The central structural shift identified is the acceleration and scaling of cyber risks due to artificial intelligence, which turns formerly expert-driven security processes into repeatable, rapid workflows. Major threat intelligence units, including Google's Threat Intelligence group, are now documenting the use of AI in both identifying and weaponizing software vulnerabilities. The landscape is further shaped by the proliferation of AI-generated and AI-assisted online content, contributing to an environment where traditional verification and control mechanisms are less reliable.
The episode presents concrete evidence: Google reported criminal hackers leveraging AI models—explicitly noting the use of non-Google technology—to discover a previously unknown zero day, while The Verge and Wired highlighted AI-assisted attempts to bypass multi-factor authentication and the impact of synthetic content even within cybercrime forums. Research covered by 404 Media documented that by mid-2025, a third of newly published websites were AI-influenced. These observed changes drive threat intelligence teams to treat AI as a working hypothesis in live investigations.
Additional supporting developments reinforce the broadening security and operational impact. Tools such as Proofpoint's Prism Investigator and OpenAI’s Daybreak show the push toward automated threat detection, investigation, and reasoning pipelines, altering expectations from detection to defensible reconstruction and evidence generation. Analysis of supply chain compromises—such as tampered software installers and malware leveraging already-exposed cloud systems—demonstrates how automation reduces defender response windows while increasing operational pressure on providers. Reports from Small Biz Trends and channel Life show significant implementation gaps, with only a minority of small businesses deploying password managers, and a wide disparity between optimism and readiness for AI-powered security.
For MSPs and IT leaders, these trends tighten operational accountability. The tradeoff shifts from focusing on technology stacks to delivering concrete evidence of patch application, identity verification, data retention, and audit support. Providers face increasing pressure to standardize verification workflows, reduce patch validation cycles, and make evidence retention a default process. The operational complexity intensifies—either the MSP develops controls to govern automation and evidentiary rigor, or becomes the default risk absorber for ambiguous, fast-moving attack paths shaped by both client and attacker use of automation.
04:06 Speed Gap
06:25 Prove It
10:27 Why Do We Care?
Supported by:
💼 All Our Sponsors
Support the vendors who support the show:
👉 https://businessof.tech/sponsors/
🚀 Join Business of Tech Plus
Get exclusive access to investigative reports, vendor analysis, leadership briefings, and more.
👉 https://businessof.tech/plus
🎧 Subscribe to the Business of Tech
Want the show on your favorite podcast app or prefer the written versions of each story?
📲 https://www.businessof.tech/subscribe
📰 Story Links & Sources
Looking for the links from today’s stories?
Every episode script — with full source links — is posted at:
🎙 Want to Be a Guest?
Pitch your story or appear on Business of Tech: Daily 10-Minute IT Services Insights:
💬 https://www.podmatch.com/hostdetailpreview/businessoftech
🔗 Follow Business of Tech
LinkedIn: https://www.linkedin.com/company/28908079
YouTube: https://youtube.com/mspradio
Bluesky: https://bsky.app/profile/businessof.tech
Instagram: https://www.instagram.com/mspradio
TikTok: https://www.tiktok.com/@businessoftech
Facebook: https://www.facebook.com/mspradionews
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
[00:00:01] AI has shifted cyber risk from more phishing to faster exploit creation plus cheaper, scalable deception. That means MSPs must sell security as measurable risk reduction, rapid patch validation, tight identity controls, and prominence controls, because the same AI that helps find zero days will also flood clients with convincing fake content that breaks human verification.
[00:00:29] This is the Business of Tech. I'm Dave Soltan. We're seeing a very specific shift in the security landscape. Artificial intelligence is showing up not just in products, but in the raw material of attacks and the raw material of the Internet itself. Start with reporting from the New York Times. Google's threat intelligence group told the paper it saw a criminal hacking group use AI
[00:00:55] to help discover and weaponize a previously unknown zero-day software vulnerability. Google says it moved quickly to notify the maintainer so it could be patched, and noted the model involved was not Google's own Gemini. That matters because it's a concrete, named example of AI being implicated in the creation of an exploit, not simply the automation of spam or the drafting of phishing emails.
[00:01:20] Then, The Verge separately reported on Google intercepting what it described as a zero-day exploit developed with AI assistance, again tied to an attempt to bypass two-factor authentication in an open-source, web-based system administration tool. Google described telltale signs in the exploit code, including things like unusually textbook formatting and even a fabricated C-A-V-S-S score.
