This is what it looks like when the operating environment shifts faster than the MSP operating model.
First, CISOs want AI in security — but adoption of truly agentic tools is still early. One Splunk report shows only a small slice fully using agentic AI today, even as most CISOs say they’re prioritizing AI investment for threat detection and identity control. And here’s the tension: the same report shows significant concern that agentic AI could amplify social engineering. The message isn’t “AI is coming.” The message is leaders want the capability, but they don’t trust the blast radius yet.
Second, we’re now seeing the threat side start to absorb AI in a way that matters operationally. ESET researchers in Slovakia detailed PromptSpy — Android malware that uses Google’s Gemini to analyze the device and generate real-time persistence instructions. Even if it’s not widespread yet, it’s a clean signal of what “adaptive malware” looks like: not a static payload you match, but a system that observes and adjusts. If your detection model assumes fixed patterns, that’s a mismatch you can’t patch your way out of.
Third, insurance is the enforcement layer that turns this into operational reality. The Canadian tech insurance market may be softening, but underwriters are getting more specific about MSPs, SaaS exposure, and AI systems. The key detail is they’re separating “AI” as marketing from genuinely autonomous systems that make decisions — and they’re using more detailed questionnaires to classify that risk. Which means your posture isn’t just what you do — it’s what you can document and defend in a renewal process.
Put those together and you get the consequence: as threats become more adaptive and governance gets formalized, the penalty for operating on assumptions gets higher. And the tools alone won’t save you — the proof does.