Microsoft has launched an autonomous agent named Project Ire that can detect and reverse engineer malware, successfully identifying an active hacking group. This AI agent employs a combination of large language models and specialized cybersecurity analysis tools, achieving a 90% accuracy rate in flagging malicious files with only a 2% false positive rate. In recent tests, Project Ire analyzed 4,000 unclassified files and marked 90% of them correctly as threats, showcasing its ability to autonomously classify malware without prior exposure to the files in its training data.
A recent report from Acronis highlights a significant rise in ransomware attacks fueled by artificial intelligence-powered phishing and social engineering tactics. The Acronis Cyberthreats Report for the first half of 2025 reveals that phishing accounts for 25 percent of all cyberattacks, with a staggering 52 percent of attacks specifically targeting managed service providers, marking a 22 percent increase compared to the same period in 2024.
A recent report reveals that agentic artificial intelligence browsers may inadvertently become a new tool for scammers. According to cybersecurity startup Guardio, which specializes in real-time scam detection, these AI browsers, such as Perplexity’s Comet AI, are prone to falling for scams that human users might catch. In their tests, Guardio found that Comet AI successfully completed a purchase on a fake Walmart website, ignoring multiple red flags, including an unusual logo and URL. Furthermore, it opened a phishing email from a Wells Fargo impersonator and provided sensitive banking information without hesitation.
New research from 1Password reveals that the rapid adoption of artificial intelligence tools in organizations presents significant security challenges. A survey of 200 North American security leaders found that only 21 percent have full visibility into the AI tools used within their companies, while over half estimate that between 26 and 50 percent of these tools remain unmanaged. The study identified four critical challenges: a lack of visibility into AI applications, weak enforcement of existing security policies, unintentional exposure of sensitive data, and unmanaged AI agents that could compromise security.
Voice phishing attacks, also known as “vishing,” are rapidly escalating into a significant threat, with recent incidents highlighting the vulnerabilities of major companies like Workday and Allianz Life. At the Black Hat cybersecurity conference, experts noted a surge in these attacks, wherein perpetrators impersonate trusted colleagues to gain access to sensitive customer databases. In July, a breach at Allianz Life exposed the personal information of nearly 1.4 million customers, while Workday revealed that hackers targeted its third-party customer relationship management platform to steal commonly available business contact information. The group known as ShinyHunters has been linked to many of these attacks, employing simple yet effective techniques to manipulate employees into connecting their Salesforce data to counterfeit applications.
Small and medium-sized enterprises are lagging in adopting cyber insurance, which could become a critical differentiator in the market. According to Arctic Wolf’s 2025 Cyber Insurance Report, only half of businesses in the UK and Ireland have cyber insurance, leaving the other half vulnerable to an average cost of £90,000 from a cyber attack. Additionally, 70 percent of insurance brokers expect an increase in new cyber claims over the next year, highlighting the growing urgency for SMEs to address their cyber risk management. Ritchie Puckey of Espria warns that many businesses mistakenly view cyber insurance as a simple compliance measure, which could leave them perilously unprepared.
Why do we care?
Microsoft’s shiny new AI, Project Ire, can catch malware almost automatically—great, but don’t fool yourself into thinking Microsoft just solved security. Attackers are scaling too—Acronis says more than half of phishing attacks now target MSPs. That’s you. You’re the bullseye, because if they get you, they get your clients.
We’re also seeing AI browsers falling for scams a teenager could spot, employees spinning up AI tools IT doesn’t know about, and vishing attacks that take down companies like Allianz and Workday. None of this is “sophisticated.” It’s just social engineering with a new twist.
And let’s not forget—half of SMEs don’t even have cyber insurance, despite average losses near ninety grand. That’s not optional anymore.
Tools don’t replace the work. Microsoft can automate detection, but your real value is helping clients manage AI risk, train against scams, and survive the inevitable breach. Governance and resilience—that’s the game. The MSP’s value is not just in deploying tools, but in guiding clients through the risk landscape.