The Visibility Problem
The signal is that AI use is becoming visible to institutions in ways that can be measured, reviewed, and punished.
Start with cybersecurity. The New York Times wrote this week that AI systems from companies like Anthropic and OpenAI are already changing the speed of the attacker-versus-defender cycle. They point to Anthropic disclosing that state-sponsored Chinese hackers used its AI in an attempt to infiltrate the systems of roughly 30 companies and government agencies — and the detail that jumps out is how little human effort was required compared to traditional operations. The same reporting notes Anthropic also claimed it used its own AI to identify more than 500 previously unknown “zero-day” vulnerabilities in widely used open-source software. That’s not a future promise — that’s an observable shift in capability and tempo, on both sides of the security equation.
Now, look at what happens when AI collides with government and procurement risk. Business Insider tracked the surge — and then the fade — in interest around Anthropic’s Claude after the company pushed back on the Pentagon and got pulled into a national security narrative. Their reporting cites market data showing Claude’s daily downloads averaging about a 2% day-over-day decline as of late March, while ChatGPT’s downloads ticked up about 1% in the same window. The point here isn’t “app store drama.” Download trends aren’t an enterprise adoption audit—but they are a real-time sensor for reputational risk. AI vendors are now being treated as geopolitical and supply-chain risk questions — and that attention can move markets and adoption in measurable ways. And finally, there’s the institutional enforcement signal. Semafor reports that the International Conference on Machine Learning rejected hundreds of papers after revealing authors used AI in the peer review process — with organizers using hidden-text watermarks to catch it. Nature reported that about 2% of authors were flagged and rejected. Semafor also notes that another AI conference found 21% of peer reviews were likely AI-generated, and that one publisher had to retract 8,000 fraudulent articles in 2023. That’s a very loud, very concrete indicator that “acceptable AI use” is no longer informal — it’s being detected, audited, and punished.
Platform Lock-In
If academic conferences can detect and punish hidden AI use at scale, enterprises will apply the same playbook to acceptable-use policy, data leakage, and audit defense. Those signals matter because they all point to the same underlying shift: AI only scales where someone imposes structure, controls, and accountability. Enforcement isn’t philosophical—it’s operational. If it can be detected, logged, and tied to policy, it can be audited. And if it can be audited, it can be priced, penalized, or denied.
What’s driving this shift is that AI does not arrive as a self-contained tool; it arrives as an operating layer that only works inside governed workflows. And most organizations don’t actually run on clean, unified workflows. They run on handoffs, tribal knowledge, and informal glue that lives in people’s heads. When that’s the environment, the fastest path isn’t to perfect the internal machine — it’s to lean harder on platforms that can impose structure from the outside.
You can see that in where the money is flowing. TechCrunch, citing Carta’s data, reports that AI startups pulled in 41% of the $128 billion raised in venture capital last year — and that the market is increasingly concentrated in a small number of firms like OpenAI and Anthropic. That kind of capital concentration only happens when buyers and investors believe the winning move is scale: build the platform once, bake the “right way” of doing something into it, and let everyone else rent the capability instead of rebuilding it internally.
You can also see it in how AI is being productized. Thurrott reports that Anthropic has brought “computer use” to Windows — meaning Claude can open apps, navigate browsers, and work with local files, using connectors when available and direct keyboard-and-mouse control when they aren’t. That’s not just a feature add. It’s a response to reality: work happens across messy, heterogeneous environments, and the product is being shaped to operate across that mess without waiting for perfect integration.
Finally, Noahpinion points to a critical friction: even as experts expect major capability gains, organizations are struggling to integrate AI into existing workflows, and productivity effects are uneven and contested. That gap — between capability and integration — is where the gravitational pull toward platforms gets strongest. Now, some organizations will go the other direction—less platform dependence, more internal control. Private models, locked-down endpoints, fewer agents. That’s not a rebuttal to the governance shift—it’s proof of it.
Governed or Liable
Imagine an AI agent closes tickets and ‘helps’ by pushing a config change after-hours. Monday morning: outage. By Tuesday: the insurer asks for the change record, the approval, and the attribution trail. If all you have is ‘the AI did it,’ you don’t have a control—you have a liability. For MSPs, the consequence is that automation is becoming governed infrastructure, not just software your clients happen to use, and that puts the burden of proof and control on whoever is accountable for keeping systems running.
One proof point is upstream control. IT Pro reports that HP is rolling out a firmware-based security solution called TPM Guard to address a BitLocker-related vulnerability that can be exploited through a TPM bus attack — and crucially, HP is not treating this as “an HP feature.” They’re working with AMD and Intel and aiming to make it an industry standard through the Trusted Computing Group. In other words: baseline security is being redefined by manufacturers and standards bodies in response to threats that are getting easier to execute. This is what’s about to happen with AI controls too: vendors will set defaults, standards bodies will bless them, and MSPs will still be the ones asked to prove they’re in place.
The second proof point is capacity. Channelholic, citing ISC2, points to a structurally constrained cybersecurity workforce. As the automation layer expands the number of systems, controls, and exceptions that need oversight, MSPs cannot assume more labor will absorb the load. That pushes the market toward standardization, repeatability, and governed execution.
Either the MSP becomes the provider that simplifies and governs the automation layer — defining what gets automated, what gets logged, what requires approval, and what gets escalated — or the MSP gets trapped absorbing complexity: the weird edge cases, the compliance questions, the incidents triggered by someone else’s defaults, and the cleanup work that arrives after the margin is gone.
Why Do We Care?
Because this changes what an MSP is actually selling. The differentiator is no longer access to AI tools; it is the ability to govern their use, document their actions, and defend those decisions when a client, auditor, insurer, or regulator asks questions.
If an MSP misunderstands this as a tooling decision instead of a governance decision, it will underprice the work, under-document the controls, and inherit liability for systems it does not fully control. The firms that define policy, logging, approval paths, and vendor standards now will be the ones that keep margin, preserve trust, and survive scrutiny later.
What to Consider
- Build an AI Acceptable Use Policy template for clients immediately. Not because regulators require it today, but because the enforcement infrastructure (watermarks, audit trails, procurement screening) is being built now. Clients who don’t have a policy are accumulating liability they don’t know about. Price this as a standalone deliverable, not a freebie.
- Audit your logging coverage for AI agent actions. If you’re deploying any AI tool that takes autonomous actions (Anthropic’s computer use, RMM-integrated AI, automated ticketing), verify that every action is logged with attribution, timestamp, and authorization context. If it isn’t, you have an audit gap that will surface in the worst possible moment.
- Stop evaluating AI vendors on features alone. Add three questions to every AI vendor evaluation: (1) What is their documented policy on government/law enforcement data requests? (2) What audit trail do they provide for AI-generated actions? (3) What is their breach notification SLA for AI-related incidents? Vendors who can’t answer these are geopolitical and contractual risks, not just technical ones.
If this trend continues, MSPs will be expected to produce an “AI defensibility packet” per client—approved models, allowed data classes, logging/retention, and contract/indemnity posture—and the MSPs who can’t produce it will be screened out of regulated deals before the first technical conversation.