Surely everyone appreciates the importance of governance when it comes to AI by now, right?

I mean, end users certainly do. 90% of them worry about their data being used by AI tools without their consent, according to Malwarebytes.

Their employers get it too. In fact, when Jitterbit asked decision-makers to name the primary bottlenecks keeping AI initiatives out of production, “security, governance, and data privacy risks” was the number one response.

They’re correct to be concerned too. You’ve been reading here about the “shadow AI” problem plaguing businesses for a year now, and more recent data from Teramind suggests both that 80% of workers use unapproved AI tools on the job and that a third have shared proprietary data with unsanctioned platforms.

Businesses know exactly whose help they most want with those and related problems. Fully 94% of them plan to lean on MSPs over the next two to three years for help navigating AI governance, according to Logicalis.

And there’s real money on the line. Global spending on AI governance will climb from $440 million this year to $1.51 billion in 2031, according to Mordor Intelligence, and Forrester expects spending on off-the-shelf AI governance software to more than quadruple by 2030 to $15.8 billion.

Yet what happens when you ask MSPs about the importance of AI governance, for their customers and their own service portfolios? No really, try it. Ask a few. I’ll wait. Except I’ve done it myself and I know what you’ll probably hear, which is this:

[sound of crickets]

As in they don’t seem terribly interested in the topic. Such was the case not long ago, certainly, when I helped a client of the consultancy I serve as chief analyst test governance-focused solution messaging with a focus group of MSPs and got a lot of yawns in response, along with warnings from an especially governance-savvy participant that the entire topic “probably flies over a lot of MSPs’ heads”.

Want some objective evidence for that assertion? When analyst firm Techaisle asked channel partners to name their top business priorities for 2026, “Developing Governance & Compliance Services” placed eleventh on the list, behind legitimate but (I’d argue) less urgent issues like “Adopting AI-Driven/Intent-Based Marketing” and “Operationalizing AI-Orchestrated Account Capture”.

What gives?

It’s a question that Jason LaPorte (pictured), CTO/CISO, at New York City-based MSP Power Consulting Group, has been wondering about just like me ever since he found himself staring into a room full of glazed-over eyes while speaking on a conference panel dedicated to governance last year.

“People were befuddled by the idea,” he says. “They don’t think about it.”

And therefore don’t comprehend why it matters, he adds. “I don’t think people understand how LLMs train and learn, and I think they misunderstand what happens when you take an Excel spreadsheet or a whole notepad of data and stick it in a non-private LLM.”

Or a private one for that matter. “You can ask Copilot to go find anything that says anything about raises or payroll and it would take about twelve seconds,” LaPorte notes.

Most MSPs who get that, meanwhile, don’t know what to do about it, according to Brent Lazarenko, chief AI officer and global head of innovation at NWN, an AI-focused managed service provider with some 6,000 customers and a roughly $1.3 billion top line.

“It’s definitely a skills gap,” he says.

And closing it takes time few overworked MSPs believe they can spare, especially while simultaneously sorting through what feel like more fundamental questions about what to do with AI internally and how to sell it to their customers. Which is a shame, Lazarenko notes.

“They’re going to miss out on higher value AI strategy conversations if they’re not doing the governance,” he says.

Those are exactly the kind of conversations MSPs need to be having with businesses at a time when endpoint, network, and cloud management services have become all but completely commoditized too. “Are you going to get a meeting to talk about their devices? No,” Lazarenko says. “You can get a meeting to talk about AI governance with just about any one of your clients today if you really wanted to.”

You can earn more than just one-time project fees afterward too. “The need to continuously monitor and do enforcement will never go away on this,” Lazarenko says, noting that NWN’s managed governance service tracks a range of issues.

“Is the model up? Is the model hallucinating? Is the model giving out PII? Is it filtering out the right things? How are agents taking action, or not taking action? Is a human in the loop wrong or right? How is the model evolving?”

Even organizations large enough to have in-house IT rarely have the time, tools, or inclination to answer such questions, he adds, and few AI consultancies with the know-how to set governance policies want to monitor those policies after the fact.

“MSPs are on the other side of the house saying, ‘we’ve got the tools to monitor this stuff, but we don’t really care about having a governance strategy conversation,’” Lazarenko notes. “An MSP that can bridge both of those worlds wins, and that’s where we’re positioning ourselves.”

Along with other wise MSPs, of course. The clock is ticking until one of them starts talking with everyone else’s clients.

Speaking of tactics for moving to AI…

It’s one of several topics Alex Stanton, the managed services thought leader you’ve met here at Channelholic before, discusses during the latest episode of MSP Chat, the podcast I co-host. The whole conversation—which Stanton recorded at 9:00pm local time from the rear of a rented catamaran while vacationing in Thailand, by the way—is well worth listening to IMO.

