Optiv: AI is Reshaping the MDR Security Approach for Partners

Cybersecurity is fundamentally different today from many other industries being disrupted by AI.

Defenders are constantly facing active adversaries, and AI has only intensified these threats. Many sectors are focused on AI-driven efficiency and automation, while cybersecurity teams must simultaneously defend against attackers who are rapidly adopting AI-powered tooling.

In a conversation with Benjamin Spencer, product director at Optiv, we’re seeing an acceleration of the “arms race” between defenders and threat actors.

The AI arms race in cybersecurity 

“In the cybersecurity industry, you still have that pressure, but on the other hand, you’re also having the pressure of attackers who are like, ‘Hey, I want to do harm to you and I want to do it in a manner that’s gonna be AI-enabled,’” said Spencer. 

“It’s not that we’re all doomed or there’s not going to be security jobs anymore – the arms race has just gotten faster.”

AI is increasing in speed, scale, and sophistication of both attacks and defensive workflows. Organizations will now have to rethink their security operations approach.

Why Optiv is still betting on human capabilities 

Spencer argues that while AI can improve efficiency and reduce repetitive work, he argues that organizations still need experienced analysts capable of deep investigation and contextual reasoning.

AI is more likely to shift analysts toward more complex investigative and forensic responsibilities, Spencer said, rather than eliminating human roles.

“Being an analyst is not necessarily an easy job, and people absolutely make mistakes,” Spencer explained. “I can’t tell you how many incidents I’ve responded to where someone caught something and then it just never got raised or the escalation didn’t happen right. There’s always been some error rate in the system. Analysts have never been 100 percent correct.”

How AI lowers the barrier for attackers

One of the greater concerns for Spencer is that AI has dramatically lowered the technical barrier required for cybercriminals to launch sophisticated attacks.

Much as ransomware ecosystems and access brokers commoditized advanced attack techniques, AI-powered exploit generation, automation, and offensive tooling could enable less technically skilled attackers to conduct more advanced operations at scale.

This creates additional pressure on defenders, who must determine how much they can trust AI-driven security tools while still maintaining human oversight over critical decisions.

“The bar for attackers to do things is getting lower. The more you can make the tooling available to attackers and they don’t have to be technically skilled – you’re going to see more of those attacks,” Spencer said. 

“At the same time, defenders are trying to figure out where that line is between what they trust AI to do and what still requires a human.”

Companies are still in the early stages of AI-led transformation

The current AI transition is not unlike many historical shifts in technological advancement. 

Many organizations still treat AI as an add-on rather than fully reimagining their workflows around it. Simply inserting AI tools into existing security processes instead of redesigning operations from the ground up.

“It’s not just, ‘Hey, we’re able to do things faster.’ It’s that we built something different. People are still trying to figure it out,” said Spencer. “Right now, companies are basically bolting AI tools onto existing processes instead of rethinking the entire workflow.”

Spencer suggests the industry is still in an early experimental phase, where businesses have not yet fully understood the long-term operational changes AI will bring to cybersecurity programs.

Why traditional MDR is becoming obsolete

Traditional MDR services are becoming increasingly insufficient in the current AI-driven threat landscape. AI automation is rapidly commoditizing basic triage functions, making purely reactive MDR offerings less valuable.

“A lot of MDR providers lived in that initial triage space – handling the influx of work and telling customers if something happened in their environment. I think that model is going to go away fairly quickly,” said Spencer.

According to Spencer, the future of MSSPs and MDR providers will revolve around proactive, continuous security operations rather than simple alert management. 

Automated patching and monitoring services become more important

He predicts that service providers will increasingly take on responsibilities such as automated patching, continuous threat exposure management, automated penetration testing, supply chain monitoring, and proactive vulnerability remediation.

The goal will ultimately be to deliver measurable security outcomes rather than identifying threats after compromise. AI will be an enabler for this shift, allowing providers to scale proactive services more efficiently.

“I think we’re moving beyond just the initial detection and response piece,” Spencer said. “You’re going to start seeing more full-service providers coming in and doing things like patching systems, automated pen testing, and proactive threat hunting. The expectation now is to provide actual outcomes that improve security, not just alerts.”

AI and the growing insider threat problem

Data governance and insider risk are underappreciated as AI security challenges, Spencer told us. 

Many organizations struggle with poor data hygiene, excessive permissions, and unstructured information scattered across platforms like SharePoint and internal logging systems.

AI search and retrieval capabilities could unintentionally expose sensitive financial, operational, or customer information to employees who previously would not have easily discovered it.

Why internal data capabilities pose risks

However, Spencer thinks the largest risks may come less from public AI model leakage and more from internal misuse of AI-powered enterprise search capabilities.

“A lot of companies have never done anything to clean up SharePoint or their logging environments. When you implement an AI tool and say, ‘Go search this,’ that can become really bad from a data loss standpoint,” said Spencer. “I think the real damage is insider threats using AI tools to surface sensitive data they shouldn’t have access to.”

“Going forward, we’ll see a greater focus primarily on data governance. The government is going to be most interested in protecting the wider citizenry, and that’s going to come down to what customer data can potentially be exposed by these big tools,” Spencer continued. 

“Companies are realizing they don’t want to store massive amounts of unnecessary data if it creates legal liability.”

Optiv’s positioning in AI security transformation

Optiv’s role is to help organizations operationalize AI securely rather than simply sell AI products. 

Spencer told Channel Insider that Optiv is focused on helping customers identify the right AI strategies, securely implement AI-enabled security tooling, and build managed security services that combine proactive protection with AI-assisted operations.

This includes advisory services, managed detection and response evolution, and helping organizations understand how to safely configure access controls, workflows, and governance around AI systems.

Spencer positions Optiv as a partner helping organizations close the gap between rapidly evolving attackers and defensive readiness.

“What we’re trying to do is help companies implement AI securely and figure out the best fit for their organization,” said Spencer. 

“We’re not just saying, ‘Buy this AI product.’ The idea for Optiv is to provide a meaningful jump toward using AI in security ecosystems while helping organizations catch up with attackers who are doing the exact same thing.”