Business of Tech

The episode details a tightening regulatory environment driven by new enforcement timelines for Cybersecurity Maturity Model Certification (CMMC), altering how MSPs and IT service providers are expected to deliver both compliance and operational services for U.S. defense contractors. Structural pressure stems from the Department of Defense making CMMC Level 2 compliance a contractual mandate for approximately 300,000 defense contractors, shifting risk and accountability towards providers who manage compliance workflows, technical environments, and client behaviors. C3 Integrated Solutions and their dual CMMC Level 2 certifications exemplify this transition, with clear implications for co-ownership of compliance outcomes and increased scrutiny on provider practices. The most consequential development is the substantial gap between compliance requirements and the current readiness of the defense contractor base. As of early 2026, only around 8% of contractors have obtained CMMC Level 2 certification, despite enforcement being implemented in contracts starting in November of the same year, according to Dave and Jason. Challenges arise from cost, organizational bandwidth, and complexity, with MSPs serving as pivotal partners to small subcontractors lacking in-house resources for process documentation and change management. Assessment scheduling bottlenecks and insufficient documentation are delaying certifications, increasing risk that many contractors and their service partners will miss the rapidly approaching deadlines. Related developments reinforce the central issue of operational risk and governance complexity. Jason Tierney illustrates the difference between technical compliance and true assessment readiness, citing real-world examples where insufficient evidence and poor understanding of process details lead to significant assessment delays. The rise of compliance-as-a-service offerings, enclave computing environments, and specialized governance tooling are attempts to address those gaps, but also introduce new layers of pricing, platform selection, and accountability concerns, especially when third-party tools fail to meet strict requirements such as FedRAMP moderate for handling sensitive data. For MSPs and IT leaders, the shift imposes higher barriers to entry, increased legal and contractual exposure, more rigorous documentation and process controls, and the need for customized delivery models that support both technical defenses and organizational behavior change. Providers must navigate conflicting requirements between specialized regulatory environments and multi-tenant tooling, manage escalating costs for both themselves and clients, and clarify responsibility boundaries in shared compliance scenarios. The requirement for human oversight—particularly in automated or AI-assisted compliance tooling—remains non-negotiable, reflecting the ongoing gap between technical implementation and credible assessment outcomes. Supported by:CometBackupMoovilaHaloPSA

The structural shift outlined in this episode is the rapid evolution of search and productivity interfaces from static query tools to agentic platforms capable of autonomous action, oversight, and automation. Companies such as Google are redesigning search at the interface level, integrating multimodal input and agentic workflows powered by AI models like Gemini 3.5 Flash. The dynamic is not competition at the model level, but rather a pivot toward which provider can offer policy enforcement, cost controls, compliance, and documented governance over increasingly complex agent-driven environments. The most consequential development is Google's redesign of its search box for the first time in 25 years, transitioning to an AI-powered, chatbot-style interaction that can process longer prompts, images, files, and monitor tasks directly within the browser. According to New York Times and Channel Life New Zealand, this change embeds AI agents as defaults in the workflow, underpinned by Google's commercial growth—ad clicks up by 6%, cost per click up 7%, with profits over $132 billion since 2022. The shift is visible in adoption data as well: ChannelDive reports Anthropic's Claude overtook OpenAI's GPT suite for business usage, while Gartner forecasts $2.59 trillion total AI spending in the year, but only $33 billion is model-specific. Supporting developments reinforce risk and operational complexity as AI transitions into core business processes. Channel-focused reports note that vendors are offering managed agent services, operational sandboxes, and white-label security operations to simplify agent deployment and lower entry barriers. OpenAI pitching “buy before you try” guarantees, and launches like Acronis Cyber Freight — promised as “predictable” and “protected by default” — reflect client demand for reliability over raw capability. Across these moves, partners and IT providers are being drawn into defining, monitoring, and governing the new automation layers, with increasing requirements for documentation, provenance, and workflow auditing. For MSPs and technology leaders, the operational implications are direct and substantive. The work now centers on defining governance frameworks—inventorying systems that can act autonomously, classifying authority and registration requirements, building audit trails, and delineating contractual boundaries for automation responsibility. Providers who approach this as standard support risk carrying unpriced operational and compliance burdens, especially in environments where unauthorized automations or unregistered connectors proliferate. The emergent requirement is to treat agent governance as a managed service, pricing it separately, and establishing clear evidence and escalation protocols to avoid absorbing blame and liability for automation-driven incidents. 00:00 Beyond Blue Links  04:30 Predictability Wins 06:39 Govern or Absorb 09:19 Why Do We Care?  Supported by:  Moovila ScalePad

Security operations for MSPs are undergoing a structural shift from simply deploying additional tools to establishing a liability-focused accountability model, where the ability to provide operational evidence of controls is becoming as critical as the tools themselves. This shift is catalyzed by corporate insurance, procurement, and third-party verification structures—such as those cited by WatchGuard, Assurix, and the NIST AI cybersecurity overlays—demanding verifiable security outcomes and alignment with external standards, rather than relying on provider assertions alone. Survey data referenced from Cybersmart and Beta News reveals that 75% of MSPs experienced at least one breach in the past year, while 54% endured multiple incidents; concurrently, SMB buyers state security is a top priority, but only 13% of microbusinesses operate proactively. According to WatchGuard's global survey of 842 professionals, 94% of clients using dedicated MSPs feel adequately protected, yet 58% indicate intent to change providers within three years—highlighting a disconnect between perceived and delivered value. The emergence of Assurixs' live MSP Trustmark, based on 64 operational controls, further formalizes evidence requirements as market prerequisites. These dynamics are reinforced by shifts in insurer behavior and regulatory alignment. Huntress and Acrisure are collectively rolling out a cyber insurance package contingent on adoption of Huntress's managed detection and response, explicitly tying coverage eligibility to verifiable provider-side controls. The maturing of NIST's AI cybersecurity overlays introduces new standardized control checklists likely to become operational requirements. Additionally, reports from Omdia and MSP Channel Insights note that vendor ecosystems are now rewarded for integrating security as an outcome with automation and multi-tenant integration—reflecting market demand for reliable, defensible evidence of controls. For MSPs and IT leaders, these developments drive the need to restructure contracts to clearly delineate evidence obligations, manage liability exposure, and price evidence production as a formal deliverable rather than as unreimbursed support. Failing to do so risks absorbing unfunded post-incident evidence work, margin erosion, and loss of control over the security value conversation. Operationally, maintaining live accreditations, standing up a formal evidence management function, and explicitly excluding unmanaged SaaS, identity, and AI workflows from baseline service tiers are becoming necessary to maintain profitability and accountability. 00:00 Breach, Then Switch  04:52 SaaS Blind Spot 07:16 Prove or Pay 10:24 Why Do We Care?  Supported by:  Zero Networks HaloPSA   

The dominant structural shift highlighted in this episode is the migration of AI from experimental tools into directly embedded workflows within widely used small business platforms. Vendors like Anthropic, with its Claude for Small Business connectors to QuickBooks, HubSpot, Canva, Google Workspace, and Microsoft 365, are abstracting away technical complexity by offering concrete, prebuilt automations that address specific business processes. This embedding moves operational risk and ambiguity from model selection to the permissions layer, where control, oversight, and accountability become central concerns for providers supporting these environments. A key supporting development is Anthropic's rapid market penetration, with the VentureBeat-cited Ramp AI Index reporting 34.4% business adoption of Claude in the US—outpacing OpenAI's 32.3%. The implication, reinforced by research from the Global Technology Industry Association, is that AI service revenue is rising sharply, but only 30% of IT service providers in the UK and Ireland report fully integrating AI into their models. Simultaneously, governance gaps are being exposed: The Register notes user data may be employed for model training unless privacy settings are proactively changed, leaving operational risk exposed through default configurations. Additional developments reinforce the risk and accountability shift. OpenAI has established a subsidiary focused on direct deployments and implementation, seeking to guarantee quality and consistency in enterprise integration. CIO Dive references Palo Alto Networks research indicating 77% of CIOs claim AI risk management confidence, yet only 30% have real usage visibility, and 62% cite rogue agent concerns. The discussion connects these risks back to routine SMB operations, where AI-enabled workflows can act on core business data, increasing MSP proximity to liability and making explicit who controls connectors, permissions, and incident response documentation. For MSPs and IT service firms, the operational consequence is that supporting AI-enabled platforms now obligates them to establish and document governance, inventory, data access, and approval processes. Risk shifts from abstract model performance to concrete operational exposure, especially as AI systems interconnect with finance, identity, communication, and other high-stakes subsystems. Providers lacking scoped service definitions and contractual clarity face unpriced liability, while those that implement billable AI governance frameworks—such as audit templates, privacy reviews, and incident-ready contracts—are positioned to address demand from clients, auditors, and insurers. Neglecting these steps is likely to result in exposure to vendor-driven terms and diminished operational standing.   00:00 Workflow Takeover   04:20 Readiness Crisis 06:24 Govern or Expose 11:13 Why Do We Care?    Supported by:  NerdioScalePad 

The episode highlights a structural transition from software systems that record tasks to platforms that actively participate in business decisions, particularly through agentic AI in procurement. This shift is anchored in the adoption of AI-driven SaaS solutions by mid-market organizations, as seen with Procurify, which reports managing over $100 billion in organizational spend. The mechanism moves beyond basic automation, assigning software agents responsibilities that were traditionally human—such as flagging compliance breaches or routing approvals—directly within operational workflows. According to Chad Gaydos, current deployments of such agentic AI commonly automate tasks like invoice detail verification, policy enforcement, and contract compliance. These developments are most prominent in mid-market environments, where limited staffing—sometimes with no dedicated procurement analysts—drives greater reliance on platforms to perform core operational functions. The focus is not on completely replacing personnel but on supplementing constrained teams and ensuring repeatable enforcement of controls, with organizations leveraging these systems to gain efficiency in both cost and process governance. Additional points discussed reinforce the central shift, such as the distinctive pace of adoption among mid-market firms compared to enterprises. He identifies that smaller organizations often approach these technologies with greater agility and willingness to accept risk, while also displaying heightened dependency on system trust and governance frameworks. The episode also references "frontier firms" co-defined by Microsoft and Procurify, characterized by their forward-leaning adoption of AI and structured standards for technological governance. Variability in governance, auditability, and trust across different organization sizes underlines the operational diversity in adopting agentic platforms. For MSPs and IT leaders, these shifts raise practical concerns around governance design, accountability for software-driven actions, and operational dependency on vendor platforms. Effective risk mitigation requires establishing audit trails, clear standards for automation versus human oversight, and robust compliance controls. Providers supporting mid-market clients should anticipate requests for prescriptive guidance on data and process governance, while also preparing for greater operational reliance on systems that automate, not merely record, business decisions.

The core structural shift described in this episode is the integration of AI as an active workflow actor within managed service environments, not simply as an isolated tool. This mechanism alters the governance and accountability requirements for MSPs, as AI now interacts directly with core business platforms and operational data. Companies like Microsoft are embedding AI features—such as Copilot and a legal AI agent—across productivity and security environments, while reports from Axios Future of Cybersecurity and The Register highlight that AI activity is increasingly touching managed identity, email, data, and security infrastructures. The episode's primary evidence centers on the adoption of AI-driven productivity and legal tools within Microsoft 365, with broad rollout timelines targeting early June. Microsoft's deployment of legal AI agents in Word—as outlined by The Register and Thoreau—demonstrates that AI is being implemented to review contracts, draft language, and check citations, embedding itself into sensitive business workflows. Additionally, Proofpoint's formation of an MSP business unit around 365 security further reflects this shift, consolidating risk and workflow management where client data, identity, and security converge. Supporting developments reinforce this trend of workflow centralization and accountability ambiguity. Vendors are introducing dashboards—such as Anthropic's Claude code agent view—that offer improved visibility into AI-driven processes; however, as noted, visibility alone does not constitute governance. The emergence of platforms like Halo PSA and features from JumpCloud exemplify the market response, where vendors and MSPs are being forced to tighten control and monitoring around AI-driven work, including automation, ticketing, and remediation workflows. The episode notes that unmanaged automation creates governance risks that operators must close. The practical implication for MSPs is a set of new operational burdens: rising margin pressure from unpriced AI governance work, contract risk if responsibilities for AI-generated actions remain undefined, and new demands for auditability, evidence retention, and workflow documentation. Providers must build inventories not only of AI tools but also the workflows they touch, define explicit service scope, and establish pricing models for governance functions. The operational tradeoff is an increasing need for infrastructure and process maturity, as the expectation of transparent, accountable AI-driven work is now a baseline for client trust and risk management. 00:00 Managed AI Risk  03:50 Scope or Absorb 06:03 Four MSP Pressures 08:35 Why Do We Care?  Supported by:  MoovilaHaloPSA JumpCloud 

