A pronounced infrastructure dependence on third-party AI models has emerged across the MSP ecosystem, largely due to the rapid adoption and integration of AI-powered features within vendor products. This structural shift is increasingly opaque, as providers are sold features rather than transparent access to underlying models, leaving MSPs exposed to changes in technologies and policies enacted upstream by vendors or regulators. The episode highlights how this dependency extends to delivery teams and end clients, with operational continuity tightly linked to decisions and actions outside the MSP’s direct control.
The most consequential development referenced is Anthropic’s release and rapid withdrawal of its Fable 5 AI model following a directive from the U.S. Commerce Department, which ordered a cutoff of model access to foreign nationals within 72 hours of public launch. According to published benchmarks, Fable 5 surpassed GPT 5.5 in performance, but the government-mandated suspension exposed how quickly model access can be rescinded. The policy move immediately impacted any MSP or client with offshore or nearshore staff relying on AI features invisibly powered by that model.
Further supporting the central theme, companies such as PAX8, Enforcer, and CloudRadio are embedding AI capabilities into platforms used by MSPs to manage Microsoft 365 environments, automate ticketing, and support scalable client operations. In parallel, vendors like Proofpoint are integrating compliance solutions directly with AI model APIs, further entwining risk management tools with the same core AI infrastructures. A Netrio survey cited in the episode found that while 82% of mid-market IT leaders have AI in production, only 26% report organization-wide governance, highlighting an accountability and visibility gap.
Operationally, MSPs face heightened contract and vendor risk. Most lack an accurate inventory of which AI models underpin their services and how rapidly these dependencies can be affected by regulatory directives or vendor shifts. The discussion underscores the need for explicit procurement protocols, delivery mapping, and outage runbooks that account for opaque model dependencies. As clients seek greater transparency and contractual assurances regarding model use and continuity, MSPs who anticipate and document these dependencies may be positioned to reduce exposure and establish clearer accountability.
00:00 Switched Off
03:19 Painted Over
05:20 Govern or Absorb
08:41 Why Do We Care?
Supported by:
Pax8
Sign up for the SMB Online Conference: www.smbonlineconference.com
💼 All Our Sponsors
Support the vendors who support the show:
👉 https://businessof.tech/sponsors/
🚀 Join Business of Tech Plus
Get exclusive access to investigative reports, vendor analysis, leadership briefings, and more.
👉 https://businessof.tech/plus
🎧 Subscribe to the Business of Tech
Want the show on your favorite podcast app or prefer the written versions of each story?
📲 https://www.businessof.tech/subscribe
📰 Story Links & Sources
Looking for the links from today’s stories?
Every episode script — with full source links — is posted at:
🎙 Want to Be a Guest?
Pitch your story or appear on Business of Tech: Daily 10-Minute IT Services Insights:
💬 https://www.podmatch.com/hostdetailpreview/businessoftech
🔗 Follow Business of Tech
LinkedIn: https://www.linkedin.com/company/28908079
YouTube: https://youtube.com/mspradio
Bluesky: https://bsky.app/profile/businessof.tech
Instagram: https://www.instagram.com/mspradio
TikTok: https://www.tiktok.com/@businessoftech
Facebook: https://www.facebook.com/mspradionews
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
[00:00:02] When the government can switch off the most capable AI model in three days, the MSPs most exposed aren't the ones who picked the model, they're the ones who let a vendor pick it for them, invisibly, inside a framework they now depend on. This is the Business of Tech, I'm Dave Sobel. Here's a pairing that almost nobody put side by side. We'll start with the Anthropic story.
[00:00:24] The company released the most capable model it's ever made generally available, a system that's called Fable 5, and the launch numbers backed up the hype. On Anthropic' own published benchmarks, it beat OpenAI's GPT-5.5 across the board, and it topped at least one major independent intelligence ranking. Out of the gate, it looked like the new model to beat. Then, three days after launch, it disappeared.
[00:00:48] The U.S. government, through a Commerce Department Export Control Directive, ordered Anthropics to cut off all access to Fable 5 and a sister model called Mythos 5 for any foreign national, citing national security. Anthropic complied and disabled the models, while publicly disputing the order, arguing the risk the government cited was narrow and already sitting in other tools anyone can use today.
