There are so many good things to be scared about in security these days. Last week alone we discovered via Keeper Security that 40% of U.S. companies don’t use MFA on privileged accounts and learned via Barracuda that 78% of organizations have experienced an email breach in the last 12 months, a number so huge we can only assume luck versus skill protected the other 22%.

And don’t even get me started on the 95,000 concurrent viewers who innocently watched a deepfake Jensen Huang pitch them a crypto scam last Tuesday.

In honor of Halloween, however, let me hit you with something really scary. You know MCP, the protocol for connecting AI to data that has all but become a standard in the 11 months since its introduction? The one every vendor that MSPs do business with has either implemented already or plans to implement soon?

It’s a frickin’ security nightmare.

“Frickin’” and “nightmare,” to be clear, are my characterizations of the situation. Martin Zugec, technical solutions director at Bitdefender, is slightly more diplomatic about the matter. We’ve learned a lot about API security in the last few decades, he observes, enough to hope that a company full of smart people like Anthropic would take care when creating a new interface.

“So it was really disappointing for me once we started looking into the protocol and we realized it’s a mess,” he says.

Zugec (pictured) lays out the full extent of that mess in far greater detail than I can get into here in a highly recommended blog post published last month. But the gist of it all is that MCP is optimized for adoption, flexibility, and ease of use rather than safety. The people responsible for it have recommendations for deploying it securely, but it’s pretty much up to individual developers to implement them.

“That just doesn’t happen,” Zugec observes. “It’s absolutely crazy that in 2025 you have new code where security’s completely optional,” Zugec says.

And optional in the most fundamental areas, like authentication, a function that will usually be handled safely when an MCP client connects to an LLM or an MCP server connects to cloud infrastructure, because the people responsible for LLMs and cloud infrastructure tend to be rigorous about security. But when an MCP client connects to an MCP server?

“By default, there is no authentication, there is no authorization, there is nothing,” Zugec says.

You’d be surprised, too, how often even well-established software makers fail to catch issues like that. Kurt Seifried, chief innovation officer at the Cloud Security Alliance, has inspected a bunch of vendor MCP servers, and some of them take security seriously. “Some of them don’t,” he says.

Meanwhile, what happens when shadow AI makes its inevitable way to MCP and people start hunting for open source servers on the internet? “They’re going to grab the first one that looks legit and probably works,” Seifried notes. They won’t realize it contains malware until it’s too late. Indeed, researchers observed a malicious MCP server in the wild, reportedly for the first time, a month ago.

Easy fix then, right? Don’t download random MCP servers you find on the web. Create one yourself instead! Anthropic, helpfully, shows you how.

“It’s not rocket science,” Seifried says. “Our head of marketing wrote an MCP server.”

Oh, and by the way, the biggest users of MCP servers won’t be people. They’ll be invisible, inscrutable, increasingly autonomous agents.

To be clear, none of this is a theoretical, someday problem. “Adoption is just starting and we’re already seeing vulnerabilities where the CVSS score is 9.6, 9.7, 9.8,” Zugec says.

And the risk is only going to snowball from here. “There’s a lot of pressure to implement this as fast as possible,” Zugec notes of MCP. Big businesses will mostly come out fine because they have good tools and dedicated security teams. SMBs don’t.

“And they’re not mature enough to follow all the security best practices, especially since they are essentially optional,” Zugec says. “That’s why I’m feeling like we’re creating today a generation of problems that we will be dealing with for ages.”

The best you can do for now

In the meantime, there are a few things you can do to mitigate MCP risk. Visiting the MCP security resource center CSA rolled out a couple of months ago is a good starting point, as is this MCP security checklist, which Zugec likes.

Being extremely cautious about which servers you employ, needless to say, is also wise. “The most effective advice would be to try to use the official vendor ones, because the interests of the vendor probably align with your interests in the sense that they want you to be secure and safe and use their service securely and safely,” Seifried (pictured) says.

Even so, however, not every vendor MCP server will be safe, and few MSPs will have the time, patience, or skill to identify the unsafe ones by inspecting the code. As a result, according to Seifried, CSA is hard at work on tools and prompts that will automate the process.

Eventually, he adds, efforts like that will guide us to a better future in which businesses can leverage MCP’s power confidently, much as the industry eventually figured out how to leverage another very useful but also potentially dangerous API, the Common Gateway Interface, more or less securely. The only question is whether or not we get there in time to prevent the worst possibilities from springing to life.

“I don’t think we have 10 years to do it,” Seifried says. “I think we have like one to three.”