The central structural shift identified is the acceleration and scaling of cyber risks due to artificial intelligence, which turns formerly expert-driven security processes into repeatable, rapid workflows. Major threat intelligence units, including Google's Threat Intelligence group, are now documenting the use of AI in both identifying and weaponizing software vulnerabilities. The landscape is further shaped by the proliferation of AI-generated and AI-assisted online content, contributing to an environment where traditional verification and control mechanisms are less reliable. The episode presents concrete evidence: Google reported criminal hackers leveraging AI models—explicitly noting the use of non-Google technology—to discover a previously unknown zero day, while The Verge and Wired highlighted AI-assisted attempts to bypass multi-factor authentication and the impact of synthetic content even within cybercrime forums. Research covered by 404 Media documented that by mid-2025, a third of newly published websites were AI-influenced. These observed changes drive threat intelligence teams to treat AI as a working hypothesis in live investigations. Additional supporting developments reinforce the broadening security and operational impact. Tools such as Proofpoint's Prism Investigator and OpenAI's Daybreak show the push toward automated threat detection, investigation, and reasoning pipelines, altering expectations from detection to defensible reconstruction and evidence generation. Analysis of supply chain compromises—such as tampered software installers and malware leveraging already-exposed cloud systems—demonstrates how automation reduces defender response windows while increasing operational pressure on providers. Reports from Small Biz Trends and channel Life show significant implementation gaps, with only a minority of small businesses deploying password managers, and a wide disparity between optimism and readiness for AI-powered security. For MSPs and IT leaders, these trends tighten operational accountability. The tradeoff shifts from focusing on technology stacks to delivering concrete evidence of patch application, identity verification, data retention, and audit support. Providers face increasing pressure to standardize verification workflows, reduce patch validation cycles, and make evidence retention a default process. The operational complexity intensifies—either the MSP develops controls to govern automation and evidentiary rigor, or becomes the default risk absorber for ambiguous, fast-moving attack paths shaped by both client and attacker use of automation.   00:00 Zero-Day  04:06 Speed Gap 06:25 Prove It 10:27 Why Do We Care?  Supported by:  Moovila Zero Networks   

AI systems are increasingly embedded as non-human participants within managed environments, driving a structural shift in operational responsibility and exposure for MSPs. This shift is characterized by the integration of AI-powered tools—such as note takers, copilots, connectors, and agents—into core business workflows and SaaS platforms. Companies like Google, Microsoft, and ServiceNow are formalizing AI governance with platform features such as agent registries, policy enforcement gateways, and cross-platform audit trails. Reports from industry sources, including Wired, Rubrik, and regulatory bodies in the EU, substantiate these developments and highlight changing expectations for accountability and control. A key finding, according to security research by Red Access and covered by Wired, is that over 5,000 publicly exposed AI-generated web apps were found on the open web, with about 40% leaking sensitive data ranging from medical records to corporate strategy documents. Rubrik's Zero Lab survey of over 1,600 IT and security leaders further reports that 86% expect AI agents will surpass existing security controls within a year, while only 23% feel they have full visibility into these agents' activities. The New York Times and legal organizations note increasing legal and evidentiary risks posed by AI transcription tools in business meetings, warning that ungoverned AI outputs may be subject to discovery in litigation and could compromise attorney-client privilege. Additional developments reinforce the governance and risk gap. Platform vendors are building more granular control and auditing features, but most client environments still include unregulated AI tools, third-party connectors, and manual overrides outside these native boundaries. Regulatory frameworks are evolving to place explicit bans on specific AI outputs and to delay implementation of high-risk AI oversight, as seen in the EU's provisional AI Act. The integration between Black Kite and Sayari exemplifies how vendors are seeking to connect risk intelligence across supply chains, but operator-level exposure often remains distributed and ambiguous. For MSPs and IT leaders, the practical implication is an immediate requirement to inventory and classify AI participants and outputs within managed domains, clarify contractual scope, and establish evidence-ready policies for audits, incidents, and legal review. Relying solely on vendor platform controls is insufficient, as clients and auditors will expect clear documentation of AI activity, data access, and policy enforcement. Many agreements are not priced or structured for AI governance and may require explicit scope adjustments, upcharges for AI inventory and policy services, and contractual exclusions for unmanaged AI activity to avoid unpriced liability. 00:00 Agents Unchecked 04:49 Control the Bot 06:58 AI Audit Risk 10:38 Why Do We Care?  Supported by:  Nerdio TimeZest   

The episode reveals a structural shift in the technology landscape: artificial intelligence is becoming a new layer of managed consumption, with measurable impact on infrastructure, contract terms, and operational accountability. This shift is illustrated by leading technology platforms explicitly metering AI usage through compute tokens, storage footprints, and local model deployments. Companies such as Alphabet, Amazon, Microsoft, and Google are integrating AI not only as features but as quantifiable workload layers, leading to economic and governance questions regarding who controls consumption and who assumes the risk of overage or misuse. The most consequential development discussed is the rapid, capital-intensive scaling of AI infrastructure by leading hyperscalers. Alphabet raised its 2026 capital expenditure guidance to a possible $190 billion; Amazon's AWS revenues rose 28% year-over-year to $37.6 billion, with quarterly capital expenditures reaching $44.2 billion— both moves directly tied to AI infrastructure investments. At the same time, endpoint and storage vendors, such as Apple and Backblaze, are experiencing elevated demand from AI workloads. On the software side, companies like Anthropic are explicitly raising API rate limits and deploying features to formalize the measurement and orchestration of AI-driven processes. Supporting developments include the migration of management and control functions into enterprise platforms and endpoint environments. Microsoft Agent 365 is now broadly available, offering admins centralized policy controls over AI agents across cloud and local machines, with integration into Intune for granular restriction and monitoring. Google's Chrome browser now automatically downloads 4GB Gemini Nano models to support local AI functions, raising new operational considerations around storage, policy management, and user approval. These developments anchor the thesis that AI is no longer a passive toolset but a consumption and policy domain that requires active oversight. Operationally, MSPs and IT service providers face heightened exposure to contract and governance risk. The presence of invisible AI consumption— in the form of storage expansion, token overages, unauthorized agent actions, or degraded endpoint performance— requires explicit clauses in client agreements and new monitoring capabilities. Providers unable to demonstrate control over AI usage, policy enforcement, and exception handling may inherit both support burdens and unresolved liability. The practical implication is clear: future margins and contract viability will increasingly depend on the ability to meter, document, and govern AI-related activities, rather than simply enabling client access. 00:00 AI Infrastructure Surge  04:17 Control Layer Wins 06:41 MSP Liability Shift 10:50 Why Do We Care?  Supported by:  ScalePad CometBackup Moovila 

The episode highlights a structural shift from traditional software licensing towards consumption-based AI billing, transforming AI adoption into a source of direct financial exposure and accountability. This mechanism is illustrated by Microsoft's new administrative controls for Copilot in Windows 11 and platform-wide integration efforts from vendors such as Apple and Amazon. The primary concern is no longer simply enabling access to AI tools, but managing their consumption, controlling costs, and clarifying responsibility for both outputs and consequences. The most consequential development centers around rapidly escalating AI costs and the difficulty organizations face in quantifying usage. According to reporting from The Information, companies such as Uber exhausted their 2026 AI budgets within months, with some daily usage costs reaching approximately $1,000 per user. Simultaneously, The Register cites a survey indicating that a majority of U.S. employees are skeptical about their employers adopting Microsoft's AI bundles, and many believe alternative tools suffice. Additionally, Apple's acceptance of a $250 million settlement regarding misleading AI claims signifies a shift from reputational to monetary accountability. Supporting developments further expose operational and governance challenges. Microsoft's 2026 Work Trend Index, cited by CNET and GeekWire, identifies a disconnect between employee pressure to use AI and leadership's lack of defined, standardized practices. Apple's movement toward a third-party extensions model and Amazon's integration of managed agents into Bedrock are designed to address platform coherence, yet they introduce dynamic complexity in model choice and cost accountability. Gartner's projections of rising IT spend tied to data center investments further reinforce the infrastructure burden associated with widespread AI adoption. For MSPs and IT service providers, these developments underscore the risks of treating AI as a standard application rather than a managed operational layer. Legacy service agreements rarely specify how AI-driven costs, data exposure, or automation errors are governed. Providers now face new expectations to separate access and licensing from governance, usage auditing, and policy enforcement. Those who adapt by offering discrete AI management services—covering monitoring, cost controls, workflow approvals, and incident review—can align compensation with responsibility, while others risk absorbing escalating vendor complexity and unreimbursed accountability within flat-rate agreements. 00:00 AI Bill Due  03:31 Culture Blocks AI 05:49 AI Accountability Gap 09:16 Why Do We Care?  Supported by:  Moovila HaloPSA 

The dominant structural shift addressed is the move of platform vendors away from competing on feature sets toward controlling the governance and billing layer that underpins managed services. This is evident in moves by Microsoft, AWS, and Kaseya, specifically with Microsoft's new licensing tier combining per-seat fees with consumption-based AI add-ons, AWS redefining managed services around agents, and Kaseya introducing action-based pricing for IT management. Analysts noted that these developments collectively place a consumption meter on previously flat-rate services, reconfiguring how MSPs and IT providers will be billed and held accountable. Primary evidence for this shift includes data from Omdia's channel media report and tracked M&A activity within the MSP sector. The report counted 169 MSP acquisitions in 2025, mirroring prior years' activity, yet identified that one acquirer—Evergreen Services Group—accounted for 47 deals, illustrating a concentration in acquisition strategies. Notably, 69% of publicly announced deals involved private equity, with the remainder pursued by independent operators. The North American channel media landscape saw significant contraction, with titles dropping from 29 to 18, despite stability in the global outlet count—attributed to both industry consolidation and AI-driven changes in content discovery. Supporting developments include growing use of AI in content production, leading to declining traffic for B2B publications as audiences increasingly access information through automated tools rather than direct visits. The rise of engagement-focused business models and shifts in acquisition criteria—such as Evergreen targeting founder-led MSPs—underscore evolving buyer strategies. Additionally, platform vendors are restructuring their product and pricing models around agent-driven and action-based billing, while shifting their external positioning to emphasize AI, intelligence, and cyber resilience. Operationally, MSPs and IT leaders face increased pricing and margin variability driven by emerging consumption-based licensing and AI service models. The historical per-user, per-month bundle is at risk as vendors experiment with new billing constructs, exposing providers to cost unpredictability and complicating client contracts. Providers lacking internal engineering or acquisition frameworks may be especially exposed, while consolidation and vendor dependency raise governance and accountability stakes. MSPs pursuing higher margin services, such as compliance or cyber resilience offerings, must prepare for new cost structures and intensifying pressure from both customers and vendors regarding efficiency, pricing, and service outcomes.Supported by:  Zero Networks Moovila   Upcoming event:  The Pivotal Point of IT: Building Services for the AI-First Era Date: May 13 at 1p.m. EDT Register: https://go.acronis.com/davesobelaiera

The episode identifies a structural shift in how AI adoption is being managed within IT environments: control and accountability are now central concerns, overtaking simple discussions of AI usage or feature deployment. Shadow AI—unmanaged or improperly governed AI agents—has emerged as a tangible risk vector. Government entities, such as the White House, and technology vendors including Microsoft, Cisco, and OpenAI are framing AI not only as a productivity tool but increasingly as a source of operational and security liabilities that demand more robust oversight. A key example comes from an incident reported by TechRepublic in which an AI agent within a coding workflow deleted both a production database and its backups, resulting in a prolonged, business-impacting recovery from a three-month-old backup. In parallel, the Hacker News highlighted findings from scans of one million exposed AI services, characterizing the market's current AI security posture as lacking, with many endpoints widely reachable unintentionally. Microsoft's public transition of Agent365 from preview to release was directly tied to fears over the risks associated with shadow AI, indicating industry recognition of autonomous agents as a new attack surface requiring governance. Supporting developments further validate this trend. Cisco's open sourcing of AI Bill of Materials (BOMs) tools, Wiz's tracking of non-human identities tied to AI workloads, and OpenAI's rollout of advanced account security all signal a growing industry emphasis on making AI deployments auditable and restrictable. Practices such as phishing-resistant authentication—driven by token theft campaigns analyzed by Microsoft—and continuous permission monitoring, as advocated by Material Security, are now increasingly viewed as necessary safeguards rather than optional enhancements. Providers like Enforcer and products such as Copilot Manager are explicitly focused on surfacing shadow AI usage and enforcing credential discipline, underlining the growing demand for proof-of-controls. MSPs and IT service providers now face greater operational complexity and contract risk tied to AI automation. Client expectations are shifting from baseline AI access to demonstrable governance—requiring non-human identity inventories, documented permission boundaries, and validated recovery frameworks for AI-powered workflows. Token harvesting and persistent OAuth grants increase the likelihood that MSPs will be held responsible not just for prevention, but for rapid containment, rollback, and producing evidence during security incidents. Failure to meet tightened SLAs around backup immutability, authentication protections, and agent visibility could soon become a material contract exposure. 00:00 Agents Gone Rogue 03:50 Govern the Agent 06:24 MSP at Risk 09:54 Why Do We Care?  Supported by:  CometBackup ScalePad  Upcoming event:  The Pivotal Point of IT: Building Services for the AI-First Era Date: May 13 at 1p.m. EDT Register: https://go.acronis.com/davesobelaiera

