‘Some of the most advanced phishing emails now are AI-generated. It’s gotten to the point where emails can be flagged just for being too perfect,’ says ConnectWise CISO Patrick Beggs.
As artificial intelligence evolves in the security landscapeMSPs are met with both opportunities and challenges to both further secure their customers but stay educated and on top of governance and third-party risk management.
“AI is definitely becoming the star of the show, and cybersecurity is fully integrated into that,” ConnectWise CISO Patrick Beggs told CRN. “Some of the most advanced phishing emails now are AI-generated. It’s gotten to the point where emails can be flagged just for being too perfect.”
Attackers are also leveraging AI to rapidly generate malicious domains, forcing MSPs and other cybersecurity experts to move just as quickly.
“AI speeds up everything on the attacker’s side, so we have to speed up on ours too,” he said.
This is why ConnectWise is pushing towards a unified, AI-driven platform that merges everything from threat intelligence to endpoint detection and response into a single dashboard.
“Tool sprawl used to be a big issue,” he said. “Now it’s about having that single source of truth, the common operational picture for cybersecurity. That’s what Asio is becoming.”
Further down the road, the focus will be on refining existing systems rather than building entirely new ones, he added.
“We’re in what I’d call the refinement stage. It’s less about building from scratch and more about tightening the screws,” he said. “But AI’s only as good as the people and processes behind it, so a big part of our focus is education: training teams and partners to use these tools smartly and securely.”
CRN spoke further with Beggs about AI’s impact on cybersecurity, how MSPs can safely leverage AI and how education is at the core of it all.
AI is taking center stage. How is it all coming together on the Asio platform?
AI is definitely becoming the star of the show, and cybersecurity is fully integrated into that. We’ve been working toward a single pane of glass experience. Think of it like one dashboard where everything lives: vulnerability management, threat intel, EDR (endpoint detection and response), MDR (managed detection and response), all feeding into a unified brain. That then powers SIEM (security information and event management) 2.0 and gives our SOC (security operations center) teams total visibility. Tool sprawl used to be a big issue, now it’s about having that single source of truth, the common operational picture for cybersecurity. That’s what Asio is becoming.
So what’s next in the next 12 to 18 months on the cybersecurity roadmap?
We’re in what I’d call the refinement stage. It’s less about building from scratch and more about tightening the screws, wrench-turning, if you will. Staying ahead of emerging threats is key and AI plays a massive role here. But AI’s only as good as the people and processes behind it, so a big part of our focus is education: training teams and partners to use these tools smartly and securely.
How is AI changing the threat landscape?
Oh, we’re seeing it already, especially with phishing. Some of the most advanced phishing emails now are AI-generated. Ironically, many email security tools are using the same AI detectors that universities use to catch plagiarism. It’s gotten to the point where emails can be flagged just for being too perfect. Attackers are also using AI to spin up hundreds of malicious domains in minutes, faster than vendors can categorize and block them. AI speeds up everything on the attacker’s side, so we have to speed up on ours too.
So is it AI vs. AI at this point?
Pretty much. It’s like a digital arms race, Terminator-style. But humans are still in the loop. Education and awareness are more critical than ever, especially as AI tools become more embedded in security stacks. That said, most organizations today aren’t running fully AI-powered security stacks. It’s still piecemeal. In the next 18–24 months, though, you’ll see fully baked AI-driven platforms becoming mainstream.
What does that mean for MSPs who may not be AI experts?
For MSPs, the biggest thing is to stay educated. Learn how to leverage these AI enablers to be more efficient and reduce headcount without compromising security. Some AI tools can now auto-fill ticketing systems with 98 percent accuracy. That’s a huge timesaver. What used to take 15 minutes can now take two seconds. That doesn’t eliminate the human role, but it shifts it. Tier 1 analysts might move up to Tier 2 or Tier 3 focusing on validation and quality assurance.
But what happens if an MSP rolls out AI tools they don’t fully understand? Isn’t there a risk there?
For sure. That’s where governance and third-party risk management come in. Any AI tool you bring in should go through rigorous vetting. We have a mature process for this. Sometimes, we tell our teams “no” when a tool isn’t secure enough, and that’s just how it has to be. We also actively hunt for shadow IT. If it didn’t go through our process, it gets blocked until reviewed. It’s a constant game of cat and mouse.
Some MSPs I’ve talked to said since AI can save them time, some customers now expect cost cuts. Is that concerning?
That’s a fair concern, and it’s already happening. Customers see faster outcomes and ask, ‘Why are we paying you for this many hours?’ But for smaller MSPs especially, this is an opportunity. They can now deliver higher-value cyber services without needing a full security staff. Smart automation powered by AI helps them scale without breaking the bank.
How do roles like cybersecurity engineers or CISOs evolve with AI?
They have to adapt, period. That means deploying AI securely and understanding what these tools are doing with your data. Is your AI tool learning from your data and sending it elsewhere? What happens if that vendor gets breached? We push for third-party reviews and vendor risk management because if you’re not asking those questions now, you’re already behind. The roles won’t go away, but they’ll focus more on oversight, strategy and risk governance than just hands-on configuration.
So what’s your message to the cybersecurity community in this AI-driven age?
Know what’s in your house. Know what you don’t know is in your house, then go find it. Continuous monitoring is more important than ever. Also, don’t underestimate the value of training. When something makes the news, I ask my team, ‘How would we respond to this?’ Then we build playbooks around it, sometimes with help from an AI chatbot. There’s no excuse anymore not to have great incident response playbooks. The tools are free. The time investment is minimal but the value is massive.