation of decisions to AI systems increase the potential for unnoticed errors or breaches. There is a disconnect between customer demand for governance, compliance, and data controls, and the preparedness of MSPs to deliver those services. This exposes providers to heightened contractual, operational, and reputational risk, particularly as vendors and large AI companies move directly into the mid-market service delivery space. Practical safeguards, clear accountability frameworks, and objective benchmarks for automation and governance effectiveness will be required to mitigate exposure and support safe, durable service offerings. Supported by: CometBackup HaloPSA Moovila 

The dominant structural shift highlighted is the increasing systematization and formalization of vendor-to-MSP growth channels, where vendors now dictate partner engagement through structured programs, marketplaces, and packaged offers. According to Dave Sobel, this trend is driven by vendors such as Microsoft, NinjaOne, GoTo (LogMeIn), and Forcepoint, each advancing formal partner networks and explicit funding paths. The episode contends that these programs operate less as genuine strategies for MSPs and more as distribution mechanisms, shifting operational and support burdens downstream to service providers. Primary supporting evidence comes from the 2026 Microsoft Partner Global Benchmark and Success Index from Maven Collective Marketing, which analyzed over 185,000 data points. The report found that 87% of partners exist on at least one Microsoft Marketplace, with 60% having transactable offers and 58% receiving leads sourced by Microsoft. Moreover, partners with dedicated Microsoft management support are three times more likely to secure funding from Microsoft. This data illustrates how tightly partner success is coupled to marketplace discoverability, direct purchasing offers, and vendor-provided leads and funding. Secondary developments reinforce this mechanism. Other vendors—such as NinjaOne, GoTo, and Forcepoint—have instituted similar programs, with explicitly defined partner journeys for integration, service delivery, and mutual success. Additionally, economic factors such as historically low consumer sentiment, supported by University of Michigan data, and persistent IT resourcing gaps, as identified by the Linux Foundation survey and reported by SmarterMSP, are further sharpening buyer demands for packaged, defensible IT outcomes. In parallel, reports like the 2026 Kaseya State of the MSP emphasize misaligned demand and revenue in AI/automation, and research from RCR Wireless highlights operational burdens that can fall back onto MSPs in vendor weak-support scenarios. For MSPs and IT service providers, the operational implications center on risk absorption, margin erosion, and increased dependency on vendor-defined models. Without internal discipline to clearly define, price, and standardize offers—especially for complex new demands like AI and automation—MSPs risk turning complexity into unpaid labor and operational drag. The key accountability remains with the provider to package and govern vendor-aligned services in a manner that remains robust regardless of shifting vendor incentives or support. Failure to do so leads to “MSP-owned friction,” where ticket volumes, support expectations, and inconsistent delivery increase without corresponding profit. 00:00 Partner Programs Formalized  04:31 Packaged or Passed 08:14 Priced or Absorbed 11:58 Why Do We Care? 

The episode details a tightening regulatory environment driven by new enforcement timelines for Cybersecurity Maturity Model Certification (CMMC), altering how MSPs and IT service providers are expected to deliver both compliance and operational services for U.S. defense contractors. Structural pressure stems from the Department of Defense making CMMC Level 2 compliance a contractual mandate for approximately 300,000 defense contractors, shifting risk and accountability towards providers who manage compliance workflows, technical environments, and client behaviors. C3 Integrated Solutions and their dual CMMC Level 2 certifications exemplify this transition, with clear implications for co-ownership of compliance outcomes and increased scrutiny on provider practices. The most consequential development is the substantial gap between compliance requirements and the current readiness of the defense contractor base. As of early 2026, only around 8% of contractors have obtained CMMC Level 2 certification, despite enforcement being implemented in contracts starting in November of the same year, according to Dave and Jason. Challenges arise from cost, organizational bandwidth, and complexity, with MSPs serving as pivotal partners to small subcontractors lacking in-house resources for process documentation and change management. Assessment scheduling bottlenecks and insufficient documentation are delaying certifications, increasing risk that many contractors and their service partners will miss the rapidly approaching deadlines. Related developments reinforce the central issue of operational risk and governance complexity. Jason Tierney illustrates the difference between technical compliance and true assessment readiness, citing real-world examples where insufficient evidence and poor understanding of process details lead to significant assessment delays. The rise of compliance-as-a-service offerings, enclave computing environments, and specialized governance tooling are attempts to address those gaps, but also introduce new layers of pricing, platform selection, and accountability concerns, especially when third-party tools fail to meet strict requirements such as FedRAMP moderate for handling sensitive data. For MSPs and IT leaders, the shift imposes higher barriers to entry, increased legal and contractual exposure, more rigorous documentation and process controls, and the need for customized delivery models that support both technical defenses and organizational behavior change. Providers must navigate conflicting requirements between specialized regulatory environments and multi-tenant tooling, manage escalating costs for both themselves and clients, and clarify responsibility boundaries in shared compliance scenarios. The requirement for human oversight—particularly in automated or AI-assisted compliance tooling—remains non-negotiable, reflecting the ongoing gap between technical implementation and credible assessment outcomes. Supported by:CometBackupMoovilaHaloPSA

The structural shift outlined in this episode is the rapid evolution of search and productivity interfaces from static query tools to agentic platforms capable of autonomous action, oversight, and automation. Companies such as Google are redesigning search at the interface level, integrating multimodal input and agentic workflows powered by AI models like Gemini 3.5 Flash. The dynamic is not competition at the model level, but rather a pivot toward which provider can offer policy enforcement, cost controls, compliance, and documented governance over increasingly complex agent-driven environments. The most consequential development is Google's redesign of its search box for the first time in 25 years, transitioning to an AI-powered, chatbot-style interaction that can process longer prompts, images, files, and monitor tasks directly within the browser. According to New York Times and Channel Life New Zealand, this change embeds AI agents as defaults in the workflow, underpinned by Google's commercial growth—ad clicks up by 6%, cost per click up 7%, with profits over $132 billion since 2022. The shift is visible in adoption data as well: ChannelDive reports Anthropic's Claude overtook OpenAI's GPT suite for business usage, while Gartner forecasts $2.59 trillion total AI spending in the year, but only $33 billion is model-specific. Supporting developments reinforce risk and operational complexity as AI transitions into core business processes. Channel-focused reports note that vendors are offering managed agent services, operational sandboxes, and white-label security operations to simplify agent deployment and lower entry barriers. OpenAI pitching “buy before you try” guarantees, and launches like Acronis Cyber Freight — promised as “predictable” and “protected by default” — reflect client demand for reliability over raw capability. Across these moves, partners and IT providers are being drawn into defining, monitoring, and governing the new automation layers, with increasing requirements for documentation, provenance, and workflow auditing. For MSPs and technology leaders, the operational implications are direct and substantive. The work now centers on defining governance frameworks—inventorying systems that can act autonomously, classifying authority and registration requirements, building audit trails, and delineating contractual boundaries for automation responsibility. Providers who approach this as standard support risk carrying unpriced operational and compliance burdens, especially in environments where unauthorized automations or unregistered connectors proliferate. The emergent requirement is to treat agent governance as a managed service, pricing it separately, and establishing clear evidence and escalation protocols to avoid absorbing blame and liability for automation-driven incidents. 00:00 Beyond Blue Links  04:30 Predictability Wins 06:39 Govern or Absorb 09:19 Why Do We Care?  Supported by:  Moovila ScalePad

Security operations for MSPs are undergoing a structural shift from simply deploying additional tools to establishing a liability-focused accountability model, where the ability to provide operational evidence of controls is becoming as critical as the tools themselves. This shift is catalyzed by corporate insurance, procurement, and third-party verification structures—such as those cited by WatchGuard, Assurix, and the NIST AI cybersecurity overlays—demanding verifiable security outcomes and alignment with external standards, rather than relying on provider assertions alone. Survey data referenced from Cybersmart and Beta News reveals that 75% of MSPs experienced at least one breach in the past year, while 54% endured multiple incidents; concurrently, SMB buyers state security is a top priority, but only 13% of microbusinesses operate proactively. According to WatchGuard's global survey of 842 professionals, 94% of clients using dedicated MSPs feel adequately protected, yet 58% indicate intent to change providers within three years—highlighting a disconnect between perceived and delivered value. The emergence of Assurixs' live MSP Trustmark, based on 64 operational controls, further formalizes evidence requirements as market prerequisites. These dynamics are reinforced by shifts in insurer behavior and regulatory alignment. Huntress and Acrisure are collectively rolling out a cyber insurance package contingent on adoption of Huntress's managed detection and response, explicitly tying coverage eligibility to verifiable provider-side controls. The maturing of NIST's AI cybersecurity overlays introduces new standardized control checklists likely to become operational requirements. Additionally, reports from Omdia and MSP Channel Insights note that vendor ecosystems are now rewarded for integrating security as an outcome with automation and multi-tenant integration—reflecting market demand for reliable, defensible evidence of controls. For MSPs and IT leaders, these developments drive the need to restructure contracts to clearly delineate evidence obligations, manage liability exposure, and price evidence production as a formal deliverable rather than as unreimbursed support. Failing to do so risks absorbing unfunded post-incident evidence work, margin erosion, and loss of control over the security value conversation. Operationally, maintaining live accreditations, standing up a formal evidence management function, and explicitly excluding unmanaged SaaS, identity, and AI workflows from baseline service tiers are becoming necessary to maintain profitability and accountability. 00:00 Breach, Then Switch  04:52 SaaS Blind Spot 07:16 Prove or Pay 10:24 Why Do We Care?  Supported by:  Zero Networks HaloPSA   

