TechAisle highlights a shift in how small and medium-sized businesses (SMBs) and midmarket companies are approaching cybersecurity, driven by a growing demand for artificial intelligence, the rise of Managed Detection and Response services, and an increasing awareness of Zero Trust principles. According to Techaisle’s research, awareness of Managed Detection and Response among SMBs surged from 39% in 2023 to 61% in 2025, while 89% of midmarket firms now view the transition to cyber resilience as important. This shift is paving the way for the concept of the “Autonomous Security Operations Center,” which aims to provide sophisticated security solutions as a service, addressing the pressing challenges of staffing and the need for effective security operations without the burden of hiring and maintaining in-house expertise.
A recent report from UpGuard reveals that 68% of security leaders admit to using unauthorized artificial intelligence tools, a practice known as “Shadow AI.” The report highlights that 80% of employees are bypassing corporate governance, with a notable 90% of security leaders themselves using unapproved AI applications. Despite 40% of employees receiving AI safety training, they frequently rely on these unapproved tools, demonstrating a significant disconnect between security protocols and employee behavior. UpGuard emphasizes the need for organizations to adapt their governance strategies to engage effectively with employees and address the growing concerns surrounding AI usage in the workplace.
A groundbreaking report from Anthropic reveals the first recorded instance of a large-scale cyberattack utilizing artificial intelligence not merely as an assistant but as an active participant. The attack, attributed to a Chinese state-sponsored group, involved AI performing various tasks autonomously, including reconnaissance, vulnerability discovery, and data exfiltration. According to Anthropic, 80% to 90% of these operations were executed independently by the AI, marking a significant shift in how advanced threat actors may employ AI technologies in future cyberattacks. The company has since taken steps to ban the accounts involved and enhance its detection systems, urging the cybersecurity community to adapt to these evolving threats. The New York Times also covered this one.
Recent developments in cyber threats indicate that malicious actors are leveraging artificial intelligence to create more adaptive and stealthy malware. According to a report from Google, these new malware strains can evolve in real-time during attacks, complicating detection and defense efforts. Five recently identified malware families—FRUITSHELL, PROMPTFLUX, PROMPTSTEAL, PROMPTLOCK, and QUIETVAULT—exhibit advanced AI capabilities. For instance, PROMPTFLUX employs AI to regenerate its code, making it harder for security measures to detect. Meanwhile, PROMPTSTEAL, utilized by a Russia-linked group, uses a large language model to generate commands for stealing information, marking a concerning evolution in cyberattack strategies. Google stresses the need for cybersecurity defenses to adapt to these emerging threats, moving away from traditional static detection tools.
Why do we care?
The attackers have already moved to automation, and the defenders are still arguing over policies employees stopped following a year ago. SMBs know they can’t staff their way out of this — that’s why MDR and talk of “autonomous SOCs” are rising. They’re looking for operational models that actually scale.
Meanwhile, Shadow AI tells us the governance playbook is broken. If 90% of security leaders are using unapproved AI tools, the issue isn’t disobedience — it’s that the policies don’t match reality. You can’t secure a workflow you don’t understand, and employees are going to use AI whether you approve it or not.
And then look at the threat side: Chinese groups running autonomous attack chains, malware that rewrites itself on the fly… this isn’t theoretical anymore. Static detection and manual response simply won’t hold. MSPs need to make their operations more automated, more behavioral, and more identity-driven.
This is the moment to shift from “find the bad” to “constantly verify the good.” And here’s the real operational shift: this all pushes MSPs toward architectures built on identity, automation, and behavioral baselines. Whether you build it yourself or rely on partners, continuous verification has to become the default operating model — not just another feature in the stack.
That’s how you survive AI-era threats — and frankly, how you stay ahead of the competition, too.