Skip to main content
Explore our brands An Informa TechTarget Publication
close search
site logo

MSPs need AI to fight AI-fueled cyberthreats: Guardz

Entry points haven’t changed but the speed and scale of attacks have intensified, the security vendor found.

Published May 4, 2026
By Kelly Teal, Channel Dive contributor
A person holds a smartphone with a secure padlock icon and a cyber security app on the screen.
Getty Images

Even as AI accelerates cyberattacks against small and midsize businesses, attackers continue to exploit familiar weaknesses, according to a Guardz research report. The cybersecurity platform provider analyzed telemetry across MSP-managed SMB environments from September 2025 through February 2026. 

The findings point to a growing new challenge for MSPs, VARs, systems integrators and other channel partners serving SMBs: attackers are using AI to scale old tactics faster than human-led security operations can respond.

“Threat data shows that entry points haven’t changed; attackers are still getting in through identity gaps, weak controls, and misconfigurations, just faster and at greater scale,” said Dor Eisner, CEO and co-founder of Guardz, in a release accompanying the report. “What determines outcomes now is how security is structured, whether signals across identity, email, endpoints, and cloud are connected and can be acted on in time.”

The most common points of entry for AI-backed breaches include identity gaps, weak authentication, misconfigured cloud environments and trusted IT tools. The data show how AI-fueled attacks are worsening an already tough situation.

Nearly 9 in 10 SMBs had at least one user with confirmed credential compromise at any given time. Close to one-third of businesses analyzed were exposed to compromised passwords monthly.

Session hijacking emerged as one of the fastest-growing identity threats. Incidents in which attackers bypassed MFA by stealing or replaying valid session tokens rose 23% over the 180-day observation period. The number of affected users nevertheless remained relatively stable, suggesting attackers aren’t widening their target pool but are deepening access inside already compromised accounts.

Non-human identities create another blind spot. In Microsoft 365 environments, machine identities now outnumber human users 25 to one, according to Guardz. Those service principals, OAuth applications, system accounts and managed identities often operate with elevated permissions and limited oversight, making them attractive targets for attackers seeking persistent access.

Cloud productivity environments are also under pressure. Guardz identified risks across Microsoft 365 tools, including SharePoint, Teams, OneDrive and Copilot. Anonymous SharePoint links, message exports, DLP violations and Teams app installs topped cloud security concerns for SMBs.

RMM vulnerabilities

Remote monitoring and management tool abuse, which hits a major MSP nerve, accounted for 26.2% of all threats. Hackers used ScreenConnect, AteraAgent and MeshAgent to gain persistent, unauthorized access, compromising MSP client portfolios. 

Guardz warned that attacks against the MSP supply chain are likely to intensify in the second half of 2026 as attackers increasingly impersonate legitimate RMM infrastructure.

Attackers are relying more heavily on living-off-the-land techniques rather than traditional malware, Guardz said. Ransomware behavioral detections surged 190% over a 50-day observation window, while malware detections declined 55% in the same period. 

Business email compromise is becoming more expensive, too. The cost of confirmed business email compromise incidents analyzed in 2026 ranged from $140,000 to $1.5 million, compared with an average requested wire transfer of about $40,000 in early 2025 broad-scale campaigns.

Inbox rules remain the top persistence mechanism in BEC attacks, according to Guardz. Attackers use those rules to redirect financial communications, delete security alerts and hide evidence of compromise. The report described a $1.5 million BEC scam involving thread injection, domain spoofing and a voice verification failure.

There is a silver lining to AI-driven detection and response that can help MSPs catch up with bad actors. AI tools achieved 92.4% detection accuracy compared with 67% for human analysts alone.

Disconnected tools, manual triage and periodic reviews no longer cut it, according to Guardz, MSPs need unified visibility across identity, email, endpoint and cloud environments, along with an AI-assisted response capable of operating at the same scale as attackers.

“That means leveraging AI the same way attackers are, at scale, across every client environment, simultaneously,” Eisner said in the release. “That gap is where MSPs either win or lose their clients’ trust.”

Editors' pick

Company Announcements

View all | Post a press release
e4n Launches Its U.S. Platform Through Partnership with Katalyst
From Katalyst
May 05, 2026
Katalyst logo
New Era Technology Promoted to Genetec Unified Elite Partner Status
From New Era Technology
April 24, 2026
New Era Technology logo

Want to share a company announcement with your peers?

Get started

Read next
Latest in Security
This website is owned and operated by Informa TechTarget, a global network that informs, influences and connects the world's technology buyers and sellers.

© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. An Informa PLC company.
Privacy policy | Terms of use | Take down policy | Cookie Preferences / Do Not Sell