The dominant structural shift highlighted in this episode is the migration of AI from experimental tools into directly embedded workflows within widely used small business platforms. Vendors like Anthropic, with its Claude for Small Business connectors to QuickBooks, HubSpot, Canva, Google Workspace, and Microsoft 365, are abstracting away technical complexity by offering concrete, prebuilt automations that address specific business processes. This embedding moves operational risk and ambiguity from model selection to the permissions layer, where control, oversight, and accountability become central concerns for providers supporting these environments. A key supporting development is Anthropic's rapid market penetration, with the VentureBeat-cited Ramp AI Index reporting 34.4% business adoption of Claude in the US—outpacing OpenAI's 32.3%. The implication, reinforced by research from the Global Technology Industry Association, is that AI service revenue is rising sharply, but only 30% of IT service providers in the UK and Ireland report fully integrating AI into their models. Simultaneously, governance gaps are being exposed: The Register notes user data may be employed for model training unless privacy settings are proactively changed, leaving operational risk exposed through default configurations. Additional developments reinforce the risk and accountability shift. OpenAI has established a subsidiary focused on direct deployments and implementation, seeking to guarantee quality and consistency in enterprise integration. CIO Dive references Palo Alto Networks research indicating 77% of CIOs claim AI risk management confidence, yet only 30% have real usage visibility, and 62% cite rogue agent concerns. The discussion connects these risks back to routine SMB operations, where AI-enabled workflows can act on core business data, increasing MSP proximity to liability and making explicit who controls connectors, permissions, and incident response documentation. For MSPs and IT service firms, the operational consequence is that supporting AI-enabled platforms now obligates them to establish and document governance, inventory, data access, and approval processes. Risk shifts from abstract model performance to concrete operational exposure, especially as AI systems interconnect with finance, identity, communication, and other high-stakes subsystems. Providers lacking scoped service definitions and contractual clarity face unpriced liability, while those that implement billable AI governance frameworks—such as audit templates, privacy reviews, and incident-ready contracts—are positioned to address demand from clients, auditors, and insurers. Neglecting these steps is likely to result in exposure to vendor-driven terms and diminished operational standing.   00:00 Workflow Takeover   04:20 Readiness Crisis 06:24 Govern or Expose 11:13 Why Do We Care?    Supported by:  NerdioScalePad 

The episode highlights a structural transition from software systems that record tasks to platforms that actively participate in business decisions, particularly through agentic AI in procurement. This shift is anchored in the adoption of AI-driven SaaS solutions by mid-market organizations, as seen with Procurify, which reports managing over $100 billion in organizational spend. The mechanism moves beyond basic automation, assigning software agents responsibilities that were traditionally human—such as flagging compliance breaches or routing approvals—directly within operational workflows. According to Chad Gaydos, current deployments of such agentic AI commonly automate tasks like invoice detail verification, policy enforcement, and contract compliance. These developments are most prominent in mid-market environments, where limited staffing—sometimes with no dedicated procurement analysts—drives greater reliance on platforms to perform core operational functions. The focus is not on completely replacing personnel but on supplementing constrained teams and ensuring repeatable enforcement of controls, with organizations leveraging these systems to gain efficiency in both cost and process governance. Additional points discussed reinforce the central shift, such as the distinctive pace of adoption among mid-market firms compared to enterprises. He identifies that smaller organizations often approach these technologies with greater agility and willingness to accept risk, while also displaying heightened dependency on system trust and governance frameworks. The episode also references "frontier firms" co-defined by Microsoft and Procurify, characterized by their forward-leaning adoption of AI and structured standards for technological governance. Variability in governance, auditability, and trust across different organization sizes underlines the operational diversity in adopting agentic platforms. For MSPs and IT leaders, these shifts raise practical concerns around governance design, accountability for software-driven actions, and operational dependency on vendor platforms. Effective risk mitigation requires establishing audit trails, clear standards for automation versus human oversight, and robust compliance controls. Providers supporting mid-market clients should anticipate requests for prescriptive guidance on data and process governance, while also preparing for greater operational reliance on systems that automate, not merely record, business decisions.

The core structural shift described in this episode is the integration of AI as an active workflow actor within managed service environments, not simply as an isolated tool. This mechanism alters the governance and accountability requirements for MSPs, as AI now interacts directly with core business platforms and operational data. Companies like Microsoft are embedding AI features—such as Copilot and a legal AI agent—across productivity and security environments, while reports from Axios Future of Cybersecurity and The Register highlight that AI activity is increasingly touching managed identity, email, data, and security infrastructures. The episode's primary evidence centers on the adoption of AI-driven productivity and legal tools within Microsoft 365, with broad rollout timelines targeting early June. Microsoft's deployment of legal AI agents in Word—as outlined by The Register and Thoreau—demonstrates that AI is being implemented to review contracts, draft language, and check citations, embedding itself into sensitive business workflows. Additionally, Proofpoint's formation of an MSP business unit around 365 security further reflects this shift, consolidating risk and workflow management where client data, identity, and security converge. Supporting developments reinforce this trend of workflow centralization and accountability ambiguity. Vendors are introducing dashboards—such as Anthropic's Claude code agent view—that offer improved visibility into AI-driven processes; however, as noted, visibility alone does not constitute governance. The emergence of platforms like Halo PSA and features from JumpCloud exemplify the market response, where vendors and MSPs are being forced to tighten control and monitoring around AI-driven work, including automation, ticketing, and remediation workflows. The episode notes that unmanaged automation creates governance risks that operators must close. The practical implication for MSPs is a set of new operational burdens: rising margin pressure from unpriced AI governance work, contract risk if responsibilities for AI-generated actions remain undefined, and new demands for auditability, evidence retention, and workflow documentation. Providers must build inventories not only of AI tools but also the workflows they touch, define explicit service scope, and establish pricing models for governance functions. The operational tradeoff is an increasing need for infrastructure and process maturity, as the expectation of transparent, accountable AI-driven work is now a baseline for client trust and risk management. 00:00 Managed AI Risk  03:50 Scope or Absorb 06:03 Four MSP Pressures 08:35 Why Do We Care?  Supported by:  MoovilaHaloPSA JumpCloud 

The central structural shift identified is the acceleration and scaling of cyber risks due to artificial intelligence, which turns formerly expert-driven security processes into repeatable, rapid workflows. Major threat intelligence units, including Google's Threat Intelligence group, are now documenting the use of AI in both identifying and weaponizing software vulnerabilities. The landscape is further shaped by the proliferation of AI-generated and AI-assisted online content, contributing to an environment where traditional verification and control mechanisms are less reliable. The episode presents concrete evidence: Google reported criminal hackers leveraging AI models—explicitly noting the use of non-Google technology—to discover a previously unknown zero day, while The Verge and Wired highlighted AI-assisted attempts to bypass multi-factor authentication and the impact of synthetic content even within cybercrime forums. Research covered by 404 Media documented that by mid-2025, a third of newly published websites were AI-influenced. These observed changes drive threat intelligence teams to treat AI as a working hypothesis in live investigations. Additional supporting developments reinforce the broadening security and operational impact. Tools such as Proofpoint's Prism Investigator and OpenAI's Daybreak show the push toward automated threat detection, investigation, and reasoning pipelines, altering expectations from detection to defensible reconstruction and evidence generation. Analysis of supply chain compromises—such as tampered software installers and malware leveraging already-exposed cloud systems—demonstrates how automation reduces defender response windows while increasing operational pressure on providers. Reports from Small Biz Trends and channel Life show significant implementation gaps, with only a minority of small businesses deploying password managers, and a wide disparity between optimism and readiness for AI-powered security. For MSPs and IT leaders, these trends tighten operational accountability. The tradeoff shifts from focusing on technology stacks to delivering concrete evidence of patch application, identity verification, data retention, and audit support. Providers face increasing pressure to standardize verification workflows, reduce patch validation cycles, and make evidence retention a default process. The operational complexity intensifies—either the MSP develops controls to govern automation and evidentiary rigor, or becomes the default risk absorber for ambiguous, fast-moving attack paths shaped by both client and attacker use of automation.   00:00 Zero-Day  04:06 Speed Gap 06:25 Prove It 10:27 Why Do We Care?  Supported by:  Moovila Zero Networks   

AI systems are increasingly embedded as non-human participants within managed environments, driving a structural shift in operational responsibility and exposure for MSPs. This shift is characterized by the integration of AI-powered tools—such as note takers, copilots, connectors, and agents—into core business workflows and SaaS platforms. Companies like Google, Microsoft, and ServiceNow are formalizing AI governance with platform features such as agent registries, policy enforcement gateways, and cross-platform audit trails. Reports from industry sources, including Wired, Rubrik, and regulatory bodies in the EU, substantiate these developments and highlight changing expectations for accountability and control. A key finding, according to security research by Red Access and covered by Wired, is that over 5,000 publicly exposed AI-generated web apps were found on the open web, with about 40% leaking sensitive data ranging from medical records to corporate strategy documents. Rubrik's Zero Lab survey of over 1,600 IT and security leaders further reports that 86% expect AI agents will surpass existing security controls within a year, while only 23% feel they have full visibility into these agents' activities. The New York Times and legal organizations note increasing legal and evidentiary risks posed by AI transcription tools in business meetings, warning that ungoverned AI outputs may be subject to discovery in litigation and could compromise attorney-client privilege. Additional developments reinforce the governance and risk gap. Platform vendors are building more granular control and auditing features, but most client environments still include unregulated AI tools, third-party connectors, and manual overrides outside these native boundaries. Regulatory frameworks are evolving to place explicit bans on specific AI outputs and to delay implementation of high-risk AI oversight, as seen in the EU's provisional AI Act. The integration between Black Kite and Sayari exemplifies how vendors are seeking to connect risk intelligence across supply chains, but operator-level exposure often remains distributed and ambiguous. For MSPs and IT leaders, the practical implication is an immediate requirement to inventory and classify AI participants and outputs within managed domains, clarify contractual scope, and establish evidence-ready policies for audits, incidents, and legal review. Relying solely on vendor platform controls is insufficient, as clients and auditors will expect clear documentation of AI activity, data access, and policy enforcement. Many agreements are not priced or structured for AI governance and may require explicit scope adjustments, upcharges for AI inventory and policy services, and contractual exclusions for unmanaged AI activity to avoid unpriced liability. 00:00 Agents Unchecked 04:49 Control the Bot 06:58 AI Audit Risk 10:38 Why Do We Care?  Supported by:  Nerdio TimeZest   