[00:01:47] Whether or not every detail holds up over time, the observable point is that major threat intelligence teams are now treating AI involvement as a working hypothesis during live investigations. At the same time, the web itself is being flooded with machine-made material. 404 Media covered research using Internet Archive snapshots suggesting that by mid-2025,
[00:02:10] roughly a third of newly published websites were classified as AI-generated or AI-assisted, up from essentially none before late 2022. It's not a prediction. It's a measured change in what's being published. And it's not just text. VentureBeat and the NextWeb both covered OpenAI's push on real-time voice, new models like GPT Runtime 2 and related translate and transcription components,
[00:02:37] paired with claims of much stronger reasoning, longer context windows, and pricing that makes high-volume voice applications more accessible. Separately, Wire reported on research into cybercrime forums showing criminals themselves complaining about AI slop flooding their spaces, an indicator that the volume of synthetic content has become a noticeable operational factor even inside attacker communities.
[00:03:04] One of the hardest problems in managed services isn't technology. It's delivering projects predictably and profitably. Every MSP has lived this moment. You estimate a project at 40 hours, and it ends up taking 90. Not because your team isn't capable, but because projects have dependency, shared engineers, shifting priorities, and timelines that change constantly. That's where Movala comes in.
[00:03:28] Movala uses automation and AI-driven scheduling to build accurate project timelines and continuously adjust them as conditions change. That means you know with certainty when a project will actually finish, when engineers will become available, and when you can safely take on new work. For MSPs trying to run a more mature, predictable operation, that kind of visibility is a big deal. If you want to deliver projects without the constant overruns, visit Movala.com.mspradio.
[00:03:58] That's M-O-V-I-L-A dot com slash MSP radio to learn more. It isn't that AI magically creates new categories of risk. It is that AI turns security work into repeatable workflows at machine speed. Discovery, code review, exploit development, patch validation, impersonation, and investigation all become faster, cheaper, and easier to run again.
[00:04:25] That changes the operating environment for defenders and attackers at the same time. The Hacker News reports OpenAI launching Daybreak, pairing advanced models with tooling like codec security for secure code review, threat modeling, dependency risk analysis, and automated patch validation. The important point is not simply AI for security. It is that work that used to depend on scarce expert judgment is being converted into a pipeline.
[00:04:54] Inspect the code, identify the dependency risk, model the threat, validate the patch, and repeat. Defenders are trying to compress the time between finding a weakness and proving it has been fixed. Attackers get the same structural advantage when environments are loosely governed. The record describes a supply chain compromise of daemon tools installers, where the leverage came from tampering with a distribution path instead of attacking endpoints one by one.
[00:05:23] TechCrunch, citing Sentinel-1 research, describes PCP-Jack, where one group targets systems already compromised by another group and spreads like a worm across exposed cloud services. Those are not just separate incidents. They show why speed matters. When software distribution, cloud exposure, identity, and patch state are unevenly controlled, attackers can reuse the system's own complexity as infrastructure.
[00:05:50] That is a causal shift. AI compresses the work of finding, shaping, and validating attacks. Weak operational governance expands the attack surface those workflows can use. So the risk is not just more attacks. It's less time to respond, less confidence in what's real, and more pressure on the provider to prove what was patched, who had access, what path was trusted, and what actually happened.
[00:06:16] If you're listening to this and you haven't hit follow yet, on Apple Podcasts search The Business of Tech. It takes five seconds and you'll get the next episode automatically. The failure mode is not AI causes more cyber attacks. The failure mode is that AI compresses the time between discovery and exploitation, while also making deception cheap enough to scale across normal business workflows.
[00:06:41] That breaks controls that depend on slow attacker development, human recognition, informal approval, and after-the-fact reconstruction. The exposed party is the client, because the immediate damage is fraudulent payment or unauthorized access, downtime, or disputed liability. But the accountability quickly reaches the MSP when the disputed systems are identity, endpoints, management, email, patching, cloud permissions, logging retention, or incident response.
[00:07:09] That is why the service implication is not just better detection. It is evidence. It is evidence. Proof of patch state. Proof of identity activity. Proof of approval path. Proof of message provenance. And proof that the incident timeline can be reconstructed. Here's one proof point from the small business side. Small Biz Trends highlighted findings from a 2026 workforce password security report covering thousands of businesses.
