ESET: AI Adoption Puts MSPs in a Stronger Advisory Role

As AI adoption accelerates across the SMB market, MSPs are being pushed into a more strategic role: helping customers determine not only which AI tools to use but also how to use them safely.

In a recent conversation with Channel Insider, ESET executives said AI demand has moved beyond experimentation and into daily business operations, creating both new revenue opportunities and new security responsibilities for MSPs.

“People are getting their feet wet with it,” said Cameron Tousley, head of MSP at ESET. “The end customers, it’s gone from kind of fad to, ‘Oh, this is going to stick around.’”

AI demand is creating new pressure on MSPs

That shift means MSPs can no longer treat AI as a peripheral technology conversation. 

Customers are increasingly under pressure from executives and boards to adopt AI tools quickly, but Tousley and Tony Anscombe, ESET’s chief security evangelist, warned that speed without governance can introduce significant risk.

“AI is, unfortunately, in everything. It even appears to be at the coffee machines these days,” Anscombe said. “That’s sort of a joke, but still. It’s a really broad topic.”

For MSPs, that breadth is part of the challenge. AI could mean a customer support chatbot, a marketing tool, a productivity assistant, an automation agent, or AI embedded inside a cybersecurity platform. 

Each use case carries different security implications, especially when sensitive customer or business data is involved. That can lead to customers not fully understanding what they’re asking for, or even what they fully want to accomplish, when they raise the metaphorical “we want AI and we want it now” hand.

The speed at which companies are racing to implement AI is also bringing partners into related conversations, from infrastructure needs to broader digital transformation projects.

Security should be part of the AI conversation early

Anscombe said security providers need to be included before AI tools are deployed, not after.

“Anybody providing security services should be part of the business conversation of whether you’re going to use AI and what you’re going to use it for,” he said. “You might go to a marketing tool that uses AI, but you still need it to be secure. Security should never be an afterthought.”

Tousley said this is forcing MSPs to behave less like traditional technology providers and more like business advisors. 

Instead of starting with a product pitch, MSPs should help customers define the business outcome they want from AI and then work backward to determine which tools, controls, and governance processes are appropriate.

“They have to actually start interviewing them like they’re a business advisor and not just cybersecurity,” Tousley said. “So they actually have to play two roles now.”

AI security could become a new service opportunity

That advisory role also creates a potential revenue opportunity. Tousley said MSPs should consider building AI safety reviews, governance checklists, contract addendums, and ongoing tool assessments into their service offerings.

“There’s a lot of opportunity for efficiency. There’s also a lot of opportunity for risk,” he said. “If you’re a really good service provider, you are going to stick your nose in that as a business advisor and as a security expert.”

Watch: We spoke with Spyglass MTG CEO Lori Albert about AI-related service offerings earlier this year.

AI isn’t totally new to cybersecurity

Anscombe also emphasized that while generative AI has created new urgency, AI itself is not new to cybersecurity. 

Machine learning and automated detection have been used for years to help security teams keep pace with rising volumes of malicious activity. What has changed is the sheer volume of potential threats and the speed at which they arise.

“You were once looking for something malicious. Now you’re actually looking for an anomaly,” Anscombe said. “And that’s a very different process.”

While it’s a different process, the reminder of the foundational technology is important for MSPs and others to keep in mind. 

Labeling everything a “new AI” solution isn’t necessarily accurate, and the partners who can cut through the noise and deliver tangible value and security to customers are likely ahead of the curve.

ESET expects more AI use by attackers

Looking ahead, both executives said MSPs should be proactive with customers rather than wait for AI-related problems to emerge. 

Tousley recommended classifying customers by AI maturity and engaging them accordingly, with an emphasis on proactively bringing customers opportunities (and potential risks) in AI adoption.

“If I’m an MSP right now, I’m sitting down and classifying my customers,” he said. “If you’re not proactive, they might get approached by a service provider who is.”

Anscombe said MSPs should also stay current on emerging AI-enabled threats, particularly as attackers increasingly use AI in their operations.

“I would say by the end of this year, you’re going to see more use of AI by cyber attackers, and possibly more automation in their attack mechanisms,” he said.

For MSPs, the message is clear: AI is becoming both a customer demand and a security discipline. 

The providers that can help customers adopt AI safely may be better positioned to retain accounts, expand services, and lead the next phase of managed security conversations.