The episode reveals a structural shift in the technology landscape: artificial intelligence is becoming a new layer of managed consumption, with measurable impact on infrastructure, contract terms, and operational accountability. This shift is illustrated by leading technology platforms explicitly metering AI usage through compute tokens, storage footprints, and local model deployments. Companies such as Alphabet, Amazon, Microsoft, and Google are integrating AI not only as features but as quantifiable workload layers, leading to economic and governance questions regarding who controls consumption and who assumes the risk of overage or misuse. The most consequential development discussed is the rapid, capital-intensive scaling of AI infrastructure by leading hyperscalers. Alphabet raised its 2026 capital expenditure guidance to a possible $190 billion; Amazon's AWS revenues rose 28% year-over-year to $37.6 billion, with quarterly capital expenditures reaching $44.2 billion— both moves directly tied to AI infrastructure investments. At the same time, endpoint and storage vendors, such as Apple and Backblaze, are experiencing elevated demand from AI workloads. On the software side, companies like Anthropic are explicitly raising API rate limits and deploying features to formalize the measurement and orchestration of AI-driven processes. Supporting developments include the migration of management and control functions into enterprise platforms and endpoint environments. Microsoft Agent 365 is now broadly available, offering admins centralized policy controls over AI agents across cloud and local machines, with integration into Intune for granular restriction and monitoring. Google's Chrome browser now automatically downloads 4GB Gemini Nano models to support local AI functions, raising new operational considerations around storage, policy management, and user approval. These developments anchor the thesis that AI is no longer a passive toolset but a consumption and policy domain that requires active oversight. Operationally, MSPs and IT service providers face heightened exposure to contract and governance risk. The presence of invisible AI consumption— in the form of storage expansion, token overages, unauthorized agent actions, or degraded endpoint performance— requires explicit clauses in client agreements and new monitoring capabilities. Providers unable to demonstrate control over AI usage, policy enforcement, and exception handling may inherit both support burdens and unresolved liability. The practical implication is clear: future margins and contract viability will increasingly depend on the ability to meter, document, and govern AI-related activities, rather than simply enabling client access. 00:00 AI Infrastructure Surge  04:17 Control Layer Wins 06:41 MSP Liability Shift 10:50 Why Do We Care?  Supported by:  ScalePad CometBackup Moovila 

The episode highlights a structural shift from traditional software licensing towards consumption-based AI billing, transforming AI adoption into a source of direct financial exposure and accountability. This mechanism is illustrated by Microsoft's new administrative controls for Copilot in Windows 11 and platform-wide integration efforts from vendors such as Apple and Amazon. The primary concern is no longer simply enabling access to AI tools, but managing their consumption, controlling costs, and clarifying responsibility for both outputs and consequences. The most consequential development centers around rapidly escalating AI costs and the difficulty organizations face in quantifying usage. According to reporting from The Information, companies such as Uber exhausted their 2026 AI budgets within months, with some daily usage costs reaching approximately $1,000 per user. Simultaneously, The Register cites a survey indicating that a majority of U.S. employees are skeptical about their employers adopting Microsoft's AI bundles, and many believe alternative tools suffice. Additionally, Apple's acceptance of a $250 million settlement regarding misleading AI claims signifies a shift from reputational to monetary accountability. Supporting developments further expose operational and governance challenges. Microsoft's 2026 Work Trend Index, cited by CNET and GeekWire, identifies a disconnect between employee pressure to use AI and leadership's lack of defined, standardized practices. Apple's movement toward a third-party extensions model and Amazon's integration of managed agents into Bedrock are designed to address platform coherence, yet they introduce dynamic complexity in model choice and cost accountability. Gartner's projections of rising IT spend tied to data center investments further reinforce the infrastructure burden associated with widespread AI adoption. For MSPs and IT service providers, these developments underscore the risks of treating AI as a standard application rather than a managed operational layer. Legacy service agreements rarely specify how AI-driven costs, data exposure, or automation errors are governed. Providers now face new expectations to separate access and licensing from governance, usage auditing, and policy enforcement. Those who adapt by offering discrete AI management services—covering monitoring, cost controls, workflow approvals, and incident review—can align compensation with responsibility, while others risk absorbing escalating vendor complexity and unreimbursed accountability within flat-rate agreements. 00:00 AI Bill Due  03:31 Culture Blocks AI 05:49 AI Accountability Gap 09:16 Why Do We Care?  Supported by:  Moovila HaloPSA 

The dominant structural shift addressed is the move of platform vendors away from competing on feature sets toward controlling the governance and billing layer that underpins managed services. This is evident in moves by Microsoft, AWS, and Kaseya, specifically with Microsoft's new licensing tier combining per-seat fees with consumption-based AI add-ons, AWS redefining managed services around agents, and Kaseya introducing action-based pricing for IT management. Analysts noted that these developments collectively place a consumption meter on previously flat-rate services, reconfiguring how MSPs and IT providers will be billed and held accountable. Primary evidence for this shift includes data from Omdia's channel media report and tracked M&A activity within the MSP sector. The report counted 169 MSP acquisitions in 2025, mirroring prior years' activity, yet identified that one acquirer—Evergreen Services Group—accounted for 47 deals, illustrating a concentration in acquisition strategies. Notably, 69% of publicly announced deals involved private equity, with the remainder pursued by independent operators. The North American channel media landscape saw significant contraction, with titles dropping from 29 to 18, despite stability in the global outlet count—attributed to both industry consolidation and AI-driven changes in content discovery. Supporting developments include growing use of AI in content production, leading to declining traffic for B2B publications as audiences increasingly access information through automated tools rather than direct visits. The rise of engagement-focused business models and shifts in acquisition criteria—such as Evergreen targeting founder-led MSPs—underscore evolving buyer strategies. Additionally, platform vendors are restructuring their product and pricing models around agent-driven and action-based billing, while shifting their external positioning to emphasize AI, intelligence, and cyber resilience. Operationally, MSPs and IT leaders face increased pricing and margin variability driven by emerging consumption-based licensing and AI service models. The historical per-user, per-month bundle is at risk as vendors experiment with new billing constructs, exposing providers to cost unpredictability and complicating client contracts. Providers lacking internal engineering or acquisition frameworks may be especially exposed, while consolidation and vendor dependency raise governance and accountability stakes. MSPs pursuing higher margin services, such as compliance or cyber resilience offerings, must prepare for new cost structures and intensifying pressure from both customers and vendors regarding efficiency, pricing, and service outcomes.Supported by:  Zero Networks Moovila   Upcoming event:  The Pivotal Point of IT: Building Services for the AI-First Era Date: May 13 at 1p.m. EDT Register: https://go.acronis.com/davesobelaiera

The episode identifies a structural shift in how AI adoption is being managed within IT environments: control and accountability are now central concerns, overtaking simple discussions of AI usage or feature deployment. Shadow AI—unmanaged or improperly governed AI agents—has emerged as a tangible risk vector. Government entities, such as the White House, and technology vendors including Microsoft, Cisco, and OpenAI are framing AI not only as a productivity tool but increasingly as a source of operational and security liabilities that demand more robust oversight. A key example comes from an incident reported by TechRepublic in which an AI agent within a coding workflow deleted both a production database and its backups, resulting in a prolonged, business-impacting recovery from a three-month-old backup. In parallel, the Hacker News highlighted findings from scans of one million exposed AI services, characterizing the market's current AI security posture as lacking, with many endpoints widely reachable unintentionally. Microsoft's public transition of Agent365 from preview to release was directly tied to fears over the risks associated with shadow AI, indicating industry recognition of autonomous agents as a new attack surface requiring governance. Supporting developments further validate this trend. Cisco's open sourcing of AI Bill of Materials (BOMs) tools, Wiz's tracking of non-human identities tied to AI workloads, and OpenAI's rollout of advanced account security all signal a growing industry emphasis on making AI deployments auditable and restrictable. Practices such as phishing-resistant authentication—driven by token theft campaigns analyzed by Microsoft—and continuous permission monitoring, as advocated by Material Security, are now increasingly viewed as necessary safeguards rather than optional enhancements. Providers like Enforcer and products such as Copilot Manager are explicitly focused on surfacing shadow AI usage and enforcing credential discipline, underlining the growing demand for proof-of-controls. MSPs and IT service providers now face greater operational complexity and contract risk tied to AI automation. Client expectations are shifting from baseline AI access to demonstrable governance—requiring non-human identity inventories, documented permission boundaries, and validated recovery frameworks for AI-powered workflows. Token harvesting and persistent OAuth grants increase the likelihood that MSPs will be held responsible not just for prevention, but for rapid containment, rollback, and producing evidence during security incidents. Failure to meet tightened SLAs around backup immutability, authentication protections, and agent visibility could soon become a material contract exposure. 00:00 Agents Gone Rogue 03:50 Govern the Agent 06:24 MSP at Risk 09:54 Why Do We Care?  Supported by:  CometBackup ScalePad  Upcoming event:  The Pivotal Point of IT: Building Services for the AI-First Era Date: May 13 at 1p.m. EDT Register: https://go.acronis.com/davesobelaiera

The dominant structural shift identified is the emergence of agentic AI as a direct operator within multi-system business environments, triggering a governance and accountability gap. Vendors and cloud platforms—including AWS, Stripe, and Cloudflare—are enabling AI agents not only to recommend actions but also to directly access payment rails, provision infrastructure, and execute transactions. This movement turns automation into an operating model issue rather than a feature deployment, as the identity, authority, and accountability of non-human actors become central operational questions. Primary evidence is drawn from a range of industry signals. According to an AMD-commissioned IDC report, 81% of enterprises are engaged in AI PC adoption and 61% are embedding AI into workflows. AWS has expanded managed agent packaging for AI deployments, Stripe has launched the Link wallet allowing AI agents to process payments on users' behalf with controls on payment credentials, and Cloudflare has demonstrated agents autonomously provisioning cloud resources with enforced monthly spend limits. While these statistics carry vendor-driven optimism, the combined actions of these companies confirm a shift from advisory AI to operational AI. Related developments reinforce this trajectory. The SolarWinds survey reported by Computer Weekly finds 71% of IT workers experiencing higher demands due to AI, with only 19% noting reduced cognitive load, reflecting operational burdens rather than efficiencies. Similarly, Forrester data cited by The Register highlights a change in CIO responsibilities from system building to outcome governance as agentic AI exposes gaps in decision rights and process completeness. Security risks are elevated, as the Kela report counts 2.86 billion stolen credentials in a year, indicating that agent-driven credentials can trigger machine-speed purchases and changes, compounding the challenge of oversight and recovery. Operational implications for MSPs are significant. Without explicit governance, spend limits, approval paths, and audit trails, MSPs face increased liability and support burden when AI agents initiate actions across client systems. The episode underscores that automation is not just a technical project but a contract and service design issue; if accountability is not clearly defined, MSPs bear the risk and cost of unauthorized transactions and exception handling. To mitigate exposure, there is a need to formalize agent governance as a priced, intentional service encompassing identity management, financial controls, and documented operational guardrails before agentic AI is deployed in client environments. 00:00 Agents Take Over 04:39 Who's Accountable? 06:48 Who Owns This? 09:58 Why Do We Care?    Supported by:  NerdioScalePad    Upcoming event:  The Pivotal Point of IT: Building Services for the AI-First Era Date: May 13 at 1p.m. EDT Register: https://go.acronis.com/davesobelaiera