Follow Me on LinkedIn

Mizo wants agents and humans in healthy relationships

I’ll take it on faith that Mizo’s implementation of MCP is safe, given that Mathieu Tougas, its CEO and co-founder, has a background in both software development and product management. That experience came in handy when Tougas agreed to lead his brother’s managed services practice.

“They were growing quite fast,” Tougas (pictured) says, so fast that they were having trouble keeping pace with onboarding and other operational challenges. Tougas, who has helped scale startups before, dug into the bottlenecks.

“What we first thought was a process and human problem ended up being both process and technology problems,” he recalls, so the company created an AI-powered service desk automation tool to address them. By last December, they knew they’d built something a lot of MSPs with similar issues would get similar benefit from.

“And that’s how Mizo came to be,” Tougas says.

The company, which has been in market with a solution since early this year and currently has about 20 MSP partners, is among a growing crop of AI-for-managed-services vendors all trying in one way or another to ease MSPs through the transition from help desk laborers to agent wranglers.

“We really believe in that switch from humans doing everything to managing agents, and we want to be at the forefront of that,” Tougas says.

What companies like Mizo disagree about, of course, is how active that management should be. Some are comfortable handing entire workflows over to agents now. Others, like Pia, are gradually coaxing partners in that same direction. Mizo, by contrast, sees humans and agents working collaboratively to at least some extent for the duration.

“We really see ourselves as the J.A.R.V.I.S. of the MSP,” Tougas says. “Our philosophy is really changing that human-in-the-way approach to human-in-the-loop.”

Which implies that just like Tony Stark and his J.A.R.V.I.S., MSPs and their digital buddies are going to need to get along, a fact that results in a lot of thoughtful AI anthropomorphizing at Mizo.

“We really approach it as another employee,” says Tougas of the company’s agent, a remark that rhymes a bit with Microsoft’s prediction that tomorrow’s knowledge workers will be “agent bosses”, supervising swarms of largely autonomous digital assistants rather than performing knowledge work themselves. MSPs will be no different, Tougas believes.

“The role humans are going to be playing is going to probably greatly change from doing most of the work as an individual contributor, as a technician, as a service manager to having a more of an agentic-human relationship where you manage agents that do tasks and you’re in the loop where you need to be,” he says.

Note the word “relationship” there. It comes up frequently in Mizo’s thinking, along with “trust.”

“Whenever we have a new customer, we’ll always deploy in a recommendation mode first, so our customers start to learn and have a relationship with our agent,” Tougas notes. “You need to trust that agent to do actions in a real-life setting.”

At present, Mizo mostly automates dispatch and communication functions. “That’s sending emails, reminders, making sure that the right communication is done at the right time,” Tougas explains. The company is well on the way to closing tickets as well, though.

“We believe that by 2026 most of it’s going to be automated,” Tougas says. Tasks that don’t involve the help desk, like billing and project management, are on the roadmap too for automation.

Interested to learn more? Anyone attending ConnectWise’s IT Nation Connect event this week can hear Mizo’s story straight from Mizo itself on Wednesday at 2:00 p.m. ET during the finalist round of ConnectWise’s PitchIT contest. If Delta gets me to Orlando on time, I’ll see you there.

Theo gets into the AI nitty-gritty

Anthropomorphism also crops up pretty regularly at Async Labs, the company responsible for an agentic managed services automation tool named Theo.

“We’ve built what we call an AI technician,” says Sahil Thaker (pictured), Async’s co-founder and CTO. “It uses the brains from the AI models, but it has a lot of hands and legs, so to speak, that are custom to us.”

Those custom elements are what elevate Theo above generic chatbots, according to Async co-founder Abhinav Vora.

“A lot of products tend to be what people call wrappers around foundation models,” he says. “That’s great for many in many cases, but when that doesn’t work, which is a lot of the time, you have to actually get into the nitty-gritty and redo some of that stuff.”

Async’s developers have the know-how to perform that work, Vora continues, thanks to prior gigs at companies like Microsoft, Lyft, Uber, and AI search vendor Glean. “We can actually open up the engine and fix it and do whatever we want to do. That is not super uncommon, but it’s not common.”

And it’s equipped Async to build what Vora calls a domain-specific agentic AI solution tuned to the precise needs of an MSP’s service desk. “It understands what actions are safe and what is not safe,” he says. “It understands ticket types and all the different artifacts.”

It acts on that understanding autonomously in a lot of cases, too, but not in others.

“There are some things that you don’t want the AI to do because you don’t trust it entirely,” Thaker says. “When it’s trying to do remediation, you actually want the technician to give permission.”

