AI can help MSPs reduce repetitive work, improve service delivery, and scale without adding headcount at the same pace. It can also expose client data, introduce unapproved tools, and give automated systems more access than they should have.
That is the tradeoff MSPs need to manage.
In Wizer’s webinar, Can AI Optimize Your Business?, Gaby Friedlander spoke with Omer Segoly of Cyber Unit, James Abercrombie of Acronis, and Wizer CTO Itzik Spitzen about what practical AI adoption looks like for MSPs.
The conversation covered automation, Shadow AI, access controls, privacy, AI account takeover, and the role people still need to play. Here are the biggest takeaways.
One message came up repeatedly during the discussion:
Do not start by asking which AI tool to buy. Start by asking which problem needs to be solved.
Many businesses begin with a model, platform, or license before they have clearly defined the process they want to improve. That creates activity, but not always value.
For an MSP, a useful AI project might reduce time spent on reporting, improve ticket triage, strengthen documentation, or remove repetitive administrative work.
Before choosing a tool, answer a few basic questions:
If the workflow is unclear, AI may simply make a confusing process move faster.
Omer Segoly shared a practical example from Cyber Unit.
His team’s monthly client reporting process required pulling information from several security platforms and internal systems. The work was slow and heavily manual.
An early attempt to automate the process using traditional development actually made it worse. A task that took around a day and a half grew into a two day process.
Omer later rebuilt the workflow using AI assisted coding tools and a system designed around Cyber Unit’s actual needs. The result was a one click workflow.
The system now pulls the required data, prepares the reports and attachments, and gets the client communications ready. A person still confirms the action before anything is sent.
That final step matters. AI handles the repetitive work. A human stays responsible for the outcome.
AI works best when the process already makes sense.If a task depends on one employee remembering a series of unwritten steps, it is not ready to automate.
Omer stressed the importance of standard operating procedures. Clear documentation helps teams turn individual knowledge into a repeatable workflow. It also reduces a common MSP risk: tribal knowledge.
When one employee is the only person who understands a client environment or internal process, their departure can create a serious gap. A useful question to ask is:
Which process would become difficult if one person left tomorrow?
That process may be one of your best documentation priorities. Once it is clearly mapped, it may also become a strong automation candidate.
The panel repeatedly compared AI agents to employees. It is a useful comparison, but there is an important difference. A new finance employee will usually understand that payroll information should not be shared across the company.
An AI agent may not understand that unless the restriction is clearly defined and technically enforced.
An AI agent needs:
Access control also needs to work in both directions. The agent should only access the information required for its job. It should also avoid exposing that information to people who are not authorized to see it.
Do not assume the agent understands what is sensitive. Write the rules down. Then enforce them.
One of the most practical recommendations from the webinar was to introduce AI in stages. Start by allowing the system to:
Be much more careful before allowing it to:
The cost of an incorrect summary may be manageable. The cost of sending the wrong message to every client may not be.
Itzik described Wizer’s initial approach as starting with deny by default, then opening access gradually based on a clear need.
Even read access needs boundaries. Some information, including sensitive HR data or encrypted records, may need to remain completely outside the AI workflow.
Employees are already using ChatGPT, Copilot, Claude, Gemini, coding agents, browser tools, and other AI products. Some are approved. Others are not. This creates a visibility problem for MSPs and their clients.
An organization may not know:
Ignoring Shadow AI is not a strategy. The first step is to understand what is already happening.
Ask each department:
The goal is not to punish employees for experimenting. The goal is to decide what should be approved, restricted, replaced, or blocked.
Omer raised another risk MSPs should prepare for: AI account takeover.
An AI account may contain:
If an attacker gains access, they may not need to search through every file manually.
They may be able to ask the AI questions in plain language and quickly find the most valuable information. That makes basic account security essential.
MSPs should consider:
The same attention given to email and cloud accounts now needs to extend to AI platforms.
Every organization using AI should have a clear AI policy (free AI policy template!)
The policy should explain:
The policy does not need to be long. It needs to be specific and easy to find. But a policy alone will not prevent every problem.
Someone may paste an entire email thread without noticing confidential information at the bottom. They may upload the wrong file or include a credential while troubleshooting.
Training needs to work alongside technical controls that can detect, block, redact, and report sensitive information.
The goal is not to make employees afraid of AI. It is to help them use it without one mistake becoming a client data incident.
AI can prepare the work. A person should still approve decisions involving:
Human review should be built into the workflow.
For example:
That is much stronger than simply telling employees to double check AI.
The strongest AI projects do not begin with a model. They begin with a frustrating process the business understands well enough to improve.
For MSPs, the opportunity is significant. AI can reduce manual reporting, improve documentation, support service desk teams, and make internal knowledge easier to reuse.
But speed without control creates risk. The practical approach is clear:
Define the outcome. Document the workflow. Limit access. Add guardrails. Keep a human involved.
AI will not fix a broken process. It can make a good process much faster.