Threading the AI Risk/Reward Needle

It’s kind of a glass half full or half empty question. Which has more of your attention these days, AI’s risks or its rewards?

We hardly need to belabor the scale of the potential rewards by now, and I’ve written repeatedly in recent months that IT providers needn’t wait years to begin cashing in on them.

“Small business owners need automation. They need an alternative for increasingly unreliable and expensive human capital,” says Rob Scott, chief innovator at Monjur, a “contracts-as-a-service” vendor for MSPs. As a result, he continues, “we are standing at the precipice of an explosion of commercialization of AI solutions.”

Scott would be the first to tell you though (he’s an attorney as well as entrepreneur) that there’s a lot of risk associated with AI, so much in fact that it arguably outweighs all that opportunity right now.

AI turbocharges data leakage. It exhibits bias in ways that affect both businesses and their customers. It exposes marketers to whole new forms of legal action. Its training data is vulnerable to poisoning. And above all, most famously, it hallucinates. Oh, how AI chatbots in particular love to hallucinate.

Which is why even West McDonald (pictured), founder of, an AI consultancy for MSPs, describes himself as being “on the fence” about chatbots.

“The hallucinations have gotten a lot better, but they still exist and people trying to jailbreak the systems can still do it,” says McDonald, a well-known figure in the MSP channel and former president of the Managed Print Services Association. “If you’re going to have one on your website, you have to at least make sure that you have all of the caveat language that goes with it.”

And yet McDonald, like Scott, very much encourages you to get in on AI now. Every technology entails risk, he notes. Do you use email, for example?

“You shouldn’t if you’re worried about security, because obviously people succumb to phishing campaigns,” he says. Yet no one’s about to uninstall email.

“You try and mitigate those risks,” McDonald observes.

In different ways, he and Scott are both trying to help MSPs do the same with AI. Scott’s contribution to threading the AI risk/reward needle is a new “service attachment” add-on for master service agreements. As strong as MSAs are when properly drafted, Scott says, most have been dangerously antiquated ever since the abrupt arrival of generative AI.

“We’ve identified seven key areas where the old way of contracting for managed services is insufficient for AI,” Scott says. Those encompass everything from data privacy and bias to hallucinations and regulatory compliance. “What if you go through these projects and then the government bans the use of AI voice assistants?” he asks.

Ethical use of AI is covered in the attachment as well. “It’s my opinion that responsible AI is the obligation of both the provider and the end user, and they should equally commit to each other contractually to do that,” Scott says.

His point in producing an 11-page contract covering such topics, it’s worth emphasizing, isn’t to discourage MSPs from entering the AI arena. It’s to help them get into that arena safely. Indeed, Scott sees a big, potentially lucrative, market for AI consulting in a field he knows well—the legal profession. Lawyers want to use productivity tools like ChatGPT without exposing privileged client information to genAI platform operators.

“So the ability to deliver chat-based solutions that are trained only on that law firm’s information, but that information isn’t shared out to the large language or open language models, is an area of huge interest,” Scott says.

That’s just the beginning, adds McDonald. Users in a whole slew of verticals have similar needs. “There’s a big services play,” he says.

A profitable one too, he adds. “There’s such a huge growth curve for what people are doing right now, and shockingly not that many people actually helping them,” McDonald says. “The margin opportunities are very healthy.” came into being some seven months ago to help MSPs capture that margin. McDonald’s approach to the task is a sort of “train the trainer” strategy that begins with showing IT providers how to streamline their own workflows with AI.

“You have to go through it yourself to be able to then go to your customers,” he says.

Once his clients understand the technology well enough to use it internally with confidence, McDonald helps them design money-making services before eventually introducing a fractional “chief artificial intelligence officer” practice.

That’s exactly the kind of offering Scott encourages MSPs to provide as well. “This is the new technology,” he says of AI. “Clients are asking about it. You need to have answers.”

Thanks for reading Channelholic! Subscribe for free to receive new posts and support my work.

The turning tide on tech hiring

Has hiring tech talent shifted from a seller’s market to a buyer’s one? Not yet, but it sure appears to be headed in that direction.

A little over 12% of IT providers globally plan to raise technician compensation by more than 6% this year, per recent data from ConnectWise’s Service Leadership unit. That’s down sharply from 22.6% in 2023, which was itself down sharply from 34% in 2022.

“When you have 85% of your expenses [in] your workforce as an MSP, a four to five percent increase is radically different than a seven, eight, nine percent increase,” notes Service Leadership VP and General Manager Peter Kujawa. We’re still not back to the 3% or less salary bumps common before the pandemic, he adds, “but it’s definitely, definitely cooling off.”

A further indicator: MSPs and VARs are having no trouble getting employees who like working from home back in the office. Just 8.7% of their people are fully remote at present, down from approximately 100% four years ago in the earliest days of Covid-inspired lockdowns.

“I would have guessed 30, maybe 40 percent,” Kujawa says.

