AI agent adoption is well underway in enterprises, and it will only grow in the coming years.
Boston Consulting Group suggests that autonomous agents will
accelerate business processes by as much as 30% to 50%.
Agentic AI is also impacting cybersecurity. Unsupervised or lightly supervised agents with autonomous decision-making capabilities are increasing the attack surfaces for businesses, with
McKinsey and Co. consultants noting that “such autonomy can greatly boost productivity, but also heightens risk if an agent’s actions run afoul of enterprise risk controls.” In addition, threat actors are also increasingly using them in their nefarious activities, accelerating their capabilities and enabling less-skilled hackers to launch sophisticated attacks.
But this is also transforming cybersecurity defense. Defenders are meeting the challenge by
bringing agents into their operations. According to McKinsey, security solutions buyers in a survey said AI agent adoption will double in the next three years, with 35% reporting AI agents will replace their tier-one security operations center (SOC) analysts during that time.
MSSPs and Agentic AI
The story is the same for MSSPs, according to
Dropzone AI, which offers an agentic SOC platform. MSSPs providing managed detection and response (MDR) services are responding to a constant flow of alerts, managing security for multiple clients, and scaling their services, but not overwhelming their teams, company officials wrote.
“
It’s a lot,” they wrote. “Agentic AI systems can take some of that pressure off by automating the repetitive work so you and your team can focus on delivering strategic value to your clients. With AI handling alert investigations, you get more accurate results, can support a wider range of security tools, and free up your staff for high-impact work like pen-testing.”
Russ Humphries, executive vice president of product management, cybersecurity, and data protection at
ConnectWise, is seeing the same trends.
“AI is quickly moving from something that supports operations to something that shapes how MSSPs and MSPs run their businesses day to day,” Humphries told MSSP Alert. “One of the biggest challenges providers face is the fragmentation across tools and data, which slows teams down and creates unnecessary noise. By bringing that data together and applying AI, you can start to connect signals across the environment and get real answers faster.”
The 15-Minute SLA
ConnectWise is bringing more agentic AI capabilities to MSSPs and MSPs. The company recently rolled out Modern Threat Protection, an AI-based, multi-layered cybersecurity model for MSSPs and MSPs that includes AI agents that run specific tasks to deliver a 15-minute SLA for MDR and, by the end of the second quarter this year, will also be used in ConnectWise’s SIEM.
“One of the areas we are seeing high impact today is in high-volume alert triage and analysis, where AI can cut through false positives and surface what actually matters,” Humphries said. “In this case, we don’t have to think of AI as a single tool, though. We’ve developed seven agents – think of them as security specialists in a particular field – that work in unison to help resolve a detection triage event, oftentimes actually taking remediation on behalf of the partner, and automating the process of creating a customer shareable report of the value and work provided.”
He added that “this is taking a lot of the workload off of Tier 1 personnel and freeing up human expertise for Tier 2 and Tier 3 work as required. I see this as a trend that’s accelerating.”
Moving at Machine Speed
Dropzone AI executives listed a range of benefits for MSSPs that come with embracing AI in their SOCs, from creating new business opportunities to overcoming staffing challenges. That said, key among them is being able to move at machine speed to address that rapid evolution of the cyberthreats they face.
It’s what ConnectWise’s Modern Threat Protection is addressing, Humphries said.
He pointed to recent announcements by AI vendors
Anthropic and
OpenAI about the advanced cybersecurity capabilities in their
Claude Mythos Preview and
GPT-5.4-Cyber – respectively – AI frontier models, which are significantly better than previous models in detecting and identifying software vulnerabilities. However, they’re equally good of autonomously developing exploits for them.
AI-Based Threats are Growing
“In the light of recent announcements from Anthropic, OpenAI, and assuredly others in the near future, it’s clear that with AI tools' ability to find exploits and weaponize them at never seen before speeds, the line ‘minutes matter’ has never been truer,” he said. “The 15-minute SLA speaks to that reality with a quantitatively meaningful service promise.”
MSSPs and MSPs can expect AI use to grow, Humphries said. Attacks are using the technology, so service providers can’t take a wait-and-see approach. They need to prioritize using AI to strengthen defenses and keep pace with a rapidly evolving threat landscape.
“What was good enough before isn’t today, and looking ahead, it’s about going deeper on integration and making AI more context-aware across the entire security stack whilst delivering on SLA that can meet the needs of modern threats,” he said. “The more connected your data is, the more effective AI becomes, especially across areas like endpoint detection, SIEM, and email security.”
