MSSP, Endpoint/Device Security, AI benefits/risks, Application security, Cloud Security, Data Security, Identity, Network Security, XDR

MSSPs Can’t Keep Up With AI-Driven Threats

AI hacker holding a glowing red chip symbolizing artificial intelligence in cybercrime, darkweb, and digital technology threat for cybersecurity and malware protection.

In cybersecurity – as in virtually every part of the larger tech world – AI has become a central focus, evident in the flood of new security offerings that rolled out on the first day of the RSAC 2026 conference in San Francisco.

And as with most security vendors, Armis is putting significant effort into helping organizations understand the nature of the threat that AI poses in the wrong hands who deploy it in their operations – and the need for security teams to adopt AI-based tools to protect themselves.

The San Francisco-based company is also rolling out its share of AI-driven offerings aimed at enabling enterprises and MSSPs to do just that.

“In the modern security landscape, speed is the ultimate differentiator between a contained risk and a significant data breach,” Alex Mosher, president and chief revenue officer for Armis, told MSSP Alert. “As organizations face an increasingly sophisticated and rapidly evolving attack surface, traditional security measures are no longer enough.

Mosher noted that in Armis’ report about cyberwarfare – A World Under Pressure: Cyberwarfare in the Age of AI-Fueled Escalation – 43% of global IT decision-makers are still detecting and responding to a significant cyberattack as it happens or after the damage has been done.

“The rise of AI has accelerated these threats at an unprecedented pace, acting as a force multiplier for both adversaries and defenders,” he said. “The need for greater accuracy and faster response is more critical than ever. Security teams must shift from reactive defense to continuous, real-time assessment to mitigate vulnerabilities before there’s any impact.”

Real-Time Vulnerability Identification

That was a key driver behind Armis’ release of its Armis Centrix for Vulnerability Management Detection and Response, a solution aimed at allowing security teams to more precisely identify and validate vulnerabilities in real time across their disparate assets – like IT, Internet of Things (IoT), cloud, and network devices – in real time, faster than what traditional vulnerability scanners can offer now.

Threat detection and remediation have been separated by silos, inefficiencies, and a lack of clear guidance, according to Guy Broder, Armis’ vice president of product and vulnerability assessment, and Cassie Davidson, a product marketing manager with the vendor.

“Armis bridges that gap, connecting detection to protection by changing from a brute-force, broad scanning approach to a lightweight, highly intelligent AI-based detection with context approach,” Broder and Davidson wrote in a blog post.

Mosher said the solution can analyze an IT environment before conducting a scan and using selective safe-active queries, which helps its operations with 90% less network impact than traditional scanners. In addition, Armis’ AI-driven Asset Intelligence Engine delivers context and awareness of billions of assets as a baseline, which translates into organizations and MSSPs being able to use a more targeted approach instead of broadly scanning the whole network.

A Tool for MSSPs, Security Teams

MSSPs can also use Armis Centrix to expand beyond scan-heavy traditional modes and advance their role with clients, he said.

“MSSPs are critical users of exposure and vulnerability management tools, tasked with providing organizations a comprehensive understanding of their most critical assets and ensuring protection against the latest vulnerabilities,” Mosher said. “As such, MSSPs require vulnerability assessments that offer precision and faster detection while maintaining operational continuity.”

With the new solution’s multi-layered and dynamic approach, “the solution delivers full situational awareness of vulnerabilities across the entire attack surface without compromising performance,” he said.

AI in the Hands of Bad Actors

Armis’ report about the evolving nature of cyberwarfare further explains the need for a faster and more comprehensive approach to cybersecurity. The current U.S.-Israel conflict with Iran shows how a kinetic struggle can quickly expand into cyberspace. CloudSEK researchers noted that within hours of the first bombs dropping on Tehran on February 28, more than 60 pro-Iranian hacktivists mobilized on Telegram, joining other nation-state groups in targeting U.S., Israeli, and other Middle Eastern countries, alongside broader cyber activity from state-linked actors.

“Years ago, we warned that cyberwarfare was being dismissed as a ‘tomorrow problem,” Armis co-founder and CTO Nadir Izrael wrote in a blog post, adding that the data in its cyberwarfare report “proves that tomorrow has arrived with devastating force. We are no longer watching the tide come in; the tsunami is already here, and it is fueled by AI-driven escalation that has dissolved the boundary between digital disruption and physical conflict.”

In the 2023 version of the report, a third of organizations surveyed were indifferent about cyberwarfare. Now, 89% said they fear impending AI-driven nation-state attacks.

“This isn’t just a statistical spike; it is a permanent, heightened state of modern business where being in the crosshairs is the new baseline and the stability of society is at stake,” he wrote. “The most dangerous shift in 2026 isn’t just that attacks are increasing; it’s that the human element is being removed from the kill chain. We have entered the era of the Agentic Swarm – autonomous, goal-seeking AI agents that discover vulnerabilities and weaponize exploits in seconds.”

The Readiness Paradox

The report also highlighted a disconnect. While 79% of global IT leaders say they are prepared, 66% experienced up to two breaches in the past year, an increase from the previous year. 

“This is the Readiness Paradox: organizations perceive they’re ready because they pass audits, not because they can stop a machine-speed swarm,” Izrael wrote. “What’s worse, half of all IT decision-makers whose organizations have been breached admit they’ve still not been able to adequately secure their systems. In 2026, ‘readiness’ has become a myth that obscures a widening gap between defensive capability and offensive reality.”

To address the widening gap, organizations need to move away from reactive postures. The scale of the threat has outpaced human capacity, according to Izrael.

“You cannot stop an autonomous agent with a manual ticket or a human analyst; we must move to machine-on-machine weaponry,” he wrote. “To overcome this era, our defensive AI must be just as autonomous, goal-oriented, and relentless as the swarms it faces.”

Jeffrey Burt

Jeffrey Burt has been a journalist for almost 40 years, moving from general-circulation newspapers to IT news sites in 2000. He’s an expert analyst and writer on cybersecurity, data center infrastructure, AI, and a host of other subjects for a range of organizations, including CyberRisk Alliance, eWEEK, Techstrong Group, The Next Platform, and The Register.

You can skip this ad in 5 seconds