
Oliver Simonnet, Lead Security Researcher at CultureAI suggest that MSPs must not overlook AI cyber attacks on people
Security is a huge growth area for the channel, with 90% of MSPs expecting expansion as a core service in 2025 according to a recent N-able survey. But with this growth comes a significant challenge – staying ahead of an increasingly complex, AI-driven threat landscape.
In the last 12 months, SoSafe claim that 87% of global organisations have faced AI-powered cyber attacks. Threat actors are leveraging the technology to launch more sophisticated campaigns that exploit human vulnerabilities. From AI-powered phishing and social engineering attacks to deepfakes and impersonation, AI is not only increasing the scale of attacks but also their precision and believability.
This shift makes one thing clear - MSPs and MSSPs must now treat human-centric risk with the same level of urgency and strategic focus as software risks. Doing so will allow them to better protect clients against human-centric threats and cement their role as trusted security advisors in an AI-accelerated world.
The evolving threat landscape
Just as AI has radically changed many aspects of our working lives in just a few short years, so too has it radically changed the threat landscape. Not only catalysing a higher volume of cyber attacks but AI has significantly increased the sophistication of these attacks. Historically, fudged branding or rogue spelling mistakes aided in the detection of phishing attacks. Whereas the aid of AI tools has made many attacks nearly undetectable for users, rendering traditional security awareness training ineffective.
Crime groups are now leveraging AI to enhance the scale and sophistication of their attacks. Previously relying on manually executing campaigns of impersonation and phishing, their attacks show signs of automation and precision powered by AI.
One of the biggest shifts has been the use of AI-driven voice cloning for vishing attacks, which have surged by 442% between the first and second halves of 2024 according to CrowdStrike. This has allowed threat actors to impersonate IT staff and other suppliers with a short audio clip so that they can bypass authentication measures or request sensitive information.
This evolution in tactics, techniques and procedures highlights how even the most robust defences can be bypassed through social engineering, as attackers increasingly shift from exploiting technical vulnerabilities to manipulating human behaviour.
While full details are still emerging, we have seen this manipulation first-hand during the April 2025 Scattered Spider attacks on M&S and The Co-op, two UK high-street retailers. It has been reported that in both cases, the attackers began by impersonating employees and contacting IT help desks. By targeting this human weak point, it’s reported that they successfully convinced staff to reset email credentials, granting them access to internal systems and setting the stage for broader compromise.
Navigating the new human perimeter
In the wake of this new human threat perimeter, it is clear organisations need to revise their security approach and better prepare their employees to defend themselves against these threats. Many organisations still rely on outdated methods to tackle human vulnerabilities, hosting annual cybersecurity training and phishing simulators. But this simply places the burden of security on employees without meaningfully reducing the risk of breaches caused by human error.
This approach has been the default for too long and cannot keep up with the rapid advancement of attacks. We need a shift towards proactive human risk detection and response – using systems that can automatically detect the risks people are creating and trigger interventions at the point of risk to protect the employee. Human threat mapping is a great starting point for this. It enables security professionals to visualise their human-centric threat landscape, identify behavioural patterns that expose them to risk, and enable them to implement timely, targeted interventions.
How human threat mapping can unlock new value
With unmatched visibility across diverse environments and a critical role in shaping proactive security strategies, MSPs must now rise to the challenge of mitigating human risk.
This starts by educating business and security leads on the human threats they face and how they can effectively mitigate them, creating a company-wide approach that can safeguard employees at every level.
Human threat maps provide a structured, visual way to identify and communicate the specific human behaviours that are enabling threats within an organisation. Rather than discussing risks in abstract terms, MSPs can use human threat maps to pinpoint precise vulnerabilities. For instance, if a client is concerned about SaaS-related threats, the map can reveal that the underlying issue may stem from risky file-sharing practices or weak password habits within collaboration platforms, giving both parties a starting point to shape next steps.
By grounding these conversations with a research-backed framework, MSPs can make their guidance more relevant and actionable, helping customers understand not only where their risks lie but also why they exist and how they can be addressed. This positions the MSP as a trusted security advisor capable of delivering measurable value across the full threat landscape, opening the door to new services.
As AI is amplifying both the scale and sophistication of cyber threats, the human element has become the most dynamic and vulnerable part of the security equation. For the channel, this presents both a challenge and an opportunity. By shifting toward proactive behavioural threat detection and response, MSPs can move from reactive defenders to strategic enablers of cyber resilience.