The dominant structural shift identified is the emergence of agentic AI as a direct operator within multi-system business environments, triggering a governance and accountability gap. Vendors and cloud platforms—including AWS, Stripe, and Cloudflare—are enabling AI agents not only to recommend actions but also to directly access payment rails, provision infrastructure, and execute transactions. This movement turns automation into an operating model issue rather than a feature deployment, as the identity, authority, and accountability of non-human actors become central operational questions. Primary evidence is drawn from a range of industry signals. According to an AMD-commissioned IDC report, 81% of enterprises are engaged in AI PC adoption and 61% are embedding AI into workflows. AWS has expanded managed agent packaging for AI deployments, Stripe has launched the Link wallet allowing AI agents to process payments on users' behalf with controls on payment credentials, and Cloudflare has demonstrated agents autonomously provisioning cloud resources with enforced monthly spend limits. While these statistics carry vendor-driven optimism, the combined actions of these companies confirm a shift from advisory AI to operational AI. Related developments reinforce this trajectory. The SolarWinds survey reported by Computer Weekly finds 71% of IT workers experiencing higher demands due to AI, with only 19% noting reduced cognitive load, reflecting operational burdens rather than efficiencies. Similarly, Forrester data cited by The Register highlights a change in CIO responsibilities from system building to outcome governance as agentic AI exposes gaps in decision rights and process completeness. Security risks are elevated, as the Kela report counts 2.86 billion stolen credentials in a year, indicating that agent-driven credentials can trigger machine-speed purchases and changes, compounding the challenge of oversight and recovery. Operational implications for MSPs are significant. Without explicit governance, spend limits, approval paths, and audit trails, MSPs face increased liability and support burden when AI agents initiate actions across client systems. The episode underscores that automation is not just a technical project but a contract and service design issue; if accountability is not clearly defined, MSPs bear the risk and cost of unauthorized transactions and exception handling. To mitigate exposure, there is a need to formalize agent governance as a priced, intentional service encompassing identity management, financial controls, and documented operational guardrails before agentic AI is deployed in client environments. 00:00 Agents Take Over 04:39 Who's Accountable? 06:48 Who Owns This? 09:58 Why Do We Care?    Supported by:  NerdioScalePad    Upcoming event:  The Pivotal Point of IT: Building Services for the AI-First Era Date: May 13 at 1p.m. EDT Register: https://go.acronis.com/davesobelaiera

The core structural shift identified is the reconfiguration of managed service pricing and accountability due to the integration of AI and platform metering into standard IT offerings. Large vendors—including Microsoft and AWS—are shifting the economics of IT delivery: traditional flat-rate bundles are being rendered structurally unsafe as AI-driven workloads introduce unpredictable consumption costs and financial exposure. This change is catalyzed by vendors attaching metered billing models and embedding AI agents directly into enterprise platforms, which fundamentally shifts risk and cost variability onto MSPs and service providers. The most consequential development is Microsoft's introduction of Microsoft 365 E7, described as a new bundle combining seat licensing with consumption-based AI fees. According to company statements and Computer Weekly reporting, Microsoft is explicitly positioning the suite as a license-plus-consumption model with measured AI usage, tracked similarly to Azure. Gartner's latest IT spending forecast, cited via CIO.com, anticipates global IT spend reaching $6.31 trillion by 2026, with a 55.8% jump in data center infrastructure spending, largely driven by AI adoption. Secondary developments echo this trend. AWS has expanded its managed agent offerings on Amazon Bedrock, integrating OpenAI models and presenting agents as standardized, enterprise-ready managed services; pricing is identified by analysts as a tipping point. Cloudflare's collaboration with Stripe highlights infrastructure that enables agents to provision accounts and handle finances with minimal human input, using protocol-based authorization and spending controls. Vendors like AvePoint release governance tools that focus not on offering more AI, but on operationalizing policy control and audit management across multi-tenant environments. These illustrate increasing platform vendor jurisdiction over layers historically managed by MSPs. For MSPs and service providers, the practical consequences are increased exposure to contract risk, margin compression, and operational complexity. Flat rate contracts that fail to track AI consumption or bundle AI support risk being underpriced and absorbing both spend and support variance. The shift towards platform-managed governance, identity, and audit controls requires providers to separate governance from operational support in agreements, implementing new monitoring, reporting, and cost-tracking tooling. Failure to address these shifts could result in lost accounts, failed renewals, and loss of insurability, as insurers and auditors demand provable oversight and policy enforcement. 00:00 Seats Meet Meters  05:39 Bundles Break Here 08:32 Cleanup Costs You 11:49 Why Do We Care?    Supported by:  Acronis Moovila Zero Networks    Upcoming event:  The Pivotal Point of IT: Building Services for the AI-First Era Date: May 13 at 1p.m. EDT Register: https://go.acronis.com/davesobelaiera

The core structural shift highlighted is the movement of security for Managed Service Providers (MSPs) from best-effort practices to a regulated, continuously verified service operation. This change is being driven by the compression of vulnerability exploit timelines as a result of attackers leveraging both automation and AI, and by regulators imposing hard patching and compliance deadlines. Companies such as ConnectWise and Microsoft are central, with federal agencies (CISA) now converting exploited vulnerabilities into time-bound remediation mandates. A significant development underscoring this shift is the addition of two known exploited vulnerabilities—CVE-2024-1708 in ConnectWise ScreenConnect and CVE-2026-32202 in Microsoft Windows Shell—to CISA's remediation requirements. Agencies must address these by May 12, 2026, marking a move from tracking to deadline-driven action. Reports from Huntress and TechCrunch confirm that real-world attackers rapidly exploit public vulnerability information, and Microsoft's own documentation illustrates attackers increasingly using Microsoft Teams for social engineering, remote assistance, and privilege escalation. Supporting developments include major vendors like Microsoft integrating models from Anthropic into their security development lifecycle to accelerate vulnerability discovery and remediation. However, studies noted by The Hacker News and The Verge indicate that AI-driven discovery is outpacing operational capacity, creating a growing discovery-to-remediation gap. At the organizational level, information from the Reveal 2026 IT Talent Survey indicates that 8 in 10 technology leaders face significant shortages in AI and cybersecurity skills, compounding the operational burden of continuous security verification. For MSPs and IT leaders, these factors combine to increase operational complexity, require more explicit contract scoping and evidence obligations, and shift oversight from periodic compliance towards continuous, demonstrable verification. Contractual ambiguity—especially when services are described as “best effort”—exposes providers to unmeasured labor and unassigned accountability. Practical steps now include reclassifying business collaboration platforms as active attack surfaces, formally auditing and documenting previously “invisible” tasks, and aligning internal operations with external, regulator-mandated verification standards. 00:00 AI Patches Gaps 05:10 Discovery Isn't Enough 07:11 Reprice or Absorb 10:24 Why Do We Care?  Supported by:   Moovila  Zero Networks   Upcoming event:  The Pivotal Point of IT: Building Services for the AI-First Era Date: May 13 at 1p.m. EDT Register: https://go.acronis.com/davesobelaiera  

The dominant structural shift outlined in the episode is the destabilization of the classic per-seat MSP bundle caused by the rise of agentic AI and token-based, metered automation platforms. Vendors such as Kaseya, Google, and OpenAI are embedding persistent AI agents within core business applications, moving beyond traditional licensing models to charges based on actions, tokens, and workflow usage. This introduces margin instability, as MSPs cannot reliably predict costs or maintain flat-rate contracts in an environment where AI consumption is dynamic and externalized. The most consequential evidence presented is the quantification of AI-driven inefficiencies and costs in operational terms. According to a Gallup poll, cited by ZDNet, half of US employees are now using AI at work, but those users waste up to eight hours weekly managing AI-related tasks—amounting to approximately $1.25 million drag per year for a 100-person firm. This data underlines how the proliferation of automation does not equate directly to labor savings and can introduce significant, unanticipated costs that are difficult to contain under legacy MSP pricing models. Supporting developments further highlight the governance gap and operational risk. Reports from PRWeb and Ruist find that 97% of MSPs intend to automate more in 2024, but only 4% are “highly mature.” Vendor announcements—as with Kaseya's agentic IT management platform, Auvik's Aurora AI agents, and Liongard's data control enhancements—are paired with warnings from Information Week and The Register about the risk of overspending, audit failures, and accountability gaps tied to AI-driven automation. Most IT managers lack full control over AI agents, and as agents proliferate, the difficulty of tracking, governing, and assigning accountability rises. For MSPs and IT service providers, these changes demand immediate attention to contract structure, governance, and pricing. Flat-rate, all-you-can-eat support models expose providers to untracked vendor consumption and hidden overages, making traditional agreements economically unstable. Practical safeguards require shifting toward consumption-based or outcome-based billing, enforcing explicit usage caps, audit controls, and vendor SLAs that clearly define liability and accountability. Failing to adapt risks absorbing uncontrolled automation costs and shouldering client disputes over AI-driven actions and expenses. 00:00 AI Overhead Crisis  04:48 Agent Control Gap 07:17 MSP Margin Squeeze 12:00 Why Do We Care?  Supported by:  Acronis Zero Networks Nerdio  Upcoming event:  The Pivotal Point of IT: Building Services for the AI-First EraDate: May 13 at 1p.m. EDTRegister: https://go.acronis.com/davesobelaiera

The structural mechanism driving current changes for MSPs is a shift from seat-based software revenue toward variable, usage-based AI consumption, resulting in pronounced margin pressure and operational complexity. This shift is being shaped by enterprise software vendors, including Atlassian and HubSpot, moving away from flat per-user AI fees in favor of metered pricing models tied directly to consumption. The episode also identifies increased rework and governance burdens for MSPs, particularly as automation and AI adoption reduce traditional seat counts but introduce new variability and labor demands around oversight, exception handling, and security remediation. The most consequential development highlighted is the transition by a growing number of vendors to usage-based AI pricing, treating AI as a metered utility rather than a bundled feature. The Information reports that by the end of 2025, 79 out of 500 tracked software companies are expected to have implemented some form of usage-based AI fee. This adjustment is driven by vendors' need to offset the potential revenue loss resulting from AI agents reducing seat license counts. Org View data cited in the episode suggests that 55% of companies who laid off staff in favor of AI later regretted the decision, underscoring the unexpected operational burdens and instability introduced when automation is rushed or incomplete. Additional developments reinforce this structural shift. Semaphore describes open-source models like Deepseek offering lower-cost, competitive AI, which increases adoption even beyond premium vendor ecosystems. The CIA's deployment of AI-generated intelligence reports—expected to be ubiquitous in analytics platforms within two years—signals the integration of AI into core workflows. Vendor activity, such as Appdirect's acquisition of Partner Stack, reflects a market trend favoring platforms capable of provisioning, governing, and managing diverse AI toolsets and workflows for customers who lack internal capability. For MSPs and IT service leaders, these trends introduce direct pricing pressure, unpredictable pass-through costs, and expanded liability exposure. The transcript emphasizes the need to separate AI rework pricing from security incident response, implement controls on AI usage and licensing, and reframe AI engagements around workflow governance rather than tool deployment. Failure to formalize and price these activities increases the risk of unbilled labor, contract ambiguity, lender skepticism, and downward pressure on margins, especially as the gap widens between shrinking seat-based revenue and volatile AI consumption charges. 00:00 Metered AI 03:34 Governance Is Margin 05:17 Seat Drop Math 08:36 Why Do We Care?  Supported by:  Acronis ScalePad Comet Backup  Upcoming event: The Pivotal Point of IT: Building Services for the AI-First EraDate: May 13 at 1p.m. EDTRegister: https://go.acronis.com/davesobelaiera

The episode identifies a structural shift from AI as a discrete feature to AI as an ongoing operational system, emphasizing the growing burden of governance, accountability, and consumption oversight for managed service providers. Companies such as Microsoft, Cisco, and Google are redirecting strategy toward building control planes and governance infrastructure to address operational friction in deploying AI agents, as operational complexity—rather than access to tools—emerges as the bottleneck. This shift is substantiated by reports from GTIA, Cisco, and insights into vendor incentives and partner programs. Evidence highlights a clear disconnect between widespread AI adoption and the maturity required to operationalize these systems. According to the Global Technology Industry Association (GTIA), 97% of IT service providers use some form of AI, but only 28% consider themselves AI-driven. Cisco reports that while 85% of enterprises are piloting AI agents, just 5% have moved them into production, pointing to persistent trust and operational gaps. Axios adds that in AI-intensive teams, compute expenditures are surpassing employee costs, with large organizations like Nvidia and Uber experiencing rapid escalation in AI-driven utility bills. Further developments reinforce these themes. Microsoft is aligning partner incentives around new SKUs such as Microsoft 365 E7, explicitly targeting AI as a delivery motion rather than a feature. Consumption-based pricing—exemplified by the move to token-based billing for GitHub Copilot—exposes clients to “death by a thousand cuts” if usage is not closely monitored. Reports from Cobalt indicate significant security risk, with one in five organizations experiencing an incident involving large language models and a low remediation rate for identified vulnerabilities. Vendors such as Google and OpenAI are responding with new management platforms and reliance on consultancies to address integration and governance challenges. For MSPs and IT leaders, the practical implications are clear: AI's operational realities dictate a need to explicitly define governance, permission structures, and consumption management as part of service delivery. Unscoped or bundled AI services risk unbilled labor, unclear liability, and unmanaged exposure to security and cost overruns. The operational pivot involves inventorying AI features, establishing ownership, applying identity and access controls, tracking spend, and updating contracts to clarify accountability. Without formalizing these boundaries, MSPs may be left absorbing risk and cost by default. 00:00 AI Reality Check 04:43 Operator Burden 07:11 Meter the Risk 10:35 Why Do We Care?  Supported by: Acronis ScalePad Zero Networks  Upcoming event: The Pivotal Point of IT: Building Services for the AI-First EraDate: May 13 at 1p.m. EDTRegister: https://go.acronis.com/davesobelaiera

