How MSPs Need To Prepare For AI-Accelerated Cyberattacks: Experts

As AI advancements continue to collapse the time for responding to cyberattacks, MSPs have a massive opportunity to solve critical challenges for their customers—provided they can up their game on security, cybersecurity experts tell CRN.

While LLMs have already been proving useful for discovering and exploiting vulnerabilities in recent years, the disclosures about the proficiency of new frontier AI models for these tasks by Anthropic and OpenAI have put the spotlight on a coming wave of new vulnerabilities that all organizations will need to deal with.

Without a doubt, the acceleration that AI is bringing to threat actor operations is a massive challenge faced by MSPs and MSSPs right now, according to Joshua Traynor, manager of MSSP operations at Dallas-based Apollo Information Systems.

“The velocity of attacks—that’s the key. They are happening quicker,” Traynor said. “How quickly can they gain persistence? How quickly can they run across your network? How quickly can they steal your data? And how quickly can they drop ransomware at that point? All of that [activity] is just happening at a greater and greater velocity.”

Cybersecurity experts and executives who spoke with CRN said it’s clear that AI will itself be part of the answer—though it won’t replace security fundamentals. But it will require MSPs to enable faster threat response, stronger identity security and a revamped approach to vulnerability management—as well as more unified security operations in the case of MSSPs.

Right now, “MSPs have this huge opportunity to go out to their customers and say, ‘We’re here to make sure you’re ready for this next round of cybersecurity threats,’” said ThreatLocker co-founder and CEO Danny Jenkins.

The conversation will not always be easy, however, especially when it comes to customers that have underinvested on proactive security in the past—and relied too heavily on reactive cyber defense, Jenkins said.

“The challenge for MSPs is they have to go to the customer and tell them the house is on fire when the smoke alarm is not going off,” Jenkins said.

[RELATED: MSP Week 2026]

One of the biggest adjustments for many MSPs will be to confront the dramatically shrinking window between vulnerability disclosure and utilization in attacks.

Without a doubt, vulnerability management must move into a much higher gear as attackers use AI tools to discover software flaws and create exploits in rapid fashion, according to Cynet threat expert MacKenzie Brown.

“Speed is the new perimeter. How fast can we respond and remediate?” said Brown, vice president of threat intelligence strategy at Cynet. “Traditional patch cycles are now dead.”

Organizations can no longer depend upon weekslong, manual processes to decide which vulnerabilities to patch first or how quickly to respond, she said.

“We cannot rely anymore on manual triage,” Brown said. “We need systems that still combine the human intuition with machine speed.”

That is crucial because AI is providing threat actors with those same speed and efficiency advantages that MSPs and MSSPs are trying to achieve, according to Kendra Krause, general manager at ThreatDown.

The rise of AI-powered attacks is “really changing the game for the threat of actors out there,” Krause said.

For SMB and midmarket customers, in particular, that means customers often will be entirely unable to keep up without outside help, she said.

On their own, these customers “can’t do it at that speed and agility,” Krause said.

At Houston-based Alchemy Technology Group, efforts have been well underway in working with customers to build more mature and proactive security programs even in advance of potentially enormous numbers of new vulnerabilities coming to light, according to Mark Grassmann, national cybersecurity practice principal at Alchemy Technology Group.

“They’ve understood that they also needed to mature their programmatic remediation activities—no longer relying as much as possible on human actions, but automating remediation and other patching activities,” Grassmann said.

And while the industry has begun to embrace more-proactive approaches such as continuous threat exposure management (CTEM), the potential for a surge in AI-discovered vulnerabilities is likely to give a massive boost to the idea, he said.

“This concern about vulnerabilities identified by advanced AI models, in my opinion, is now the fire that now will light that business process, that program, that practicum,” Grassmann said.

While patching will no doubt remain critical, MSPs also need to recognize that many customer environments include applications that will not be patched quickly—or possibly at all, ThreatLocker’s Jenkins said.

“We should always be patching as soon as we can,” he said. “But the reality is [many vulnerabilities] won’t have a patch within the next two years.”