The core structural shift identified is the reconfiguration of managed service pricing and accountability due to the integration of AI and platform metering into standard IT offerings. Large vendors—including Microsoft and AWS—are shifting the economics of IT delivery: traditional flat-rate bundles are being rendered structurally unsafe as AI-driven workloads introduce unpredictable consumption costs and financial exposure. This change is catalyzed by vendors attaching metered billing models and embedding AI agents directly into enterprise platforms, which fundamentally shifts risk and cost variability onto MSPs and service providers. The most consequential development is Microsoft's introduction of Microsoft 365 E7, described as a new bundle combining seat licensing with consumption-based AI fees. According to company statements and Computer Weekly reporting, Microsoft is explicitly positioning the suite as a license-plus-consumption model with measured AI usage, tracked similarly to Azure. Gartner's latest IT spending forecast, cited via CIO.com, anticipates global IT spend reaching $6.31 trillion by 2026, with a 55.8% jump in data center infrastructure spending, largely driven by AI adoption. Secondary developments echo this trend. AWS has expanded its managed agent offerings on Amazon Bedrock, integrating OpenAI models and presenting agents as standardized, enterprise-ready managed services; pricing is identified by analysts as a tipping point. Cloudflare's collaboration with Stripe highlights infrastructure that enables agents to provision accounts and handle finances with minimal human input, using protocol-based authorization and spending controls. Vendors like AvePoint release governance tools that focus not on offering more AI, but on operationalizing policy control and audit management across multi-tenant environments. These illustrate increasing platform vendor jurisdiction over layers historically managed by MSPs. For MSPs and service providers, the practical consequences are increased exposure to contract risk, margin compression, and operational complexity. Flat rate contracts that fail to track AI consumption or bundle AI support risk being underpriced and absorbing both spend and support variance. The shift towards platform-managed governance, identity, and audit controls requires providers to separate governance from operational support in agreements, implementing new monitoring, reporting, and cost-tracking tooling. Failure to address these shifts could result in lost accounts, failed renewals, and loss of insurability, as insurers and auditors demand provable oversight and policy enforcement. 00:00 Seats Meet Meters  05:39 Bundles Break Here 08:32 Cleanup Costs You 11:49 Why Do We Care?    Supported by:  Acronis Moovila Zero Networks    Upcoming event:  The Pivotal Point of IT: Building Services for the AI-First Era Date: May 13 at 1p.m. EDT Register: https://go.acronis.com/davesobelaiera

The core structural shift highlighted is the movement of security for Managed Service Providers (MSPs) from best-effort practices to a regulated, continuously verified service operation. This change is being driven by the compression of vulnerability exploit timelines as a result of attackers leveraging both automation and AI, and by regulators imposing hard patching and compliance deadlines. Companies such as ConnectWise and Microsoft are central, with federal agencies (CISA) now converting exploited vulnerabilities into time-bound remediation mandates. A significant development underscoring this shift is the addition of two known exploited vulnerabilities—CVE-2024-1708 in ConnectWise ScreenConnect and CVE-2026-32202 in Microsoft Windows Shell—to CISA's remediation requirements. Agencies must address these by May 12, 2026, marking a move from tracking to deadline-driven action. Reports from Huntress and TechCrunch confirm that real-world attackers rapidly exploit public vulnerability information, and Microsoft's own documentation illustrates attackers increasingly using Microsoft Teams for social engineering, remote assistance, and privilege escalation. Supporting developments include major vendors like Microsoft integrating models from Anthropic into their security development lifecycle to accelerate vulnerability discovery and remediation. However, studies noted by The Hacker News and The Verge indicate that AI-driven discovery is outpacing operational capacity, creating a growing discovery-to-remediation gap. At the organizational level, information from the Reveal 2026 IT Talent Survey indicates that 8 in 10 technology leaders face significant shortages in AI and cybersecurity skills, compounding the operational burden of continuous security verification. For MSPs and IT leaders, these factors combine to increase operational complexity, require more explicit contract scoping and evidence obligations, and shift oversight from periodic compliance towards continuous, demonstrable verification. Contractual ambiguity—especially when services are described as “best effort”—exposes providers to unmeasured labor and unassigned accountability. Practical steps now include reclassifying business collaboration platforms as active attack surfaces, formally auditing and documenting previously “invisible” tasks, and aligning internal operations with external, regulator-mandated verification standards. 00:00 AI Patches Gaps 05:10 Discovery Isn't Enough 07:11 Reprice or Absorb 10:24 Why Do We Care?  Supported by:   Moovila  Zero Networks   Upcoming event:  The Pivotal Point of IT: Building Services for the AI-First Era Date: May 13 at 1p.m. EDT Register: https://go.acronis.com/davesobelaiera  

The dominant structural shift outlined in the episode is the destabilization of the classic per-seat MSP bundle caused by the rise of agentic AI and token-based, metered automation platforms. Vendors such as Kaseya, Google, and OpenAI are embedding persistent AI agents within core business applications, moving beyond traditional licensing models to charges based on actions, tokens, and workflow usage. This introduces margin instability, as MSPs cannot reliably predict costs or maintain flat-rate contracts in an environment where AI consumption is dynamic and externalized. The most consequential evidence presented is the quantification of AI-driven inefficiencies and costs in operational terms. According to a Gallup poll, cited by ZDNet, half of US employees are now using AI at work, but those users waste up to eight hours weekly managing AI-related tasks—amounting to approximately $1.25 million drag per year for a 100-person firm. This data underlines how the proliferation of automation does not equate directly to labor savings and can introduce significant, unanticipated costs that are difficult to contain under legacy MSP pricing models. Supporting developments further highlight the governance gap and operational risk. Reports from PRWeb and Ruist find that 97% of MSPs intend to automate more in 2024, but only 4% are “highly mature.” Vendor announcements—as with Kaseya's agentic IT management platform, Auvik's Aurora AI agents, and Liongard's data control enhancements—are paired with warnings from Information Week and The Register about the risk of overspending, audit failures, and accountability gaps tied to AI-driven automation. Most IT managers lack full control over AI agents, and as agents proliferate, the difficulty of tracking, governing, and assigning accountability rises. For MSPs and IT service providers, these changes demand immediate attention to contract structure, governance, and pricing. Flat-rate, all-you-can-eat support models expose providers to untracked vendor consumption and hidden overages, making traditional agreements economically unstable. Practical safeguards require shifting toward consumption-based or outcome-based billing, enforcing explicit usage caps, audit controls, and vendor SLAs that clearly define liability and accountability. Failing to adapt risks absorbing uncontrolled automation costs and shouldering client disputes over AI-driven actions and expenses. 00:00 AI Overhead Crisis  04:48 Agent Control Gap 07:17 MSP Margin Squeeze 12:00 Why Do We Care?  Supported by:  Acronis Zero Networks Nerdio  Upcoming event:  The Pivotal Point of IT: Building Services for the AI-First EraDate: May 13 at 1p.m. EDTRegister: https://go.acronis.com/davesobelaiera

The structural mechanism driving current changes for MSPs is a shift from seat-based software revenue toward variable, usage-based AI consumption, resulting in pronounced margin pressure and operational complexity. This shift is being shaped by enterprise software vendors, including Atlassian and HubSpot, moving away from flat per-user AI fees in favor of metered pricing models tied directly to consumption. The episode also identifies increased rework and governance burdens for MSPs, particularly as automation and AI adoption reduce traditional seat counts but introduce new variability and labor demands around oversight, exception handling, and security remediation. The most consequential development highlighted is the transition by a growing number of vendors to usage-based AI pricing, treating AI as a metered utility rather than a bundled feature. The Information reports that by the end of 2025, 79 out of 500 tracked software companies are expected to have implemented some form of usage-based AI fee. This adjustment is driven by vendors' need to offset the potential revenue loss resulting from AI agents reducing seat license counts. Org View data cited in the episode suggests that 55% of companies who laid off staff in favor of AI later regretted the decision, underscoring the unexpected operational burdens and instability introduced when automation is rushed or incomplete. Additional developments reinforce this structural shift. Semaphore describes open-source models like Deepseek offering lower-cost, competitive AI, which increases adoption even beyond premium vendor ecosystems. The CIA's deployment of AI-generated intelligence reports—expected to be ubiquitous in analytics platforms within two years—signals the integration of AI into core workflows. Vendor activity, such as Appdirect's acquisition of Partner Stack, reflects a market trend favoring platforms capable of provisioning, governing, and managing diverse AI toolsets and workflows for customers who lack internal capability. For MSPs and IT service leaders, these trends introduce direct pricing pressure, unpredictable pass-through costs, and expanded liability exposure. The transcript emphasizes the need to separate AI rework pricing from security incident response, implement controls on AI usage and licensing, and reframe AI engagements around workflow governance rather than tool deployment. Failure to formalize and price these activities increases the risk of unbilled labor, contract ambiguity, lender skepticism, and downward pressure on margins, especially as the gap widens between shrinking seat-based revenue and volatile AI consumption charges. 00:00 Metered AI 03:34 Governance Is Margin 05:17 Seat Drop Math 08:36 Why Do We Care?  Supported by:  Acronis ScalePad Comet Backup  Upcoming event: The Pivotal Point of IT: Building Services for the AI-First EraDate: May 13 at 1p.m. EDTRegister: https://go.acronis.com/davesobelaiera