[00:07:36] The threats are the same familiar ones, phishing, weak passwords, and reused credentials. But the defenses are not there. Only about a quarter of organizations report using a dedicated password manager. And there's an 82-point gap between belief and readiness on AI-powered security. Lots of optimism, almost no operational capacity. That gap is where MSPs live.
[00:08:01] Because when the client is getting hit with enterprise-grade credential attacks and the basics still aren't standardized, the provider is the only place security can become repeatable. Now take the second proof point from the compliance and investigation side. Channel Life covered proof point launching Prism Investigator, an autonomous investigations platform built to reconstruct events across fragmented communication channels.
[00:08:25] Building timelines and case summaries with an audit trail of what the investigator did and what the AI reasoned. Whether a client uses proof point or not, the direction is clear. The expectation is moving toward defensible reconstruction. Not just detection. Not just we think. A narrative you can stand behind. Put those together and the consequence tightens to one thing.
[00:08:49] The client will demand operational certainty in environments that are getting more automated and more ambiguous at the same time. That lands at the choice. Either the MSP becomes the provider that simplifies and governs the automation layer. That's inventory, access boundaries, logging, retention, rollback, and evidence. Or the MSP becomes the default absorber of complexity expected to explain and fix systems nobody scoped, nobody standardized, and nobody priced.
[00:09:18] This episode is supported by Zero Networks. Cyber resilience is no longer a security team problem. It's a board-level business imperative. When an attacker gets inside a network, the real questions become, how far can they move? Can they get to the crown jewels? And how much of the business can they impact? And for how long? That's where Zero Networks comes in. Zero Networks helps organizations prevent attacks, minimize blast radius, and maintain business continuity.
[00:09:47] Even when attackers get inside. Their micro-segmentation platform automatically builds segmentation policies based on how legitimate users and systems actually communicate. Making every access and connection verified and intentional. The result for a threat actor is lateral movement is blocked, and threats are contained before they can cause damage. Because it's not the breach, it's the damage. Contain the breach before it spreads.
[00:10:15] The question isn't if attackers gets in, it's whether your business stays running when they do. Zero Networks was built for exactly that. Visit them at ZeroNetworks.com Why do we care? A smart skeptic will say, this is overblown. SMBs aren't running exotic AI agents, and we already do security, and so this is just more noise. That's a fair objection.
[00:10:42] Until the first time an impersonation, a bot-driven access path, or an AI-assisted exploit forces a client to ask for proof, not confidence. It's not about how advanced the client's AI is. It's about whether you can produce evidence when the incident is AI-shaped. The bad decision is to underprice and underscope security because the client is not using advanced AI,
[00:11:07] while ignoring that the attack, impersonation, and evidence burden are already being shaped by AI. What to consider? Build a prominence verification workflow into your security stack, As synthetic content floods communication channels, clients will face impersonation scenarios. Vendor fraud, executive impersonation, fake invoices, that all bypass traditional email security because the content is technically legitimate.
[00:11:35] The control layer here is identity and out-of-band verification protocols, not content filtering. Standardize a verification playbook and make it part of your security onboarding. Treat AI-assisted exploit velocity as a patching SLA problem. If your current patch cycle is 30 days for non-critical vulnerabilities, the compression of exploit development timelines means that window is now operationally dangerous.
[00:12:03] Tighten validation cycles and build automated patch state confirmation into your reporting. Because we applied the patch and we confirmed the patch is effective, are different claims. And only the second one holds up under scrutiny. Standardize incident evidence retention. Define which logs, approval records, identity events, endpoint history, and communication records are retained by default. How long they are kept, and how quickly they can be assembled into an incident timeline.
[00:12:33] If the client expects proof after an AI-shaped event, retention cannot be informal. If this trend continues, MSP security retainers will stop being priced around tool stacks and start being priced around evidence guarantees. How quickly the provider can validate patch date, reconstruct identity activity, prove message and content provenance, and produce a defensible incident timeline after an AI-shaped event.
[00:13:02] This is the Business of Tech. Want more from the Business of Tech? Join Business of Tech Plus for ad-free episodes, early interviews, extended cuts, subscriber-only shows, and exclusive member perks and analysis. Sign up at businessof.tech.com. And follow this show in your podcast app. And if you're on YouTube, hit subscribe and the bell so you never miss a story. Reviews and comments help spread the word, too.
[00:13:33] Interested in advertising? Head to mspradio.com slash engage. The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. Thanks for listening. I'll see you on the next episode. Part of the MSP Radio Network.