Async, which is funded by Slow Ventures and South Park Commons among others, is about three to six months away from automating most Level 2 tickets with technician supervision and handling most Level 1 issues on its own, according to Vora, who says an agent that lives on endpoints is further out on the company’s roadmap.

“Why should you be in a place where there’s a problem and you file a ticket and only then do you get involved?” he asks. “You want to be in a place where you anticipate this laptop’s going to run out of memory or hard disk and let me just go clean it up.”

An additional future agent will automate security and network operations centers. “Running a NOC is a piece where I think we can do a fantastic job,” Vora says, because most of the work involves filtering away false positives.

Trickier but also on the way is automated integration functionality. Theo integrates now with PSA systems from ConnectWise, Kaseya, and NinjaOne, as well as Microsoft’s management stack, but a useful agentic app for MSPs needs access to a wider range of often obscure systems, many of which have no APIs.

“There will always be those one or two pieces of software that your dentist’s office has or your lawyer’s office has,” Vora says. “AI is getting smart enough where it can actually make sense of them and operate on top of that.”

Share

PartnerGPT and ChannelGTM try sponsorships versus subscriptions

I now know of something Kathryn Rose has in common with Sam Altman.

Actually, I know three things, come to think of it. The first two are that both Rose and Altman are entrepreneurs with a lot of interest in generative AI. I’ll get to the third after first introducing you to PartnerGPT.ai, the AI assistant for MSPs, resellers, and solution providers introduced by Rose a few weeks ago. Like Theo, it’s a domain-specific AI service. Unlike Theo, it’s decidedly not agentic.

“Agents do automations,” Rose (pictured) says. “These are assistants.”

There are five in all at present for sales, marketing, ops, security, and HR that partners can use to write emails, build marketing campaigns, prepare for a QBR, role play sales meetings, and more. Each one, Rose emphasizes, is pre-trained on knowledge she’s accumulated across two decades of work as a consultant, author, speaker, and founder of organizations like channelWise and The Channel Marketing Association, which introduced an AI assistant tool of its own last week called ChannelGTM.ai.

The partner-specificity of the training both services draw on is the key to the vision behind them. “I kept seeing this research come out that only 25 to 30 percent of partners were really even using [AI], mostly because it was just garbage that was coming out,” Rose explains. PartnerGPT.ai and ChannelGTM.ai, by contrast, deliver informed, experience-based responses.

They’re also, it’s worth noting, completely free. PartnerGPT.ai and ChannelGTM.ai are both available to anyone at no cost thanks to alliance agreements with AI-for-MSP vendor Synthreo in the former case and AI-first channel marketing platform Structured in the latter, plus sponsorship deals with Liongard and a handful of other vendors. Sponsors never see user input, Rose emphasizes, and partners hear from sponsors only when resources they’ve provided offer relevant assistance with ongoing chats.

“The way I look at it is everybody wins,” Rose says. Synthreo and Structured get brand exposure, sponsors get a chance to tell potential partners—gently—about their products, and Rose herself makes a little money on the sponsorship fees.

Unless, of course, it turns out to be a lot of money, which is where the third similarity between Rose and Altman enters the picture. Rose’s timing on launching PartnerGPT.ai is interesting in that it comes as OpenAI is recruiting hundreds of employees away from Meta in connection with an apparent move toward introducing advertising as a monetization vehicle for ChatGPT.

It’s not hard to understand the thinking behind that strategy either. Building LLMs is expensive work that subscription fees haven’t underwritten terribly well. The best estimates available suggest OpenAI is on track to pull in about $13 billion this year. That comes out to a little over $16 annually for each of ChatGPT’s roughly 800 million weekly active users, which has to be frustrating for Sam Altman and team as they watch AI players like Meta and Microsoft pull in huge sums via ads.

Rose, to the best of my knowledge, isn’t consciously following in OpenAI’s footsteps. But what if it turns out the best way to generate big money in AI solutions for managed services providers is selling sponsorships rather than subscriptions?

I can’t think of anyone else asking that question right now, and am eager to learn the answer.

Sophos takes the next step on Secureworks

Time flies. It’s been just over a year since Sophos announced its intention to acquire MDR/XDR vendor Secureworks and about nine months since it completed that acquisition and told Channelholic readers, via its CEO, that integrating the two companies culturally and technologically was its top mission for the remainder of 2025.

We saw an initial payoff on those efforts in September when Sophos announced it had integrated its endpoint protection solution with Secureworks’s Taegis platform and a bigger one week before last when the company unveiled a new identity threat detection and response solution.