The episode identifies a structural shift from AI as a discrete feature to AI as an ongoing operational system, emphasizing the growing burden of governance, accountability, and consumption oversight for managed service providers. Companies such as Microsoft, Cisco, and Google are redirecting strategy toward building control planes and governance infrastructure to address operational friction in deploying AI agents, as operational complexity—rather than access to tools—emerges as the bottleneck. This shift is substantiated by reports from GTIA, Cisco, and insights into vendor incentives and partner programs. Evidence highlights a clear disconnect between widespread AI adoption and the maturity required to operationalize these systems. According to the Global Technology Industry Association (GTIA), 97% of IT service providers use some form of AI, but only 28% consider themselves AI-driven. Cisco reports that while 85% of enterprises are piloting AI agents, just 5% have moved them into production, pointing to persistent trust and operational gaps. Axios adds that in AI-intensive teams, compute expenditures are surpassing employee costs, with large organizations like Nvidia and Uber experiencing rapid escalation in AI-driven utility bills. Further developments reinforce these themes. Microsoft is aligning partner incentives around new SKUs such as Microsoft 365 E7, explicitly targeting AI as a delivery motion rather than a feature. Consumption-based pricing—exemplified by the move to token-based billing for GitHub Copilot—exposes clients to “death by a thousand cuts” if usage is not closely monitored. Reports from Cobalt indicate significant security risk, with one in five organizations experiencing an incident involving large language models and a low remediation rate for identified vulnerabilities. Vendors such as Google and OpenAI are responding with new management platforms and reliance on consultancies to address integration and governance challenges. For MSPs and IT leaders, the practical implications are clear: AI's operational realities dictate a need to explicitly define governance, permission structures, and consumption management as part of service delivery. Unscoped or bundled AI services risk unbilled labor, unclear liability, and unmanaged exposure to security and cost overruns. The operational pivot involves inventorying AI features, establishing ownership, applying identity and access controls, tracking spend, and updating contracts to clarify accountability. Without formalizing these boundaries, MSPs may be left absorbing risk and cost by default. 00:00 AI Reality Check 04:43 Operator Burden 07:11 Meter the Risk 10:35 Why Do We Care?  Supported by: Acronis ScalePad Zero Networks  Upcoming event: The Pivotal Point of IT: Building Services for the AI-First EraDate: May 13 at 1p.m. EDTRegister: https://go.acronis.com/davesobelaiera

The episode reveals a persistent and widening governance gap as organizations rush to implement AI without adequate data foundations or operational controls. According to observations from Dr. Fern Halper, current AI adoption is overwhelmingly characterized by top-down pressure, especially around generative and agentic AI, but is constrained by immaturity in governance, data integration, and organizational readiness. Microsoft's bundling of Copilot in E7 licenses highlights this structural shift, as “consumerized” AI solutions proliferate without corresponding investments in foundational data and oversight. Supporting this view, new research cited by Dr. Fern Halper indicates that nearly half of organizations are under executive mandates to pursue AI, but most remain stalled in the experimental or pilot phase. The failure to move beyond pilots is not primarily a technology limitation but stems from inadequate data quality, lack of lineage controls, fragmented data governance, and persistent data silos. The report identifies that only about 35–45% of organizations deploying generative or agentic AI have come up through a cycle of machine learning and data foundation development. Secondary examples reinforce the governance and risk exposure. MSPs and end-customers are increasingly relying on off-the-shelf or prebuilt AI (such as Copilot or ChatGPT) for individual productivity, rather than building production-ready, data-driven applications contextualized with proprietary information. This often leads to uncontrolled proliferation of “shadow AI”—tools deployed outside formal oversight—further compounding compliance and data protection risks. As organizations start experimenting with agentic AI, the risks escalate, since these systems not only generate outputs but can take direct action, magnifying the impact of weak governance and access controls. For MSPs, IT service providers, and technology leaders, the operational consequence is heightened responsibility around governance, auditability, and data management. The unchecked spread of shadow AI introduces contractual and regulatory exposure, particularly as clients seek to incorporate AI tools without formal policies or understanding of associated risks. Providers should prioritize baseline governance frameworks, client-facing AI literacy training, and infrastructure capable of accommodating unstructured data, lineage requirements, and auditing. Failing to address these priorities increases the risk of service breakdowns and complicates SLA enforcement as AI systems broaden operational scope. Supported by: JumpCloud HaloPSA Acronis  Upcoming event: The Pivotal Point of IT: Building Services for the AI-First Era  Date: May 13 at 1p.m. EDT  Register: https://go.acronis.com/davesobelaiera

The dominant mechanism discussed is a shift from a focus on AI capability to trust and governance as the deciding factors in AI adoption for managed service providers and their clients. Vendors are increasingly positioning governance, control layers, and auditability as necessary operational functions, rather than add-on features. This is driven by enterprise demand for transparency and accountability across identity, data protection, compliance, and ongoing monitoring. Companies such as Acronis, Microsoft, and Elastic are introducing tools for managing AI access, monitoring sensitive data exposure, and embedding control processes directly into operational workflows. The episode highlights that, according to research from Gong, 58% of companies have stalled their AI projects due to a lack of trust in data handling and AI-generated outputs—not because of budget constraints. Nearly half (46%) of planned investments were paused specifically over concerns around privacy, explainability, and model transparency. Buyers cited the need for explicit policy controls, demonstrable security guarantees, and accountability safeguards before new capabilities are approved. Supporting developments include Acronis's Genai Protection, designed for MSPs to increase visibility over customer AI activities and detect risks such as prompt injection and shadow AI. Meanwhile, incidents like the unauthorized access to Anthropic's Claude Mythos preview through a contractor, reported by The Verge and Gizmodo, reinforce that even leading vendors face security and accountability challenges. Vendors such as Microsoft and Dropbox are moving to integrate centralized control layers that directly address these new operational risks, while tools like Watchguard and Halo are tying security events to key business workflows. For MSPs and IT leaders, the implications are operational rather than purely technical. AI governance now requires continuous policy management, exception handling, and documented evidence across multiple platforms—a scope that most internal teams are not resourced to handle. The market is shifting toward purchasing accountability as a managed service, and providers that fail to deliver clear governance frameworks, connector approvals, and audit-ready reporting will face increased contract risk, client loss following incidents, and potential liability under insurance and regulatory requirements. 00:00 Shadow AI Risk 03:07 Platform Consolidation 04:55 Stalled AI Spend 07:55 Why Do We Care?  Supported by:  ScalePad  Upcoming event: The Pivotal Point of IT: Building Services for the AI-First EraDate: May 13 at 1p.m. EDTRegister: https://go.acronis.com/davesobelaiera

A dominant structural mechanism revealed in this episode is the consolidation of the MSP market through private equity-backed acquisitions, which is reshaping operational complexity and ownership models for mid-sized providers. The Thrive acquisition of Worksighted, facilitated by Focus Investment Banking, reflects continued expansion by larger PE-backed MSPs aiming to scale quickly and integrate specialized expertise, influenced by increasing market demands for deeper technical capabilities. These developments underline growing pressures on independent MSPs to either acquire new competencies or partner with larger platforms to remain competitive as technology and customer expectations evolve. The most consequential development examined is the acquisition of Worksighted, an established Michigan MSP with approximately 75 employees and $27 million in annual revenue, by Thrive, a PE-backed firm pursuing rapid growth. Thrive, with around $400 million in revenue and global reach, has completed 27 acquisitions since its founding, signaling ongoing market concentration. According to representatives involved in the transaction, operational maturity, customer concentration resulting from strong client relationships, and leadership openness were decisive factors in the acquisition process. The transaction proceeded from market engagement to closing in just 35 days, highlighting both the pace and intensity of current M&A activity among top-tier MSPs. Supporting evidence reveals that operational transparency and preparedness for integration are recurring challenges for both buyers and sellers. The episode details how sellers often underestimate the scale of change management required, particularly for HR processes and employee communication post-deal. Both buyer and seller reflected on the importance of early and clear strategies for addressing staff concerns, cultural alignment, and systems migration, with a special focus on managing emotional responses and maintaining service continuity during transitions. These integration factors were cited as key to minimizing risk and avoiding operational disruption. For MSPs and IT leaders, the central implication is heightened operational risk and increased dependency on integration frameworks imposed by acquiring entities. Leaders should not expect static valuations or “one-size-fits-all” outcomes. Instead, buyers assess assets based on unique team capabilities, transparency, and growth headroom rather than standardized metrics. Sellers face not just the mechanics of due diligence but substantial change management responsibility. Prudent operators should prepare for intense scrutiny, prioritize internal communication, and recognize that successful transactions require proactive investment in HR alignment and transparent engagement with both staff and acquirer requirements. Supported by: Zero Networks HaloPSA 

The dominant structural shift discussed in the episode is the movement from tools-based differentiation to a market defined by proof and liability. This shift is driven by the rising demand for continuous, auditable control over data location, access, and change—requirements increasingly codified by policy mandates, insurance underwriting, and regional AI governance. As illustrated by France's shift away from Windows to Linux across government ministries, enforced through formal governmental policy, the conversation is moving beyond technology preferences to mandated operational boundaries and verifiable compliance. The episode cites findings from ESET's 2026 SMB Cyber Readiness Index, reporting that 86% of US SMBs and 78% of Canadian SMBs carry cyber insurance, with over half of US-insured SMBs required to implement explicit security controls by insurers. Underwriters increasingly demand evidence of controls like MFA, immutable backups, and EDR—not just attestations—at renewal, underwriting, and post-incident. Public sector mandates, such as France's comprehensive push for sovereignty encompassing OS, collaboration, cloud, and AI platforms, are producing enforceable requirements that cascade to commercial contracts and the MSP channel. Supporting developments include Gartner's forecast that by 2027, 35% of countries will be locked into region-specific AI platforms. This is reinforced by channel research from Channel Insider and a survey of 333 MSPs by AvePoint and Omnia, both pointing to governance—not AI tooling—as the leading blocker for MSPs adopting new technologies. Microsoft's move toward metered AI billing and the proliferation of shadow data (with more than 80% of sensitive data potentially sitting outside formal controls, according to Palo Alto Networks research) further highlight how operational complexity and fragmented governance elevate risk for service providers. For MSPs and IT leaders, these trends increase contractual and operational exposure. Failure to recognize that the market is purchasing assurance rather than tool support will leave providers absorbing liabilities related to insurance control failures and unmetered operational costs, often under fixed-fee models that do not account for new governance demands. Providers are advised to immediately review contract language for obligations tied to security controls, reconsider pricing and scope in governance delivery, and prepare for insurer-driven requirements such as third-party access to telemetry or continuous control attestations. The takeaway is that defensible, auditable evidence—not stack management—will define margins, accountability, and long-term client relationships. 00:00 Sovereignty Squeeze 04:22 Spawl Blindspot 07:02 Proof Pays 09:35 Why Do We Care?  Supported by:  ScalePad CometBackup 