[00:01:13] Strip away the back and forth, and the observable fact is stark. The most capable model Anthropic had ever shipped to the public went dark, by government order, 72 hours after it went live. And the order applied specifically to foreign nationals. Now the second half of the pairing. While that was unfolding, the channel kept doing exactly what it's been doing, packaging AI into products and selling it to you.
[00:01:37] Pax8 brought a company called Enforcer into its marketplace, giving partners a standardized, AI-driven way to govern Microsoft 365 and Copilot across all their SMB clients. And CloudRadial, a platform built for MSPs, took its AI chat product to general availability, an agent it calls Tier 0 triage, running intake and writing tickets before a human ever opens the queue.
[00:02:03] So look at the two together. The most capable model Anthropic had ever shipped, switched off in three days by one government directive. And in that same window, vendor after vendor handing MSPs new AI-powered frameworks to build their business on. If you're listening to this and you haven't hit follow yet, on Apple Podcasts search Business of Tech. It takes five seconds and you'll get the next episode automatically.
[00:02:29] Quick note before we get into it. The SMB Online Conference is June 23rd through 25th and registration is $129. Three afternoons, noon to 3.30 Eastern. 12 sessions. Pricing, service delivery, AI for the independent operator, M&A, private equity. All practitioner speakers, zero vendor keynotes. Jay McBain live. Brendan Ballou on the private equity playbook. An M&A panel run by operators, not buyers.
[00:02:59] Every session recorded. So even if a client call wins, you miss nothing. Small Biz Thoughts members are in free. Everyone else? 129 at smbonlineconference.com That's smbonlineconference.com Now, let's get into the show. The reason you can't see the dependency is simple. Nobody ever sold you the model. They sold you a feature.
[00:03:27] Think about why every vendor is racing to do that right now. Super Ops, one of the platform companies serving MSPs, said the quiet part out loud this month. The traditional moats are eroding. The thing that used to separate one PSA or RMM or security product from another, the feature set, the integrations, the workflow, is collapsing. Because everyone can build the same thing now. So, AI becomes the differentiator.
[00:03:53] The only way to stand out is to be the platform that does something intelligent the other guy can't. And the fastest path to intelligent is to take a frontier model, somebody else's, wire it into your product, put your brand on the output, and ship it. That's not a knock on any one vendor. It's the rational move when your old advantages are gone. But notice what it does. The model, the actual engine, disappears inside the product.
[00:04:21] You're not buying Claude or GPT. You're buying co-pilot readiness or a governed Microsoft 365 or an AI service desk. The dependency is real. It's just been painted over. And here's how far down it goes. Proofpoint, a major security compliance vendor, just announced it's integrating directly with Anthropics' Claude Compliance API. So companies can extend their data governance and oversight controls onto AI-generated content. Listen to that carefully.
[00:04:50] The thing sold as the answer to AI risk is itself built on the model's own API. So when the governance tool depends on the same model you were trying to insulate yourself from, you haven't escaped the dependency. You've just added one more thing that breaks when the model does. So this isn't a procurement choice you can revisit at renewal. By the time it's a product in your stack, the dependency is already structural. And the structural risk that nobody named lands on whoever signed the client agreement.
[00:05:21] So what does that actually cost you? Go back to the piece of the Anthropic Order that's easy to skip past. It applied to foreign nationals. The New York Times reported it plainly. The United States barred foreign individuals from using Anthropics' most advanced models. Now run that through your own business. If you have an offshore or near shore delivery team, engineers in the Philippines, analysts in India, a help desk in Latin America,
[00:05:45] and any part of their workflow touches that model, even when it's buried inside a vendor product you bought for something else, then for those people in those countries, the tools stopped working overnight. Not because you did anything, because a directive in Washington redrew the line, and your delivery capacity was on the wrong side of it. That's not a hypothetical. It's a continuity event you never wrote into a contract, never priced, and couldn't have seen coming, because you didn't even know which model was under the hood.
[00:06:14] Here's why that should worry you more than it does. NetTrio surveyed 401 mid-market IT leaders and found that 82% already have AI running in production, but only 26% have it scaled and governed across the organization. Sit with that gap. More than 8 in 10 are running AI for real, and fewer than 3 in 10 can actually account for it.
