Why MSPs Need To Become ‘Managed Trust Providers’ In The AI Era: Expert
Massive new security services opportunities are available for MSPs amid the erosion of digital trust, says Security Fanatics Founder Nick Espinosa: ‘In a world where trust is dead, the [MSP] who verifies reality wins.’
Massive new security services opportunities are here for MSPs and MSSPs with the erosion of digital trust that has been accelerated by the ubiquitous adoption of AI—providing an opportunity for service providers to redefine themselves in a major way, according to cybersecurity expert Nick Espinosa.
During a keynote Sunday at XChange Security 2026, Espinosa, founder of consulting firm Security Fanatics, said that MSPs can generate massive growth through increasingly focusing on verifying the authenticity of people and communications.
[Related: How AI Agents Are Making Identity Security More ‘Critical’ Than Ever: Partners]
“Trust is now your product,” he told an audience of MSP and MSSP executives during XChange Security 2026, which is hosted by CRN parent The Channel Company and being held this week in Frisco, Texas. “This is the next evolution of an MSP and an MSSP.”
The shift is becoming ever more crucial as the industry enters an “era of synthetic reality”— fueled by highly convincing deepfake audio and video as well as intensifying AI-powered phishing and impersonation attacks, Espinosa said.
Ultimately, “in a world where trust is dead, the [MSP] who verifies reality wins,” he said—urging that MSPs begin to view themselves more as “managed trust providers” in the AI-dominated era.
The MSP “who can verify reality becomes indispensable, not replaceable,” he said. “You are the trust layer.”
Without a doubt, Espinosa’s recommendations are on the mark when it comes to the importance of enabling trust within an MSP’s strategy in 2026, according to David Cox, chief security officer at AvTek Solutions, an Allen, Texas-based MSP.
Whether it’s protecting identity and access systems or verifying AI and agentic interactions, “trust is absolutely essential,” Cox said.
Conditional access, for instance, is one area where not enough customers are currently focused—but it’s “starting to come to the top because of AI,” he said.
All in all, delivering trust starts with ensuring that customers see their MSP as advisers and educators first and foremost, he noted.
“Customers value it when you’re not trying to sell them something, but you’re trying to educate them,” Cox said.
For MSPs and MSSPs, the key moving forward will be to offer their customers an “architectural structure of trust” spanning their IT environments and communications systems, Espinosa said during the keynote session Sunday.
For instance, service providers can deliver assessments for deepfake readiness, tabletop exercises focused on executive impersonation, incident response playbooks and employee training—and even package them into a repeatable offering, he said.
The goal, Espinosa said, is to become “that provider that clients call when reality itself is in question.”
MSPs and MSSPs should also aim to expand their definition of identity protection beyond traditional human users and devices, according to Espinosa.
Providers should have the ability to authenticate—and potentially revoke access—for every entity that is interacting with a customer’s environment, he said.
AI governance represents another huge opportunity as employees increasingly use unsanctioned “shadow AI” tools, Espinosa noted.
Providers should focus on helping customers with discovery of AI usage along with assessing what data is potentially being exposed, he said. MSPs can then assist with establishing governance frameworks around approved applications and uses of the technology, Espinosa said.
Service providers can also play a bigger role in verifying the security of vendors and supply chains used by their customers, he said. And managed security services can also be positioned more effectively as AI becomes more deeply integrated into threat detection, investigation and response, according to Espinosa.
The use of AI in tools such as MDR (managed detection and response) and XDR (extended detection and response) can shift the positioning of the services from providing alert handling to offering “trust evidence,” Espinosa said.
Post-quantum readiness should also be a greater focus for security services going forward, though quantum computers that can compromise standard encryption are not yet available, he noted.
Providers can get involved now by inventorying the cryptography systems used by customers as well as identifying outdated protocols and determining how long sensitive data will need to remain protected, Espinosa said.
Importantly, MSPs and MSSPs do not actually need to build fully customized trust programs for every customer, he said.
Instead, the focus should be on creating standardized assessments and processes for collecting evidence, while reserving the more tailored decision-making for the parts of a customer environment that require it, Espinosa said.
“Automate evidence, not judgment. Standardize delivery, not strategy,” he said. “The strategy can be unique to your clients. The delivery can be adjusted based off of your product lines and your capability.”
The bottom line is that for providers that embrace the transition to delivering managed trust, such offerings can provide a strong differentiator that drives both customer retention and new business growth, Espinosa said.
“The bet is, if you own the trust, you’re going to win,” he said. “They’re going to depend on you because you’re forward-thinking. You are offering light in a time of darkness online.”