The episode identifies a structural shift in the integration of generative AI within organizational workflows: variable cost models, unpredictable output quality, and heightened accountability requirements are converging to reshape managed services operations. This shift is exemplified by Anthropic's move toward usage-based pricing for Claude Enterprise, combining compute consumption with per-user fees, and by reports of major enterprises and intelligence agencies piloting dedicated cybersecurity-focused generative AI models. These trends expose IT service providers, especially MSPs, to cost volatility, operational risk, and new governance challenges as generative AI transitions from experimental implementation to core workflow tooling. Primary evidence includes Anthropic's revised pricing strategy, which replaces predictable licensing with usage-based billing, introducing financial unpredictability for heavy users. The episode cites reporting from The Verge and The Guardian, noting that AI-generated outputs can create hidden labor through the need for manual review and corrections, while undetected errors escalate into operational disputes and rework. The implementation of generative AI in security-sensitive environments underscores the need to scrutinize how AI-driven processes are metered and governed. Supporting developments reinforce this shift: MSP platform providers such as Enable are embedding generative AI directly into operational workflows, connecting third-party tools to live data. This creates the need for controls over what AI systems can access, approve, and log, particularly in multi-tenant environments. Meanwhile, outcome-based service agreements—such as fixed response-time SLAs—set new client expectations for measurable performance and accountability in AI operations. The market is also rewarding those who wrap unmanaged technology surfaces, like BYOD or AI tooling, with enforceable policies and auditable evidence trails. Operational implications for MSPs include increased pressure on margins due to AI's variable usage costs colliding with fixed-fee contracts, the challenge of capturing and reporting hidden labor from AI output review, and the necessity for evidence-based governance. Service providers unable to implement and sell AI operations management (“AIOps”) as a billable, controlled service risk becoming de facto shock absorbers for unpriced spend, rework, and disputes. Those who standardize on enforceable budgets, approval gates, audit trails, and compliance-ready reporting stand to protect service margins and reduce liability exposure. 00:00 AI Cost Reckoning 02:39 AI Governance Gap 04:44 Govern or Lose 07:12 Why Do We Care?  Supported by:  TimeZest Zero Networks 

The structural shift facing MSPs is the rapid movement from the traditional “model era” to the “orchestration era,” driven by accelerated adoption of artificial intelligence (AI) and changing vendor enablement programs. This transition is fueled by companies such as Salesforce and technology directions from hyperscalers, with emerging research from the Futurum Group indicating that AI is not only enabling automation but also redefining service delivery models and expanding the roles required from channel partners. Vendors are continually accelerating product and service updates—cited as multiple releases per year—which is shortening adoption cycles and pressuring MSPs to adapt at a speed not previously required. Primary evidence centers on the introduction of the “Frontier partner” concept, which refers to AI-first, outcome-driven service organizations moving beyond hours-for-dollars into models focused on deep technical co-development with clients. According to research referenced by Tiffani Bova, 85% of MSPs expect AI consulting to be a top growth driver. However, there is a documented gap between expectation and execution, with adoption lagging despite broad anticipation. The episode highlights that small businesses may adopt AI more quickly than large enterprises due to operational flexibility, but both MSPs and clients face substantial risk if internal skills, governance, and data practices do not keep pace. Supporting developments include ongoing commoditization of standardized IT support, as self-healing technologies and direct vendor intervention decrease the margins associated with legacy break-fix and support models. The episode also points to the increasing importance of data quality, governance, and sovereignty as core requirements for realizing value from AI tools. New operational hazards arise around energy consumption for compute, increased complexity from multi-vendor agent orchestration, and persistent risks linked to security governance as clients independently adopt AI solutions—sometimes beyond the reach of MSP controls. Operationally, these shifts increase vendor dependency and drive up the need for continual skills renewal within MSP organizations. Pricing for traditional services faces compression, placing more emphasis on adding value layers such as data orchestration, AI-driven workflow optimization, and governance consulting. Service providers are exposed to heightened contract risk when AI outcomes diverge from human oversight, and are required to implement new governance practices to manage data quality and security concerns. The key risk is that lagging adaptation could convert opportunity into obsolescence, particularly as both vendors and clients accelerate their pace of change. Supported by: ScalePadZero Networks  

A structural shift is occurring as artificial intelligence transitions from being a tool for generating output to one that executes tasks across IT environments, significantly increasing the demand for robust governance and infrastructure controls. This mechanism is illustrated by the rapid integration of agentic automation into operational platforms, with vendors such as Kyndryl (Agentic Service Management) and SolarWinds (SW1) positioning their AI systems as operational teammates capable of autonomous action. Analysts from firms like Omnia and AvePoint highlight that the product focus is no longer the agent or AI capability itself, but the enforcement layer—encompassing identity management, permissions, logging, quota enforcement, tenant boundaries, and approval workflows. A consequential development is the increased operational burden on networks, as agentic automation increases background and automated traffic. According to Imperial's Bad Bot report, automated traffic now exceeds 51% of all internet activity. Analyst firm Omnia and Lumen CEO Kate Johnson stress that the capacity of underlying networks, and not just compute resources, is becoming a hard constraint for scaling AI-driven operations. For MSPs, this manifests as tangible increases in bandwidth contention, authentication events, and noise in security tooling, leading to resource constraints and increased pressure on triage and incident response. Complementary developments reinforce this shift. Enable is rolling out direct AI operational integration in N-Central and Insight through a custom context protocol, while OpenAI is updating its agents' SDK to include sandboxing and distribution harnesses for stricter boundaries. The New Stack underscores NIST's recommendation for layered controls, least privilege, network segmentation, and tamper-resistant, replayable logging to contain the risks associated with agentic automation. Research cited by the AI Journal finds that governance and compliance, rather than technical skills, are currently the top barriers to reliable AI adoption among MSPs, driven by the complexity of multi-tenant environments and the requirement to prove control and recoverability. For MSPs and IT providers, these shifts introduce direct operational and contractual risks. Relying on default vendor models without explicit policy ownership or proof-of-execution effectively transfers liability without control. Practical considerations now require MSPs to define approval models, enforce least privilege, audit agent actions, establish recovery playbooks, forecast network and compute demand, and clarify quotas and overage terms in service contracts. Unbounded and unaudited automation is becoming a commercially unacceptable risk, comparable to operating critical systems without proper backups. 00:00 AI Tax: Networks 04:35 Scaffolding Over Models 07:45 Agents Eat Margins 10:05 Why Do We Care?  Supported by:  ScalePadTimezest

A structural shift is underway in the managed services sector as venture capital firms move beyond traditional software and vendor investments to fund MSPs directly. This change is exemplified by investments from firms like Andreessen Horowitz, General Catalyst, and Thrive Capital into MSP-specific companies such as Treeline, Titan, and SHIELD. The driving mechanism is the perceived profit potential at the intersection of advanced AI technology and service delivery, with investors targeting AI-native operational models rather than standard rollups or inorganic growth strategies. The episode's primary evidence centers on Andreessen Horowitz's $25 million investment in Treeline, marking its entry alongside previously funded firms Titan (with $74 million from General Catalyst) and SHIELD (over $200 million from Thrive and ZBS Partners). According to Speaker A, Treeline employs proprietary AI-driven service desk automation and reports resolving 98% of help desk requests with AI, altering the economics and labor requirements for traditional MSPs. Unlike rollups, Treeline is focused on organic growth, leveraging targeted acquisitions primarily for talent rather than client base expansion. Supporting developments include the parallel strategies of Titan and SHIELD, which also integrate Silicon Valley AI expertise and homegrown tooling to drive operational efficiency. While these companies currently deploy AI internally for service automation, Treeline distinguishes itself by offering customer-facing AI-powered MDR and compliance services immediately. All three firms reflect the shift towards vertically integrated models where software, service automation, and client-facing solutions are developed and deployed in-house, creating potential competitive pressure for both traditional MSPs and larger private equity-backed consolidators. Operationally, these developments introduce risks around increased pricing pressure, labor model disruption, and a potential skills gap for MSPs reliant on off-the-shelf tooling. The focus on organic growth and deliberate scaling by new entrants like Treeline signals that the transition for incumbents is not immediate, but the need for MSPs to evaluate their AI adoption strategy is acute. Relationships alone are unlikely to differentiate providers in the long term; practical safeguards must include closing operational efficiency gaps, building internal AI capability, and considering cooperative models to maintain autonomy while reducing risk of margin erosion or client loss. Supported by: Zero NetworksCometBackup

The episode reveals an accelerating structural shift toward infrastructure dependence and liability transfer in the context of AI and cloud adoption. According to analysis from Omnia and Synergy Research Group, hyperscalers such as Amazon, Microsoft, and Google are capturing a growing portion of global data center capacity, while real-world constraints—including finite GPU and power availability—are limiting expansion despite surging demand. This concentration makes the underlying compute power less elastic and more volatile, directly impacting how MSPs operationalize AI services. Vendors, meanwhile, are backing away from accountability for AI-driven outcomes, increasingly shifting risk and responsibility onto operators and integrators. Supporting evidence includes Omnia's report of a 29% year-over-year jump in global cloud infrastructure services spend, reaching $110.9 billion in Q4 2025. AWS revenue increased 24%, Azure 39%, and Google Cloud 50% in the same period. Synergy Research Group found that enterprise on-premises data centers dropped from 56% of global capacity in 2018 to 32% by the end of 2025, with projections to fall further to 19% by 2031. Over 800 new hyperscale data centers are in the pipeline, but constraints on power and electrical equipment mean growth is not limitless. New AI workloads—such as Z AI's GLM 5.1 model designed for autonomous, multi-hour tasks—underscore that demand is moving from short interactions to long-running processes, increasing unpredictability and operational risk. Additional developments reinforce this structural shift. TechCrunch reported that new tools are designed for prolonged AI workload monitoring, not just deployment, requiring persistent oversight and checkpoints. Microsoft's own Copilot terms flag the platform as for entertainment purposes only, disclaiming reliability and placing responsibility for business use on the operator. Research cited from Boston Consulting Group identified that 14% of workers using AI tools reported significant mental fatigue, with entry-level staff especially vulnerable. These trends highlight the operational and human governance burdens introduced by AI, which are not addressed by vendor promises. For MSPs and IT leaders, these mechanisms create immediate contract and operational risks. Overpromising capacity or reliability exposes providers to gaps in liability, especially since vendors disclaim responsibility for AI outputs. Service agreements should include explicit capacity constraint clauses and audit all AI tool deployments for vendor liability terms before renewals. Establishing governance, monitoring, and accountability as billable service layers is crucial; otherwise, these burdens will default to the MSP as unpaid liability. Hybrid and colocation strategies remain relevant for regulated clients who cannot wholly depend on hyperscalers. Moving forward, structured runtime quotas and compute governance may be required to manage risk as agentic workloads increase and vendor accountability recedes. 00:00 Cloud Capacity Crunch 03:53 Agentic AI Rises 05:32 Liability Shifts Down 08:34 Why Do We Care?  Supported by:  Nerdio ScalePad 

