Adapting Your MSP Stack for AI Management and Security

Adapting Your MSP Stack for AI Management and Security

Discussion centered on the evolving role of Artificial Intelligence (AI) in the MSP technology stack, emphasizing the necessity for MSPs to deploy tools that can comprehensively manage AI, particularly concerning security and shadow IT. Multiple participants highlighted the lack of current solutions that aggregate and control AI activity via a single interface, with an explicit focus on the requirement to educate clients about AI privacy, security, and usage costs. The practical challenge of MSPs asserting thought leadership in AI was underscored, as was the complication of usage-based AI billing models leading to unexpected customer expenses. Supporting details were drawn from the recently released Kaseya State of the MSP report, which showed that customer acquisition remains the sector’s main challenge, with 71% of surveyed MSPs identifying it as their top concern. The report further found that only a minority of MSPs are executing effective sales and marketing strategies to educate clients. Additionally, 48% of respondents reported AI and automation as top client needs, yet a significant drop was observed in customers spending more than $25,000 a year with MSPs, falling from 75% to 41%. This reduction is attributed to clients undertaking technology initiatives independently, diminishing the perceived value of MSP services. Adjacent discussions addressed common issues around automation and AI adoption. Several practitioners noted a prevailing trend of automating legacy processes rather than leveraging AI for forward-looking transformation. It was emphasized that most AI implementations among peer groups are focused on operational efficiencies for past tasks, such as help desk and marketing automation, with few examples of innovative new service offerings. The dialogue also covered practical, risk-related aspects of managing client relationships, particularly when enforcing security measures such as multi-factor authentication in the face of client resistance. Implications for MSPs and IT leaders include the need to strengthen governance around AI adoption and service stack adjustments, actively communicate the value of AI security and management services, and anticipate client concerns about cost control and privacy. The observed decrease in customer spending points to operational and strategic risks around client engagement and service value. MSPs are advised to ensure that automation efforts align with future requirements, not just past service models, and to enhance accountability in both vendor and client-facing operations.   Title:    Should I Adjust My Stack for AI?  1. MSP Question of the week:  How should I adjust my stack for AI? 2. Kasaya State of the MSP report is out: Running an MSP is harder than ever is the headline. https://www.kaseya.com/blog/msp-growth-challenges-2026/ [https://www.kaseya.com/blog/msp-growth-challenges-2026/] 3. Question for you! Amy had a post on LinkedIn last week telling MSPs that they are doing AI wrong. The final question was, are you adopting AI for the future or just automating the last 10 years. Where is your focus?. https://www.thirdtier.net/2026/05/31/most-msps-are-using-ai-wrong/ [https://www.thirdtier.net/2026/05/31/most-msps-are-using-ai-wrong/] 4. M&A: When is the best time to sell an MSP? Chapter 2 from Amy’s book. https://amzn.to/4dSYOcR [https://amzn.to/4dSYOcR] Amy and James Events Mastermind Event – July 30-31st, 2026 https://portal.kernanconsulting.com/mastermind-event [https://portal.kernanconsulting.com/mastermind-event] Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com [https://pcm.adswizz.com] for information about our collection and use of personal data for advertising.

