COMMENTARY: Cyberattacks are getting smarter and harder to spot. Offense is moving faster than defense. Training users and strengthening SOC and support teams matters more than ever. Every email, call, or message could be a fake, and the only way to stay ahead is to make sure people know when to pause, verify, and escalate. If we invest in that human layer now, we have a real chance of staying ahead of these AI-driven threats.
In cybersecurity, we’ve always been at war with automation. What’s changing now is that the new wave of cyberattacks isn’t driven by brute force or script kiddies; it’s powered by generative AI. Today’s threat actors are wielding AI tools that can learn, adapt, and convincingly mimic real people faster than our traditional defenses can keep up.This isn’t just another evolution in the threat landscape. The new AI that’s powering the latest detection, analysis, and remediation tools is first being deployed by bad actors to supercharge phishing campaigns, impersonate executives, and compromise trust at scale. The race is on, and for the next year or two, the offensive side has the edge.The future of managed security isn’t man or machine - it’s both, working in sync.
MSSP Alert Perspectives columns are written by trusted members of the managed security services, value-added reseller and solution provider channels or MSSP Alert's staff. Do you have a unique perspective you want to share? Check out our guidelines here and send a pitch to [email protected].
The Rise of AI-Powered Spear Phishing
Generative AI has taken phishing to a terrifying new level. What was once easy to spot—poor grammar, generic salutations, awkward phrasing—is now almost undetectable. Today’s attackers can feed AI models a company’s emails, website content, or LinkedIn profiles to generate perfectly written, contextually aware spear-phishing messages.Even more concerning: AI can generate personalized, emotionally intelligent messages. The system knows when to be friendly, when to be authoritative, and when to simulate urgency. Some models can even adapt tone based on region or corporate hierarchy. The result? Phishing emails that sound like your CFO, reference real internal projects, and arrive right when your team least expects them.And these same capabilities extend beyond text. Voice cloning, real-time deepfakes, and AI-driven social engineering make it possible for attackers to appear on a Zoom call or leave a voicemail that’s indistinguishable from a trusted source. The frontline of the attack is no longer just the inbox - it’s every communication channel your client uses.The Offensive-Defensive AI Gap
While vendors are rapidly developing defensive AI tools to detect and block these attacks, we have to be realistic: Gen AI being used offensively is evolving first and faster than defensive AI that specializes in detection. Yes, AI companies are making defensive tools to counteract and inform users about the risks from nefariously used Gen AI, but the Gen AI tools are always ahead of detection tools that use AI. That’s why training users and helping them learn when to be suspicious and when to forward suspicious activities (emails, calls, video chats, etc.) to their MSP security team or MSSP team is critical. It is probably the most important thing that can be done in the short term.Now is the time to build up your cybersecurity talent at all levels, but especially those in your SOC, NOC, and support desk who deal with the massive increase in this sort of suspicious activity that will be submitted by our customers. We, as humans in the cybersecurity space, need to be that second or third set of eyes on this new onslaught of activity.For MSPs and MSSPs, this means that relying solely on automated defense tools, no matter how advanced, isn’t enough. The critical missing component is human expertise. That’s where your teams and your clients’ training become the decisive factor.The Human Element as a Critical Firewall
The smartest investment MSSPs can make right now is in people. Your SOC, NOC, and support teams are the last, and often best, line of defense when AI-driven deception is hard to detect. Over the next year, our teams will be busier than ever, and that’s actually a good sign. More reporting to us means our customers are doing exactly what we’ve trained them to do: slow down, question, and escalate.This is why continuous user training is critical. Employees must be taught when to be suspicious, and more importantly, how to react. The old “annual phishing training PowerPoint” model doesn’t cut it anymore. Instead, MSSPs should help clients establish real-time escalation protocols. Stop and verify any request involving financial or account access changes. Call back on verified contact numbers, never numbers from the phishing attempt. And forward suspicious messages to the MSSP’s security team immediately. By training users to slow down, verify, and escalate, we can turn customers into vigilant participants in threat detection, not just passive liabilities.Building the Human-AI Partnership
Defensive AI still has an essential role to play - but it must operate alongside human expertise. AI can triage alerts, filter noise, and provide predictive insights. But humans interpret intent. They see patterns over time, recognize manipulation, and understand the nuance of a request.MSSPs that blend human expertise with AI-driven automation will be the ones who win this arms race. This means:- Building a dedicated AI security response unit inside your SOC. These analysts should be trained not only to use AI tools but to understand how attackers might be using them.
- Implementing real-time anomaly correlation across voice, video (UCaaS), email, and collaboration platforms. Fraudsters aren’t sticking to one channel, and neither should your detection efforts.
- Investing in continuous analyst education focused on adversarial AI trends, voice deepfake detection, and prompt-engineering countermeasures.
