AI systems are increasingly embedded as non-human participants within managed environments, driving a structural shift in operational responsibility and exposure for MSPs. This shift is characterized by the integration of AI-powered tools—such as note takers, copilots, connectors, and agents—into core business workflows and SaaS platforms. Companies like Google, Microsoft, and ServiceNow are formalizing AI governance with platform features such as agent registries, policy enforcement gateways, and cross-platform audit trails. Reports from industry sources, including Wired, Rubrik, and regulatory bodies in the EU, substantiate these developments and highlight changing expectations for accountability and control.
A key finding, according to security research by Red Access and covered by Wired, is that over 5,000 publicly exposed AI-generated web apps were found on the open web, with about 40% leaking sensitive data ranging from medical records to corporate strategy documents. Rubrik’s Zero Lab survey of over 1,600 IT and security leaders further reports that 86% expect AI agents will surpass existing security controls within a year, while only 23% feel they have full visibility into these agents’ activities. The New York Times and legal organizations note increasing legal and evidentiary risks posed by AI transcription tools in business meetings, warning that ungoverned AI outputs may be subject to discovery in litigation and could compromise attorney-client privilege.
Additional developments reinforce the governance and risk gap. Platform vendors are building more granular control and auditing features, but most client environments still include unregulated AI tools, third-party connectors, and manual overrides outside these native boundaries. Regulatory frameworks are evolving to place explicit bans on specific AI outputs and to delay implementation of high-risk AI oversight, as seen in the EU’s provisional AI Act. The integration between Black Kite and Sayari exemplifies how vendors are seeking to connect risk intelligence across supply chains, but operator-level exposure often remains distributed and ambiguous.
For MSPs and IT leaders, the practical implication is an immediate requirement to inventory and classify AI participants and outputs within managed domains, clarify contractual scope, and establish evidence-ready policies for audits, incidents, and legal review. Relying solely on vendor platform controls is insufficient, as clients and auditors will expect clear documentation of AI activity, data access, and policy enforcement. Many agreements are not priced or structured for AI governance and may require explicit scope adjustments, upcharges for AI inventory and policy services, and contractual exclusions for unmanaged AI activity to avoid unpriced liability.
04:49 Control the Bot
06:58 AI Audit Risk
10:38 Why Do We Care?
Supported by:
💼 All Our Sponsors
Support the vendors who support the show:
👉 https://businessof.tech/sponsors/
🚀 Join Business of Tech Plus
Get exclusive access to investigative reports, vendor analysis, leadership briefings, and more.
👉 https://businessof.tech/plus
🎧 Subscribe to the Business of Tech
Want the show on your favorite podcast app or prefer the written versions of each story?
📲 https://www.businessof.tech/subscribe
📰 Story Links & Sources
Looking for the links from today’s stories?
Every episode script — with full source links — is posted at:
🎙 Want to Be a Guest?
Pitch your story or appear on Business of Tech: Daily 10-Minute IT Services Insights:
💬 https://www.podmatch.com/hostdetailpreview/businessoftech
🔗 Follow Business of Tech
LinkedIn: https://www.linkedin.com/company/28908079
YouTube: https://youtube.com/mspradio
Bluesky: https://bsky.app/profile/businessof.tech
Instagram: https://www.instagram.com/mspradio
TikTok: https://www.tiktok.com/@businessoftech
Facebook: https://www.facebook.com/mspradionews
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
[00:00:02] Clients are putting AI into workflows before governance is ready. They're using AI-built apps, AI meeting assistants, co-pilots, connectors, and agents now. That does not make every AI mistake the MSP's problem. The exposure lands on the MSP when the AI tool touches systems the MSP already administers. Identity, SaaS permissions, endpoint access, data retention, backup, logging, or incident response.
[00:00:29] If a note-taker records a privileged meeting, a connector gives an agent access to customer data, or a vibe-coded app publishes sensitive files, the first question will be, who knew this was connected, what access did it have, where are the logs, and why was there no policy?
[00:00:48] That is the new managed services problem. MSPs have to define what they govern, what the client owns, what vendors control, and what happens when a non-human participant creates records or takes action inside a managed environment. This is the Business of Tech. I'm Dave Sobel. Wired has a new, ugly data point on what happens when anyone can ship software now.
[00:01:17] Security researcher Dora Zevi and the team at Red Access looked at AI-generated, vibe-coded web apps built with tools like Lovable, Replit, and Base44, and they identified more than 5,000 apps left on the open web with little or no real security. The headline number? Red Access says roughly 40% exposed sensitive information, including medical data, financial data, corporate presentations, strategy documents, and logs of customer chatbot conversations.
