MSPs couldn’t escape one key message at the RSA Conference this year: you can’t scale security operations without AI anymore. In fact, AI security tools for MSPs have quickly become essential.
Rising alert volumes and a dearth of skilled analysts have pushed vendors to redefine the SOC using agentic AI, automation, and autonomous decision-making. The goal is to do more with less, but the implications for MSPs are more complex.
From AI-powered analysts to self-directed security workflows, the tools on display promise to transform how MSPs detect, investigate, and respond to threats. That is, if they can keep up with the pace of change.
The Rise of the Autonomous SOC
The biggest shift on display at RSAC was the move toward what many vendors are calling the “autonomous SOC.”
Chris Vincent
At Anomali, that shift centers on rethinking how AI agents operate inside security workflows. Chris Vincent, chief commercial officer at Anomali, described a move beyond simple automation toward more adaptive systems.
“A persona-based agent is like you or me,” Vincent explained. “A great example is an MSSP that has a series of analysts in its SOC. Each analyst can only chunk through so much overhead in a day. In building persona-based agents, we’ve built agents that essentially are a swarm of micro agents that do specific jobs. Then, we have a master agent that reasons and makes inferences.”
That focus on reasoning, not just task execution, signals how vendors are trying to elevate AI from a tool to something closer to a digital analyst.
Lisa Tetrault
Meanwhile, Arctic Wolf is taking a slightly different approach. It is emphasizing augmentation over replacement, according to Lisa Tetrault, senior vice president of security services at Arctic Wolf. The company is embedding AI into a managed service model rather than removing the human element.
Kerri Shafer-Page
“We offer this managed service; we take in all the telemetry and provide this managed detection and response service — and it’s all AI with human in the loop,” Tetrault said.
That model extends into incident response (IR) as well. Arctic Wolf’s Kerri Shafer-Page, vice president of digital forensics and incident response, said the combination of AI and human expertise is critical in real-world attacks. “IR is an example of we use and leverage AI in a lot of capacities. But that human element is so important because we’re negotiating and talking to criminals,” Page emphasized.
For MSPs, the distinction matters. The future SOC may be more automated, but human expertise is still a key part of the equation.
Doing More Without Adding Headcount
The biggest pain point for MSPs is capacity. That’s where vendors have focused much of their AI innovation.
Shashi Nair
For example, Dropzone AI is targeting alert triage and investigation. These are major time drains in SOC operations, shared Shashi Nair, head of global channels.
The company’s goal is to offload repetitive work from analysts, from alert triage to understanding context to creating reports and summaries. The outcome is more effective analysts who can focus on higher-value, mission-critical work. “We take away all that mundane stuff,” Nair explained. “All of that sucks up a lot of time for the Tier 1 analysts. So now, your analysts can focus on what’s really important and then do more advanced research and defense exercises for their organizations.”
Ryan Grant
ESET is hearing similar concerns directly from partners. Alert fatigue is a major issue in the channel, said Ryan Grant, North American country manager for ESET. “I just talked to a couple of MSPs this week who said, ‘I’m overwhelmed by all these alerts coming in.’ Our AI advisor is actually simplifying that process for them.”
Cameron Tousley
That effort also includes improving response outcomes to deliver actionable results, added Cameron Tousley, who focuses on MDR at ESET. “We catch something and we alert the MSP. In the process, we’re already working on the solution and delivering that within minutes.”
Vendors consistently pointed to AI as a practical way to stabilize operations without adding headcount.
From Human Hackers to AI Offense
Snehal Antani
Rather than just reshaping defense, AI is fundamentally changing the process of security testing.
Take Horizon3.AI, which is using automation to address a long-standing shortage of skilled penetration testers. The company is replicating the work of human testers by continuously probing systems for vulnerabilities and attack paths. The approach scales testing far beyond what human teams alone can handle.
It’s the only way to close the talent gap in offensive security, said CEO and co-founder Snehal Antani.
“There are only 25,000 ethical hackers globally. And if you think about the number of organizations that need to be tested, the math just doesn’t work. So the only way to overcome that supply-demand imbalance is to use a force multiplier. This is why we invented the whole concept of AI hackers.”
Lydia Zhang
Ridge Security is applying a similar model with a focus on making these capabilities more accessible. Automation allows organizations to run testing without specialized expertise, said President Lydia Zhang. “With agentic AI, a customer can have the agents run testing and eventually, they just get the report. Since it’s not a human base, you don’t need the human in the loop. It can drive the costs down dramatically.”
Nick Mo
Ridge Security is bringing offensive security capabilities to organizations that have historically been underserved. That shift is particularly important for smaller organizations. Advanced testing capabilities are becoming easier for MSPs to package and scale. “SMBs are the ones suffer a lot from those attacks, and they don’t have enough in-house expertise to help secure themselves,” said CEO Nick Mo.
What It Means for MSPs
The message from RSAC is that AI is evolving the SOC. Vendors are moving quickly. Capabilities are expanding and expectations are rising just as fast.
For MSPs, this creates a challenge as well as an opportunity. AI can reduce workload, improve response times, and unlock new services. But it also requires a shift in how security operations are structured and delivered.
The SOC of the future is not just faster. It is different.
Featured image: AI generated by Copilot
