The dominant structural shift highlighted in this episode is the migration of AI from experimental tools into directly embedded workflows within widely used small business platforms. Vendors like Anthropic, with its Claude for Small Business connectors to QuickBooks, HubSpot, Canva, Google Workspace, and Microsoft 365, are abstracting away technical complexity by offering concrete, prebuilt automations that address specific business processes. This embedding moves operational risk and ambiguity from model selection to the permissions layer, where control, oversight, and accountability become central concerns for providers supporting these environments.
A key supporting development is Anthropic’s rapid market penetration, with the VentureBeat-cited Ramp AI Index reporting 34.4% business adoption of Claude in the US—outpacing OpenAI’s 32.3%. The implication, reinforced by research from the Global Technology Industry Association, is that AI service revenue is rising sharply, but only 30% of IT service providers in the UK and Ireland report fully integrating AI into their models. Simultaneously, governance gaps are being exposed: The Register notes user data may be employed for model training unless privacy settings are proactively changed, leaving operational risk exposed through default configurations.
Additional developments reinforce the risk and accountability shift. OpenAI has established a subsidiary focused on direct deployments and implementation, seeking to guarantee quality and consistency in enterprise integration. CIO Dive references Palo Alto Networks research indicating 77% of CIOs claim AI risk management confidence, yet only 30% have real usage visibility, and 62% cite rogue agent concerns. The discussion connects these risks back to routine SMB operations, where AI-enabled workflows can act on core business data, increasing MSP proximity to liability and making explicit who controls connectors, permissions, and incident response documentation.
For MSPs and IT service firms, the operational consequence is that supporting AI-enabled platforms now obligates them to establish and document governance, inventory, data access, and approval processes. Risk shifts from abstract model performance to concrete operational exposure, especially as AI systems interconnect with finance, identity, communication, and other high-stakes subsystems. Providers lacking scoped service definitions and contractual clarity face unpriced liability, while those that implement billable AI governance frameworks—such as audit templates, privacy reviews, and incident-ready contracts—are positioned to address demand from clients, auditors, and insurers. Neglecting these steps is likely to result in exposure to vendor-driven terms and diminished operational standing.
04:20 Readiness Crisis
06:24 Govern or Expose
11:13 Why Do We Care?
💼 All Our Sponsors
Support the vendors who support the show:
👉 https://businessof.tech/sponsors/
🚀 Join Business of Tech Plus
Get exclusive access to investigative reports, vendor analysis, leadership briefings, and more.
👉 https://businessof.tech/plus
🎧 Subscribe to the Business of Tech
Want the show on your favorite podcast app or prefer the written versions of each story?
📲 https://www.businessof.tech/subscribe
📰 Story Links & Sources
Looking for the links from today’s stories?
Every episode script — with full source links — is posted at:
🎙 Want to Be a Guest?
Pitch your story or appear on Business of Tech: Daily 10-Minute IT Services Insights:
💬 https://www.podmatch.com/hostdetailpreview/businessoftech
🔗 Follow Business of Tech
LinkedIn: https://www.linkedin.com/company/28908079
YouTube: https://youtube.com/mspradio
Bluesky: https://bsky.app/profile/businessof.tech
Instagram: https://www.instagram.com/mspradio
TikTok: https://www.tiktok.com/@businessoftech
Facebook: https://www.facebook.com/mspradionews
Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.
[00:00:02] Clawed for small business matters because it shows where the market is heading. AI is being delivered as a set of connectors and workflows inside the systems small businesses already depend on. That makes adoption easy, but it also moves risk into the permissions layer. What the AI can see, what it can change, what it can trigger, and who is accountable when it acts outside intent. The MSP that treats this as another tool to support will inherit ambiguity.