Tightening budget constraints and rising data trust requirements are increasing operational pressure on managed service providers by shifting risk and accountability downward through the service chain. Developments in both the European and US markets, together with supply chain volatility and heightened scrutiny of where and how data is handled, are forcing MSPs to redefine both service delivery and governance models. According to Speaker A, MSPs focusing on auditability, clear data residency, and sovereignty will remain viable, while those relying on traditional narratives or ambiguous transformation pitches risk being sidelined. The episode points to evidence from several reports: Politico notes that 8 out of 10 Europeans do not trust US or Chinese firms with their data, highlighting explicit concerns over data location and custodianship. Concurrently, the U.S. Chamber of Commerce Small Business Index, cited by Axios, shows declining confidence among American small businesses, with only 37% expecting new investments and 53% listing inflation as their top challenge. Further, Channel Insider flags “memflation,” with DRAM and NAND prices expected to rise 125% and 243% respectively by 2026, intensifying margin pressure and pricing risk for operators. Additional risk drivers come from both operational and technical layers. Speaker A references the Blackpoint Cyber 2026 threat report, which attributes most breaches to the abuse of trusted credentials and tools—such as RMM solutions and SSL VPNs—rather than new vulnerabilities. Governance gaps are also worsened by declining white-collar hiring, as cited by Gallup and Axios, reducing internal capacity for vendor reviews, incident follow-up, and process controls. Increased automation and outsourcing in response to these gaps tend to create more dependency chains and larger blast radii, making explicit governance even more important. For MSPs, these findings point to operational needs that go beyond technical capability. Contract terms must address volatile input costs directly, with shorter quote validity and explicit repricing clauses. Governance processes should include audit-ready data maps, clear documentation of subprocessors, and proactive credential management. Without these measures, MSPs risk being treated as interchangeable commodities and exposed to margin compression and heightened liability from external compliance and trust requirements. 00:00 SMB Caution 03:48 Coordination Crunch 06:24 RMM Exposed 09:36 Why Do We Care?  Supported by:  Zero Networks HaloPSA 

The episode focuses on the ongoing collapse of traditional software and service delivery layers, accelerated by the introduction of agent-based artificial intelligence (AI) solutions. According to Speaker B from Tectonic, legacy systems and accumulated technology debt create significant structural pressure on IT providers to modernize, while rapidly advancing AI technologies modify the interface between clients and service providers. The discussion specifically identifies agentic AI as a driver of this shift, fundamentally altering the nature of tasks such as software development, help desk support, and client interaction. A key development discussed involves the replacement of costly, static integrations with dynamic agent-based processes. Speaker B provided a real-world example in which AI was used to transfer data from an ERP system to a bank, bypassing the ERP vendor's $50,000 per year API licensing model and executing the required workflow with approximately eight hours of labor. This case shows how AI is already enabling both operational cost reduction and workflow acceleration, but only when organizations are able to clearly define outcomes and trust new toolsets over legacy infrastructure. The shift is confirmed by observable adoption among some industrial and B2B clients, even as highly regulated sectors include strict no-AI clauses in contracts. The episode also surfaces secondary pressures such as resistance within higher education and government to AI adoption, citing explicit prohibitions in master service agreements. Despite this, organizations focused on increasing workflow velocity are expressing demand for AI-driven automation, highlighting a growing fragmentation in market readiness and adoption strategies. The ongoing reduction in reliance on software interfaces is paralleled by a convergence of roles such as account management, support, and delivery, which further impacts staffing models and operational expectations. For MSPs and IT leaders, these shifts increase the need for robust governance frameworks and risk evaluation when implementing AI. The rapid obsolescence of some technical roles, combined with accelerated depreciation of legacy systems, presents tradeoffs in investment and resource allocation. Providers will need to revisit hiring priorities—focusing less on technical troubleshooting and more on problem scoping, communication, and business analysis. The presence of complex client requirements and explicit contract exclusions of AI further complicate operational planning, reinforcing the need for accountable transition strategies and mature compliance safeguards. Supported by:Zero NetworksHaloPSAScalePad

The episode identifies a structural shift in the MSP business model: security is no longer a discrete service or line item but has become the organizing principle for operations and accountability. This is driven by an industry-wide trend toward increased automation in both attack and defense, as well as a shift in liability and accountability from vendors to the MSPs themselves. Companies such as Acronis and Anthropic are highlighted for introducing tools that increase the rate and automation of threat discovery, while research and market analysis by Watchguard and Jay McBain indicate that the capacity to remediate, rather than discover, security threats now forms the operational bottleneck. The most consequential development referenced is the acceleration of security automation and vulnerability discovery, specifically through Anthropic's Project Glasswing and Watchguard's reporting of a 1,500% surge in new endpoint malware variants. Anthropic's approach—limiting broad release of its model due to potential misuse for rapid exploitation—was supported by partnerships with cloud and technology firms like AWS, Apple, Google, and Microsoft, backed by up to $100 million in usage credits. Watchguard's data demonstrates that while threat discovery is increasing, the rate of remediation has not kept pace, creating a supply-demand imbalance in skilled security operations. Further reinforcing this trend, Acronis has promoted a 24x7x365 Managed Detection and Response (MDR) tool positioned to let MSPs deliver always-on monitoring without managing a full security operations center. Meanwhile, broader channel and delivery ecosystem analysis by Jay McBain emphasizes that partners, rather than platform vendors, bear primary responsibility for steady-state customer environments. This confluence of developments shifts the value—and the risk—onto the operational capabilities and governance structures of MSPs. Other referenced solutions, such as Zero Networks' microsegmentation, underscore that containing damage, not just preventing access, is a new business imperative. The operational implication for MSPs and IT providers is a shift from measuring security by tools deployed to measuring and pricing security by demonstrated remediation throughput. Service contracts will need to specify not only what solutions are deployed, but also explicit commitments on response times, closure rates, and SLA-backed operating motions. A lack of clear remediation commitments raises unpriced liability as discovery rates outpace closure capacity. Providers are encouraged to separate vulnerability discovery reporting from remediation progress, build reporting layers that highlight closure rates, and reconsider flat-fee models that do not account for increased operational workloads and accountability risks. 00:00 Closure Is Finite 04:10 Close the Gap 06:32 Govern or Absorb 08:57 Why Do We Care?  Supported by:  Zero Networks ScalePad 

The central structural shift examined is the widening disconnect between the vendor-driven narrative of rapid AI monetization and the operational reality faced by MSPs, as exposed by recent research from GTIA and CompTIA. Despite pervasive messaging from technology vendors that AI features are ready for seamless integration and immediate profitability, survey data indicates that most MSPs remain in early adoption stages, lack tangible processes to operationalize AI, and are stymied by workforce and workflow constraints. Supporting evidence is drawn from CompTIA's data showing that 70% of businesses are still in early AI adoption stages, and only 55% of MSPs expect to turn a profit on AI initiatives in the near term—up from 34%, but well below vendor promises. The majority of current AI activity remains at the individual user level rather than embedded in business-wide workflows, restricting quantifiable ROI and limiting the visibility of productivity gains. Both Speaker B and Speaker C emphasized that most MSPs do not yet have the organizational capability or maturity to move beyond experimentation to operational deployment and monetization. Related developments further illustrate this operational gap. Research cited by Speaker B highlights that only a subset of larger MSPs with more resources have been able to achieve early success with AI, while most are still grappling with process integration, pricing strategies, and talent acquisition. Both GTIA and CompTIA reports suggest that optimism among firms about AI's potential is running ahead of genuine structural change, with workforce shortages, undefined internal governance, and difficulties in business model adaptation acting as durable barriers. Market sentiment remains positive, but actual organizational transition lags significantly, especially among smaller MSPs. Operationally, this environment introduces heightened risk for MSPs who overcommit on vendor promises without aligning internal processes, workforce strategy, and governance. Dependencies on vendor-supplied AI tools expose firms to pricing uncertainty and potential margin compression, especially as clients begin questioning the value proposition when human roles are replaced by automation. Without formalized internal AI governance and skill development, most MSPs face mounting challenges in demonstrating measurable ROI, adapting delivery models, and sustaining service margins. The implication for decision-makers is the need for prudent, phased adoption—prioritizing internal process maturity and realistic expectations over rapid adoption in response to vendor pressure. Supported by: CometBackUpTimeZest

The episode identifies a structural shift in the evaluation and deployment of AI within organizations: decision-making is now driven by governance, control, and auditability rather than by features or capabilities of AI tools. This mechanism is anchored in the need for defendable practices amidst heightened scrutiny from institutions, regulators, and insurers. The change is observable in companies such as Anthropic and OpenAI, as well as in regulatory and procurement activities tracked by outlets like The New York Times and Business Insider, signaling that market adoption is tightly coupled to liability, enforcement, and institutional risk visibility. A primary area of evidence is cybersecurity, where state-sponsored attackers have leveraged AI to automate infiltration attempts, according to reporting on Anthropic's disclosures concerning Chinese actors targeting dozens of companies and agencies. The same sources note that Anthropic's AI identified over 500 previously unknown zero-day vulnerabilities in open-source software, demonstrating increased operational tempo and automation on both sides of the cybersecurity equation. In procurement, declining app download metrics for Claude, following its involvement in U.S. security policy narratives, showcase how reputational and geopolitical risk can quickly alter adoption patterns. Additional developments reinforce this trend. Machine learning conferences have systematically audited and penalized the use of AI-generated peer review, leading to hundreds of paper rejections and mass article retractions, according to Semaphore and Nature. On the hardware front, HP, AMD, and Intel are collaborating to address BitLocker vulnerabilities via an industry standard rather than proprietary features, illustrating how vendors are responding to systemic risk through structural controls and standards. Channelholic's references to workforce limitations underscore that automation's workload cannot be absorbed by labor alone. For MSPs and IT service providers, these developments mean the core value proposition shifts from offering AI tools to governing their use, ensuring full documentation, traceability, and defensibility. Failure to treat this as a governance issue leads to underpricing, overlooked controls, and transfer of liability for autonomously executed actions. Providers must now develop acceptable use policies, audit AI agent activity logs, and systematically vet vendors on audit trail, policy, and breach notification—otherwise risking exclusion from regulated deals and exposure to contractual and compliance penalties. 00:00 The Visibility Problem 03:45 Platform Lock-In 06:30 Governed or Liable 09:35 Why Do We Care?  Supported by:  CometBackUp and TimeZest