How AI Disrupts the Per-Seat Model for MSPs

A central development addressed is the projected effect of AI on the per-seat pricing model that underpins many MSP service offerings. According to the discussion, AI could reduce white-collar jobs by 30-50%, leading to fewer user seats for MSPs to support and bill for. This scenario presents significant revenue risk for MSPs reliant on per-user contracts. The discussion also references Microsoft’s introduction of Agent365, a product designed to license AI agents within enterprise environments, indicating a move by vendors to adapt licensing models while protecting enterprise relationships. Participants noted that if customer organizations reduce headcount, MSPs will face declining license and seat-based revenue. Discussion suggested alternative business models, such as switching to per-device pricing or developing new service streams, with an emphasis on advisory services and security. The timeframe for these changes was cited as two to three years, which was described as an operationally compressed window for MSPs. Additionally, security, data management, compliance, and governance were highlighted as ongoing service areas with continued relevance as the MSP landscape evolves. Additional topics included increased local competition among MSPs, as evidenced by survey data reporting 100% of respondents encountering significant competition in 2024. Differentiation and targeted marketing were underscored as necessary responses to commoditization pressures. Emotional considerations related to M&A were also discussed, with particular focus on the personal and organizational impact of business sales. Security operations in MSP settings were identified as a rising operational burden, amplified by rapid changes and the challenge of upskilling staff hired for traditional IT roles. Key implications for MSPs and IT service providers center on the need for rapid operational restructuring, with greater emphasis on knowledge-based services such as IT advisory, risk, security, and compliance. There is a recognized accountability for customer education on evolving threats and for managing new AI-related risks that impact both data sovereignty and contractual obligations. The discussion suggests that MSPs unable or unwilling to adapt to these shifts may seek exit strategies, while those staying will need to reassess both revenue models and the skills composition of their teams. Participation in industry peer groups was recommended to share best practices and address common operational challenges.   MSP Question of the week:    How will AI impact the per seat model?  -  How will AI impact the per seat model?  -  Captera did a survey on local competition: Captera did a survey of MSPs. 100% of surveyed MSPs say competition in their region is high.  