[00:01:47] Wired notes that some platforms emphasize that privacy controls exist, but configuration is ultimately the creator's responsibility. The exposure is not theoretical. It's happening at scale because deployment is frictionless. Now add what's showing up inside normal business meetings.
[00:02:05] New York Times' Dealbook team reports that AI note-takers are now common on calls capturing far more than formal minutes, offhand comments, jokes, corrections, and conversational debris that humans usually do not preserve. Corporate lawyers are already changing behavior, with some removing the bot before the meeting starts.
[00:02:25] The New York City Bar Association has warned attorneys to think carefully about AI recording and transcription because of potential discoverability in litigation and unresolved questions around attorney-client privilege. Then there's Rubric Zero Lab survey data from more than 1,600 IT and security leaders. Rubric reports that 86% expect AI agents to outpace their organization's security guardrails within the next year.
[00:02:53] Only 23% say they have full visibility into agents operating in their environments. More than 80% say agents require more manual oversight than they save, and 88% lack the ability to roll back agent actions without disrupting systems. Those are three different surfaces. Apps, meetings, and autonomous agents. They point to the same reality.
[00:03:18] AI systems are already inside operations, already generating artifacts, and already outpacing assumed controls. The failure mode is simple. A tool enters the workflow without inventory. It receives access through a user, connector, mailbox, browser session, or API token. It creates or exposes records the organization did not classify.
[00:03:39] Then, when there's a leak, a discovery request, audit, or disputed action, nobody can prove what the AI touched or whether it stayed inside policy. That is the observable failure. AI activity is already present, already consequential, and often not provable after the fact. If you're delivering Microsoft cloud services, Nerdio is a company you should know.
[00:04:05] Nerdio builds software that helps manage service providers deploy and manage Microsoft cloud environments more efficiently. That includes things like Azure Virtual Desktop, Microsoft 365, and Microsoft Intune. What Nerdio focuses on is automating the infrastructure work, managing multiple tenants, provisioning environments, managing policies, and optimizing Azure costs. So, MSPs can run Microsoft cloud services without the operational overhead that usually comes with them.
[00:04:33] Instead of building and maintaining those systems manually, Nerdio provides a platform designed specifically for MSP operations. If Microsoft cloud is part of your services strategy, Nerdio is worth a look. Learn more at GetNerdio.com AI is moving from answers to actions.
[00:04:54] Once it starts taking action inside real workflows, organizations need to standardize who or what is allowed to act, what tools it can touch, what gets reused, and what gets tracked. Without that, every department builds its own version of how we use agents. You can hear that logic in Google Cloud Next keynote as covered by Tech Republic.
[00:05:14] Google introduced Gemini Enterprise as mission control for an agentic enterprise, with an agent registry, skills and tools catalog, and agent gateway enforcing identity and policy. That's a system trying to turn scattered bots into enterprise assets with lifecycle and control. Microsoft is moving in the same direction through daily workflow.
[00:05:36] Thoreau reports that CoPilot CoWork is expanding onto mobile, adding reusable skills, and plugging into third-party services including HugsBot, Moody's, and Notion. This is not just chat on a phone. It's a multi-step executor using saved instructions, shared libraries, and standardized connectors. ServiceNow is anchoring the same idea in enterprise operations.
[00:06:00] Its autonomous workforce push includes role-scoped AI specialist agents across IT ops, HR, finance, and legal framed around enterprise context, permissions, and audit trails. The promise is not just that the agent is smart, it's that the agent can be deployed consistently inside how work already flows. That's the mechanism.
[00:06:24] As automation becomes normal work, control moves from who has the app to what can the app or agent do on behalf of the business. Platform vendors are trying to make that governable inside their ecosystems. MSPs must decide whether they are reselling those controls, stitching them together across vendors, or excluding unmanaged AI activity from scope.
[00:06:49] If you're listening to this and you haven't hit follow yet, on an Apple podcast search, the business of tech. It takes five seconds, and you'll get tomorrow's show automatically. For MSPs, the consequence is not just that clients will want AI governance. It's that clients will demand evidence when something goes wrong.
[00:07:19] Legal exposure may sit with the client. Product exposure may sit with the vendor. Privacy exposure may sit with the data owner. But operational exposure often lands with the provider managing the environment. If the MSP manages Microsoft 365, Google Workspace, endpoint controls, SaaS access, backup, or security monitoring, the client will expect answers when an AI participant is invisible or its actions cannot be reconstructed.