Evidence from ConnectWise that everyone in startup land is all-in on AI

It’s impossible to say, unless you work at ConnectWise anyway, whether any of the contestants in this year’s PitchIT startup competition will be AI governance vendors. That close to all of them will be AI something, on the other hand, is a much easier call.

“Everybody’s using AI in their description,” says Sean Lardo, the vendor’s vice president of IT Nation Communities. “You’re either built on AI and you’re an AI offering or you’re infusing with AI to maybe improve your product.” Some of the applications are even vaguer than that to a degree Lardo finds dangerous for the companies that submitted them.

“People are very nervous these days about AI,” Lardo says. “You have to be thorough on what problem you’re solving for.”

PitchIT, for those new to it, is a contest ConnectWise has been staging annually since 2018 to nurture young makers of ConnectWise-compatible software. Lardo, who turned it into a startup accelerator as well two years ago, reports record interest in joining this year’s cohort, which he expects to include 25-ish companies. Indeed, he had already received over 50 applications (via this page) when we spoke two weeks ago on the sidelines of GTIA’s annual Community & Councils Forum in Chicago.

“People I’ve never even heard of,” says Lardo, who expects to receive more than 150 submissions in all by the April 30^th deadline. “We’ve averaged about a 25% increase in applications year over year,” he adds.

I’m guessing this year’s uptick will be even bigger given how rapidly AI-native startups focused on MSPs, some of which you’ve read about here before, are coming into existence at present.

“The barrier to entry has gone down significantly because a lot of them are just using AI to build the code,” Lardo observes.

Plus, there’s a lot of investment capital to draw on. “AI-tagged companies account for as much as 69% of VC-backed SaaS companies within select segments,” according to a recently published report from PitchBook, amid a spike in venture deal volume.

Lardo and his team are evaluating would-be PitchIT competitors much the same way venture funds evaluate would-be funding recipients.

“If you’re an investor, you’re looking at are they strong enough to survive?” Lardo explains. Meaning do they have not just an interesting, shipping product but customers for it too, and maybe even upbeat buzz among MSPs.

“We’re literally looking on LinkedIn, Facebook, X, Reddit,” he says. “We want to see what’s being said.”

Lardo won’t disclose much about the applicants ConnectWise has heard from so far except to note that at least six of them make AI-powered service desk automation software of the kind 2023 PitchIT winner Thread makes, and that others are seeking to streamline additional operational processes.

“Right now, there seems to be a huge push on AI sales-driven stuff, especially with data cleaning and opportunity management,” he notes.

This year’s contestants will be vying for $150,000 in prizes, up from $100,000 before. Unlike previous years though, in which all of the money was distributed in cash, this year’s pool includes $50,000 of cash and $100,000 of sponsorship credit at ConnectWise events.

“What we were finding is we’d cut the winners their check for the prize money and then they’d turn around and just give it right back to us for sponsorship,” Lardo explains. The new arrangement eliminates that round trip.

ConnectWise will name this year’s contestants early in May, and name three finalists some four months later. The winner will be chosen by a panel of judges in front of a live audience at the vendor’s IT Nation Connect event in November. I’ll be watching in the front row, as I have the last two years running.

Follow Me on LinkedIn

Want in on AI fast, MSPs? Maybe you should outsource everything else.

MSP vendors aren’t the only companies eager to sell AI-native solutions. A lot of MSPs, including some extremely large ones, are as well. How much easier would it be for them to acquire skills, envision offerings, perfect a sales motion, and more if they didn’t have to deliver increasingly commoditized bread-and-butter endpoint, network, and cloud management services at the same time?

Come to think of it, how great would it be for AI-forward service providers if they didn’t have to deal with any of that old school hassle at all?

As of last week, they don’t, courtesy of MSP-as-a-Service, a new venture from investment and operating company Summit Holdings that will happily do all of that work for them on an outsourced per-user, per-month basis.

Subscribers, according to Summit co-founder and CEO Juan Fernandez, simply pick their tool stack of choice from a menu of some 60 RMM, PSA, backup, security, and other applications.

“We build it, we organize it, and we operate it for them,” he says. As them, he adds, meaning white label via NOCDOC, a 24/7 U.S.-based NOC and SOC vendor Summit bought last year.

“We quiet the noise for them,” Fernandez (pictured) notes.

And not just help desk noise, it’s worth noting. MSPaaS helps with pre-sales engineering, client onboarding, and QBR delivery, chores few of the offshore outsourcers serving MSPs for years can handle.

