AI has come into the cybersecurity field as rapidly as it’s done in other industries, bringing with it not only new capabilities for defenders but also a
rapidly expanding attack surface through its accompanying security risks and threat actors that are rapidly
incorporating the technology into their attacks.
Myriad studies and reports have illustrated the multiple roles AI and
AI agents play in the cybersecurity space, and a survey of more than 1,500 CISOs released by
Darktrace this month brought more clarity to the challenge. At the same time, the U.K.-based company rolled out a new tool aimed at helping organizations more safely deploy and scale AI and agents by better understanding how they operate and interact with systems and humans.
MSSPs and MSPs also can use it help their clients as they embrace AI and bring it into their operations.
The issues with AI touch on everything from how pervasive its use is becoming among software-as-a-service (SaaS) tools,
shadow AI, and the “employee-like”
reach and access AI agents have, according to
Nicole Carignan, senior vice president and security and AI strategy and field CISO for Darktrace.
“They are given logins, move data and execute workflows,” Carignan told MSSP Alert. “Unlike humans, these agents lack critical thinking, discernment, or understanding of consequences. Also, agents interacting with humans via prompts are designed to be helpful, making them a pliable insider threat. Monitoring how humans and
non-human identities interact with AI, when it shifts, and detecting when it becomes risky is a major concern.”
AI Brings Worries, Confidence
The CISOs surveyed for Darktrace’s
State of AI Cybersecurity 2026 report saw both the threats that come with AI and how the technology can help them protect their organizations. According to the number 44% of respondents said they are extremely or very concerned with the security implications that come with third-party large language models (LLMs) like
Microsoft’s Copilot and
OpenAI’s ChatGPT and 92% are concerned about the impact of AI agents used by employees on security.
In addition, 87% said AI is significantly increasing the number of threats that require attention. That said, 96% see defensive AI as significantly improving their security capabilities and generative AI has a role in 77% of security stacks, though only 35% are using unsupervised machine learning.
Darktrace executives
wrote that 2025 was the year enterprise AI went mainstream, and that this year it is in every facet of organizations’ structure.
'A Whole New Attack Surface'
“In short, it’s opened up a whole new attack surface,” they wrote. “At the same time, AI has accelerated the pace of cybersecurity arms race on both sides: adversaries are innovating using the latest AI technologies at their disposal while defenders scramble to outmaneuver them and stay ahead of AI-powered threats.”
A key worry is that the rapid enterprise adoption of generative AI is outpacing security frameworks created to govern it. Echoing Carignan’s thoughts, they wrote that “AI systems behave in ways that traditional defenses are not designed to monitor, introducing new risks around data exposure, unauthorized actions, and opaque decision-making as employees embed generative AI and autonomous agents into everyday workflows.”
The security vendor’s new Darktrace / SECURE AI behavioral AI solution is designed to teach security teams how AI systems behave and evolve over time and to step in when AI systems act abnormally, including move away from intended behavior, violate policies, or seem manipulated to perform unauthorized actions, as occurs when bad actors use prompt injection methods.
“It builds a real-time understanding of behavior, intent, and risk across human and agent interactions and, as a result, security teams have visibility into what AI is doing, not just what it’s allowed to do,” Carignan said. “Unlike static guardrails and policy-driven approaches, it can comprehend the unstructured inputs and outputs and detect risky drift and adaptation that happen with AI tools and identify misuse even where a tool's access looks legitimate.”
Visbility is Needed
She clicked off the range of risks that AI brings to an enterprise, noting that the technology isn’t limited to one model, prompt interface, tool, or domain, Instead, is increasingly being used widely by organizations across SaaS tools, by employees to improve productivity, and by IT teams to be more efficient in their development and engineering.
The issue of shadow AI creates data privacy concerns – a lack of visibility into what AI tools are being used by whom and for what reasons – that can cause organizations to slow down the use of AI for security reasons, while tracking the use of agents and non-human identities creates its own visibility gaps that hackers can exploit.
Also, “many organizations are being sold that AI orchestration platforms provide security,” she said. “This is foundational security. But securing AI must include full visibility, continuous behavioral analytics, accurate anomaly detection, risk analysis [and] investigation, and autonomous containment across domains, people, processes, and tools.”
MSSPs Bring Expertise
MSSPs continue to see their roles with clients expand in such areas a being strategic advisers and force multipliers for organizations that lack the skilled people needed to address an increasingly complex cybersecurity environment driven by advanced technologies.
This is where security services providers need to step in, Carignan said.
“Securing AI usage is a new, rapidly evolving need where few security teams have built in expertise,” she said. “MSSPs and MSPs will play a vital role in advising businesses on how they can best enable AI without creating outsized risk and helping them build the technology stacks that will meet that need.”
She added that “AI risk is a new part of the attack surface and MSSPs need to start considering how to build visibility and response to those risks into their outsourced [security operations center] services.”
