Shadow AI Risk
We’re seeing a clear pattern in how generative AI is colliding with security and governance—and it’s no longer theoretical.
Start with Acronis. In reporting carried by Help Net Security, Acronis launched “GenAI Protection” for managed service providers to monitor how customers use generative AI across their environments, including visibility into shadow AI, scanning prompts for sensitive data like PII or PHI, and detecting malicious prompt injection attempts. A GlobeNewswire version of that launch, published by The Manila Times, says the product is generally available worldwide and described as the first phase of what Acronis calls its broader “Cyber Workspace.”
At the same time, advanced cyber models are becoming their own security issue. Semafor’s “Mythos is a wake-up call for AI” points to Anthropic’s Mythos and OpenAI’s GPT-5.4 Cyber as models with increased exploit-finding capability under restricted rollouts.
And the risk is already real. The Verge, citing Bloomberg, reported that Anthropic’s Claude Mythos Preview was accessed by unauthorized users through a third-party contractor environment. Gizmodo similarly covered reports that an unknown group used contractor access and data from another breach to locate the model.
Microsoft is treating this as an operational reality. Nextgov reports Microsoft will test third-party AI models, including Mythos, inside its security offerings—pairing model output with Microsoft Defender, exposure management, continuous vulnerability scanning, and a “Secure Now” guidance layer.
None of these offerings fully solve the problem yet. Most are stronger at visibility than enforcement, and cross-vendor governance remains immature. But vendors do not invest this early unless a new control surface is emerging—and once that surface exists, someone gets paid to operate it.
Platform Consolidation
What’s driving all of this is that work no longer happens inside neat organizational lanes. It happens across identity systems, ticketing queues, cloud services, endpoints, collaboration tools, and now AI interfaces. The only way that sprawl becomes manageable is through a control layer that coordinates it.
You can see platform vendors racing to become that layer. Microsoft’s “Frontier Transformation” framing is explicit: AI moves from pilot to production only when it is anchored in identity, data protection, compliance, monitoring, and governance—with a control plane to manage agents at scale. That’s not Microsoft selling a model. That’s Microsoft selling the management layer that makes the model usable inside enterprise complexity.
The same pattern appears elsewhere. Elastic is embedding security and observability workflows—alert triage, investigations, queries, and cases—directly into tools like Claude and GitHub Copilot using MCP. Dropbox is bringing files, enterprise search, and calendar controls into ChatGPT while preserving permissions. In both cases, the goal is the same: remove handoffs and move control to where decisions are being made.
In the channel, that same pressure shows up in platform consolidation. WatchGuard and Halo are wiring security events into PSA workflows—from alert to ticket to provisioning to billing—because disconnected work does not scale.
This is why the industry keeps building control planes, not just features: the mess is the product now.
Stalled AI Spend
The consequence for MSPs is that AI adoption is no longer a technology conversation—it’s a trust and control conversation, and buyers are signaling what they will fund.
And to be clear, this is not just DLP with an AI sticker. Traditional controls assume static data, deterministic behavior, and human intent. Generative AI breaks all three. Prompts are created on the fly, outputs vary by context, and agents can act without a human in the loop. Once capability is delegated, controlling access alone is insufficient. You also have to govern what the system is allowed to do.
The clearest proof point comes from Gong. In research released via PR Newswire, 58% of companies have stalled AI projects not because of budget, but because they do not trust how their data and outputs are being handled. Nearly half—46%—of planned AI investments are paused specifically due to trust concerns. The top blockers are data privacy and security, explainability, and model transparency. Buyers say they want clear guardrails, built-in security guarantees, and explainability they can defend.
The second proof point is what happens when that trust layer is missing. The Guardian reports on “workslop”—AI output that looks polished but creates rework. Executives report productivity gains, while 40% of workers say it saves them no time, with meaningful time spent correcting outputs. When AI is deployed without clear policies, review processes, and accountability, the work does not disappear—it shifts into hidden cleanup.
Put together, this creates a new managed layer. Not “deploy Copilot.” Not “turn on a feature.” The managed layer is governance, controls, and accountability that let the business confidently say yes to automation.
And here’s why this lands on MSPs. AI governance is not a single control—it is policy, logging, access review, exception handling, and evidence packaging across multiple platforms. Most internal teams do not have the bandwidth or tooling to continuously prove those controls exist. MSPs already operate at that intersection—if they choose to claim it.
Why Do We Care?
The mistake would be to keep selling deployment while the market starts buying accountability.
If an MSP treats AI as another license rollout or another productivity feature, they inherit the downstream mess for free: bad outputs, exceptions, user confusion, stalled projects, and incident blame. But the provider that owns governance—policy, approvals, evidence, and operational controls—owns the higher-value layer the customer actually needs.
There’s a second force coming: liability. Insurers, auditors, and regulators are beginning to ask who has authority over AI decisions—not just who owns the data. Once that question enters underwriting and compliance, unmanaged agents become uninsurable risk. AI governance is not just a productivity layer. It is becoming a condition of coverage.
What to Consider
• Turn prompt scanning into policy. Publish client-facing standards for prompt and output handling: classification, redaction, retention, and incident triggers. Price exception handling separately.
• Package trust as a service. Offer an AI Governance and Evidence package with monthly attestations, control testing, access reviews, and audit-ready reporting.
• Refuse unmanaged connectors. Make unapproved plugins and connectors a condition-of-support issue before they become a breach-and-blame issue.
If this trend continues, MSPs will be asked to warrant not only data protection but agent authority controls—and MSPs without a written connector and permission approval standard will lose accounts after the first AI-related incident review, even when they were not the ones who deployed the tool.