“They serve a purpose to answer the phone and to do ticket triage,” says Fernandez of such firms, “where we’re actually operating the platform.”

The appeal for would-be AI consultants is obvious. “They don’t really have to do much other than just manage and operate their business and migrate into the future,” says Fernandez.

And do so while turning a profit, he adds. Without getting deep into specifics, Fernandez says the scale MSPaaS operates at enables it to price its services low enough for MSPs to make 30-50% margins while charging about 30% less than prevailing market rates.

“We wanted to make sure we could build this bridge, stabilize the foundation, and make it super affordable and profitable for them so that they could actually make some money at doing this, and for the first time, work on their business and not in their business,” Fernandez explains.

MSPs migrating to AI are but one of several markets MSPaaS hopes to penetrate. Private equity firms looking for a consistent, easily deployed, and profitable way to build rollups are investigating the service too, according to Fernandez, as are resellers and telco service providers in search of a fast track to opening a managed service practice.

“It’s zero to done,” he says. “They can move quicker and deploy value to their customer base without the implementation, the conversation, the contract, and all the other things. We end up compressing that down to moments versus months.”

For now, Fernandez won’t specify any of his several dozen strategic vendor partners, all of whom are integrated with his back end infrastructure at the kind of depth required to make a rapid-fire, mix-and-match offering like MSPaaS possible. But he’ll begin parting the curtain on their names soon, he says, in conjunction with a stream of new feature rollouts set to unfold across the rest of the year.

“This is just the built first building block,” Fernandez says. “We have a lot coming in the future, almost something every month.”

Share

Over on The Business of Tech

Host Dave Sobel has some observations that Fernandez and his partners will appreciate.

Context for that assertion and a whole lot more available here.

Also worth noting

• Edging into security? NinjaOne now offers AI-driven vulnerability management functionality.

• Rewst’s RoboRewsty AI Workflow Builder is designed to simplify automation workflow for MSPs.

• CrowdStrike and NVIDIA have introduced a “secure-by-design” blueprint for building and operating AI agents safely.

• Dell says it’s the first hardware maker to ship an NVIDIA GB300 desktop system capable of supporting autonomous AI agents using NVIDIA NeMoClaw and OpenShell.

• ServiceNow has new governance capabilities for managing those same autonomous AI agents.

• Cato Networks has introduced an NVIDIA GPU-powered SASE platform with native AI security capabilities.

• Just in time for the RSA Conference: IT-Harvest has published a report arguing that AI security will become a defining factor in the future of digital defense.

• Also just in time for the RSA Conference, Torq has introduced an agentic AI builder to enable security teams to create and deploy automated workflows more easily.

• Menlo Security has launched a browser security platform designed to govern and secure AI agents as non-human users.

• Salt Security has launched an agentic security platform designed to protect AI stacks across LLMs, MCP servers, and APIs.

• Netwrix has expanded its 1Secure platform to provide visibility and control over AI agent access to sensitive data.

• Huntress says its new Managed Endpoint Security Posture Management and Managed Identity Security Posture Management solutions expand its agentic security capabilities across endpoint, identity, and human risk.

• Proofpoint’s new intent-based AI security solution is designed to detect and mitigate human-targeted cyber risks.

• The new Users API from 1Password gives partners programmatic management of users and accounts within its platform.

• The new Unified Access solution from 1Password gives partners centralized access management across devices, applications, and infrastructure.

• Email security vendor Abnormal AI has introduced a behavioral foundation model designed to defend against AI-driven cyberattacks.

• KeeperDB, from Keeper Security, adds zero-trust database access capabilities to the vendor’s privileged access management platform.

• Nile’s latest enhancements are designed to bring “datacenter-class security” to branches and campuses.

• Blumira has enhanced its EDR and ITDR capabilities to improve active threat detection and response.

• ManageEngine has added AI-powered endpoint threat detection and automated remediation, among other things, to its Endpoint Central solution.

• Graylog has equipped its AI-powered SIEM solution with explainable AI and automated investigation features for small-to-midsize security teams.

• The latest enhancements to Orca Security’s platform include AI-powered security agents and real-time detection of AI usage across cloud environments.

• GoTo has a new LogMeIn Partner Network for resellers, MSPs, and global system integrators.

• Exabeam has added a new MSSP-focused commercial framework to its APEX Partner Program.

• Pax8 isn’t the only marketplace operator helping IT providers get into agentic AI. AWS now has a service for building and deploy agents from inside the AWS Partner Central platform.

• Speaking of agentic development, the new application security platform from Checkmarx is tailored for exactly that use case.

• Will May is the new CRO at Arctic Wolf.