The episode reveals a persistent and widening governance gap as organizations rush to implement AI without adequate data foundations or operational controls. According to observations from Dr. Fern Halper, current AI adoption is overwhelmingly characterized by top-down pressure, especially around generative and agentic AI, but is constrained by immaturity in governance, data integration, and organizational readiness. Microsoft's bundling of Copilot in E7 licenses highlights this structural shift, as “consumerized” AI solutions proliferate without corresponding investments in foundational data and oversight. Supporting this view, new research cited by Dr. Fern Halper indicates that nearly half of organizations are under executive mandates to pursue AI, but most remain stalled in the experimental or pilot phase. The failure to move beyond pilots is not primarily a technology limitation but stems from inadequate data quality, lack of lineage controls, fragmented data governance, and persistent data silos. The report identifies that only about 35–45% of organizations deploying generative or agentic AI have come up through a cycle of machine learning and data foundation development. Secondary examples reinforce the governance and risk exposure. MSPs and end-customers are increasingly relying on off-the-shelf or prebuilt AI (such as Copilot or ChatGPT) for individual productivity, rather than building production-ready, data-driven applications contextualized with proprietary information. This often leads to uncontrolled proliferation of “shadow AI”—tools deployed outside formal oversight—further compounding compliance and data protection risks. As organizations start experimenting with agentic AI, the risks escalate, since these systems not only generate outputs but can take direct action, magnifying the impact of weak governance and access controls. For MSPs, IT service providers, and technology leaders, the operational consequence is heightened responsibility around governance, auditability, and data management. The unchecked spread of shadow AI introduces contractual and regulatory exposure, particularly as clients seek to incorporate AI tools without formal policies or understanding of associated risks. Providers should prioritize baseline governance frameworks, client-facing AI literacy training, and infrastructure capable of accommodating unstructured data, lineage requirements, and auditing. Failing to address these priorities increases the risk of service breakdowns and complicates SLA enforcement as AI systems broaden operational scope. Supported by: JumpCloud HaloPSA Acronis  Upcoming event: The Pivotal Point of IT: Building Services for the AI-First Era  Date: May 13 at 1p.m. EDT  Register: https://go.acronis.com/davesobelaiera

The dominant mechanism discussed is a shift from a focus on AI capability to trust and governance as the deciding factors in AI adoption for managed service providers and their clients. Vendors are increasingly positioning governance, control layers, and auditability as necessary operational functions, rather than add-on features. This is driven by enterprise demand for transparency and accountability across identity, data protection, compliance, and ongoing monitoring. Companies such as Acronis, Microsoft, and Elastic are introducing tools for managing AI access, monitoring sensitive data exposure, and embedding control processes directly into operational workflows. The episode highlights that, according to research from Gong, 58% of companies have stalled their AI projects due to a lack of trust in data handling and AI-generated outputs—not because of budget constraints. Nearly half (46%) of planned investments were paused specifically over concerns around privacy, explainability, and model transparency. Buyers cited the need for explicit policy controls, demonstrable security guarantees, and accountability safeguards before new capabilities are approved. Supporting developments include Acronis's Genai Protection, designed for MSPs to increase visibility over customer AI activities and detect risks such as prompt injection and shadow AI. Meanwhile, incidents like the unauthorized access to Anthropic's Claude Mythos preview through a contractor, reported by The Verge and Gizmodo, reinforce that even leading vendors face security and accountability challenges. Vendors such as Microsoft and Dropbox are moving to integrate centralized control layers that directly address these new operational risks, while tools like Watchguard and Halo are tying security events to key business workflows. For MSPs and IT leaders, the implications are operational rather than purely technical. AI governance now requires continuous policy management, exception handling, and documented evidence across multiple platforms—a scope that most internal teams are not resourced to handle. The market is shifting toward purchasing accountability as a managed service, and providers that fail to deliver clear governance frameworks, connector approvals, and audit-ready reporting will face increased contract risk, client loss following incidents, and potential liability under insurance and regulatory requirements. 00:00 Shadow AI Risk 03:07 Platform Consolidation 04:55 Stalled AI Spend 07:55 Why Do We Care?  Supported by:  ScalePad  Upcoming event: The Pivotal Point of IT: Building Services for the AI-First EraDate: May 13 at 1p.m. EDTRegister: https://go.acronis.com/davesobelaiera

A dominant structural mechanism revealed in this episode is the consolidation of the MSP market through private equity-backed acquisitions, which is reshaping operational complexity and ownership models for mid-sized providers. The Thrive acquisition of Worksighted, facilitated by Focus Investment Banking, reflects continued expansion by larger PE-backed MSPs aiming to scale quickly and integrate specialized expertise, influenced by increasing market demands for deeper technical capabilities. These developments underline growing pressures on independent MSPs to either acquire new competencies or partner with larger platforms to remain competitive as technology and customer expectations evolve. The most consequential development examined is the acquisition of Worksighted, an established Michigan MSP with approximately 75 employees and $27 million in annual revenue, by Thrive, a PE-backed firm pursuing rapid growth. Thrive, with around $400 million in revenue and global reach, has completed 27 acquisitions since its founding, signaling ongoing market concentration. According to representatives involved in the transaction, operational maturity, customer concentration resulting from strong client relationships, and leadership openness were decisive factors in the acquisition process. The transaction proceeded from market engagement to closing in just 35 days, highlighting both the pace and intensity of current M&A activity among top-tier MSPs. Supporting evidence reveals that operational transparency and preparedness for integration are recurring challenges for both buyers and sellers. The episode details how sellers often underestimate the scale of change management required, particularly for HR processes and employee communication post-deal. Both buyer and seller reflected on the importance of early and clear strategies for addressing staff concerns, cultural alignment, and systems migration, with a special focus on managing emotional responses and maintaining service continuity during transitions. These integration factors were cited as key to minimizing risk and avoiding operational disruption. For MSPs and IT leaders, the central implication is heightened operational risk and increased dependency on integration frameworks imposed by acquiring entities. Leaders should not expect static valuations or “one-size-fits-all” outcomes. Instead, buyers assess assets based on unique team capabilities, transparency, and growth headroom rather than standardized metrics. Sellers face not just the mechanics of due diligence but substantial change management responsibility. Prudent operators should prepare for intense scrutiny, prioritize internal communication, and recognize that successful transactions require proactive investment in HR alignment and transparent engagement with both staff and acquirer requirements. Supported by: Zero Networks HaloPSA 

The dominant structural shift discussed in the episode is the movement from tools-based differentiation to a market defined by proof and liability. This shift is driven by the rising demand for continuous, auditable control over data location, access, and change—requirements increasingly codified by policy mandates, insurance underwriting, and regional AI governance. As illustrated by France's shift away from Windows to Linux across government ministries, enforced through formal governmental policy, the conversation is moving beyond technology preferences to mandated operational boundaries and verifiable compliance. The episode cites findings from ESET's 2026 SMB Cyber Readiness Index, reporting that 86% of US SMBs and 78% of Canadian SMBs carry cyber insurance, with over half of US-insured SMBs required to implement explicit security controls by insurers. Underwriters increasingly demand evidence of controls like MFA, immutable backups, and EDR—not just attestations—at renewal, underwriting, and post-incident. Public sector mandates, such as France's comprehensive push for sovereignty encompassing OS, collaboration, cloud, and AI platforms, are producing enforceable requirements that cascade to commercial contracts and the MSP channel. Supporting developments include Gartner's forecast that by 2027, 35% of countries will be locked into region-specific AI platforms. This is reinforced by channel research from Channel Insider and a survey of 333 MSPs by AvePoint and Omnia, both pointing to governance—not AI tooling—as the leading blocker for MSPs adopting new technologies. Microsoft's move toward metered AI billing and the proliferation of shadow data (with more than 80% of sensitive data potentially sitting outside formal controls, according to Palo Alto Networks research) further highlight how operational complexity and fragmented governance elevate risk for service providers. For MSPs and IT leaders, these trends increase contractual and operational exposure. Failure to recognize that the market is purchasing assurance rather than tool support will leave providers absorbing liabilities related to insurance control failures and unmetered operational costs, often under fixed-fee models that do not account for new governance demands. Providers are advised to immediately review contract language for obligations tied to security controls, reconsider pricing and scope in governance delivery, and prepare for insurer-driven requirements such as third-party access to telemetry or continuous control attestations. The takeaway is that defensible, auditable evidence—not stack management—will define margins, accountability, and long-term client relationships. 00:00 Sovereignty Squeeze 04:22 Spawl Blindspot 07:02 Proof Pays 09:35 Why Do We Care?  Supported by:  ScalePad CometBackup 

The episode identifies a structural shift in the integration of generative AI within organizational workflows: variable cost models, unpredictable output quality, and heightened accountability requirements are converging to reshape managed services operations. This shift is exemplified by Anthropic's move toward usage-based pricing for Claude Enterprise, combining compute consumption with per-user fees, and by reports of major enterprises and intelligence agencies piloting dedicated cybersecurity-focused generative AI models. These trends expose IT service providers, especially MSPs, to cost volatility, operational risk, and new governance challenges as generative AI transitions from experimental implementation to core workflow tooling. Primary evidence includes Anthropic's revised pricing strategy, which replaces predictable licensing with usage-based billing, introducing financial unpredictability for heavy users. The episode cites reporting from The Verge and The Guardian, noting that AI-generated outputs can create hidden labor through the need for manual review and corrections, while undetected errors escalate into operational disputes and rework. The implementation of generative AI in security-sensitive environments underscores the need to scrutinize how AI-driven processes are metered and governed. Supporting developments reinforce this shift: MSP platform providers such as Enable are embedding generative AI directly into operational workflows, connecting third-party tools to live data. This creates the need for controls over what AI systems can access, approve, and log, particularly in multi-tenant environments. Meanwhile, outcome-based service agreements—such as fixed response-time SLAs—set new client expectations for measurable performance and accountability in AI operations. The market is also rewarding those who wrap unmanaged technology surfaces, like BYOD or AI tooling, with enforceable policies and auditable evidence trails. Operational implications for MSPs include increased pressure on margins due to AI's variable usage costs colliding with fixed-fee contracts, the challenge of capturing and reporting hidden labor from AI output review, and the necessity for evidence-based governance. Service providers unable to implement and sell AI operations management (“AIOps”) as a billable, controlled service risk becoming de facto shock absorbers for unpriced spend, rework, and disputes. Those who standardize on enforceable budgets, approval gates, audit trails, and compliance-ready reporting stand to protect service margins and reduce liability exposure. 00:00 AI Cost Reckoning 02:39 AI Governance Gap 04:44 Govern or Lose 07:12 Why Do We Care?  Supported by:  TimeZest Zero Networks 

The structural shift facing MSPs is the rapid movement from the traditional “model era” to the “orchestration era,” driven by accelerated adoption of artificial intelligence (AI) and changing vendor enablement programs. This transition is fueled by companies such as Salesforce and technology directions from hyperscalers, with emerging research from the Futurum Group indicating that AI is not only enabling automation but also redefining service delivery models and expanding the roles required from channel partners. Vendors are continually accelerating product and service updates—cited as multiple releases per year—which is shortening adoption cycles and pressuring MSPs to adapt at a speed not previously required. Primary evidence centers on the introduction of the “Frontier partner” concept, which refers to AI-first, outcome-driven service organizations moving beyond hours-for-dollars into models focused on deep technical co-development with clients. According to research referenced by Tiffani Bova, 85% of MSPs expect AI consulting to be a top growth driver. However, there is a documented gap between expectation and execution, with adoption lagging despite broad anticipation. The episode highlights that small businesses may adopt AI more quickly than large enterprises due to operational flexibility, but both MSPs and clients face substantial risk if internal skills, governance, and data practices do not keep pace. Supporting developments include ongoing commoditization of standardized IT support, as self-healing technologies and direct vendor intervention decrease the margins associated with legacy break-fix and support models. The episode also points to the increasing importance of data quality, governance, and sovereignty as core requirements for realizing value from AI tools. New operational hazards arise around energy consumption for compute, increased complexity from multi-vendor agent orchestration, and persistent risks linked to security governance as clients independently adopt AI solutions—sometimes beyond the reach of MSP controls. Operationally, these shifts increase vendor dependency and drive up the need for continual skills renewal within MSP organizations. Pricing for traditional services faces compression, placing more emphasis on adding value layers such as data orchestration, AI-driven workflow optimization, and governance consulting. Service providers are exposed to heightened contract risk when AI outcomes diverge from human oversight, and are required to implement new governance practices to manage data quality and security concerns. The key risk is that lagging adaptation could convert opportunity into obsolescence, particularly as both vendors and clients accelerate their pace of change. Supported by: ScalePadZero Networks  

A structural shift is occurring as artificial intelligence transitions from being a tool for generating output to one that executes tasks across IT environments, significantly increasing the demand for robust governance and infrastructure controls. This mechanism is illustrated by the rapid integration of agentic automation into operational platforms, with vendors such as Kyndryl (Agentic Service Management) and SolarWinds (SW1) positioning their AI systems as operational teammates capable of autonomous action. Analysts from firms like Omnia and AvePoint highlight that the product focus is no longer the agent or AI capability itself, but the enforcement layer—encompassing identity management, permissions, logging, quota enforcement, tenant boundaries, and approval workflows. A consequential development is the increased operational burden on networks, as agentic automation increases background and automated traffic. According to Imperial's Bad Bot report, automated traffic now exceeds 51% of all internet activity. Analyst firm Omnia and Lumen CEO Kate Johnson stress that the capacity of underlying networks, and not just compute resources, is becoming a hard constraint for scaling AI-driven operations. For MSPs, this manifests as tangible increases in bandwidth contention, authentication events, and noise in security tooling, leading to resource constraints and increased pressure on triage and incident response. Complementary developments reinforce this shift. Enable is rolling out direct AI operational integration in N-Central and Insight through a custom context protocol, while OpenAI is updating its agents' SDK to include sandboxing and distribution harnesses for stricter boundaries. The New Stack underscores NIST's recommendation for layered controls, least privilege, network segmentation, and tamper-resistant, replayable logging to contain the risks associated with agentic automation. Research cited by the AI Journal finds that governance and compliance, rather than technical skills, are currently the top barriers to reliable AI adoption among MSPs, driven by the complexity of multi-tenant environments and the requirement to prove control and recoverability. For MSPs and IT providers, these shifts introduce direct operational and contractual risks. Relying on default vendor models without explicit policy ownership or proof-of-execution effectively transfers liability without control. Practical considerations now require MSPs to define approval models, enforce least privilege, audit agent actions, establish recovery playbooks, forecast network and compute demand, and clarify quotas and overage terms in service contracts. Unbounded and unaudited automation is becoming a commercially unacceptable risk, comparable to operating critical systems without proper backups. 00:00 AI Tax: Networks 04:35 Scaffolding Over Models 07:45 Agents Eat Margins 10:05 Why Do We Care?  Supported by:  ScalePadTimezest