[00:00:32] This is the Business of Tech. I'm Dave Solt. AI is showing up in small business operations in a way that is more concrete than chatbot experimentation. The signal is that AI vendors are now packaging automation as connectors and pre-built workflows inside the business systems SMBs already use every day. Start with Anthropic. Clawed for small business is being positioned around connectors into platforms such as QuickBooks,
[00:01:02] PayPal, HubSpot, Canva, DocuSign, Google Workspace, and Microsoft 365. That matters because those are not side tools. They are where small businesses manage money, customers, documents, campaigns, payments, and day-to-day work. The product framing is also important. This is not being sold as a blank model that a small business has
[00:01:25] to figure out. It's being sold as skills and agentic workflows, payroll planning, month-end close, invoice chasing, sales campaigns, and content creation. In other words, the AI is being packaged around work the business already understands. That lowers adoption friction. TechCrunch describes the push as a way to convert small businesses, hardware stores, coffee shops,
[00:01:50] local service providers, and active AI users by making the product feel more like a toggle than a technology project. And the market is large enough to justify the push. Small businesses represent roughly 44% of US GDP and employ nearly half of the private sector workforce. There's also a governance signal inside the launch. The Register notes that Anthropic says some of these
[00:02:15] capabilities are included at no additional cost for certain paid plans, while also pointing out that user data may be used to improve models unless a privacy setting is changed. That is exactly how operational risks enters quietly. Through features that are easy to enable, connected to important systems, and governed by settings many clients may not review. This is not just one vendor's story. VentureBeat, citing the Ramp AI Index, reports that
[00:02:43] Claude reached 34.4% U.S. business adoption in April, edging past OpenAI at 32.3%. So the signal is not merely the Anthropic launch to small business package. The signal is that AI workflow platforms are moving towards default status inside businesses. Now zoom out to the channel. The Global Technology Industry Association's State of the Channel 2026 research says AI services are now the top revenue growth
[00:03:12] driver for IT service providers in the UK and Ireland, but only about 30% have fully enabled AI into their business models. In other words, SMB adoption is being made easier, vendor momentum is accelerating, and the channel is still catching up. If you're delivering Microsoft Cloud services, Nerdio is a company you should know. Nerdio builds software that helps manage service providers deploy and manage
[00:03:40] Microsoft Cloud environments more efficiently. That includes things like Azure Virtual Desktop, Microsoft 365, and Microsoft Intune. What Nerdio focuses on is automating the infrastructure work, managing multiple tenants, provisioning environments, managing policies, and optimizing Azure costs. So MSPs can run Microsoft Cloud services without the operational overhead that usually comes with them. Instead of building and
[00:04:05] maintaining those systems manually, Nerdio provides a platform designed specifically for MSP operations. If Microsoft Cloud is part of your services strategy, Nerdio is worth a look. Learn more at GetNerdio.com. The mechanism underneath all of this is simple. AI is moving from the realm of tools into the realm of work, and the mechanism underneath all of this is simple. It's easy to use the system to use the system. It's easy to use the system to use the system to use the system. It's easy to use the system to use the system.
[00:04:34] They don't need just an answer engine. They need repeatable decisions, clean handoffs, defined approvals, and output another person or system can safely act on. Gartner's CMO spend survey, as covered by MarTech, shows the mismatch. Marketing leaders are putting about 15.3% of their budgets into AI, but only 30% of organizations are judged to have mature AI readiness.
[00:05:00] It's not a demand problem, it's an execution gap. Process, integration, data quality, governance, training, and the routines that turn software into operational results. When those muscles are missing, a packaged AI workflow becomes attractive because it feels like the operating model is included. The same dynamic shows up in the MSP market. ITPro notes that reselling AI licenses is not where the
[00:05:27] durable margin is. The value is shifting into running and governing the work around the technology. AI-driven service desks may reduce interactions by 40-50%, and agents may handle a large share of initial tickets. But that only works if someone standardizes intake, defines escalation rules, maintains clean data, and decides where humans stay in the loop. That's the mechanism. Vendors are packaging AI as
[00:05:55] finished workflow because customers want the outcome without first building the discipline. But the model is not doing the heavy lifting by itself. The operating system around it, things like permissions, process, data, escalation, and a review determines whether AI becomes productivity or unmanaged exposure. If you're listening to this and you haven't hit follow yet on Apple Podcasts,
[00:06:20] search Business of Tech. It takes five seconds and you'll get the next episode automatically. The consequence for MSPs is that this automation layer is becoming a governed surface, whether the client has a plan for it or not. The reason is liability. Once AI connects to finance, identity, documents, CRM, email, and productivity systems, the risk is no longer abstract model
[00:06:47] quality. It becomes operational. An AI workflow can approve, send, delete, expose, summarize, route, or trigger work inside systems the business relies on. That creates three questions every incident will force. Who authorized the workflow? Who controlled the permissions? And who was responsible for monitoring what it did? In many SMB environments, the MSP is already closest to those answers because
[00:07:14] it manages the tenant, the integrations, the security tooling, the help desk, or the client's day two operations. That's why the responsibility lands near the MSP. Not automatically by title, but by proximity to control. Here's your first proof point. CIO Dive, citing research from Palo Alto Networks and CIO Dive, found a massive visibility gap. 77% of CIOs say they're confident managing AI risk, but only 30%