[00:06:38] Which means the overwhelming majority of MSPs and their clients right now cannot answer a basic question. Which model is touching which client's data, and what happens to us if it disappears? The dependency is everywhere. The visibility into it, almost nowhere. And here's what makes this bigger than your own shop. The whole channel is quietly standardizing with the same short list of frontier models. Your tools, your competitors' tools, your vendors' tools, all reaching back to a handful of the same engines.
[00:07:09] So a directive like that one doesn't take out one MSP. It takes out everyone wired to that model at the same moment. This is an isolated risk you can dodge by being careful. It's correlated risk the whole channel is holding at once. And the only thing separating you from the shop next door is whether you saw it coming. So the choice is clean. You can be the MSP that governs this on purpose. That knows exactly which models run inside each client environment,
[00:07:35] can swap one out when Washington or a vendor pulls the rug, and prices that resilience as the service it is. Or you can be the MSP that finds out which model you depended on at the moment it goes dark. Absorbing the outage, the cleanup, and the client's questions without ever having been paid to carry the risk. Here's what I'm hearing from MSP owners in the communities I watch every week. AI isn't making things simpler. It's creating new headaches.
[00:08:03] Clients are making bad decisions based on it. Tool stacks keep growing. And every vendor is claiming to have the answer. Pax8 is different. They're not selling you another tool. They're building the platform that pulls it together. An intelligent cloud marketplace, curated vendors, and education that maps how to monetize AI and build a scalable managed intelligence practice. If your goal is a cleaner, more profitable operation, not just more tech,
[00:08:33] that's exactly what Pax8 is built for. Check them out at Pax8.com. That's P-A-X, the number 8, dot com. Why do we care? Because before this is ever a client conversation or a line item, it's a question about your own shop. Right now, could you list every model your own tools and your own delivery team quietly depend on? Most MSPs can't. And that exposes the real mistake underneath all of this.
[00:09:02] Treating the vendor you bought from as the risk you've already handled. Picking the vendor is procurement. Knowing what runs underneath it and what you do the day it's pulled is operational resilience. And confusing the two is how a shop ends up exposed without knowing it. So what to consider? Inventory your own model dependencies before you sell the service. Go through your own toolset and identify which products are running on which Frontier model. And accept that for a lot of them, the vendor never told you.
[00:09:32] Make which model powers this and can it be swapped a standing procurement question for every AI feature you buy so the map stays current instead of going stale the next time you add a tool. Map your delivery team's exposure, not just your clients. Find every place you offshore or nearshore staff and lean on an AI tool that a directive like the Anthropic one could geo-restrict overnight. Identify which delivery functions would actually degrade if a model were cut off for foreign nationals
[00:10:02] and pre-stage a fallback, a second provider or a non-AI path. So a policy change in Washington never turns into a staffing outage you have to explain after the fact. Write a model down runbook and treat it like any other major outage plan. Build the internal procedure for the model our stack depends on just went dark. Who gets notified, which clients are affected, what the swap or workaround is, and how fast you can execute it.
[00:10:29] Run it the way you'd run an RMM compromise or a key vendor outage. Documented and tested, not improvised at the moment it happens. If this trend continues, within the next year or two, model independence stops being internal hygiene and becomes contract language. Clients burned by a vendor outage will start demanding to know which models run under their stack and who's accountable when one gets pulled. And the MSPs who can answer that in writing will have turned AI resilience
[00:10:58] into a priced, managed service category the rest of the channel hasn't named yet. This is the Business of Tech. Want more from the Business of Tech? Join Business of Tech Plus for ad-free episodes, early interviews, extended cuts, subscriber-only shows, and exclusive member perks and analysis. Sign up at businessof.tech slash plus. And follow this show on your podcast app.
[00:11:26] And if you're on YouTube, hit subscribe and the bell so you never miss a story. Reviews and comments help spread the word too. Interested in advertising? Head to mspradio.com slash engage. The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. Thanks for listening. I'll see you on the next episode.
[00:11:56] Under ethics guidelines. I'll give you a great example of the business of the other, and I think the best show that you live on right now. If you're watching a podcast, I'm gonna give you a minute to write, And when you're describing one of the best show coming soon. Everywhere you can see, there's a lot of options there. You can see, with regard to the world the first one. I'll see you on the next episode.