A structural shift is underway in the managed services sector as venture capital firms move beyond traditional software and vendor investments to fund MSPs directly. This change is exemplified by investments from firms like Andreessen Horowitz, General Catalyst, and Thrive Capital into MSP-specific companies such as Treeline, Titan, and SHIELD. The driving mechanism is the perceived profit potential at the intersection of advanced AI technology and service delivery, with investors targeting AI-native operational models rather than standard rollups or inorganic growth strategies. The episode's primary evidence centers on Andreessen Horowitz's $25 million investment in Treeline, marking its entry alongside previously funded firms Titan (with $74 million from General Catalyst) and SHIELD (over $200 million from Thrive and ZBS Partners). According to Speaker A, Treeline employs proprietary AI-driven service desk automation and reports resolving 98% of help desk requests with AI, altering the economics and labor requirements for traditional MSPs. Unlike rollups, Treeline is focused on organic growth, leveraging targeted acquisitions primarily for talent rather than client base expansion. Supporting developments include the parallel strategies of Titan and SHIELD, which also integrate Silicon Valley AI expertise and homegrown tooling to drive operational efficiency. While these companies currently deploy AI internally for service automation, Treeline distinguishes itself by offering customer-facing AI-powered MDR and compliance services immediately. All three firms reflect the shift towards vertically integrated models where software, service automation, and client-facing solutions are developed and deployed in-house, creating potential competitive pressure for both traditional MSPs and larger private equity-backed consolidators. Operationally, these developments introduce risks around increased pricing pressure, labor model disruption, and a potential skills gap for MSPs reliant on off-the-shelf tooling. The focus on organic growth and deliberate scaling by new entrants like Treeline signals that the transition for incumbents is not immediate, but the need for MSPs to evaluate their AI adoption strategy is acute. Relationships alone are unlikely to differentiate providers in the long term; practical safeguards must include closing operational efficiency gaps, building internal AI capability, and considering cooperative models to maintain autonomy while reducing risk of margin erosion or client loss. Supported by: Zero NetworksCometBackup

The episode reveals an accelerating structural shift toward infrastructure dependence and liability transfer in the context of AI and cloud adoption. According to analysis from Omnia and Synergy Research Group, hyperscalers such as Amazon, Microsoft, and Google are capturing a growing portion of global data center capacity, while real-world constraints—including finite GPU and power availability—are limiting expansion despite surging demand. This concentration makes the underlying compute power less elastic and more volatile, directly impacting how MSPs operationalize AI services. Vendors, meanwhile, are backing away from accountability for AI-driven outcomes, increasingly shifting risk and responsibility onto operators and integrators. Supporting evidence includes Omnia's report of a 29% year-over-year jump in global cloud infrastructure services spend, reaching $110.9 billion in Q4 2025. AWS revenue increased 24%, Azure 39%, and Google Cloud 50% in the same period. Synergy Research Group found that enterprise on-premises data centers dropped from 56% of global capacity in 2018 to 32% by the end of 2025, with projections to fall further to 19% by 2031. Over 800 new hyperscale data centers are in the pipeline, but constraints on power and electrical equipment mean growth is not limitless. New AI workloads—such as Z AI's GLM 5.1 model designed for autonomous, multi-hour tasks—underscore that demand is moving from short interactions to long-running processes, increasing unpredictability and operational risk. Additional developments reinforce this structural shift. TechCrunch reported that new tools are designed for prolonged AI workload monitoring, not just deployment, requiring persistent oversight and checkpoints. Microsoft's own Copilot terms flag the platform as for entertainment purposes only, disclaiming reliability and placing responsibility for business use on the operator. Research cited from Boston Consulting Group identified that 14% of workers using AI tools reported significant mental fatigue, with entry-level staff especially vulnerable. These trends highlight the operational and human governance burdens introduced by AI, which are not addressed by vendor promises. For MSPs and IT leaders, these mechanisms create immediate contract and operational risks. Overpromising capacity or reliability exposes providers to gaps in liability, especially since vendors disclaim responsibility for AI outputs. Service agreements should include explicit capacity constraint clauses and audit all AI tool deployments for vendor liability terms before renewals. Establishing governance, monitoring, and accountability as billable service layers is crucial; otherwise, these burdens will default to the MSP as unpaid liability. Hybrid and colocation strategies remain relevant for regulated clients who cannot wholly depend on hyperscalers. Moving forward, structured runtime quotas and compute governance may be required to manage risk as agentic workloads increase and vendor accountability recedes. 00:00 Cloud Capacity Crunch 03:53 Agentic AI Rises 05:32 Liability Shifts Down 08:34 Why Do We Care?  Supported by:  Nerdio ScalePad 

Tightening budget constraints and rising data trust requirements are increasing operational pressure on managed service providers by shifting risk and accountability downward through the service chain. Developments in both the European and US markets, together with supply chain volatility and heightened scrutiny of where and how data is handled, are forcing MSPs to redefine both service delivery and governance models. According to Speaker A, MSPs focusing on auditability, clear data residency, and sovereignty will remain viable, while those relying on traditional narratives or ambiguous transformation pitches risk being sidelined. The episode points to evidence from several reports: Politico notes that 8 out of 10 Europeans do not trust US or Chinese firms with their data, highlighting explicit concerns over data location and custodianship. Concurrently, the U.S. Chamber of Commerce Small Business Index, cited by Axios, shows declining confidence among American small businesses, with only 37% expecting new investments and 53% listing inflation as their top challenge. Further, Channel Insider flags “memflation,” with DRAM and NAND prices expected to rise 125% and 243% respectively by 2026, intensifying margin pressure and pricing risk for operators. Additional risk drivers come from both operational and technical layers. Speaker A references the Blackpoint Cyber 2026 threat report, which attributes most breaches to the abuse of trusted credentials and tools—such as RMM solutions and SSL VPNs—rather than new vulnerabilities. Governance gaps are also worsened by declining white-collar hiring, as cited by Gallup and Axios, reducing internal capacity for vendor reviews, incident follow-up, and process controls. Increased automation and outsourcing in response to these gaps tend to create more dependency chains and larger blast radii, making explicit governance even more important. For MSPs, these findings point to operational needs that go beyond technical capability. Contract terms must address volatile input costs directly, with shorter quote validity and explicit repricing clauses. Governance processes should include audit-ready data maps, clear documentation of subprocessors, and proactive credential management. Without these measures, MSPs risk being treated as interchangeable commodities and exposed to margin compression and heightened liability from external compliance and trust requirements. 00:00 SMB Caution 03:48 Coordination Crunch 06:24 RMM Exposed 09:36 Why Do We Care?  Supported by:  Zero Networks HaloPSA 

The episode focuses on the ongoing collapse of traditional software and service delivery layers, accelerated by the introduction of agent-based artificial intelligence (AI) solutions. According to Speaker B from Tectonic, legacy systems and accumulated technology debt create significant structural pressure on IT providers to modernize, while rapidly advancing AI technologies modify the interface between clients and service providers. The discussion specifically identifies agentic AI as a driver of this shift, fundamentally altering the nature of tasks such as software development, help desk support, and client interaction. A key development discussed involves the replacement of costly, static integrations with dynamic agent-based processes. Speaker B provided a real-world example in which AI was used to transfer data from an ERP system to a bank, bypassing the ERP vendor's $50,000 per year API licensing model and executing the required workflow with approximately eight hours of labor. This case shows how AI is already enabling both operational cost reduction and workflow acceleration, but only when organizations are able to clearly define outcomes and trust new toolsets over legacy infrastructure. The shift is confirmed by observable adoption among some industrial and B2B clients, even as highly regulated sectors include strict no-AI clauses in contracts. The episode also surfaces secondary pressures such as resistance within higher education and government to AI adoption, citing explicit prohibitions in master service agreements. Despite this, organizations focused on increasing workflow velocity are expressing demand for AI-driven automation, highlighting a growing fragmentation in market readiness and adoption strategies. The ongoing reduction in reliance on software interfaces is paralleled by a convergence of roles such as account management, support, and delivery, which further impacts staffing models and operational expectations. For MSPs and IT leaders, these shifts increase the need for robust governance frameworks and risk evaluation when implementing AI. The rapid obsolescence of some technical roles, combined with accelerated depreciation of legacy systems, presents tradeoffs in investment and resource allocation. Providers will need to revisit hiring priorities—focusing less on technical troubleshooting and more on problem scoping, communication, and business analysis. The presence of complex client requirements and explicit contract exclusions of AI further complicate operational planning, reinforcing the need for accountable transition strategies and mature compliance safeguards. Supported by:Zero NetworksHaloPSAScalePad

The episode identifies a structural shift in the MSP business model: security is no longer a discrete service or line item but has become the organizing principle for operations and accountability. This is driven by an industry-wide trend toward increased automation in both attack and defense, as well as a shift in liability and accountability from vendors to the MSPs themselves. Companies such as Acronis and Anthropic are highlighted for introducing tools that increase the rate and automation of threat discovery, while research and market analysis by Watchguard and Jay McBain indicate that the capacity to remediate, rather than discover, security threats now forms the operational bottleneck. The most consequential development referenced is the acceleration of security automation and vulnerability discovery, specifically through Anthropic's Project Glasswing and Watchguard's reporting of a 1,500% surge in new endpoint malware variants. Anthropic's approach—limiting broad release of its model due to potential misuse for rapid exploitation—was supported by partnerships with cloud and technology firms like AWS, Apple, Google, and Microsoft, backed by up to $100 million in usage credits. Watchguard's data demonstrates that while threat discovery is increasing, the rate of remediation has not kept pace, creating a supply-demand imbalance in skilled security operations. Further reinforcing this trend, Acronis has promoted a 24x7x365 Managed Detection and Response (MDR) tool positioned to let MSPs deliver always-on monitoring without managing a full security operations center. Meanwhile, broader channel and delivery ecosystem analysis by Jay McBain emphasizes that partners, rather than platform vendors, bear primary responsibility for steady-state customer environments. This confluence of developments shifts the value—and the risk—onto the operational capabilities and governance structures of MSPs. Other referenced solutions, such as Zero Networks' microsegmentation, underscore that containing damage, not just preventing access, is a new business imperative. The operational implication for MSPs and IT providers is a shift from measuring security by tools deployed to measuring and pricing security by demonstrated remediation throughput. Service contracts will need to specify not only what solutions are deployed, but also explicit commitments on response times, closure rates, and SLA-backed operating motions. A lack of clear remediation commitments raises unpriced liability as discovery rates outpace closure capacity. Providers are encouraged to separate vulnerability discovery reporting from remediation progress, build reporting layers that highlight closure rates, and reconsider flat-fee models that do not account for increased operational workloads and accountability risks. 00:00 Closure Is Finite 04:10 Close the Gap 06:32 Govern or Absorb 08:57 Why Do We Care?  Supported by:  Zero Networks ScalePad 

The central structural shift examined is the widening disconnect between the vendor-driven narrative of rapid AI monetization and the operational reality faced by MSPs, as exposed by recent research from GTIA and CompTIA. Despite pervasive messaging from technology vendors that AI features are ready for seamless integration and immediate profitability, survey data indicates that most MSPs remain in early adoption stages, lack tangible processes to operationalize AI, and are stymied by workforce and workflow constraints. Supporting evidence is drawn from CompTIA's data showing that 70% of businesses are still in early AI adoption stages, and only 55% of MSPs expect to turn a profit on AI initiatives in the near term—up from 34%, but well below vendor promises. The majority of current AI activity remains at the individual user level rather than embedded in business-wide workflows, restricting quantifiable ROI and limiting the visibility of productivity gains. Both Speaker B and Speaker C emphasized that most MSPs do not yet have the organizational capability or maturity to move beyond experimentation to operational deployment and monetization. Related developments further illustrate this operational gap. Research cited by Speaker B highlights that only a subset of larger MSPs with more resources have been able to achieve early success with AI, while most are still grappling with process integration, pricing strategies, and talent acquisition. Both GTIA and CompTIA reports suggest that optimism among firms about AI's potential is running ahead of genuine structural change, with workforce shortages, undefined internal governance, and difficulties in business model adaptation acting as durable barriers. Market sentiment remains positive, but actual organizational transition lags significantly, especially among smaller MSPs. Operationally, this environment introduces heightened risk for MSPs who overcommit on vendor promises without aligning internal processes, workforce strategy, and governance. Dependencies on vendor-supplied AI tools expose firms to pricing uncertainty and potential margin compression, especially as clients begin questioning the value proposition when human roles are replaced by automation. Without formalized internal AI governance and skill development, most MSPs face mounting challenges in demonstrating measurable ROI, adapting delivery models, and sustaining service margins. The implication for decision-makers is the need for prudent, phased adoption—prioritizing internal process maturity and realistic expectations over rapid adoption in response to vendor pressure. Supported by: CometBackUpTimeZest