That will create a huge area of exposure within IT environments—especially those with legacy or line-of-business applications, Jenkins said. Such applications are going to become “big gaping holes in your security,” he said.

The answer, Jenkins said, is not to attempt to eliminate applications that customers depend on. On the contrary, MSPs can actually help customers to reduce their risk around those applications through compensating controls adhering to zero-trust principles, he said.

“We can’t take that away,” Jenkins said. “We just have to make sure we mitigate the risk in other ways.”

Even as AI accelerates the speed and scale of cyberattacks, many breaches are still coming down to a failure to invest in the security basics—especially when it comes identity, experts told CRN.

Attackers continue to exploit gaps multifactor authentication (MFA), session security and credential protection, according to Cynet’s Brown.

Many organizations are “still struggling with that identity plane,” she said. “We see just as much MFA bypass, session hijacking, adversary-in-the-middle, credential harvesting.”

Those attacks reveal that many organizations—particularly SMBs and midmarket organizations—still are “not doing the basic zero-trust identity-based work,” Brown said.

For MSPs, that means the responses to AI-driven cyberthreats can’t just be limited to adding new tools, experts said. It must also include enforcing foundational security measures such as MFA, password hygiene and application allowlisting, according to experts.

While AI can help defenders move faster, the human role in cybersecurity remains essential, cybersecurity experts and executives told CRN.

MSPs and MSSPs will be increasingly critical because cybersecurity cannot be solved by a single vendor alone, Sophos CEO Joe Levy said in an interview.

“This is why it’s critical that we actually keep humans involved in these relationships, and the only way that you can scale that,” Levy said.

“That’s where the MSPs and the MSSPs come in,” he said. “And all along, they’ve been trying to figure out how they can make themselves more consequential, more important, more relevant to their customers.”

The industry should not settle for simply keeping people “in the loop,” according to Huntress co-founder and CEO Kyle Hanslovan. Rather, humans should be actively guiding the AI- and agentic-powered security work, he said.

“[AI] requires humans in the lead, not just humans in the loop,” Hanslovan said.

One of the biggest problems faced by MSPs is that many are managing security through disconnected point products, according to Guardz co-founder and CEO Dor Eisner.

That approach becomes exponentially more difficult as attackers continue to utilize many different IT systems—including identity, endpoint, email, cloud environments and applications, he said.

“If you are an MSP and all of your security [tools] are different point solutions, you have a bunch of siloed detections,” Eisner said. “But the problem is that the bad guys are not siloing their attacks. They are not siloing their methods.”

Thus, MSPs need better data infrastructure to make AI useful in actual security operations, Eisner said.

At Apollo Information Systems, which is a top partner of Guardz, Traynor said the key for MSPs and MSSPs is to adapt the speed of their security responses using AI in order to keep up with the pace of attacks.

“You’ve got to combat that with automations and AI—and having everybody trusting each other enough to operate quickly,” he said. “My customers trust us, so that if we need to kill an account and reset it, I don’t have to ask them. I’m going to inform them that we did this. Because asking—which is the way that it used to happen—it takes too long. They can have all your data by the end of that.”

At the same time, many customers want to use AI and agentic systems but do not know how to implement those systems inside of their IT environments, according to Arctic Wolf CEO Nick Schneider.

The key is to embed an agentic framework within the security platforms themselves, giving partners and customers the benefit of AI-assisted security operations without requiring them to build the capability themselves, he said.

“The outcome really for them should be speed, efficiency and then a more effective outcome in a highly observable way—so they can see where the agentic framework is doing its work or where the agents are doing their work,” Schneider said.

Another crucial piece of the puzzle is to change the way that MSPs are communicating about the threat environment with their end customers, according to Todyl founder and CEO John Nellen.

Instead of just telling a purely technical story, MSPs can bring a story about the changes in business risk from the rise of AI-enhanced attacks, Nellen said.

Ultimately, MSPs may need to “step back and think about, ‘Where are the different entry points?’” he said. “’What’s my attack surface area? What are the right controls to reduce the attack surface area and make sure that I have holistic coverage?’”