COMMENTARY: There is a gap that MSPs and MSSPs deal with every day. MDR is essential, but it’s still priced like a premium service, even though AI has changed what it actually costs to deliver. That mismatch leaves partners stuck choosing between margin and service quality. The point is straightforward: if AI has lowered the cost of detection and response, pricing needs to reflect that so mid-market customers can afford it and partners can deliver it sustainably.
Threat detection and response is the airbag of modern security: built in, always on, non-negotiable. You won’t need it every day, but you never want to go without it. For most SMB and mid-market customers, that “airbag” is Managed Detection and Response (MDR). Yet it’s often priced like a luxury upgrade, not a basic safety feature - forcing teams into a ridiculous tradeoff: affordable or effective.And if you’re the service provider, you’re the one stuck holding the bag. Customers want 24×7, enterprise-grade outcomes on budgets that barely cover “good enough.” Meanwhile, AI has blown up the old cost model. Alert triage, correlation, and investigation - the expensive core of MDR - can now be done faster and cheaper than your suppliers’ contracts and price lists admit. Until pricing catches up to AI-era delivery costs, it’s your margins - not your suppliers’ - that get shredded.Then check the service tiers. If it’s still packaged like every alert requires Tier-2 humans, the pricing hasn’t caught up to the AI era.
MSSP Alert Perspectives columns are written by trusted members of the managed security services, value-added reseller and solution provider channels or MSSP Alert's staff. Do you have a unique perspective you want to share? Check out our guidelines here and send a pitch to [email protected].
Why MDR Delivery Costs Should Be Falling, but the Prices You Pay Aren’t
Security operations used to be priced around one scarce ingredient: human intelligence. Your cost to deliver MDR hinged on senior analysts who could read weird logs at 3 a.m. and not blink. That scarcity drove everything from per-endpoint fees to minimums to onboarding costs.AI has quickly and fundamentally changed that. In a well-instrumented SOC today, a huge chunk of triage, enrichment, and correlation can be handled by AI agents that never sleep, don’t burn out, and can look at a thousand alerts with the same focus as one. AI now gives you an abundance of intelligence on tap.Here’s the catch: many of your suppliers’ price lists still assume the old world, where every decision required a human in the loop. So while the real cost per case is dropping fast, the prices you pay those suppliers often aren’t. For MSPs and MSSPs, that gap is where margin should live or die.The Margin Squeeze on MSPs/MSSPs
A lot of the suppliers you rely on still carry pricing DNA from their enterprise roots. So even when they badge it as MSP/MSSP-friendly, you feel the pinch every time you try to fit those rates into a mid-market security stack. Their per-endpoint minimums and “all-you-can-eat” tiers look fine on a slide, but when you wrap in SIEM, XDR, backup, and basic hygiene, there’s no room left for a healthy margin without sticker shock for your customer. So you trim: fewer seats, weaker SLAs, less 24×7 coverage than you’d like. Net-net, service quality falls short of what customers expect.Meanwhile, staffing a real SOC - onshore analysts, overnight coverage, senior escalation - has only gotten more expensive. You can’t just pass costs through to a 200-seat manufacturer or a regional law firm that thinks of security as a line item, not a strategy. In a competitive RFP, the partner who eats the most MDR pain to keep the overall bundle “reasonable” often wins the deal - and makes their own business a little harder to scale every year.Why Your Suppliers Aren’t Modernizing Pricing
If the tech has clearly shifted, why hasn’t the pricing? Partly because vendors don’t turn on a dime. Most of the upstream MDR and SOC vendors you buy from were architected - and more importantly, forecasted - for a 2010 world where every alert needed a human and “AI” was a slide, not a line item. Technology has sprinted ahead; pricing and behavior are still five years behind. Boards and CFOs are still staring at models built on that era’s ASPs and renewal curves.Meanwhile, product teams have likely been incorporating AI and automation that take huge bites out of triage and investigation effort, but the commercial model may lag the engineering reality. Change pricing and packaging too fast and you risk confusing the field, upsetting the channel, or spooking investors. So we get an awkward in-between phase: security operations running on AI-era economics, sold on legacy-era price lists. Until those vendors reset around the new cost base, MSPs and MSSPs are left doing margin gymnastics to make the numbers work.What MSPs/MSSPs Should Be Asking Now
It’s time to ask your suppliers for the math:- Where does a human still touch every case, and where are AI agents actually doing the work? Ask for real percentages.
- How have their unit economics changed in the last two to three years, and where does that show up in pricing or partner margin? If costs dropped but discounts didn’t, note that.
- Can their capabilities be used profitably on a 150–500-seat customer at market rates, or are they quietly built for Fortune 500 deals? Make them walk you through it.
- As AI cuts their cost per case, will you see the benefit through improved margins, new pricing tiers, or co-managed options? Look for partners with a clear plan, not just a one-time discount.
- Are their SLAs about uptime and features, or do they commit to outcomes - critical alerts investigated and escalations within a defined window? Uptime SLAs mean you’re buying a tool; outcome SLAs mean you’re buying a service.