The episode identifies a structural shift in the evaluation and deployment of AI within organizations: decision-making is now driven by governance, control, and auditability rather than by features or capabilities of AI tools. This mechanism is anchored in the need for defendable practices amidst heightened scrutiny from institutions, regulators, and insurers. The change is observable in companies such as Anthropic and OpenAI, as well as in regulatory and procurement activities tracked by outlets like The New York Times and Business Insider, signaling that market adoption is tightly coupled to liability, enforcement, and institutional risk visibility. A primary area of evidence is cybersecurity, where state-sponsored attackers have leveraged AI to automate infiltration attempts, according to reporting on Anthropic's disclosures concerning Chinese actors targeting dozens of companies and agencies. The same sources note that Anthropic's AI identified over 500 previously unknown zero-day vulnerabilities in open-source software, demonstrating increased operational tempo and automation on both sides of the cybersecurity equation. In procurement, declining app download metrics for Claude, following its involvement in U.S. security policy narratives, showcase how reputational and geopolitical risk can quickly alter adoption patterns. Additional developments reinforce this trend. Machine learning conferences have systematically audited and penalized the use of AI-generated peer review, leading to hundreds of paper rejections and mass article retractions, according to Semaphore and Nature. On the hardware front, HP, AMD, and Intel are collaborating to address BitLocker vulnerabilities via an industry standard rather than proprietary features, illustrating how vendors are responding to systemic risk through structural controls and standards. Channelholic's references to workforce limitations underscore that automation's workload cannot be absorbed by labor alone. For MSPs and IT service providers, these developments mean the core value proposition shifts from offering AI tools to governing their use, ensuring full documentation, traceability, and defensibility. Failure to treat this as a governance issue leads to underpricing, overlooked controls, and transfer of liability for autonomously executed actions. Providers must now develop acceptable use policies, audit AI agent activity logs, and systematically vet vendors on audit trail, policy, and breach notification—otherwise risking exclusion from regulated deals and exposure to contractual and compliance penalties. 00:00 The Visibility Problem 03:45 Platform Lock-In 06:30 Governed or Liable 09:35 Why Do We Care?  Supported by:  CometBackUp and TimeZest

Automation and AI are shifting the pricing and accountability models for managed service providers, with risk increasingly centered on governance, workflow coherence, and outcome measurement rather than tool deployment. Evidence from studies like Fixify, reports from ChannelLive, and real-world cases such as the City of Seattle's pause on Microsoft Copilot rollout highlight that technology adoption is now gated less by access to solutions and more by readiness to govern, coordinate, and prove outcomes across fragmented processes. Automation exposes underlying coordination debt, moving the client focus from paying for labor time to demanding measurable outcomes and managed exceptions. Fixify's analysis of more than 50,000 support tickets from 30+ organizations showed tickets with at least 75% automation saw average resolution in 4.4 hours versus roughly three days for non-automated tickets. Data cited from OpenAI found that 93% of London SMBs use AI tools, but readiness and uptake are highly uneven within the UK. In Seattle, more than 450 labor hours per week were reported saved during the Copilot pilot, yet adoption was paused due to concerns over data governance and accountability for errors, not tool capability. According to coverage in GeekWire and IT Pro, these dynamics are shifting buyer expectations and vendor liabilities. Supporting developments include security concerns outlined by Kaseya's INKY report, which highlights the normalization of AI-generated phishing and changes in attack formats, forcing defenders to rethink detection and response. The operational surface of automation—where AI reshapes data, not just moves it—means standard controls and classic alerts are increasingly bypassed. Reports from Information Week and experts such as Dan Lorman emphasize that accountability for exceptions, shadow AI usage, and data exposure is shifting by default onto providers, whether or not contracts address these risks. These trends mean MSPs face direct operational and contract exposure: clients and auditors are demanding proof of how AI touches data, how exceptions are handled, and where logs and controls exist. Pricing based on seats or tickets is becoming harder to defend as automation compresses labor and raises expectations for accountability. Providers must reconsider SLAs, explicitly define automation boundaries, charge for governance activities, and move toward outcome-based pricing models if they want to avoid absorbing unpriced liability and operational complexity. 00:00 Automation Divide 04:27 Coordination Debt 06:01 Automation Liability 09:18 Why Do We Care?  Supported by:  JumpCloud HaloPSA   

The episode exposes a structural shift in the MSP sector toward increased commoditization and infrastructure dependence, with an industry trend favoring outsourced, app-focused service delivery over internal technical depth. Protected Harbor, led by Richard Luna, is presented as a counterpoint—running its own infrastructure and software, and prioritizing ownership of the technical stack rather than relying extensively on third-party platforms. Luna argues this industry-wide movement has created a market where low entry barriers and rented, commoditized solutions undermine differentiation and inflate operational risk. Central to the discussion is the declining emphasis on technical generalists within MSP organizations, replaced by hyper-specialization and a proliferation of app resale as a service model. Luna attributes industry-wide declines in service quality and net promoter scores (typically ranging from 30–38 for MSPs) to these trends, suggesting the loss of generalist skills erodes problem-solving capacity and increases reliance on external vendors for core functions. He states that running owned infrastructure and open-source tools allows for tighter cost controls, standardization, and faster response to operational events—a contrast to MSP models that outsource most functions. Supporting developments include a detailed critique of the risk dynamics associated with using hyperscale vendors for client-facing services. Luna distinguishes between utility-grade services like power, which can be outsourced without significantly affecting the customer relationship, and services closer to the client experience (e.g., remote access, help desk, data workflows) that, if outsourced, reduce both control and differentiation. Additional risk surfaces are highlighted with the integration of AI and automation, especially when MSPs use large public models that may ingest sensitive client data and create potential information leakage or competitive exposure. The operational implications for MSPs and IT leaders include heightened vendor dependency, expanding contract risk, and declining service quality when organizations prioritize app resale and specialization over in-house competency and direct infrastructure management. To mitigate these risks, the episode suggests MSPs should reassess which functions to control internally versus outsource, invest in developing technical generalists, and scrutinize the downstream effects of workflow automation and AI adoption—especially regarding client data privacy, model training, and real-time operational accountability.

The episode highlights the increased operational complexity and governance burden resulting from the fragmented adoption of AI and hybrid, multi-platform environments in IT service delivery. Companies such as Proton (with Proton Workspace) and governance platforms like KiloClaw represent the expanding landscape of tools requiring oversight, while core productivity platforms continue to diversify. Research from Westcon-Comstor, Forrester, and Gartner, as reported by Dave Sobel, demonstrates that AI is not a turnkey solution but introduces a new operational surface area that must be actively managed. Channel Dive's Westcon-Comstor survey of 500 MSP and cloud decision-makers found that almost a quarter see cloud migration and management as their main revenue opportunity, but over 30% identify cross-platform data management as the top challenge. Security and governance pressures follow closely. Forrester data shows only a marginal increase in prompt engineering proficiency, while most employees report that AI increases workloads rather than reducing them, indicating persistent process fragmentation and unclear roles. VentureBeat cited Intuit's observation that successful AI adoption is characterized not by autonomy, but by controlled execution where humans maintain accountability for judgment and exception handling. Supporting this, products like Proton Workspace are fragmenting the core productivity stack, and the emergence of “shadow AI” (where personal AI agents operate outside formal governance) is driving organizations to deploy governance tools such as KiloClaw. According to research cited from Front, 93% of companies are using AI in customer operations, yet 71% report significant AI-related issues in the past three months, indicating that poorly governed automation increases handoffs, exceptions, and escalations which often default to MSPs to resolve. For MSPs and IT service providers, these trends translate into an expanded responsibility for governing the automation and AI layers within client environments. When MSP contracts and service definitions fail to specify the scope of coordination, exception handling, and governance for AI and automation tools, the provider risks absorbing significant unmetered labor and liability. The episode emphasizes that governance tooling should be viewed as temporary infrastructure and not a core component of an MSP practice. Providers should audit client environments for AI exposure, review contract terms, and prepare to offer explicit, separately priced control layers as customer demand for governance outcomes increases. 00:00 Stack Fragmentation 02:56 Human-Bounded AI 04:25 Coordination Tax 07:18 Why Do We Care?  Supported by:  CometBackup HaloPSA 

The episode highlights a structural shift from MSPs managing infrastructure to supplying, designing, and maintaining AI-driven agents, raising new questions of accountability and operational risk. As AI agents evolve from assistive chatbots to supervised and potentially autonomous systems, the channel faces liability transfer, governance gaps, and an increased need for systems architecture competence. Companies referenced include Klarna, which serves as a cautionary tale for poor AI design, and vendors such as OpenAI, Anthropic, and Microsoft, all of whom are engaged in moving the market toward agent-based operations. The most consequential development detailed is the shifting liability for AI-driven outcomes: agent builders and MSPs become responsible for unintended actions, errors, or hallucinations produced by deployed agents. Clarifying accountability is necessary as incidents—such as email mishandling or unauthorized decisions by AI agents—do not absolve the MSP of responsibility. Recent discussions indicate few cases where foundational technology vendors are held liable; usually, the burden falls on those who deploy and support AI agents for clients. The episode cites Klarna's experience as a failure of design thinking, emphasizing that the design of agents—beginning with the end in mind—is key to mitigating risk. Supporting developments include the segmentation of AI solutions across SMB, mid-market, and enterprise clients, with complexities scaling as MSPs attempt to transition from simple assistive AI to supervised and fully autonomous agents. The episode notes that fewer than 5% of deployed agents are fully automated, and security vendors are increasingly involved in AI governance, risk, and compliance (GRC) due to the importance of data governance in AI projects. Regulatory coverage and insurance gaps are recognized, with advice for MSPs to re-examine their E&O policies and move toward frameworks for AI trust and transparency. Operational implications for MSPs and IT service providers are concrete: providers must reconsider contract exposure, review insurance coverage, and invest in AI governance mechanisms such as agent oversight and auditing. Price-to-value methods are recommended over simplistic per-agent or per-hour billing, requiring sophisticated project scoping and market analysis. The episode underscores that MSPs cannot rely solely on vendor solutions for risk mitigation—service providers are ultimately accountable for AI outcomes delivered to clients, necessitating operational safeguards and human-in-the-loop design wherever possible. Supported by: ScalePadZero Networks

The dominant structural shift highlighted is the movement of value from AI-driven features to the ownership and governance of the control plane—specifically, entities that set boundaries, maintain proof, and keep automated workflows within defined limits. This shift is evidenced by workforce polling from Quinnipiac University, business formation trends tracked by the Bank of America Institute and Census Bureau data, and product launches from vendors like TeamViewer and KnowBefore. These developments underscore a growing reliance on automation where traditional human oversight is minimized, and technology increasingly assumes direct control over work execution. The episode details workforce sentiment, citing a Quinnipiac University poll where only 15% of respondents expressed willingness to work for an AI boss, and 70% anticipated AI would reduce job opportunities. Bank of America Institute data notes a 15% year-over-year increase in high propensity businesses—those likely to launch—while businesses planning to hire have fallen by 4%. TeamViewer has introduced TIA Reporting, which generates dashboards via natural language prompts, reducing specialist requirements. KnowBefore's ADA Orchestration automates security awareness scheduling and execution, reportedly shortening setup times from hours to seconds. These examples show how vendors are deploying AI tools that replace specific manual oversight with algorithmic management. Supporting developments reinforce the governance gap. According to a CIO Dive report, 96% of C-suite leaders expect productivity gains from AI, yet 77% of employees report increased workloads, signaling misalignment between leadership intent and actual outcomes. Tech Bullion reveals 60% of organizations have AI integrated in at least one core function, with 65% using generative AI regularly, but fewer than a quarter have operationalized ethical AI frameworks. The Verge covers enhancements to Anthropics' tools that embed guardrails where organizational controls are lacking. Additional survey data from TechCrunch shows that usage of AI is growing while trust in its outputs remains weak; only 24% of respondents trust AI most of the time. Operationally, the implication is clear for MSPs and IT leaders: as organizations reduce human oversight and delegate more work to automation, the auditability, accountability, and control of automated workflows become direct contractual risk. Control layers—such as logging, exception handling, approval thresholds—must be productized and priced, not treated as informal advisory work. Liability for automation failures must be clearly assigned and managed through contractual terms, with automation incident response separated from standard support. Without enforceable governance and evidence of control, MSPs risk absorbing unpaid remediation work as clients expect both automation benefits and assurance of outcome. 00:00 Bossless Workforce 03:22 AI, No Guardrails 05:45 Govern or Absorb 08:41 Why Do We Care?  Supported by:  Nerdio HaloPSA  