Conclusive explanations for such trends are elusive, but it’s not hard to intuit a few when you glance around the economy. GDP growth, we learned yesterday, slowed to 1.6% in the first quarter of the year. A key inflation indicator, we subsequently learned this morning, rose an unexpected 2.8% in March. Both figures suggest interest rate cuts may arrive later and more slowly than experts predicted just three months ago, which further suggests there could be more layoffs coming from skittish vendors like Dell, Trend Micro, and Pax8.

Tech unemployment, meanwhile, was 3% last month, according to CompTIA, versus 2.2% a year earlier and a near-record low 1.3% the year before that.

Technicians seeing all of those developments are more inclined to stay put than in the era of the Great Resignation. “All of a sudden my current employer, who I know is solid, maybe seems like a better idea for a while,” Kujawa says.

The “who I know is solid” part of that statement is key, though, because as in so many other areas the hiring scene looks very different for best-in-class MSPs and worst-in-class ones. Only 12.6% of MSPs in the top quartile (who grew adjusted EBITDA 17.6% last year on average, according to Service Leadership) plan to increase employee salaries by more than 6% this year versus 23.2% of MSPs in the bottom quartile (whose adjusted EBITDA dropped by 1% last year).

In other words, the industry’s worst performers, already underwater financially, have to pay significantly more than their most successful peers to fill empty positions. Kujawa isn’t surprised.

“You’re not delivering quality at the level that other MSPs are,” he says of bottom-quartile companies, “so your employees are more likely dealing with more issues all day, getting yelled at by their clients, etc.” Who wouldn’t demand better pay to endure that?

Or better benefits, for that matter. Fully 35.6% of bottom-quartile MSPs offer unlimited personal time off, versus just 15.9% of top-quartile providers.

“Throwing in unlimited PTO probably seems like an inexpensive way to get some more employees in the door, or maybe keep your existing employees,” Kujawa observes.

It’s also an act of desperation making a bad situation worse. “You’re losing money, you’re paying the most for your people, and you’re paying the biggest increase to those people,” Kujawa says. Needless to say, that’s an unsustainable arrangement unlikely to end well for a sadly large number of businesses.

“They’re in a death spiral,” Kujawa says.


Backup and security: still better together

You’ve probably read elsewhere this week about data protection vendor Veeam’s acquisition of incident response vendor Coveware for an undisclosed sum. Incident response, you’ll notice, is a cybersecurity function, not part of data protection, making this deal the latest evidence (per earlier reporting) that businesses increasingly want “cyber resilience” solutions combining backup and security rather than stand-alone offerings in each category, and vendors know it.

Indeed, buying Coveware and allying with Sophos won’t be Veeam’s last or only moves to build out its cyber resilience portfolio. “Veeam believes that cyber security services, and especially incident response, is vital,” said Dave Russell (pictured), the vendor’s senior vice president of product strategy, in an email to Channelholic. “But Veeam is also going beyond remediation, to proactively reduce the threatscape.”

And how might it do so next? “Veeam will continue to assess how best to add value, but both expanded product and services are constantly being evaluated,” Russell wrote.

Worth noting that while Coveware’s services are primarily for enterprise buyers, security offerings for SMBs are on the vendor’s radar too.

“Veeam has always believed in democratizing improved availability and resiliency, and [is] exploring ways to infuse more of our threat hunting, threat detection, and cyber resilience capabilities into solutions across segments,” Russell wrote.

What makes the greatest partner programs great?

They’re all about building relationships and putting people first, according to Channel Mastered CMO Charlene Ignacio. Hear all about it in the latest episode of MSP Chat, the podcast I co-host.

Also worth noting

ConnectWise integrated its MDR service with Microsoft Defender for Business last fall. Now it’s done the same for its ConnectWise RMM and ConnectWise PSA products.

Liongard has added an AI-powered support companion to its attack surface management platform.

Copilot for Microsoft 365 is now generally available for users of Microsoft 365 F1, Microsoft 365 F3, Office 365 E1, and Microsoft 365 Business Basic.

SonicWall has introduced SonicPlatform, a unified management plane for its growing catalog of solutions and services.

Trend Micro has added AI-based cyber risk management capabilities to its flagship Vision One platform.

ESET has integrated with MDR vendor Arctic Wolf and added new rebates and benefits to its partner program.

It’s also integrated with XDR vendor Stellar Cyber.

Stellar Cyber, in turn, has integrated with Acronis and rolled out a MITRE ATT&CK Coverage Analyzer.

In a move beyond its foundation in security awareness training, KnowBe4 has acquired email security vendor Egress.

Perception Point has embedded Spin.AI’s browser extension risk assessment functionality in its browser security solution.

Produce8, a recent startup you’ve read about here before, has shipped a new release that captures employee sentiment, collects video call data, integrates with calendars, and more.

Aryaka has a new migration acceleration program for people looking to ditch legacy networks in favor of SASE.

Lenovo has a whole new bunch of AI-oriented servers and hyperconverged infrastructure solutions.

Among many other things, the big new retail communications solution from Wildix unit x-hoppers provides AI-based theft detection and training assistance.

Tech services powerhouse Jolera has acquired tech services powerhouse ITCenter to expand its footprint in the U.S. and Europe.