Automation and AI are shifting the pricing and accountability models for managed service providers, with risk increasingly centered on governance, workflow coherence, and outcome measurement rather than tool deployment. Evidence from studies like Fixify, reports from ChannelLive, and real-world cases such as the City of Seattle's pause on Microsoft Copilot rollout highlight that technology adoption is now gated less by access to solutions and more by readiness to govern, coordinate, and prove outcomes across fragmented processes. Automation exposes underlying coordination debt, moving the client focus from paying for labor time to demanding measurable outcomes and managed exceptions. Fixify's analysis of more than 50,000 support tickets from 30+ organizations showed tickets with at least 75% automation saw average resolution in 4.4 hours versus roughly three days for non-automated tickets. Data cited from OpenAI found that 93% of London SMBs use AI tools, but readiness and uptake are highly uneven within the UK. In Seattle, more than 450 labor hours per week were reported saved during the Copilot pilot, yet adoption was paused due to concerns over data governance and accountability for errors, not tool capability. According to coverage in GeekWire and IT Pro, these dynamics are shifting buyer expectations and vendor liabilities. Supporting developments include security concerns outlined by Kaseya's INKY report, which highlights the normalization of AI-generated phishing and changes in attack formats, forcing defenders to rethink detection and response. The operational surface of automation—where AI reshapes data, not just moves it—means standard controls and classic alerts are increasingly bypassed. Reports from Information Week and experts such as Dan Lorman emphasize that accountability for exceptions, shadow AI usage, and data exposure is shifting by default onto providers, whether or not contracts address these risks. These trends mean MSPs face direct operational and contract exposure: clients and auditors are demanding proof of how AI touches data, how exceptions are handled, and where logs and controls exist. Pricing based on seats or tickets is becoming harder to defend as automation compresses labor and raises expectations for accountability. Providers must reconsider SLAs, explicitly define automation boundaries, charge for governance activities, and move toward outcome-based pricing models if they want to avoid absorbing unpriced liability and operational complexity. 00:00 Automation Divide 04:27 Coordination Debt 06:01 Automation Liability 09:18 Why Do We Care?  Supported by:  JumpCloud HaloPSA   

The episode exposes a structural shift in the MSP sector toward increased commoditization and infrastructure dependence, with an industry trend favoring outsourced, app-focused service delivery over internal technical depth. Protected Harbor, led by Richard Luna, is presented as a counterpoint—running its own infrastructure and software, and prioritizing ownership of the technical stack rather than relying extensively on third-party platforms. Luna argues this industry-wide movement has created a market where low entry barriers and rented, commoditized solutions undermine differentiation and inflate operational risk. Central to the discussion is the declining emphasis on technical generalists within MSP organizations, replaced by hyper-specialization and a proliferation of app resale as a service model. Luna attributes industry-wide declines in service quality and net promoter scores (typically ranging from 30–38 for MSPs) to these trends, suggesting the loss of generalist skills erodes problem-solving capacity and increases reliance on external vendors for core functions. He states that running owned infrastructure and open-source tools allows for tighter cost controls, standardization, and faster response to operational events—a contrast to MSP models that outsource most functions. Supporting developments include a detailed critique of the risk dynamics associated with using hyperscale vendors for client-facing services. Luna distinguishes between utility-grade services like power, which can be outsourced without significantly affecting the customer relationship, and services closer to the client experience (e.g., remote access, help desk, data workflows) that, if outsourced, reduce both control and differentiation. Additional risk surfaces are highlighted with the integration of AI and automation, especially when MSPs use large public models that may ingest sensitive client data and create potential information leakage or competitive exposure. The operational implications for MSPs and IT leaders include heightened vendor dependency, expanding contract risk, and declining service quality when organizations prioritize app resale and specialization over in-house competency and direct infrastructure management. To mitigate these risks, the episode suggests MSPs should reassess which functions to control internally versus outsource, invest in developing technical generalists, and scrutinize the downstream effects of workflow automation and AI adoption—especially regarding client data privacy, model training, and real-time operational accountability.

The episode highlights the increased operational complexity and governance burden resulting from the fragmented adoption of AI and hybrid, multi-platform environments in IT service delivery. Companies such as Proton (with Proton Workspace) and governance platforms like KiloClaw represent the expanding landscape of tools requiring oversight, while core productivity platforms continue to diversify. Research from Westcon-Comstor, Forrester, and Gartner, as reported by Dave Sobel, demonstrates that AI is not a turnkey solution but introduces a new operational surface area that must be actively managed. Channel Dive's Westcon-Comstor survey of 500 MSP and cloud decision-makers found that almost a quarter see cloud migration and management as their main revenue opportunity, but over 30% identify cross-platform data management as the top challenge. Security and governance pressures follow closely. Forrester data shows only a marginal increase in prompt engineering proficiency, while most employees report that AI increases workloads rather than reducing them, indicating persistent process fragmentation and unclear roles. VentureBeat cited Intuit's observation that successful AI adoption is characterized not by autonomy, but by controlled execution where humans maintain accountability for judgment and exception handling. Supporting this, products like Proton Workspace are fragmenting the core productivity stack, and the emergence of “shadow AI” (where personal AI agents operate outside formal governance) is driving organizations to deploy governance tools such as KiloClaw. According to research cited from Front, 93% of companies are using AI in customer operations, yet 71% report significant AI-related issues in the past three months, indicating that poorly governed automation increases handoffs, exceptions, and escalations which often default to MSPs to resolve. For MSPs and IT service providers, these trends translate into an expanded responsibility for governing the automation and AI layers within client environments. When MSP contracts and service definitions fail to specify the scope of coordination, exception handling, and governance for AI and automation tools, the provider risks absorbing significant unmetered labor and liability. The episode emphasizes that governance tooling should be viewed as temporary infrastructure and not a core component of an MSP practice. Providers should audit client environments for AI exposure, review contract terms, and prepare to offer explicit, separately priced control layers as customer demand for governance outcomes increases. 00:00 Stack Fragmentation 02:56 Human-Bounded AI 04:25 Coordination Tax 07:18 Why Do We Care?  Supported by:  CometBackup HaloPSA 

The episode highlights a structural shift from MSPs managing infrastructure to supplying, designing, and maintaining AI-driven agents, raising new questions of accountability and operational risk. As AI agents evolve from assistive chatbots to supervised and potentially autonomous systems, the channel faces liability transfer, governance gaps, and an increased need for systems architecture competence. Companies referenced include Klarna, which serves as a cautionary tale for poor AI design, and vendors such as OpenAI, Anthropic, and Microsoft, all of whom are engaged in moving the market toward agent-based operations. The most consequential development detailed is the shifting liability for AI-driven outcomes: agent builders and MSPs become responsible for unintended actions, errors, or hallucinations produced by deployed agents. Clarifying accountability is necessary as incidents—such as email mishandling or unauthorized decisions by AI agents—do not absolve the MSP of responsibility. Recent discussions indicate few cases where foundational technology vendors are held liable; usually, the burden falls on those who deploy and support AI agents for clients. The episode cites Klarna's experience as a failure of design thinking, emphasizing that the design of agents—beginning with the end in mind—is key to mitigating risk. Supporting developments include the segmentation of AI solutions across SMB, mid-market, and enterprise clients, with complexities scaling as MSPs attempt to transition from simple assistive AI to supervised and fully autonomous agents. The episode notes that fewer than 5% of deployed agents are fully automated, and security vendors are increasingly involved in AI governance, risk, and compliance (GRC) due to the importance of data governance in AI projects. Regulatory coverage and insurance gaps are recognized, with advice for MSPs to re-examine their E&O policies and move toward frameworks for AI trust and transparency. Operational implications for MSPs and IT service providers are concrete: providers must reconsider contract exposure, review insurance coverage, and invest in AI governance mechanisms such as agent oversight and auditing. Price-to-value methods are recommended over simplistic per-agent or per-hour billing, requiring sophisticated project scoping and market analysis. The episode underscores that MSPs cannot rely solely on vendor solutions for risk mitigation—service providers are ultimately accountable for AI outcomes delivered to clients, necessitating operational safeguards and human-in-the-loop design wherever possible. Supported by: ScalePadZero Networks

The dominant structural shift highlighted is the movement of value from AI-driven features to the ownership and governance of the control plane—specifically, entities that set boundaries, maintain proof, and keep automated workflows within defined limits. This shift is evidenced by workforce polling from Quinnipiac University, business formation trends tracked by the Bank of America Institute and Census Bureau data, and product launches from vendors like TeamViewer and KnowBefore. These developments underscore a growing reliance on automation where traditional human oversight is minimized, and technology increasingly assumes direct control over work execution. The episode details workforce sentiment, citing a Quinnipiac University poll where only 15% of respondents expressed willingness to work for an AI boss, and 70% anticipated AI would reduce job opportunities. Bank of America Institute data notes a 15% year-over-year increase in high propensity businesses—those likely to launch—while businesses planning to hire have fallen by 4%. TeamViewer has introduced TIA Reporting, which generates dashboards via natural language prompts, reducing specialist requirements. KnowBefore's ADA Orchestration automates security awareness scheduling and execution, reportedly shortening setup times from hours to seconds. These examples show how vendors are deploying AI tools that replace specific manual oversight with algorithmic management. Supporting developments reinforce the governance gap. According to a CIO Dive report, 96% of C-suite leaders expect productivity gains from AI, yet 77% of employees report increased workloads, signaling misalignment between leadership intent and actual outcomes. Tech Bullion reveals 60% of organizations have AI integrated in at least one core function, with 65% using generative AI regularly, but fewer than a quarter have operationalized ethical AI frameworks. The Verge covers enhancements to Anthropics' tools that embed guardrails where organizational controls are lacking. Additional survey data from TechCrunch shows that usage of AI is growing while trust in its outputs remains weak; only 24% of respondents trust AI most of the time. Operationally, the implication is clear for MSPs and IT leaders: as organizations reduce human oversight and delegate more work to automation, the auditability, accountability, and control of automated workflows become direct contractual risk. Control layers—such as logging, exception handling, approval thresholds—must be productized and priced, not treated as informal advisory work. Liability for automation failures must be clearly assigned and managed through contractual terms, with automation incident response separated from standard support. Without enforceable governance and evidence of control, MSPs risk absorbing unpaid remediation work as clients expect both automation benefits and assurance of outcome. 00:00 Bossless Workforce 03:22 AI, No Guardrails 05:45 Govern or Absorb 08:41 Why Do We Care?  Supported by:  Nerdio HaloPSA