Margin volatility driven by operational complexity and governance gaps is reshaping the economic landscape for MSPs and IT service providers. Evidence shows that the effectiveness of automation now depends less on deployment volume and more on whether it reduces complexity and enforces coherence across client environments, as highlighted by Speaker A referencing reports from TechCentral, Avik, and vendors such as VMware, Broadcom, Microsoft, and Apple. The key structural shift is that clients and technology vendors are consolidating platforms and workflows to restore operational clarity, which fundamentally alters how MSPs structure service offerings and pricing. The most consequential development cited is Broadcom's transition of VMware users toward Cloud Foundation 9, with half of surveyed organizations (n=450 across 14 countries, each with 500+ employees) stating an intent to reduce their VMware footprint by 2028 in response to bundled offerings deemed too costly or complex, according to The Register. This reduction in adoption signals accelerated migration efforts, downsizing of virtual machine fleets, and movement toward alternative platforms, indicating margin pressure and uncertainty for MSPs supporting heterogeneous environments. Supporting developments reinforce this shift. Apple's introduction of Apple Business—a unified platform encompassing device management, email, calendar, directory services, and marketing tools—demonstrates a move toward environments with fewer moving parts and less operational ambiguity. Microsoft's Copilot Cowork for Microsoft 365 similarly embeds AI directly within core workflows, with enterprise guardrails and coherence at its center, rather than simply layering on new tools. Reports from Avik and Forrester underscore persistent gaps between leadership intent and frontline capability, especially around fragmented visibility and unaddressed governance requirements, amplifying the consequences of unmanaged complexity and AI misalignment . For MSPs and technology leaders, the operational takeaway is a need to prioritize the reduction of client environment complexity and establish explicit controls around AI and automation. Auditing fixed-fee agreements for AI work clauses, defining coverage for remediation and exception handling, and building enforceable governance layers are critical to avoid absorbing unpriced risk and free labor. Stack simplification is now paramount, since automation on top of complexity increases volatility and cost. Service contracts are trending toward bifurcation, with standardized platform offerings at lower rates and non-standard exception handling priced separately, shifting where profit and risk reside. 00:00 Consolidation Wave 03:08 Coherence Gap 04:59 Margin Leak 08:14 Why Do We Care?  Supported by:  ScalePad Zero Networks 

A persistent structural challenge highlighted in this episode is the disconnect between technology investment and demonstrable business outcomes, which fuels operational inefficiency and accountability gaps in technology spending. As articulated by technology economist Dr. Howard Rubin, a common industry tendency is to measure IT success based on technology adoption or budget size rather than objective business results. This pattern is not limited to large enterprises but affects small and mid-sized organizations, many of which feel compelled to maintain “current” technology without clear evidence of operational or financial return. Primary evidence centers on the inadequacy of current macroeconomic indicators—such as the Consumer Price Index (CPI) and Gross Domestic Product (GDP)—for assessing technology value and risk in smaller organizations. Dr. Rubin noted that official statistics and classic economic telemetry do not track the true inflation or productivity impact of technology stacks, particularly as hyperscalers invest trillions in infrastructure. The transcript highlights that price increases or capital recovery pressures in services like Microsoft Office or cloud platforms are likely to affect smaller organizations first, exacerbating operational risk and cost unpredictability. Supporting developments include analysis of flawed benchmarking practices, such as using IT spend as a fixed ratio to revenue or operating expense without examining enabling value or efficiency outcomes. Failure to contextualize technology investments can lead to counterproductive decisions, like arbitrary cost-cutting when IT as a percentage of expenses rises, ignoring possible operational savings or revenue lift driven by technology. Dr. Rubin advocates for pattern recognition and bespoke analysis over reliance on aggregated industry numbers, pointing out that mass market vendor investments and macroeconomic policy often obscure direct impacts at the SMB and MSP level. For MSPs and technology decision-makers, the operational implication is a heightened need to create internal technology inflation indices and track category-specific price pressures. Rather than relying on aggregate industry benchmarks or public economic data, service providers should establish tailored metrics to capture their own cost structures, labor pressures, and technology value. The discussion points toward the need for more deliberate accountability and ongoing evaluation—especially given that upstream price increases from hyperscalers and SaaS vendors are set to impact providers and their clients, with limited ability to negotiate at smaller scale.  

The core structural shift highlighted involves a skills convergence and expanded role definition across technology and business functions. Draup's Global Tech Talent Report and commentary by Vijay Swaminathan underscore the rising complexity and blending of job expectations, particularly as artificial intelligence (AI) and automation penetrate workflows. Companies are reorganizing hiring strategies and role definitions, prioritizing adaptable expertise over traditional IT job titles, and emphasizing domain specialization. Service providers are observing a move from specialized roles toward hybrid positions that demand broader understanding of business operations, compliance, security, and AI. The most consequential development is the persistent and intensifying shortage of cybersecurity professionals, as referenced in Draup's report. According to Vijay Swaminathan, the gap between open cybersecurity positions and qualified candidates is projected to continue through at least 2028, driven by accelerated adoption of AI/ML, IoT, and cloud technologies. Job requirements have shifted, with a 25–30% increase in skill expectations for roles in engineering, security, and product management. This expansion of necessary competencies outpaces traditional training and hiring channels, further complicating workforce planning for the sector. Additional developments reinforce these structural stressors. The report asserts that 40% of current core tech skills will be partially obsolete by 2027 due to ongoing skill fusion and AI-enabled workflows, not just layoffs. Companies are also recruiting for new categories such as “builders,” “orchestrators,” and “synthesizers,” whose duties blend technical and business intelligence. Vijay Swaminathan points out an emerging need for deep domain expertise, process documentation, and AI governance, as evolving data collection and product experience initiatives redefine value creation across verticals like retail and hospitality. For MSPs, IT service providers, and technology leaders, these changes increase operational complexity and demand more investment in continuous upskilling, industry-specific hiring, and governance. Maintaining domain specialization and robust compliance documentation will become baseline requirements for winning and retaining business, but these add overhead and require strategic selection of verticals. The evolving tech stack and expansion of hybrid workflows drive greater dependency on creative, adaptable talent—exposing firms to increased risk if reskilling and governance fall behind the pace of automation and regulatory scrutiny. Supported by: NerdioHaloPSA

The episode identifies risk allocation and governance gaps in managed service provider (MSP) contracts as the prevailing structural challenge driven by the rapid deployment of AI solutions and evolving vendor models. This shift is characterized by increased pressure from both upstream vendors—including Microsoft, Anthropic, and OpenAI—and end clients, who demand swift adoption of AI-enabled productivity features without corresponding updates to underlying agreements or clarity on responsibility. These market developments have introduced new liability exposures for MSPs, as legacy contract language is ill-suited for environments where MSPs rely on, or are required to implement, external or agentic technologies. The discussion details how aggressive marketing and client demand for AI solutions outpace both technical maturity and customer readiness for governance. According to Speaker B, this urgency often pressures MSPs to deploy AI features—such as automated recommendations for firewall settings or configuration changes—without comprehensive risk disclosure or client policy alignment. The transcript notes a pattern in which clients insist on operational changes based on AI system outputs, even when technical staff advise caution, resulting in disputes over responsibility when these interventions lead to adverse outcomes. The episode further highlights operational risk endemic to the shift toward consumption-based pricing and increasing default configurations set by upstream vendors. For instance, Microsoft's move toward extended service term (EST) pricing and other consumption models are cited as drivers that transfer variable cost risk directly to MSP clients. The lack of customer engagement in quarterly business reviews and misalignment in expectations around true-up processes were presented as reinforcing issues, potentially leaving service providers solely accountable for the financial and operational impact of unexpected platform behavior or AI incidents. For MSP operators, the immediate operational implications include the necessity for explicit contract revisions, detailed service descriptions, and targeted AI-specific policies referenced at the quoting and onboarding stages. Providers are advised to distinguish clearly between services, tools, and outcomes within agreements and establish client buy-in through formal documentation and regular communication. Without disciplined governance procedures, written allocation of AI-related risks, and enforced business reviews, MSPs face elevated exposure to liability inherited from vendor defaults and unaddressed gaps in legacy contract frameworks. Supported by: RythmzABC Solutions, LLC

The core structural shift addressed centers on the transition from AI as an assistive tool to agentic AI operating autonomously within business systems, thereby moving risk and control issues to the forefront. Agentic AI—characterized by the ability to independently execute actions within user interfaces, browsers, and systems of record—is changing the dynamics of accountability and operational authority. Companies like Meta are experiencing incidents where AI systems can enact changes or publish guidance inside live environments, making the question less about feature innovation and more about containment, permission, and the allocation of responsibility. A key development cited is a security-related incident at Meta, where an AI-generated and published security directive resulted in a real operational consequence without direct execution rights. This illustrates the growing risk, as agentic AIs are now capable of operating through the same channels as human users while accessing sensitive data and functions. Vendors such as Anthropic are enabling agentic capabilities, including control over full user workflows and system access, while security vendors and platforms like Microsoft are shifting towards identity frameworks and policies specifically designed to constrain agent autonomy and protect operational environments. Additional developments reinforcing this shift include the expansion of agentic AI into mainstream products, such as Perplexity's browser embedding AI assistants directly in everyday workflows, and the increasing integration of AI agents into databases and enterprise platforms. As these agents mature, the risk profile shifts from theoretical to operational, with vendors updating contracts to transfer liability downstream to service operators. This emphasizes that risk is no longer contained by traditional permissions and access control, and audit trails and proactive governance must become new priorities for service providers. These dynamics demand that MSPs and IT leaders re-examine operational and contractual practices. Agent deployment without properly scoped permissions, logging, and defined ownership of outcomes exposes operators to unpriced liabilities rather than incremental value. Practical requirements now include explicit service agreements covering agent actions, comprehensive permission reviews, and client-facing agent readiness assessments to establish due diligence. Failure to provide evidence of agent governance can result in being treated as uninsurable risk, pushing governance standards from optional best practice to commercial necessity. 00:00 AI Acts Now 02:57 Who Owns It? 05:13 Trust Breaks Here 08:01 Why Do We Care?  Supported by:  CometBackup HaloPSA   

The structural mechanism highlighted in this episode is the shift of government policy from serving as a regulatory guardrail to acting as a direct steering function in technology selection, shifting liability boundaries and procurement decisions onto MSPs and their contracts. Federal agencies, including the FCC and the White House, are no longer just prescribing security outcomes but are increasingly specifying acceptable inputs such as specific routers, AI contract terms, and cloud platforms, converting technology choices into explicit compliance obligations. A consequential development supporting this shift is the FCC's move to ban imports of consumer-grade routers manufactured outside the United States, a policy change that directly impacts not only residential but also business environments such as home offices and smaller hybrid setups. Additionally, the White House's push for a unified national AI governance framework, rather than a patchwork of state-based rules, further codifies what vendors and MSPs must document and justify in both procurement and ongoing service delivery. Contractual requirements—such as the GSA's draft AI clause—are moving compliance from best practice guidance to enforceable terms, influencing which vendors can bid for federal contracts and what they must attest to regarding AI-enabled services. Related stories underscore the tightening of enforcement through procurement and certification gates. The transcript cites the FedRAMP system as an example, where conditional approvals and review backlogs highlight operational challenges and reinforce how authorization is less about technical sufficiency and more about meeting buyer and audit expectations. The trend toward requiring supply chain and AI attestations by default in master service agreements is consolidating vendor choice around those that can produce defensible documentation, while increasing burdens for those unable to do so. For MSPs and IT providers, the practical implications are increased operational complexity and contract risk. Vendor selection now carries liability exposure that extends beyond technical performance to proving decisions in audits, insurance reviews, and contract disputes. Maintaining evidence-ready reports for backup, recovery, and AI governance is no longer optional, as the inability to produce such proof can result in being excluded from regulated verticals. The expected tradeoff is a consolidation of vendors and solutions, weighted toward those who offer prepackaged compliance and attestation capabilities, but with an accompanying risk of over-dependence and concentration. 00:00 Contract Conditions 02:53 Gates, Not Laws 04:34 Compliance Consolidates 07:30 Why Do We Care?  Supported by:  ScalePad  Nerdio 

The episode outlines a structural shift in the managed services landscape, moving from technology stack standardization toward continuous governance as the primary product. Increasing AI adoption is driving volatility in both hardware costs and cloud billing, expanding the complexity and risk profile that MSPs must manage. Companies such as Microsoft, OpenAI, and Akamai are actively shaping this shift by revising product rollouts and pushing for workload placement strategies that prioritize cost, control, and risk mitigation rather than platform ideology. The core evidence highlighted is that volatile AI-related costs are directly impacting endpoint and cloud spend, undermining the traditional set-it-and-forget-it approach. IDC has revised global PC shipment expectations downward by 11.3% for 2026, citing memory shortages and supply chain disruptions, which is driving up hardware refresh costs and complicating standardization efforts. Wasabi reports that 48% of cloud storage budgets are being consumed by fees instead of capacity, while 72% of organizations now operate with hybrid storage strategies. These developments are increasing the need for contractual controls and workload governance to protect MSP margins. Supporting developments reinforce the market's pivot toward governance. Microsoft's rollback of Copilot integration and the US government's warnings after the Stryker incident emphasize the operational risk of rapid or unmanaged AI deployments. Akamai's expansion of AI inference to thousands of edge locations and OpenAI's launch of smaller, cost-targeted models underscore the growing significance of workload placement and model selection as ongoing operational decisions. According to a Westcon-Comstor survey, nearly a third of MSPs are already repositioning themselves as hybrid advisors, reflecting this market adjustment. For MSPs and IT leaders, the implications are clear: traditional fixed-fee models that bundle variable costs are now a liability, absorbing unpriced volatility as AI usage increases. Sustainable operation requires MSPs to separate governance from consumption within contracts and clearly define policies for workload placement, spend guardrails, and permission controls. The episode indicates that successful providers will be those who document, enforce, and price for governance, while those who treat hybrid as a generic technology support issue will face margin erosion and increased risk exposure. 00:00 AI Cost Shock 03:18 Placement Is Strategy 06:06 Margin Splits Here 08:54 Why Do We Care?  Supported by:  JumpCloud  HaloPSA   

