AI Tax: Networks
AI is showing up as something that runs, consumes resources, and changes what the underlying technology stack has to handle.
Start with the network. The Register flags a warning from analyst firm Omdia: a lot of the GPU-as-a-service and “neocloud” providers have scaled up compute for AI workloads, but their networking capabilities are turning into a hard constraint. And in an open letter, Lumen CEO Kate Johnson pushes enterprises to ask a very direct question—whether their networks are actually AI-ready—arguing that in an AI-driven environment the network behaves less like background plumbing and more like the system that determines whether the investment produces value. The same piece points to Imperva’s 2025 Bad Bot Report, noting automated traffic now accounts for 51% of all internet traffic, meaning a majority of traffic can be automated—and even when it’s legitimate, it still consumes bandwidth, security tooling capacity, and analyst attention. For MSPs, that ‘non-human workforce’ shows up as real operational load: more authentication pressure, more bandwidth contention, more WAF/SASE tuning, more SIEM noise, and more false positives your team still has to triage. Bot traffic isn’t trivia—it’s a tax on every client environment you manage.
Now look at what’s happening inside the operational platforms MSPs live in. N-able, via a Business Wire announcement, is rolling out a custom Model Context Protocol—an MCP server—designed to connect common AI tools directly to live operational data inside N-central and N-sight. Alongside that, they’re introducing “N-zo,” an in-product AI assistant, and they’re claiming ‘up to 70% faster’ operations in certain workflows—marketing language that only matters if the baseline, workflow definition, and environment complexity match your ticket mix.
On the enterprise services side, MSP-Channel reports that Kyndryl has launched something it’s calling “Agentic Service Management,” positioning it as a move from traditional IT operations toward AI-driven workflowss
And SolarWinds, covered by ChannelVision, is out with “SW1,” explicitly framed as an agentic AI teammate built to help IT teams move from reactive problem-solving toward more autonomous operational resilience across on-prem, cloud, and hybrid environments.
Put those together and you get one message: AI is increasing background traffic, pushing networks into the critical path, and moving platforms from ‘ticket systems’ into ‘execution systems.’ That’s why the enforcement layer is suddenly the product.
Scaffolding Over Models
The reason this is shifting now is that AI is moving from “output” to “execution,” and execution demands coordination — across tools, data, permissions, and time — that most organizations simply don’t have standardized inside their own walls. Picture a simple ‘password reset’ agent. It touches Microsoft 365, your PSA ticket, your RMM, and conditional access. It resets the credential, triggers a risky sign-in policy, locks the user, breaks the VPN client, and now your tech is troubleshooting an outage that was ‘successfully automated.’ Without approvals, boundaries, and a replayable action log, the agent didn’t reduce work—it multiplied it. Now add the question most teams skip: who is the approver-of-record? The MSP, the client, or shared responsibility? If that isn’t explicit, approvals turn into theater—and when something breaks, accountability gets argued instead of executed.
That comes through clearly in MSP-focused research highlighted by The AI Journal, citing AvePoint and Omdia: 51 percent of MSPs say the biggest barrier to AI adoption isn’t skills or even security — it’s governance and compliance. Not because the tools don’t work, but because multi-tenant environments are messy, every customer has different policy realities, and the moment you try to scale anything repeatable, you’re forced to confront who can do what, where data can go, what gets logged, and what happens when something goes wrong.
That same “execution needs structure” idea shows up on the builder side. TechCrunch reports OpenAI updating its Agents SDK with sandboxing and what they call an in-distribution harness — basically, more of the machinery that wraps around the model so an agent can operate inside defined boundaries, with approved tools and controlled access to files. The message there isn’t that the model is the hard part. It’s the scaffolding — the controlled environment where the work actually happens.
And once you let an agent touch real systems, the security model has to evolve too. The New Stack points to NIST studying agentic AI risks and emphasizes layered controls — least privilege, default-deny network controls, and detailed logging of agent actions — because these systems combine reasoning with tool access. The risk isn’t a single capability; it’s that the pieces connect, and the system keeps running.
And logging can’t be ‘generic.’ You need agent observability: a tamper-resistant record of tool calls, inputs/outputs, time stamps, approvals, and the exact policy that allowed the action—plus a rollback path and a way to diff what changed. Otherwise you can’t troubleshoot, prove compliance, or defend a claim. And be precise: ‘rollback’ isn’t a magic undo button. For many systems it means compensating actions and verified state restore—reverting policy changes, re-scoping permissions, restoring configuration baselines, and validating access paths—because some changes aren’t truly reversible once they propagate.
Agents Eat Margins
For MSPs, the consequence lands in one place: you’re going to be held accountable for automation that you don’t fully control — and the cost of making it reliable is going to show up in real infrastructure and real risk, not just software licensing. Here’s the difference: SaaS scaled with human usage patterns and predictable licensing. Agentic automation scales with non-human execution—API calls, authentication events, tool invocations, and background traffic—which means you hit hard ceilings in rate limits, network capacity, and audit workload long before you ‘run out of seats.
First: AI demand is turning infrastructure into a margin problem. Per Omdia data, Compute capacity is tightening, GPU reservations are moving earlier, and the cost of delivery is getting less predictable. For MSPs, that means the client still expects “click and scale,” but the provider absorbs the tuning, forecasting, and usage control required to keep performance steady and the bill explainable.
Second: the security consequence is liability, not just exposure. As attackers lean harder on trusted identities, legitimate tools, remote access, and supply-chain paths, any agent with broad permissions increases the blast radius of a bad action. For MSPs, that means if automation can touch production, you need boundaries, evidence, and recovery paths before something goes wrong, because you will own the dispute after it does.
Why Do We Care?
Because the real mistake is treating the agent as the product and the vendor default as the governance model. If an MSP buys embedded AI without owning approvals, policy, and proof of execution, it has effectively outsourced control while keeping the liability. When something breaks, the client will still expect the MSP to explain what happened, contain the damage, and absorb the remediation unless the contract says otherwise.
What to Consider
- When a vendor says ‘agentic,’ force a classification: recommend-only, execute-with-approval, or unattended execution—and document which category you’re enabling per client.
- Before any execution: define approver-of-record, enforce least-privilege scopes, tenant isolation, default-deny egress, quotas/rate limits, and tamper-resistant, replayable logs—plus a tested recovery playbook for the specific systems the agent can touch.
- Forecast network, authentication, and security-tool load for your top clients, then set quotas, rate limits, and routing for agent-driven work.
- Treat compute and GPU capacity as a pricing and procurement input: define reservation assumptions, overage handling, and client-facing usage terms inside the service package and contract.
If this trend continues, MSPs will start refusing to run customer-facing agents without enforceable quotas and audit logging, and “unmetered automation” will be treated as an unacceptable risk—commercially and contractually—like running without backups.