This was a 2024 study—  in 2026, it has to be worse. MSPs that can't differentiate are suffering. https://www.capterra.com/resources/managed-service-provider-for-small-business/ [https://shared.outlook.inky.com/link?domain=www.capterra.com&t=h.eJxVjUEOwiAQAL9iOEuBthbbk1-hsFW0QLNLbYzx7wY9GK8zycyTrTizYccuOS80CLFtW2XNkgHRVDYFgUBpRQskgonmDI4T4N1b4Aumu3eAfErIKZh55uNKPgKRYPsdu5XuDTCayG2KtM7Zx7O4mgB0-vIf_ry01Ec9tu3USKWUBFdre5imVjmrm-7YCaV1X_fNoVdV18heqvKB8jHhccoXjy57wCpCLsYV809fb-ooUAA.MEQCIAVRkim5NRdkEh8qjJ06Y5AZd0BTFCWyu3Nu7--pcSMhAiBYz5nXmAFhlp437kVUcZRNsTyuTcBjaZF8V_oexXhm-Q] - Emotions of selling your business – AMY’S NEW BOOK: https://sellmymsp.com/book [https://sellmymsp.com/book] -  How AI Is Transforming Security Operations: https://www.thirdtier.net/2026/05/11/how-artificial-intelligence-helps-managed-service-providers-deliver-smarter-security/ [https://shared.outlook.inky.com/link?domain=www.thirdtier.net&t=h.eJxVj8tuwyAQRX8l8rp4wC_irPIrFMb2NICtAduKqv57g7qosrrSudJ9fFc7--p2qZact3QDOM-zzguxy4RcR8zQyGYA2YNSsKynMJxpIkvGC4oZvacZo0WxoN-SCCaaGZ1IyAe96MbrQQ45CYeeDmSRwiuhKNqdKT-h-rhUjzLhgRxNFHaNafeZ4gxfJmC6__F_XNs1gJb6qj-7bmqlUkqia7Ttp6lTzup2uA6gtB6bse1HVQ-tHKUqPVh6THje3y4WxxXnnf78AgpHXso.MEQCIF3p-CTLvb_GD7IBGggmc_m1X0-CQm20EVInjn-EIW2vAiBWvDNyYmXEpQ7ONUtvmeevxd31fXrk6sOXr5sIF_zGGg]When I talk with MSPs today—whether in my mentored-peer groups [https://shared.outlook.inky.com/link?domain=www.thirdtier.net&t=h.eJxVjk0OgyAYBa9iWFd-REVceRUKn0oVNIAxpundG9JF43YmL_Pe6Agr6gs0p7THnpDzPHGabTDJQsAeEnEqJgjOelPuAKGcwnbskaBHgZa8XCB45Uu9-XisyfqJvJSDOPz4H2O9OSKo6MSzrkdOGWMUTCV0M441M1rwtmsJE0JWkjeS4ZZTSVnuQO4odw23Z9mYbO708wXNBUR_.MEUCIQCH6CXqfVU-LAzeLEunxeRirxpGKs5SOdMDImrMJWqm_gIgNixGeIctpss_6PI_MOcUivC5-G0UAEcJ0hNH4Q2Xktg] or consulting gigs [https://shared.outlook.inky.com/link?domain=www.thirdtier.net&t=h.eJxVjssOgyAUBX-lYd3yEPWKK39FAStV0cAlpmn67w3ponU7k5M5L5LCQtoLmRD32DJ2HAfFyQWDzgbqLbI9bCZpZEOKztsYb3rzMS3o_J2R64XMeT7b4Hv_rx79amP35T9M9bYy4NDAUJaj5EIIbk0BuhrHUhgNsm5qJgBUoWSlBK0lV1zkjs2dfn12p3vZmGzO9P0BlVNGtA.MEUCIQDyjjJ3_mVxfz--Gk9O8oiRz0_ZjLAqgI9xyZek4Pu91AIgWdH3NQVQpAfUA3KUNjSkvIQgE5GN2tuz_MBC9DL5Xmw]—the same pattern shows up. Security has become the heaviest part of the workload. SOC-like responsibilities are landing on teams that were originally built for backups and patching. That mismatch is where AI can make a measurable difference and a wake-up call for MSPs looking toward the future.                - Not meeting with clients because you don’t know what to say? Speak To Your Clients About Email Threats: https://www.thirdtier.net/2026/05/19/speak-to-your-clients-about-email-threats/ [https://shared.outlook.inky.com/link?domain=www.thirdtier.net&t=h.eJxVjssOgyAQRX_FsC4O-EJc9VcojpWqYGCMaZr-e0O6aLo9J7nnvtgRVzYUbCba0wBwnmdJs4sjOYylR4JKVB2IFqSGtKNZOAX-DEfkdnXoKXFzCwdx3IxbOc0RDSVgl4IteXfB6I3nNvh0rOT8HR5mw3T98h8ubdhACdWrW9NMtZBSChwrZdtpauRoVd31HUildKXrVsuyq4UWMncwd8z2vP79zmbM5p--Pxt2Ta8.MEYCIQDGAIrrq5RNdQ_hCcSwR-zL2znZOxJoIRgH2mxXIDQD0AIhAMSna2JaCvDn9mFhIvY8AO0oQeWoGX5yRd_Lu5mOY6MJ]             - Tales from the field: Why MSP’s are exiting the channel  Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com [https://pcm.adswizz.com] for information about our collection and use of personal data for advertising.

