The MSP Playbook Just Changed. Again.

On 1 May 2026, three things landed in the same news cycle.

A trade-press column arguing the MSP operating model is being rebuilt around AI.

Guardz released its 2026 State of MSP Threat Report. The headline number: 89% of monitored SMBs had at least one user with confirmed credential compromise.

And the hyperscalers' Q1 numbers came in. AWS revenue up 28% to $37.6 billion. Bedrock spend up 170% quarter over quarter. Google Cloud past $20 billion.

Three signals. One conclusion.

If you buy managed services in India, for a BFSI branch network, a manufacturing OT environment, a hospital chain, a textile group, the deck your provider sold you twelve months ago is now wrong in three places.

We've been watching this shift land across our own client portfolio for the past two quarters. Here's what we're seeing, what changed in the last seven days, and where the conversation has to move next.

Two pieces of trade-press analysis this week put the shift in plain language. We've been having the same conversation across our managed-services book for months. The trade press just caught up.

It opens with an alphabet check most buyers haven't done in eighteen months.

EDR. Endpoint Detection and Response. Every endpoint security agent qualifies, technically. The agent reports back. A human decides what to do.

ADR. Automatic Detection and Response. The agent decides without a human. Remediates. Then reports.

xDR. Multiple agents across the network co-ordinate. Decisions are network-wide, not endpoint-local.

MDR. Managed Detection and Response. A human team running EDR, ADR, and xDR tools in combination. The humans "ferret out the suspicious and react."

That definitional sweep matters because the load-bearing point lands one paragraph later. EDR doesn't replace AV. It is an addition. The buyer who switched from antivirus to EDR and turned off DNS filtering and Active Directory hardening on the way through has a thinner stack than they started with, not a thicker one.

The MSP that pitched it as a swap was either confused or selling.

The second piece this week, on AI Agent Sprawl, makes the same shape of argument with a different alphabet.

The numbers in that piece are the ones to fax to your board.

87% of CIOs say AI agents are already embedded in critical systems.

Only 25% claim full visibility into all agents currently in production.

Sixty-two percentage points of agents nobody is watching.

A customer-support lead who deploys an agent to deflect tickets is not creating a problem. Twelve customer-support leads doing it across twelve departments, all routing through different inference endpoints, all touching different production systems, are.

Agents have a degree of freedom. Old "if-this-then-that" automation didn't.

The risk profile changes accordingly. An agent that misclassifies a single ticket and routes it to the wrong queue is harmless. An agent that misclassifies the wrong ticket, fires a downstream Workato action, and triggers an SAP update, before three other agents observe the SAP delta and react, is the start of a cascade nobody owns. The runbook for that cascade does not exist in your MSP's standard playbook because the playbook was written for SaaS sprawl, not agent sprawl.

So the questions to ask your MSP this quarter are concrete.

✔ Which of our endpoints carry an EDR agent today, and what does it actually do when it sees something suspicious. Alert. Quarantine. Kill. Or nothing.

✔ Which of our SaaS tenants have AI agents deployed inside them, and who provisioned each one.

✔ When an agent calls an external model with our data, where does that traffic egress, and is the model provider on our DPDP processor list.

✔ What is the runbook when an agent makes a mistake that propagates through three other systems before anyone notices.

If your MSP can answer two of those four cleanly, you have a relationship worth keeping.

If they can answer none, you have a procurement problem disguised as a security problem.

The Guardz numbers from 1 May reinforce the same point a different way. 23% rise in session hijacking. 190% increase in ransomware detections. Non-human identities now outnumber human users 25 to 1. The threat surface has stopped being shaped by what the user clicks. It is being shaped by what the agent fetches.

Pricing per device per month was the right model when one user mapped to one endpoint mapped to one risk. The math no longer holds.

A piece in Voice & Data India this week (1 May 2026) does the thing most SASE marketing won't.

It puts SD-WAN on the bottom of the stack.

Most CIOs reading SASE pitches over the past two years have been shown a flat layer cake. Identity. Edge. Inspection. Transport. Four horizontal slabs of equal weight. The pitch implies you can buy any one of them and call it SASE.

The framing in Vivek Srivastava's piece is sharper. Without secure SD-WAN underneath, SASE is identity-and-policy decoration over a transport that wasn't built for it.

The numbers back the framing.

Gartner: by the end of 2026, around 60% of new SD-WAN purchases globally, including in India, will be part of a single-vendor SASE offering. That figure was 15% in 2022.

47% of enterprises will have deployed SASE by 2027.

Per Coherent Market Insights, the India SASE market is forecast to reach USD 2,136.6 million by 2032, growing at a 22.1% CAGR.

What that means for the operator on the floor is unsexy and concrete. Transport must know the policy. If your branch network is still MPLS plus a leased line plus an "internet break-out" port that nobody audits, none of the SASE features your vendor is upselling will deliver the latency, the policy consistency, or the visibility you signed for. The transport layer is doing none of the policy enforcement. So the inspection layer above it has to do all of it. Which it cannot do at line rate, on every flow, for every user, every time.