[00:07:47] Regulation is also getting more explicit about outcomes and accountability. Silicon Republic reports that the EU and member states reached a provisional deal to simplify the AI Act, including a clear ban on AI-generated non-consensual sexual imagery, and a delay of high-risk AI rules to December 2027 to give standards and tooling time to catch up. The takeaway is not that MSPs must become EU law experts overnight.
[00:08:14] It's that regulators are drawing sharper lines around what AI systems are allowed to produce, regardless of whether the bad output was intentional, accidental, or just the tool. Risk expectations are also becoming more connected. BlackKite and Sayari announced an integration combining cyber risk intelligence with corporate ownership and supply chain network data. Their release says, Risk doesn't exist in silos, but most tools still do.
[00:08:44] That's exactly the problem MSPs inherit. The automation layer touches vendors, plugins, identities, and data sources across the stack. Native platform controls are necessary, but not sufficient. Google, Microsoft, and ServiceNow can provide registries, gateways, audit trails, skills libraries, and permissions inside their platforms, but most clients have also browser-based AI tools, meeting bots, third-party connectors, shadow apps, unmanaged automations, and data moving between systems.
[00:09:14] That creates the MSP opening, if the service is defined precisely. The offer is not We Govern AI. The offer is inventory of AI participants, classification of the records they create, review of identities and connectors, retention and transcript policy, rollback planning for agent actions, and evidence packages for auditors, insurers, attorneys, or boards. That's the choice.
[00:09:41] Either the MSP governs the automation layer as an explicit service, or it becomes the default absorber of complexity under agreements price for support, not provable control. Are you and your clients tired of the time-consuming ticket tennis of coordinating meetings and help desk calls? Wouldn't it be better to automate this process with a tool that connects directly to ConnectWise Manage or Autotask?
[00:10:07] TimeZest offers scheduling automation that gives you complete control of your schedule and eliminates the hassle of calendar ping pong. As the only service designed specifically for MSPs, it integrates into your workflow and makes scheduling appointments easy on you and your clients. Plus, you can try TimeZest for free.
[00:10:28] Visit TimeZest.com slash MSPRadio and use the code MSPRadio to get 10% off your first year of TimeZest. Why do we care? Because AI is becoming a non-human participant inside managed environments. It can access systems, create records, trigger workflows, and generate evidence clients may later need for audits, litigation, incidents, insurers, or their boards.
[00:10:55] The MSP risk is implied responsibility. If an AI tool touches identities, connectors, mailboxes, SaaS permissions, endpoints, backups, or logs the MSP manages, the client will expect answers and proof. The bad decision is treating AI governance as informal support.
[00:11:14] Existing agreements were not priced for unmanaged agents, note-takers, AI-built apps, transcription retention, connector review, rollback planning, or cross-platform evidence reconstruction. The mistake is assuming vendor controls settle the MSP boundary. They do not. The client still needs one operational answer across the environment.
[00:11:36] What AI participants exist, what they can access, what they created, and what evidence exists if something goes wrong. So what to consider? Start with scope, not tooling. Define which AI activity the MSP governs and which remains the client's responsibility. Tie that boundary to manage systems, things like identity, SaaS administration, endpoint controls, backup, logging, security monitoring, and incident response.
[00:12:06] Run an AI participant inventory. Identify note-takers, co-pilots, agents, AI browser tools, third-party connectors, and AI-built apps. Document the owner, identity use, data touched, records created, retention location, and log availability. This is a billable discovery engagement, not a free assessment. Classify AI-generated artifacts.
[00:12:31] Meeting transcripts, summaries, chatbot logs, generated documents, agent histories, and app outputs should be mapped to sensitivity and discoverability. Add AI artifact and non-human participant language to renewals. Define what the MSP governs, what the client must disclose, what vendors own, and what counts as unmanaged AI activity outside of scope. And build a vendor-agnostic evidence position.
[00:12:58] Platform controls will help, but clients need one operational view. What AI tools exist, what they can access, what they created, what policy applies, and what evidence exists if something goes wrong. But this trend continues, MSP contracts will add explicit exclusions for unmanaged AI participants within two years.
[00:13:21] And clients will pay separately for AI participant inventory, policy enforcement, transcript governance, agent rollback planning, and audit evidence packages. This is the Business of Tech. Want more from the Business of Tech? Join Business of Tech Plus for ad-free episodes, early interviews, extended cuts, subscriber-only shows, and exclusive member perks and analysis.
[00:13:48] Sign up at businessof.tech slash plus. And follow this show in your podcast app. And if you're on YouTube, hit subscribe and the bell so you never miss a story. Reviews and comments help spread the word, too. Interested in advertising? Head to mspradio.com slash engage. The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. Thanks for listening.
[00:14:16] I'll see you on the next episode. Part of the MSP Radio Network.