Managing Shadow IT in the Age of AI: Strategies for Modern MSPs

The most consequential development discussed is the rapid proliferation of Shadow IT in client environments, with emphasis on the unchecked adoption of cloud SaaS applications and artificial intelligence (AI) tools by end users. Speakers noted that this has led to a substantial loss of MSP control over client IT environments, eroding trusted advisor status and prompting clients to question the ongoing necessity of working with their MSP. The pervasive use of AI and SaaS products without guidance or oversight introduces governance and security risks, particularly relating to sensitive business data being accessible to third-party vendors and potentially incorporated into external data sets. The episode provided details on how Shadow IT emerges, highlighting the ease with which employees can adopt SaaS and AI tools through free trials, personal accounts, or non-business credit cards, often outside of IT’s direct visibility. According to Amy and El, clients are increasingly self-serving their technology needs, shifting traditional MSP-client dynamics. The conversation outlined specific governance issues, such as most AI tools ingesting client data into the cloud, with limited assurance as to how it will be used or protected unless higher tiers of service are paid for—an unlikely scenario for most SMBs using free versions. Secondary discussion focused on broader industry fragmentation and the challenges it poses for knowledge-sharing, consensus-building, and vendor feedback. The speakers recalled a time when MSP best practices spread rapidly through tightly-knit peer groups or single platforms but observed current information channels are numerous and scattered, such as Discord, Reddit, LinkedIn, and Facebook. This dispersion hinders both MSPs and vendors from collaborating effectively and reduces the feedback loop necessary for responsive product development and operational improvement. The key implications for MSPs and IT leaders include the pressing need to shift operational models from rigid, tool-centric offerings to relationship- and advisory-focused services. There is heightened risk if MSPs fail to address governance and security concerns, especially as end users continue adopting technology independently. Speakers recommend implementing proactive client education, detailed risk analysis on SaaS and AI integrations, and establishing clear communication strategies to reclaim the advisory role. MSPs are encouraged to align compensation models to advisory activities, as future client value is projected to depend more on strategic guidance than product-resale or ticket-resolution metrics. Title: How are you managing Shadow IT? Topics: * How are you managing Shadow IT? * Is the MSP industry too fragmented in how we share knowledge? * Why do MSPs exist? (blog posts from “Amy’s Sayings”: https://www.thirdtier.net/?s=Amy%27s+sayings [https://www.thirdtier.net/?s=Amy%27s+sayings]) * What does it mean to be a M365-based MSP in 2026? Upcoming events: Zero Trust Workshop- 3 sessions starting May 28.  Register here: https://www.thirdtier.net/2026/04/27/arriving-in-may-zero-trust-workshop/ [https://www.thirdtier.net/2026/04/27/arriving-in-may-zero-trust-workshop/] Mastermind Event with James (and Amy is a guest speaker!) in Omaha, NE Register here: https://kernanconsulting-mastermind.mykajabi.com/mastermind-event [https://kernanconsulting-mastermind.mykajabi.com/mastermind-event] Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com [https://pcm.adswizz.com] for information about our collection and use of personal data for advertising.

Navigating Vibe Coding: MSPs, Clients, and AI-Assisted Development

Recent reports highlight that Google Chrome and Anthropic’s desktop applications have introduced covert, non-optional downloads onto user devices without explicit notification or opt-out mechanisms. According to referenced analysis, Chrome has been silently installing its Gemini Nano AI model, and Anthropic’s Claude desktop app is deploying browser integrations across all Chromium-based browsers. These installations are performed without seeking user consent and, in some cases, persist even after attempted removal, raising direct concerns for device security and user privacy. The increased risk is substantiated by internal testing from Anthropic, which found that these browser integrations increased successful cyberattack rates by 23.6% and offered minimal mitigation (11.2% reduction) even when defensive measures were taken. This unnotified software deployment expands the attack surface for user devices and can compromise operational control for IT providers managing client environments. The practice also indicates a shift in vendor behavior regarding user transparency and system sovereignty, as noted by Speaker C. Adjacent to these developments, the episode discussed “vibe coding,” where non-technical users leverage AI tools to generate code for business tasks. This trend introduces new support and security burdens for MSPs as clients independently create potentially insecure or unsupported automation. Some MSPs are revising their Master Services Agreements (MSAs) to clarify that remediation of issues stemming from client-generated or AI-assisted code will be billed separately and are not covered under standard support contracts. The discussion also featured account of ransomware attacks on education platforms such as Canvas during critical exam periods, underscoring the importance of contingency planning and backup strategies. The implications for MSPs and IT leaders include heightened due diligence requirements regarding vendor software behaviors, increased need for endpoint and application visibility, and updated governance around end-user-initiated automation. To reduce operational and reputational harm, MSPs are encouraged to establish explicit client policies covering AI tool usage, conduct AI readiness and risk assessments, and formally delineate the scope of managed responsibilities in client agreements. Effective communication and continuous advisory engagement are positioned as vital to maintain alignment with client priorities and mitigate emerging technology risks. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com [https://pcm.adswizz.com] for information about our collection and use of personal data for advertising.