The structural shift explored centers on the reconfiguration of labor dynamics within the MSP sector, driven by slowing wage inflation, increased automation, and the early adoption of AI. This mechanism is documented in the Service Leadership Annual IT Solution Provider Compensation Report, which highlights how top-performing MSPs are leveraging automation and AI for productivity improvements rather than aggressive hiring strategies. The report, as referenced by Service Leadership (a ConnectWise company), provides direct benchmarking on compensation and operational models, underscoring a pivot from pure labor-intensive growth to efficiency and automation as profit drivers. According to the report, wage inflation in the MSP space peaked in 2021–2022, with MSPs facing cost increases as high as 10–14%, but pressures have since gradually eased. Despite this moderation, labor represents 75–80% of cost of goods sold, and wages continue to rise at nearly twice the rate of the consumer price index, the report finds. Best-in-class MSPs have achieved higher margins per employee by both slowing headcount growth and integrating automation and AI, rather than through blanket budget cuts or wage freezes. Notably, these more productive MSPs employ a higher proportion of junior (level 1) technicians, maintain lower average compensation per employee, and tie greater proportions of total pay to performance-based incentives, unlike the bottom quartile. The episode also references broader MSP market forces including security concerns amplified by AI adoption, persistent vendor support gaps such as those with Microsoft, and instability illustrated by OpenAI's controversial government contracts and resulting user boycotts. These developments demonstrate how increasing automation and agent-based AI can pose new governance requirements, business continuity risks, and ethical dilemmas. Commentary from the SMB Community Podcast reinforces that industry consolidation, vendor reliability, and the balance between productivity and customer satisfaction will remain ongoing concerns for operators. For MSPs and IT service leaders, the implication is not a simple outsourcing of operational burden to technology, but an increase in vendor dependency, requirement for ongoing process redesign, and heightened need for accountability in compensation, automation, and security policy. Adopting automation and AI is likely to shift job mixes and compensation frameworks, reducing reliance on senior technical labor but requiring rigorous performance-based structures and clear governance for emerging technologies. The trend also signals a need for careful vendor selection and data management, as operational resiliency becomes increasingly tied to the stability and support capacity of automation and AI infrastructure providers. Supported by: RythmzABC Solutions, LLC

A significant shift addressed in this episode is the reconfiguration of business dispute resolution away from traditional litigation toward digital arbitration infrastructure. New Era ADR exemplifies this mechanism by providing a cloud-based, tech-enabled platform designed to compress legal dispute timelines and costs, fundamentally altering the risk structure for businesses that face contract enforcement issues and litigation exposure. The most consequential development is New Era ADR's assertion that its system resolves typical business disputes in approximately 100 days—up to 90% faster than court litigation—using digital workflows, AI-assisted processes, and a flat-fee pricing model. According to New Era ADR's leadership, the core platform includes end-to-end case management, digital document exchange, and process automation. The platform is positioned as enforceable under the Federal Arbitration Act, enabling mutual agreement for digital arbitration in contractual clauses and establishing predictable resolution timelines versus the uncertainty and duration common in court proceedings. Additional details reinforce this structural shift: the adoption mechanism leverages standard contract language, enabling businesses to designate New Era ADR as their default dispute forum with minimal operational friction. Safeguards are designed around deliberate limits on automation and AI deployment, with a focus on maintaining user trust and compliance with legal standards. Rules and procedures are engineered to prevent process abuse and to align the incentives of mediators and arbitrators, with both service providers and neutral parties subject to flat fees. Early customer adoption, including organizations in regulated sectors and high-profile enterprises, provides social proof for the model. Operational implications for MSPs and IT leaders include reduced contract risk exposure from protracted litigation and improved cost predictability. Shifting dispute resolution to digital arbitration platforms requires careful consideration of contract language, arbitration enforceability, and process transparency. Flat-fee models transfer focus from hourly billing to procedure-driven controls, which may impact how MSPs structure their own agreements, vendor relationships, and liability management. Dependence on third-party arbitration platforms adds a new governance dimension, mandating ongoing evaluation of compliance, automation boundaries, and audit trails to mitigate bias and unintended outcomes.

The deployment of artificial intelligence across the business sector is introducing structural margin pressure rather than delivering the promised productivity dividend. Rather than self-funding through measurable efficiency gains, AI investments are currently being financed through compensation cuts, organizational tightening, and heightened performance expectations, as evidenced by data from ActivTrak, Gallup, Novoresume, and ResumeBuilder. This shift positions AI less as a driver of output and more as a cost-cutting measure embedded in software spending. Concrete developments show that, according to ActivTrak analysis, time spent on email and messaging has increased after AI adoption, while uninterrupted focus time has declined. Gallup data confirms that about 40% of employees use AI tools, though only a fraction leverage them effectively. Novoresume's survey reveals that although half of AI users report completing tasks more quickly, much of the saved time is not reinvested in productive output, and over half of respondents believe they could perform their roles at a similar level without AI involvement. Supporting evidence from Jobs for the Future identifies significant worker skepticism and low readiness, with only 36% of employees feeling equipped to use AI effectively and 44% viewing AI as a net negative for jobs and quality of life. Further, Snowflake's findings indicate that organizations are adjusting headcount to fill new skill gaps while eliminating overlapping functions. Inside the channel, ConnectWise observes that larger MSPs and VARs are curtailing compensation increases and relying on AI as a headcount management lever, exacerbating delivery expectations as evidenced in the Resume Builder findings. The operational consequences for MSPs and IT service providers are clear: organizations can no longer treat AI as a simple add-on. Providers face heightened expectations to deliver measurable outcomes—such as enhanced ticket resolution or lower escalation rates—despite constrained labor resources and ongoing workflow disruption. Without system-level productivity proof, procurement may preemptively reduce service spend. Effective risk management now requires auditing AI deployments for verifiable workflow changes, embedding measurable AI outcomes in QBRs, and treating workflow redesign and user training not as optional extras but as necessary, billable services. 00:00 Busier With AI 03:05 AI Outpaces Workers 05:33 MSP Squeeze 07:46 Why Do We Care?  Supported by:  Nerdio , HaloPSA

The episode highlights a structural shift in the cyber insurance market, marked by increasing reliance on risk analytics and automation for underwriting and claims management. Companies like CyberWrite and its CyGPT platform exemplify this move, leveraging artificial intelligence and large language models (LLMs) to support decisions around risk evaluation, policy underwriting, and post-incident analysis. The discussion points to a broader trend where insurers, seeking profitability and efficiency amidst rising cyber threats, increasingly depend on technical risk scoring and automated assessment rather than deep operational understanding of client environments. A key development is the heightened use of pre-breach and post-breach data collection by insurers for client evaluation. According to Nir Perry, insurance companies deploy platforms that scan client attack surfaces, dark web exposure, and implemented security measures, supplemented by questionnaires often completed by MSPs or IT managers. For larger clients or more significant coverage, insurers require more detailed controls and evidence, but the overall business remains highly profitable, with loss ratios generally favorable except in brief harder-market phases. The industry's underwriting models, as outlined by Nir Perry, prioritize statistical risk reduction based on historical breach data, not bespoke knowledge of each MSP's operational reality. Secondary factors reinforcing this shift include tension between checklist-based compliance approaches and practical security management, as well as the growing expectation that AI-enabled tools will speed up risk assessments and ROI modeling for security investments. Nir Perry notes that modern LLM-driven systems can rapidly extract and interpret risk information from technical documentation, enabling faster, data-driven recommendations for both insurers and MSPs. However, the episode also covers gaps in accountability when large software vendors shift the risk of vulnerabilities onto customers—a contrast to physical world liability frameworks—indicating persistent governance gaps in cyber risk assignment. For MSPs and IT leaders, increased dependency on insurer-driven checklists and risk models means that decision-making must closely track evolving carrier requirements, not merely technical best practices. Contractual and evidentiary risk arises if controls asserted during underwriting are not maintained, with some carriers declining coverage where documentation is inaccurate or solutions are misrepresented. Providers must account for operational delays during incidents, as insurer processes may prioritize forensics and evidence over immediate restoration. The proliferation of AI tools for risk analysis can help justify investments to business stakeholders but also increases the need for transparent and auditable decision records.

The dominant structural mechanism identified is the consolidation of security operations from individual point tools to integrated control planes that automate enforcement and provide continuous assurance. This shift, highlighted through developments at companies such as Huntress, NinjaOne, CrowdStrike, and NVIDIA, is driven by increased complexity in client environments and the acceleration of AI adoption outpacing internal governance frameworks. The trend forces MSPs away from tool management and toward delivering evidence-based assurance within unified operational models. A core evidence point is the visibility and skills gap in AI deployment across enterprises. The Pentera Benchmark study cited in the episode found that two-thirds of CISOs report limited visibility into AI use within their organizations, with none claiming complete oversight. Most respondents named lack of internal expertise as the main barrier, and many are extending legacy security controls to cover AI systems despite unclear ownership and governance. The market response—such as Check Point's introduction of an AI advisory service—indexes on closing this governance deficit created by rapid, unregulated AI adoption. Supporting developments reinforce this consolidation trend. Huntress now offers managed endpoint and identity posture services that automate security enforcement, while NinjaOne integrates vulnerability identification, patching, and remediation workflows to minimize operator error and reduce tool sprawl. CrowdStrike and NVIDIA are embedding security controls directly into the AI runtime environment, tying governance and observability into the stack rather than layering it on later. These actions illustrate and accelerate the power shift to platform vendors capable of centralized, automated control. For MSPs and IT service leaders, the operational impact includes increased vendor dependency, pressure to clearly define and prove enforceable outcomes in contracts, and greater risk exposure if platforms control key client data or proof artifacts. The move toward orchestration layers raises switching costs and pushes MSPs to build their own proof and reporting layers to maintain client value. Failure to adapt risks relegating providers to low-margin, commoditized contracts dependent on external vendors for both delivery and accountability. Three things to know today 00:00 Attackers Adapt 03:11 Platform Takeover 05:34 MSP Reckoning 09:01 Why Do We Care?  Supported by:  ScalePad  Nerdio 

The episode reveals a structural shift in the managed services market, where the value proposition for MSPs and IT service providers is moving away from “running the tools” to delivering governance, risk management, and outcome-driven services. This shift is catalyzed by the increasing commoditization of tool-centric operations, as platforms and vendors such as Microsoft (Autopatch), Atera (autonomous agents), Summit Holdings (MSP as a service), and Ruest (RoboRoosty AI Workflow Builder) push standardized automation, workflow tools, and backend service packaging into the market. Cisco's Global State of Security report underscores this trend, identifying tool maintenance and fragmentation as primary sources of inefficiency. Evidence from Cisco shows 59% of security leaders pointing to tool maintenance as the chief inefficiency, with 78% citing tool dispersion and lack of integration. For MSPs, this results in growing unbillable labor spent on connecting systems, onboarding, retraining, and managing exceptions. The report indicates that the cost to deliver services is escalating faster than the value captured in contracts, exposing a margin squeeze and highlighting the risk that unmanaged operational complexity poses to profitability. Secondary developments reinforce the structural shift. Atera's no-ticket operational model and Microsoft's implementation of security updates through Intune and Autopatch transfer control and cadence of IT operations upstream, leaving MSPs responsible for policy exceptions and business risk translation rather than day-to-day execution. Summit Holdings' “MSP as a service” and D&H's expansion into enablement and training further commoditize backend functions, reducing differentiation for providers who fail to retain independent client intelligence and risk management. Operationally, the implications for MSPs and IT leaders are clear: dependency on vendor platforms and wholesale backend solutions increases, making risk ownership and client-specific intelligence the remaining sources of defensible value. Providers unable to price or document governance and exception management risk seeing margins erode as they absorb unbillable labor and liability. Future operational strategy will require clear mapping of tools to billable outcomes, explicit governance layers, and careful evaluation of which client insights remain uniquely held versus replicated across standardized platforms. Three things to know today 00:00 Tools vs Outcomes 02:50 Delivery Gets Packaged 05:17 Defaults Have Costs 07:42 Why Do We Care?  Supported by:  TimeZest Small Biz Thoughts Community

The episode details a structural shift in the technology landscape: AI models are increasingly being treated as commodity components, with operational control and procurement decisions moving to the orchestration layer. This change is illustrated by government procurement actions, specifically the Pentagon's designation of Anthropic's Claude model as a supply chain risk and the subsequent shift in model eligibility requirements. Policymaking authorities are now directly dictating which models can be used within national security supply chains, reconfiguring where power, liability, and decision-making sit. The primary development is the Department of Defense's recent disqualification of Anthropic's Claude from eligible contracts, leading to both contract cancellations and legal disputes. Anthropic has responded with lawsuits contesting its supply chain risk designation, while Microsoft has sought court intervention to block the Pentagon's ban, asserting this would prevent disruption to military AI workflows. The State Department has also moved its internal chatbot infrastructure from Claude Sonic 4.5 to OpenAI's GPT-4.1, aligning with the President's compliance directive. Supporting developments include Google's deployment of Gemini-powered AI agents within the Department of Defense, and the emergence of tools such as Perplexity's APIs, which aim to simplify workflow construction across multiple models. The episode emphasizes that model swaps by agencies are not merely technical updates, but policy-driven control decisions. These actions underscore a climate in which model eligibility and operational portability are shaped by compliance and procurement authorities rather than technical teams or vendors. Operational implications for MSPs and IT providers are profound. Single-model dependencies now present measurable contract risk, especially for clients in defense, healthcare, or finance sectors. Swapping models requires revalidation of prompts, outputs, and integrations, rather than simple API repointing. Providers are advised to audit workflows for reliance on any one model, prioritize abstraction layers that enable smooth transitions, and position model-agnostic architectures as proactive risk management. In a landscape defined by commodity models and policy-driven eligibility, model diversification now represents continuity planning rather than an engineering preference. Three things to know today: 00:00 Pentagon vs. Anthropic 02:19 Beyond the Model 05:07 Why Do We Care?  Supported by:  ScalePad, Small Biz Thoughts Community