“Sophos Identity Threat Detection and Response (ITDR) is the first Secureworks solution to be fully integrated into our platform post-acquisition, and it immediately expands the outcomes we can deliver to customers and partners,” said Chris Bell, currently Sophos’s channel chief and formerly Secureworks’s chief strategy officer, in emailed remarks. “In practical terms, that means identity detections, dark web credential monitoring, and posture assessments that MSPs rely on can now be added on to Sophos XDR and Sophos MDR services, so identity risks can trigger cases, investigations, and response actions in one workflow.”

An add-on for Sophos MDR and Sophos XDR, Bell continues, Sophos ITDR also offers resellers of those services an easy upsell opportunity. More solutions like it are on the way.

“We plan to continue integrating Secureworks capabilities into the Sophos Central platform, where they enhance partner and customer outcomes,” Bell says. “Our roadmap prioritizes co-developed and integrated solutions that deliver faster threat detection, deeper protection, and streamlined operations for MSPs and end customers, with clear, scalable delivery models.”

Welcome to CEO central

I learned how important integrating Secureworks is to Sophos straight from its CEO during an interview on MSP Chat, the podcast I co-host. He’s far from the only CEO we’ve had on the show either. Tune in here weekly to get the inside scoop on the latest developments from the biggest names in managed services and beyond.

Also worth noting

• ConnectWise’s Service Leadership unit has introduced Benchmark Essentials to give smaller IT solution providers cost-effective access to benchmarking and business growth resources.

• NinjaOne’s automated endpoint management platform is now available in the Microsoft Azure Marketplace.

• Auvik’s SaaS Management platform is now available on the Pax8 Marketplace.

• SuperOps has launched a new AI-native unified endpoint management platform that combines desktop, mobile, and server management functionality.

• GoTo has introduced Connect for Education, a secure, unified communications platform for schools and universities.

• AvePoint has announced new Azure data protection capabilities, a global partnership with IAMCP, and additional integrated marketplace solutions.

• Ingram Micro has added an agentic sales briefing assistant based on Google Gemini to its Xvantage platform. More to come on this in my next post.

• Lots of news from GTC last week. First up, CrowdStrike is teaming with NVIDIA to deliver always-on, continuously learning, autonomous AI agents for cybersecurity.

• Trend Micro has integrated with NVIDIA BlueField DPUs and NeMo Guardrails to enhance agentic AI security.

• Check Point and NVIDIA have launched AI Cloud Protect, a security solution for AI factories designed to shield AI models and infrastructure from emerging threats.

• ServiceNow and NVIDIA have launched a small, multimodal AI model and integrated ServiceNow’s platform with the NVIDIA AI Factory for Government.

• HPE has added turnkey secure AI factory solutions, smart city deployments, agentic data governance, and new server platforms to its NVIDIA AI Computing portfolio.

• Palo Alto has launched Prisma AIRS 2.0, a comprehensive AI agent/model protection and automated red teaming platform.

• Palo Alto has also unveiled Cortex AgentiX, a secure platform for building, deploying, and governing agentic AI workforces.

• Last but not least, Palo Alto has announced Cortex Cloud 2.0 to deliver autonomous AI agents, unified command center, and optimized cloud workload protection.

• OpenText Cybersecurity has added new AI-driven capabilities to Cloud Editions 25.4 in a bid to unify enterprise security across identity, data, applications, and operations.

• Arctic Wolf and AWS have signed a strategic collaboration pact to advance the Aurora Platform and global AI-powered SOC services.

• Larissa Crandall, formerly of Veeam, is now global VP of channels at 1Password.

• Cognizant and Rubrik have partnered to provide “business resilience-as-a-service”, a mix of AI-powered services aimed at helping businesses recover from cyber incidents.

• Intel 471 has added geopolitical intelligence that connects geopolitical events with cyber threats to its Verity471 platform.

• Elastic has announced Streams, an agentic AI tool that automatically parses and surfaces significant events from unstructured log data.

• Jumio has announced selfie.DONE, an AI-powered reusable identity solution that enables instant user re-verification via selfie.

• Upwind has launched a dynamic CSPM tool designed to use real-time evidence to reduce false positives and prioritize cloud exposures.

• Commvault has launched Data Rooms, a secure environment for connecting backup data to AI platforms, and a conversational AI interface for backup and cyber resilience.

• Quantum Corp. and Entanglement have formed a strategic partnership to combine post-quantum encryption, quantum logic, and scalable regional AI data storage.

• The Channel Marketing Association has named its Channel Marketing Excellence Award winners for 2025.