MSPs Have A ‘Window Of Opportunity’ On AI Advisory Services: Security Execs

Similar to cybersecurity, AI is far too complex for most SMBs to deeply focus on themselves — leading to massive opportunities for MSP advisors, vendor executives tell CRN.

Similar to cybersecurity, AI is far too complex for most SMBs to deeply focus on themselves — leading to massive opportunities for MSP advisors, executives from top security vendors told CRN.

For many years now, the attitude among smaller businesses has been that cybersecurity is “‘too hard, it’s too complicated. So I’m going to trust [MSPs] to do it for me,’” said Dave Baggett, founder and CEO of email security vendor Inky, during a recent roundtable of executives convened by CRN in Denver. “AI is going to be exactly the same thing. It’s going to be way too complicated for people to figure out on their own and have a whole department that does it.”

As a result, “it’s a great place for an MSP to morph into the advisor [on AI] — ‘I know about 700 AI-related technologies. Here’s the five that you should probably use for what you’re doing,’” Baggett said at the roundtable held during XChange August 2025, an event hosted by CRN parent The Channel Company.

While such advisory work could certainly be subsumed by tech giants down the road, “there’s going to be some window of opportunity [for MSPs] — where there’ll be a zillion AI-based solutions that you’re going to have to sift through, and nobody’s going to have the time to do that,” he said.

Cesar Avila, founder and CIO of Fort Lauderdale, Fla.-based AVLA, said his MSP has already been offering this type of advisory service, with a focus on helping customers to understand which AI tools are ideal for which purposes.

Through AVLA’s own tryouts, the MSP has found that three of the most popular GenAI applications — OpenAI’s ChatGPT, Microsoft CoPilot and X’s Grok — each specialize in specific tasks. ChatGPT is the “way better” AI platform when it comes down to writing, Avila said, while Grok performs far better on technical tasks such as writing a script or a piece of code.

CoPilot, on the other hand, has the advantage of already being integrated with Microsoft’s productivity applications, he said. “It is right there, available for you right click and go,” Avila said.

By contrast, using other tools with business data requires transferring the data in and out of the tools, which raises data security concerns in addition to the effort involved, he said. For that reason, AVLA generally recommends that customers start with CoPilot and then use the other AI tools for specific use cases where they’re ideal, according to Avila.

Beyond advising customers on AI tools, AVLA has also assisted customers with the necessary data governance and security preparations for using the tools, and has been helping to train employees at customer organizations to be aware of how they’re using the tools, he said.

“When they’re using AI models, that conscience of, ‘I need to be careful what I’m doing’ — we’re not seeing it,” Avila said. “You have to train them and give them an AI policy.”

Without a doubt, if an MSP “isn’t already delivering, or at least preparing to deliver, AI assessments, AI workshops, AI education — they’re behind,” said Addie Finch, vice president of channels for the Americas at SASE vendor Cato Networks, during the recent CRN roundtable.

At the same time, for solution and service provider partners, the opportunities are also much broader than simply helping with secure adoption of AI, Finch said.

“The customer likely may need to look at shifting workloads to the cloud or modernizing the data center, or [invest in] architecting correctly in their network security tech stack,” she said. “And so it’s not just about, how do I monetize AI? It’s all the drag that pulls underneath that to prepare the customer for safe adoption.”

For Gladstone, Oregon-based Covenant Technology Solutions, this has become a cornerstone of how the MSP is working with customers around AI, according to CEO Timothy Choquette.

The typical customer discussion lately has been along the lines of, “‘We can help you with this, but we need to take a look at your data. We need to make sure you’re prepared and ready to do these things you want to go do, so we can confidently know that you’re ready to go,’” Choquette said. “We’re having business conversations all along the way.”

There’s no question that when it comes to GenAI and AI agents, “there’s a massive opportunity to help the business owners actually use technology to grow their business,” said Scott Barlow, chief evangelist and global head of community at cybersecurity giant Sophos, during the roundtable.

Still, “I think right now, a lot of MSPs are using technology to secure the end customer’s business, but not using technology as a growth accelerator,” Barlow said.

Even just as a workforce enhancement, however, AI has already proven to be critical for MSSPs such as Gladstone, Oregon-based Dura Cyber, according to Co-Founder and CEO Mike Hughes.

From an operational perspective, AI tools can already answer many of the technical questions today that the MSSP deals with on a daily basis, Hughes said.

“It’s got this huge knowledge base that’s available to you, in an instant, to be able to solve problems,” he said. “So that’s really helped our workforce.”

Looking ahead, the potential is also there for AI agents to take on even more of the responsibilities for MSPs and MSSPs, according to Hughes.

When it comes to triaging, for instance, “AI can start to ask those types of questions. Those tools are developing,” he said. However, “just like everything that’s AI-related, it’s really in development phase.”

Overall, the industry has now moved out of its first major phase with GenAI, “where the models are there. People are trusting them. They’re actively being used,” Hughes said. “But now that agentic piece that we’re all talking about right now — that’s the piece that’s transforming [MSPs].”

With the prospect of continued AI-driven impacts for the foreseeable future, Mike DePalma, vice president of business development at OpenText Cybersecurity, said he believes MSPs need to pinpoint what their core strengths are in the space.

“What I think MSPs need to do is have a real, honest conversation with themselves [around], ‘What is my differentiation? What do I do well?” DePalma said during the recent CRN roundtable.

While many MSPs believe they can “do everything for everybody, very few people can,” he said.

And for those AI-related pieces that the MSP recognizes it cannot provide itself, there should be an exploration of working with another service provider who specializes in the area, according to DePalma.

The key is to look a few years out and ask, “‘What can I realistically provide? And what do I should I be working with somebody that specializes in them?’” he said. “‘Is this realistically where I need to be in three years, or is there a smarter way to do it?’”