The SASE pitch breaks at the transport layer most weeks, not the policy layer.

There's a sovereign-AI dimension underneath this too.

The same publication's piece by Ayushi Singh argues Indian telcos are now restructuring how data, compute, and AI models are hosted, with national-jurisdiction control as a strategic imperative rather than a compliance footnote.

That sits upstream of every enterprise SASE rollout in India this year.

If your inference endpoint moves to a regional cluster six months from now, because your telco's SDP architecture changed, your SASE policies need to recognise the new egress points without a manual rewrite. If they need a manual rewrite, the policy layer is brittle. Brittle policy layers are how an audit becomes a six-week incident.

The infra teams who win the next eighteen months will treat SD-WAN, SSE, and sovereign-AI routing as one design problem.

Not three procurement cycles.

The infra teams who lose will sign a SASE PO this quarter and discover the bill in 2027.

Two practical questions to put to a SASE vendor before signing.

✔ When the underlay transport changes, which of your features still work, and which need a re-policy event. Get the answer in writing.

✔ Show us the audit log of policy changes from your existing customer in our vertical. Specific dates, specific change descriptions, specific approver IDs. If the answer is "that's confidential", the audit trail does not exist.

Cisco shipped its own piece this week. The opening anecdote will land for any infra lead who has lived through one of these:

The thesis underneath the anecdote is sound. The most dangerous moments in NetOps are not the outages themselves. They are the gaps between detection, understanding, and remediation.

The vendor pitch for closing those gaps is AgenticOps. Sense. Reason. Act. With cross-domain intelligence, AI-assisted workflows, and human oversight as the safety word.

The line worth holding the rest of the category to: "This isn't AI guessing in production. It's AI built to earn your trust."

Because every network vendor will ship an "agentic" SKU this calendar year. Most of them will not be ready for the BFSI change-window or the manufacturing OT environment your MSP supports.

A short, ruthless evaluation framework. We use a version of this internally on every vendor PoC we run.

1. What's the rollback? When the agent makes an autonomous change that takes a branch offline, what is the revert path, and is it itself agent-driven? If the rollback needs a human at 3 AM, the autonomy isn't autonomy.

2. What's the audit log? Every agentic action must produce a deterministic, queryable record. What was the input. What was the reasoning. What was the action. Who was the approver-of-record. "AI black box" is not an acceptable answer to any of those four questions.

3. What's the blast-radius cap? A good agent platform lets you say "this agent can change at most 5 ACLs, 1 BGP peer, and 0 firewall rules per change window without human sign-off." A platform that gives you a single on/off switch for autonomy is not enterprise-grade.

4. Where does the inference run? If it runs in a US-region SaaS endpoint, your operational data is leaving Indian jurisdiction. Cross-check against your DPDP processor list before the trial, not after.

5. How does it explain itself in plain language? "Explain what's happening AND safely troubleshoot" is the right bar. If the platform's explanation is a JSON blob the operator has to interpret, you've added a tool, not removed one.

If a vendor cannot answer all five inside one call, they don't get a PoC.

If a vendor answers all five and the answers are credible, you have a candidate worth a 90-day pilot in a low-blast-radius slice of the network. Branch number eleven of seventy-three, never the BFSI core, never the OT segment that runs the production line.

While the vendors and analysts argued about the future of the operating model, the present kept happening.

The week's operational threats are unambiguous. Three of them belong on a runbook by Tuesday.

One. CVE-2026-41940. cPanel, WHM, and WP Squared authentication bypass. First disclosed late April. Emergency patch shipped 29 April. Exploitation as a zero-day reported on 30 April, with attempts traced back to late February. On 2 May, the same outlet confirmed mass-exploitation in "Sorry"-extension ransomware attacks.

cPanel sits underneath a large share of Indian shared-hosting, SMB hosting, and reseller stacks. If your branch microsites, hostel-management portals, internal wikis, or any side-project public surface is on cPanel, this is Monday-morning patch work. The vulnerability bypasses authentication entirely, which means the usual "we're behind a WAF" defence line doesn't apply, because the attacker reaches the management plane before the WAF rules trigger.

Two. Cisco Talos's Year in Review. Published 28 April. Short. Load-bearing.

Top finding. Identity is the main battlefield.

Device compromise attacks +178% year over year. Attackers are registering their own devices as trusted MFA methods. Ransomware chains are running on valid accounts and credentialed tools, not on exploits. VPNs, AD Domain Controllers, and firewalls are being exploited specifically to steal session tokens and bypass MFA.

If your network refresh plan still treats the perimeter as the primary control, the plan is two years out of date. The perimeter is not where the attack lands. The session token is.

