Privacy Settings
This site uses third-party website tracking technologies to provide and continually improve our services, and to display advertisements according to users' interests. I agree and may revoke or change my consent at any time with effect for the future.
Deny
Accept All
View all blogs

MSPs Are No Longer Managing IT. They're Governing AI.

Share
Copy to clipboard

The managed service provider model was built around a specific assumption: the identities an MSP governs are human, the applications they manage are SaaS tools, and the job is to keep that environment clean and compliant across as many clients as possible. That assumption held for a long time. It doesn't hold anymore.

Over the last two years, something shifted in the tenant environments that MSPs manage. AI agents arrived – not as a single deployment, but as a steady accumulation across dozens of tools and workflows. Microsoft Copilot, custom automation agents, and AI-assisted workflows inside ERP systems. Teams built them quickly, provisioned whatever access was convenient, and moved on. The agents stayed. They accumulated entitlements. Nobody documented ownership. Nobody set up an offboarding process because no one thought to.

The result is that the identity surface MSPs are responsible for governing has expanded – silently, rapidly, and without the tooling catching up.

What's new isn't the scale. It's the identity type.

MSPs have always operated at scale. One analyst, one platform, fifty or a hundred clients. The discipline of multi-tenant identity management is something the best MSPs built into their operational model years ago.

What's genuinely new is that the identities they're governing have changed. While human employees and SaaS applications represent established challenges, AI agents and machine identities present a distinct set of complexities.

An AI agent doesn't submit an access request. It doesn't go through onboarding with a defined role and a set of provisioned applications. It gets spun up by a developer or an operations team, it inherits whatever permissions were convenient, and it runs – often indefinitely. According to Gartner, 56% of non-human identities currently sit entirely outside structured governance. That number represents agents provisioned by your clients' teams in the last eighteen months, operating with privileged access across production systems, with no owner on record and no revocation workflow in place.

For an MSP managing one client, that's a governance gap. For an MSP managing fifty clients, it's fifty governance gaps – each one carrying its own blast radius, its own unknown entitlements, its own undocumented ownership.

The platform problem

Most identity platforms weren't designed for what MSPs need to do now. They were built for single enterprises – one tenant, one alert queue, one security team with the operational bandwidth to triage alerts and manually coordinate remediation. The assumption was that a human would sit between detection and action, context-switch between systems, and make judgment calls at each step.

That model fails MSPs in three specific ways.

First, it doesn't extend to non-human identities. Legacy IGA platforms, PAM solutions, and CASBs were built around the assumption that identities are people. Governance workflows – access reviews, entitlement audits, revocation processes – are designed with a human employee in mind. AI agents don't fit. They don't have HR records. They don't follow onboarding checklists. They sit in a category that the conventional stack was never built to handle.

Second, it doesn't scale across tenants. An MSP managing fifty client environments can't run manual triage for each one. A compromised credential in one tenant, or a misconfigured AI agent accumulating permissions in another, can't wait for an analyst to finish reviewing alerts in the previous client's queue. Detection and remediation need to run automatically, across every tenant, without human handoffs at each step.

Most existing platforms require exactly those handoffs – by design.

Third, policy is fragmented across too many tools, making enforcement inconsistent. Policy fragmentation is what happens when the rules governing identity access are defined in one system, stored in another, and enforced in a third – with no shared policy plane between them. An IGA platform revokes a terminated user's access. The PAM solution doesn't receive that signal. A privileged session is still open. Three tools, three distinct enforcement contexts, and a former employee can still slip through the cracks.

For MSPs, the fragmentation compounds in two directions. Horizontally: compliance wants quarterly access certification, risk wants continuous entitlement monitoring, security wants real-time anomaly detection on privileged sessions – and the conventional stack delivers all three separately, leaving the MSP to manually bridge between them for every client. Vertically: a policy exception approved in one client environment never gets reconciled against another's baseline, so the MSP has no unified view of where policy has drifted across the full client portfolio.

The result is that policy enforcement is reactive and manual by default – not because MSPs aren't disciplined, but because the architecture was never built to enforce policy continuously across every identity type and every tenant, without a human to close the loop.

The scope of what MSPs are now responsible for

Consider what a mid-market MSP actually manages today across a typical client base.

SpyCloud's 2026 Identity Exposure Report estimates that stolen credentials from infostealer infections totaled 642.4 million in 2025. Those aren't credentials stolen from enterprises in isolation. Their credentials belong to employees at companies the MSP is protecting, and they appear in stealer logs weeks or months after the harvest. Most of the time, the MSP finds out when an attacker has already used them.

Layered on top of that is the AI agent surface. 80% of Fortune 500 companies now run active AI agents. The mid-market clients MSPs serve are deploying them at the same rate. Each one represents an ungoverned identity – one that carries privileged access, doesn't offboard, and sits entirely outside the governance workflows the MSP's tools were built to enforce.

And below both of those is the SaaS configuration layer. 43% of organizations report misconfigured SaaS settings as the root cause of at least one breach in the past year, per the Cloud Security Alliance. Governance tools that respond to this with periodic manual reviews – quarterly snapshots against an environment that changes daily – leave the gap open for months at a time across every client simultaneously.

Managing these three distinct surfaces across fifty clients isn’t merely about solving the same problem fifty times for an MSP. It involves navigating the intersection of a credential breach in one environment with an unmanaged AI agent in another. Improperly configured external SaaS applications can reveal permissions that have escaped formal review, creating a blast radius that extends far beyond the initial point of failure.

What "designed for this" actually means

When I think about what Josys was built to do, this operational reality is the starting point, not an afterthought.

An AI-native identity security and governance platform designed for MSPs' needs, governing every identity type – human, machine, and AI agent – and surfacing risks and mitigating identity threats in real-time. Not after a quarterly review, but continuously. It needs to detect threats across the entire identity surface, map them to the user's or agent's complete access profile, and automatically execute remediation. Without a ticket. Without a manual handoff. Without an analyst, context switching between 50 client alert queues.

This must run simultaneously across all managed tenants, designed as a core requirement rather than a retrofit for individual enterprises.

The three capabilities Josys is announcing today reflect that directly. AI Agent Discovery and Management brings AI agents into the same governance control plane as human identities – inventoried, ownership assigned, shadow agents flagged – across every client environment from a single pane of glass. Identity Threat Detection and Response continuously monitors stealer logs and dark web sources, maps compromised credentials to full-access profiles, and remediates automatically across all connected applications. Autonomous Access Policy Governance unifies policies, automation, and alerts into a single pane. With real-time enforcement against 30+ compliance templates, running continuously across every tenant without manual intervention.

The shift that's already happened

The MSP role has always been about operational leverage and unified governance: one team, governing identity at scale across many clients. What's changed is the scope of identity.

It used to mean employees and applications. It now means employees, applications, machines, and AI agents – with the AI agent surface growing faster than any of the others.

The MSPs I work with aren't waiting for the platform market to catch up. They're looking for a governance model built around the identity surface that actually exists in their client environments today. That means governing AI agents the same way they govern employees. That means detection and remediation that runs automatically across every tenant. That means a multi-tenant architecture designed from the ground up for the way MSPs actually operate.

That's the gap Josys was built to close. It's also the gap that defines what identity governance needs to mean for the managed service market – not just now, but going forward. Book a demo with Josys today.

Questions? Answers.

No items found.
No items found.