[00:07:44] say they have full visibility in how AI is actually being used inside their organizations. And when the conversation turns to agentic AI, the concern gets sharper. 62% said they're most worried about rogue agents, and more than half reported unauthorized actions. That's the tell. This isn't a debate about whether AI is good or bad. It's an operational reality. Systems are taking actions, decision paths are
[00:08:12] getting automated, and most organizations can't reliably answer the basic questions. What's running, what it touched, what it did, and what guardrails were in place when it did it. And here's what that looks like in practice. A client enables an AI connector to help with receivables. The workflow has access to email, invoices, customer records, and payment status. If it sends the wrong reminder,
[00:08:37] exposes account details, changes a record, or triggers a payment-related action without the right approval, the client owns the business impact. But the MSP may still be asked why the connector was enabled, why the permissions were so broad, why no approval rule existed, why logging was incomplete, or why the contract had never said whether AI workflow governance was in scope. Now the second proof point, because it shows where the market is heading. OpenAI is
[00:09:07] building its own services muscle. Channel Dive reports, OpenAI launched a standalone consulting venture, OpenAI Deployment Company, seeded with $4 billion, adding forward-deployed engineering teams to help enterprises integrate AI into production. The register frames it even more bluntly. OpenAI doesn't want incompetent AI consultants ruining the market, so it bought its own. In plain terms, the platform vendors are
[00:09:33] treating implementation quality, governance, and the operationalization as part of the product experience, not an afterthought. That matters for MSPs because if they do not define this work for S&B clients, vendors and larger consultancies will define it around their own platforms, their own frameworks, and their own economics. So this is the choice. One path is to become the provider that simplifies and
[00:10:00] governs the automation layer. That's inventory, policy approvals, logging, exception handling, privacy settings, and day two to review. That is a scoped service. The other path is to keep being helpful while AI workflows expand across client systems. In that version, the MSP still gets the escalation when something breaks, but without the authority, pricing, contract language, or audit
[00:10:26] trail to defend the work. In the AI era, that second path is not support. It's unpriced exposure. This episode is brought to you by ControlMap. Growing MSPs are using ControlMap to build recurring revenue by expanding their GRC services. Starting now, ControlMap is offering a free plan for MSPs looking to get started with providing compliance as a service. Create a free account and run an assessment.
[00:10:55] Track key items like policies, risks, and evidence in one place. It's a practical way to prove value to a client before deciding to expand your compliance offering. Try ControlMap for free today. Visit scalepad.com to get started. That's scalepad.com. Why do we care? Because the winners won't be the MSPs
[00:11:19] who support AI tools, but be the ones who can prove control over AI-enabled work, what's connected, what data it can reach, what actions it can take, who approved those actions, and what log shows the result. As platforms and vendors move into deployment services, the MSP that only helps clients turn features on becomes interchangeable. The MSP that can document authorized automation, monitor exceptions, and price
[00:11:46] governance as a service gets the strategic account. The MSP that cannot will still get the incident call, but they don't have the scope, evidence, or margin to answer it. What to consider? Audit your existing client environments for AI connector exposure now. Any client on a paid CLAWD, Microsoft 365 Copilot, or Google Workspace plan with AI features enabled may already have connectors or workflow capabilities
[00:12:13] active, even if no one has formally classified them as AI governance risk. Build a one-page inventory template. What AI features are active, what data sources they touch, what actions they can take, and whether privacy and training settings have been reviewed. This is a billable discovery engagement, not a freebie. Add AI data governance to your standard onboarding checklist. The default data
[00:12:39] training opt-in on CLAWD's paid plans is a concrete, documentable risk. Every new client agreement should include a line item confirming AI platform privacy settings have been reviewed and configured. This creates a paper trail and positions the MSP as the party who caught it. Define what AI governance means in your service catalog before someone else defines it for you. MSPs who don't have a named, scoped,
[00:13:07] priced AI governance offering within 12 months will be responding to RFPs written around vendor-defined frameworks on vendor terms. And pressure test your own master services agreement for agentic action liability. If a client's AI agent sends an unauthorized payment, deletes a record, or exposes data, and the MSP manage the platform, the current language almost certainly doesn't address it.
[00:13:33] Get legal review and scope of liability for AI-assisted actions taken within managed environments. If this trend continues, AI governance will become a standard MSP service line within 24 months. And cyber insurers, compliance auditors, and larger customers will begin asking SMBs for evidence of AI workflow controls before they ask whether the business has an AI strategy. This is the Business of Tech.
[00:14:04] Want more from the Business of Tech? Join Business of Tech Plus for ad-free episodes, early interviews, extended cuts, subscriber-only shows, and exclusive member perks and analysis. Sign up at businessof.tech slash plus. And follow this show on your podcast app, and if you're on YouTube, hit subscribe and the bell so you never miss a story. Reviews and comments help spread the word too.
[00:14:31] Interested in advertising? Head to mspradio.com slash engage. The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. Thanks for listening. I'll see you on the next episode.