Three. CERT-In. Six advisories in eight days. CIVN-2026-0211, 0212, and 0213 today (4 May). Plus CIAD-2026-0020 (30 April) and CIAD-2026-0019 and 0018 (26 April). Indian organisations are obligated under Section 70B to triage these. Each note carries a CVSS score and an affected-product list at cert-in.org.in.

Do not wait for your MSP to forward them. Subscribe directly. The lag between CERT-In publishing a note and an MSP's NOC ingesting it into their ticketing system is, on average across the providers we have benchmarked, between 36 and 72 hours. That is too long for a CIVN with a CVSS of 9 or higher.

✔ Patch cPanel boxes today. CVE-2026-41940. No exception for "low-traffic" surfaces.

✔ Audit which devices are registered as trusted MFA methods in your IdP. Anything you don't recognise, kill. Document the kill in a short note to the user.

✔ Triage the six CERT-In notes by your own attack surface, not by the order they were published. The 9.1 against a product you don't run can wait. The 7.4 against a product you do run cannot.

The operational truth this week is the one Talos opened with. Attackers don't need new exploits when stolen identities still work.

An exclusive interview published this week with Samrat Rahi, Deputy Chairman of Syama Prasad Mookerjee Port (SPM Port) in Kolkata, is the field note this issue earns.

It is not a vendor story. It is a working Indian critical-infrastructure operator describing what happened when the port committed to unified observability and analytics across a sprawling, multi-vertical estate.

Rahi's anchor framing is unfussy. Move from fragmented legacy systems to a unified, intelligent, data-driven operational framework. The phrase that does the work in his interview is "real-time visibility". Not as a marketing line but as a precondition for faster, more informed decisions across cargo, land, and equipment.

What the port has actually deployed.

The Port Operations Management System (POMS) for end-to-end cargo visibility. Decision Support Systems (DSS) running predictive and prescriptive analytics over berth allocation and vessel scheduling. Large-scale digitisation of land and estate management, thousands of acres, through online applications, automated workflows, and integrated payment systems.

Where it is headed next.

AI-, IoT-, and digital-twin-based simulation of vessel movements. Berth allocation optimisation. Predictive maintenance of critical equipment. In Rahi's words: "a real-time virtual replica of infrastructure and operations, enabling simulation of vessel movements, optimisation of berth allocation, and predictive maintenance of critical equipment."

And underneath all of it, an energy programme. Smart LED lighting. Electrification of equipment. Shore power for vessels. Reducing operational cost while it cuts emissions.

The lesson generalises and it is worth saying straight. Infrastructure is a sensing surface.

That is the difference between a refresh budget you defend annually and an instrumentation budget you compound on annually.

The port's three-year deployment isn't a recipe. The reader can't lift POMS and DSS off the SPM Port org chart and drop them into a Pune textile group. But the principle is the same principle the better managed-services providers in this country have been pitching for the past 36 months. Unified. Instrumented. Analytics-fed. Automated where the decision is repetitive. Human where the decision is consequential.

The difference now is that real Indian operators are shipping it.

That changes the conversation in every quarterly review. The CFO who used to ask "why does network observability cost what it costs" now has an SPM Port answer. Because it lets us see the cargo move in real time. Because it lets us schedule berths the day before, not the day of. Because it lets us swap a transformer before it fails, not after.

Cost questions become value questions. Value questions get budgets approved.

Sovereign AI takes centre stage: Telcos rethink data localisation
Voice & Data India, 2026-05-01.
Read it as a procurement signal, not a policy piece. The telco design choices in here will reshape your egress and inference paths within eighteen months.

Scaling your network for AI without a forklift upgrade
Cisco Networking Blog, 2026-04-16.
The "complexity tax" framing, manual labour, security gaps, performance bottlenecks, is the cleanest way we've seen a vendor name what most Indian infra leads already know in their bones.

NFPA 70B Compliance in 2026 Raises Stakes for Life-Safety System Reliability
SecurityInfoWatch, 2026-04-24.
US-specific standard. The framing, preventive electrical maintenance as an audit-grade obligation, is what BIS/IS will look like for Indian commercial estates within two procurement cycles.

The thread this week is not "AI is changing everything".

It is that the MSP relationship in India just shifted from a tools relationship to a triage relationship.

For ten years the question your MSP answered was "what should we buy".

For the next ten it will be "what should we be watching, and which of these alerts deserves a human".

That is a different sales motion. That is a different invoice. That is a different contract.

If your MSP is still pricing per-device per-month with no observability deliverable in the SLA, the relationship is two pricing cycles behind the market. If your MSP is pricing per-incident with no agent-governance clause in the contract, the relationship is one breach away from an awkward conversation about who owned which decision when.

The buy question is stale. The watch question is fresh. Renegotiate around the watch question.

Our VEMIO™ platform is where we built our answer.

Reply to this email with the one question you'd ask your MSP this week if you only got one. We read every reply.

Until next time,

Ajay Salvi & the Vinay Enterprises team.