Market News, MSSP, Managed Security Services, Vulnerability Management, AI/ML, Exposure management

MSSP Market News: AI in the SOC is getting real for MSSPs

A human supervisor manages a staff of robots in a security operations center.

AI in security operations is starting to feel a lot more real. Sophos put a clear number behind that with its agentic SOC update, saying its MDR business is now using AI to resolve authorized cases from creation to automated response in 89 seconds. It also said AI closed 52% of MDR cases end-to-end without human intervention, within boundaries set and monitored by analysts.

This is exactly where the pressure is building for MSSPs. Customers want faster response, clearer outcomes, and better coverage, but providers cannot solve every problem by adding more analysts or more tools. The Sophos update points to where the model is heading: routine triage and response work gets handled faster by AI, while analysts stay focused on the cases that need judgment, business context, threat hunting, or customer advisory work.

And this is not only about AI inside the SOC. The attack surface itself is getting messier. Customers are using more SaaS apps, browser-based tools, remote access, and personal devices. That gives attackers more ways to slip in through stolen credentials, cookies, or activity that looks normal at first glance. NordLayer’s research helps ground that point, with 82% of surveyed IT professionals saying their organization had a web-based security incident in the past year, and half saying the impact was moderate or severe.

MSSPs are not just trying to figure out whether AI belongs in the SOC. They are trying to figure out how to use it safely, how to explain its value to customers, and how to monitor identity, browser activity, SaaS risk, exposure validation, and AI-driven threats without burying analysts in more manual work. But all said and done, governance, trust, and whether providers can clearly explain what AI is allowed to do, when humans step in, and how response decisions are documented - all this will be the true test.

Market Pulse: Cybersecurity Deals, Funding, and Platform Shifts

Google Cloud introduces Google AI Threat Defense: Google Cloud has introduced Google AI Threat Defense, an AI-powered cybersecurity platform designed to help organizations find, prioritize, and remediate vulnerabilities faster as attackers use AI to speed up exploitation. The platform brings together Gemini, Wiz, CodeMender, and Mandiant to predict attack paths, validate real-world risk, generate fixes, and support continuous monitoring across cloud, code, identity, and runtime environments. Google said the approach is built around four steps: preparing the environment, scanning and prioritizing exposures, accelerating remediation, and monitoring for live threats.

SilverSky partners with Torq: SilverSky has partnered with Torq to bring Torq’s AI SOC Platform into its managed security operations model. The Fort Lauderdale-based provider said the partnership is aimed at helping regulated and high-consequence organizations move beyond compliance-driven security controls and improve day-to-day investigation, response, and SOC execution. SilverSky selected Torq after a proof of concept across AI SOC automation platforms, citing the platform’s AI-driven investigation, response orchestration, and human oversight capabilities. For SilverSky, the move strengthens its MXDR and managed security services by giving its teams more automation and visibility across the threat lifecycle while keeping human judgment and accountability in the process.

Acumen Cyber and AttackIQ Partner: AttackIQ has partnered with Acumen Cyber to help organizations continuously validate their cyber defenses against real-world attack paths. The partnership brings AttackIQ’s adversary-informed Continuous Threat Exposure Management platform into Acumen Cyber’s engineering-led security operations practice, with a focus on testing whether security controls can prevent and detect the techniques adversaries actually use. The companies said the approach is intended to move customers beyond static vulnerability lists and point-in-time assessments by mapping viable attack paths, validating controls against frameworks such as MITRE ATT&CK, and prioritizing remediation based on operational impact.

Ping Identity extends the Ping Identity Platform: Ping Identity has expanded its platform with new capabilities for securing identity in agentic enterprise environments, where AI agents are beginning to configure access, operate across systems, and act on behalf of users. The updates include AI-first headless interfaces and agent-ready skills for programmable identity, discovery, and lifecycle governance for AI agents, and privileged access controls for desktop agents and coding assistants. Ping said the goal is to make AI agents visible, governable, and auditable without giving them direct access to long-lived credentials or secrets.

EDAMAME introduces runtime verification for coding and AI agents: EDAMAME Technologies has introduced runtime verification and deterministic guardrails for coding and self-improving AI agents, giving security and platform teams a way to detect when agent behavior moves outside declared intent. The Paris-based company said the capability uses host telemetry to compare an agent’s stated intent with observed process, file, network, credential, and posture activity across developer workstations, CI/CD runners, and cloud environments. The system produces evidence when agent activity diverges from intent and flags attack patterns such as credential harvesting, token exfiltration, and sensitive file access.


Have news to share or just want to connect? Reach anytime at [email protected].

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.
Suparna Chawla Bhasin

Suparna is the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. She manages content development, sharpens editorial workflows, and ensures storytelling is tightly aligned with audience needs. With a background in technology, media, and education, she combines strategic insight with creative execution.

You can skip this ad in 5 seconds