Creative Ways for SMBs to Recognize and Reward Employees for Outstanding Performance

Employee recognition structures and their risk-reduction implications received primary focus in this discussion. Both Amy Babinchak and James Kernan outlined verification-based strategies, such as leveraging Microsoft Teams' Praise app and Bonusly, a peer-to-peer micro-bonus platform, as cost-neutral or low-cost starting points. They emphasized that implementing structured recognition—either verbally, digitally, or via peer-nomination systems—directly supports workforce engagement and mitigates retention risk. James Kernan described anonymized in-house recognition systems, where peer acknowledgements are aggregated and rewarded via a monthly raffle, which included prizes typically sourced from vendor swag. Specifics included integration of recognition apps within established workflows and processes—such as Microsoft Teams for informal praise, and Bonusly for monetary or non-monetary peer-based rewards. Amy Babinchak noted that client compliments of staff are internally broadcast for transparency and morale. Both speakers advocated for public, peer-inclusive recognition in the workplace, with an explicit focus on acknowledging day-to-day contributions rather than relying solely on annual reviews or monetary raises. Further, operational and vendor management challenges were covered: Amy Babinchak articulated concerns that help desk KPIs often measure unproductive metrics and stressed the importance of incentivizing conversational and advisory staff interactions over ticket speed. Discussions also addressed the evolving Microsoft Partner Program, noting its complexity, shifting incentive structure, and the administration required. Alternative licensing approaches—such as MSPs enabling clients to purchase directly from Microsoft or using different distributors—were analyzed for cost and administrative impact. Additionally, strategies for navigating hardware supply chain volatility, including the use of white box solutions and refurbishments, were discussed in the context of margin preservation and client-specific risk management. The episode underscores for MSPs and IT leaders that systematic and visible employee recognition is a quantifiable retention and engagement strategy with minimal operational risk when thoughtfully implemented. Tactical decisions around help desk KPI selection, distributor choice, and hardware sourcing require ongoing evaluation to balance cost control, performance, and administrative overhead. Transparent data-driven management, especially concerning staff performance and licensing economics, can both reduce operational risk and foster a more resilient service provider organization. 1. How do you motivate your employees –ways to reward employees https://bonusly.com/pricing [https://bonusly.com/pricing] https://learn.microsoft.com/en-us/microsoftteams/manage-praise-app [https://learn.microsoft.com/en-us/microsoftteams/manage-praise-app] 2. Helpdesk KPIs  https://www.dropbox.com/scl/fi/84v9ri236n5ck1x8mgf2w/KERNAN-Financial-Goals-and-KPI-s.doc?rlkey=e1qugzgn8x6lzqgesfqjeawew&st=1ma7g8hq&dl=0 [https://www.dropbox.com/scl/fi/84v9ri236n5ck1x8mgf2w/KERNAN-Financial-Goals-and-KPI-s.doc?rlkey=e1qugzgn8x6lzqgesfqjeawew&st=1ma7g8hq&dl=0] 3. Is the Microsoft partner program worth it? And how should I buy Microsoft  licenses? 4. Supply Chain challenges and price increases – whitebox or refurbs? 5. What does an AI MSP look like?   https://www.thirdtier.net/2026/05/01/deep-thoughts-on-msps-in-the-ai-age/ [https://www.thirdtier.net/2026/05/01/deep-thoughts-on-msps-in-the-ai-age/] Amy's preferred white box vendor: https://equuscs.com [https://equuscs.com/] UPCOMING CHANNEL EVENTS: In-Person MSP and Channel Partner Events 1. Reinvent Telecom – May 12-14th, 2026 2. Zero Trust Workshop -  May 28th- 3 weeks 3 part series   https://www.thirdtier.net/product/zero-trust-workshop/ [https://www.thirdtier.net/product/zero-trust-workshop/] 3. Mastermind Event – July 30-31st, 2026     FREE PASS LINK: http://bit.ly/kernanmastermind [http://bit.ly/kernanmastermind] Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com [https://pcm.adswizz.com] for information about our collection and use of personal data for advertising.