Guardz, the leading cybersecurity platform for Managed Service Providers (MSPs), today released its 2026 State of MSP Threat Report. The findings reveal a rapidly shifting landscape where AI-powered attackers are exploiting persistent gaps in identity, authentication, and cloud security at unprecedented speed. The report underscores a critical "speed imbalance," where traditional manual security operations are failing to keep pace with automated, high-scale threats.
Identity Crisis: 89% of monitored SMBs had at least one user with confirmed credential compromise at any given time.
Session Hijacking Surge: Incidents rose by 23% over 180 days, allowing attackers to bypass Multi-Factor Authentication (MFA) entirely.
Machine Identity Risk: Non-human identities now outnumber human users 25:1 in Microsoft 365 environments, creating vast, unmonitored attack surfaces.
Escalating BEC Costs: Confirmed Business Email Compromise (BEC) losses now range from $140,000 to $1.5 million, a massive jump from 2025 averages.
RMM Tool Abuse: The single largest endpoint threat campaign, accounting for 26% of detections, involving the unauthorized use of tools like ScreenConnect and AteraAgent.
The AI Advantage: Guardz research shows AI-driven detection achieves 92.4% accuracy, compared to just 67% for human analysts alone.
The report highlights that MSPs are increasingly viewed as high-value targets because a single compromise can provide a direct path into an entire client portfolio. Threat actors are moving beyond simple malware, increasingly utilizing "living-off-the-land" techniques and impersonating legitimate Remote Monitoring and Management (RMM) infrastructure to maintain persistent access.
"Threat data shows that entry points haven't changed; attackers are still getting in through identity gaps and weak controls—just faster and at greater scale," said Dor Eisner, CEO and Co-founder of Guardz. "For MSPs, that means leveraging AI the same way attackers are. That accuracy gap between AI and human analysts is where MSPs either win or lose their clients' trust."
A key shift identified in the report is that attackers are focusing on deepening their access within compromised accounts rather than simply seeking new ones. By utilizing OAuth abuse and post-authentication persistence, threat actors can remain hidden within an environment while bypassing traditional defenses.
For MSPs managing dozens of environments with limited staff, the report concludes that AI-assisted response is no longer an optional luxury—it is the only infrastructure capable of matching the scale and velocity of modern cyber threats.
About Guardz
Guardz is the leading cybersecurity platform empowering MSPs to protect small and medium-sized businesses. By consolidating essential security controls and providing 24/7 managed detection and response, Guardz helps partners navigate the evolving threat landscape with real-time insights and automated remediation.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.