The Next SOC Shift Is Here: Autonomous Identity Response for MSPs

By Erik Linask

When you hear “AI in the SOC,” the logical thinking moves to better triage, faster alert correlation, smarter prioritization, and fewer false positives.  That said, the final call is still left to humans.  That’s not a bad thing, but it can be better — and it’s getting there.

Agentic AI is changing the human-machine relationship and is creating more opportunity for autonomous cybersecurity.  That’s not to say all cyber incidents or alerts should be fully autonomous.  There will always be a need for human intervention in higher-risk situations, such as when AI errors could result in irreversible or hard-to-reverse changes.  It’s an important part of agentic cybersecurity and IT tools.

That said, AI agents are becoming part of the IT and cybersecurity landscape, with Blackpoint Cyber being the latest to tout an agentic solution.

According to the company, its new AI SOC Agent for Identity Threat Detection and Response can autonomously contain high-confidence credential-based threats in Microsoft 365 and Google Workspace in less than two minutes on average — and in as little as 21 seconds — without waiting for a human to approve the response.    

As threat actors increase their use of AI, it’s important for businesses to have similar AI-driven tools at their disposal to respond.  That’s why this launch is important for MSPs.

Speed is critical with identity-based attacks because its where the response window closes fastest.  Once a credential is valid, an attacker does not need to exploit vulnerability or break through a control.  They simply log in.  From the system’s perspective, they are the user.

 Microsoft reported a 32% increase in identity-based attacks in the first half of 2025, and Blackpoint’s own messaging makes clear that attackers are moving at the same agentic speed defenders are now trying to match.

“The threat is already agentic,” noted Gagan Singh, Blackpoint Cyber CEO.”  The near-future adversary will operate without human direction at a scale we have never seen, and the same AI empowering defenders is being used to create novel threat vectors.”

For MSPs, that speed problem is compounded by scale.  A compromised identity inside a single enterprise or client environment is serious, but a compromised MSP credential can become a path into multiple customer environments.  That’s precisely why identity has become such a high-value target and why delaying containment for even a few minutes can matter so much more in partner environments than in a single-tenant SOC.

To be clear, this is not an entirely automated solution and there is still an element of human action, when it’s required.  The AI SOC Agent does not act on everything.  Rather, it acts only on high-confidence threats, such as suspicious logins and malicious inbox rules, using models trained on years of Blackpoint SOC analyst decisions, incident-response forensics from hundreds of breaches, and telemetry from nearly a million protected accounts.  When confidence is high enough, the system can autonomously suspend the account, force a password reset, terminate active sessions, and record its reasoning.  Lower-confidence situations still escalate to human analysts.

“The AI acts faster, but the human judgment secures the outcome and always will,” adds Singh.

That’s an important piece to the agentic security story.  Full autonomy without clear boundaries is a liability.  Blackpoint presents autonomy as something informed and constrained by human SOC judgment, not a replacement for it.

For MSPs, the challenge is not just stopping one attack faster, but solving a staffing math problem that gets harder every year because client counts scale faster than analyst headcount.  Identity attacks happen at all hours and the repeatable, high-confidence cases that consume so much alert volume are exactly the kinds of incidents where machine-speed action can have significant impact, both in terms of response time and analyst resource utilization.

Why it works is that identity attacks are fast and frequent; they are also well-suited to constrained automation when the confidence threshold is high enough.  Handling those known patterns automatically frees human analysts to focus on those cases that actually require judgment.

For sure, autonomous response for identity threats is unlikely to be a differentiator for long.  In fact, it will quickly become a baseline expectation, both for MSPs and their customers.  What matters, though, is explainability.  We know AI can act quickly.  They question will be, can the MSP or the vendor explain what the AI is allowed to act on, how those boundaries were trained, how decisions are validated, and where the human still stays in control?  The future of cybersecurity is not “AI vs. SOC,” but machine-speed response within human-defined guardrails.  




Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Group Editorial Director

SHARE THIS ARTICLE
Related Articles

The Next SOC Shift Is Here: Autonomous Identity Response for MSPs

By: Erik Linask    7/8/2026

Blackpoint Cyber's new AI SOC Agent for Identity Threat Detection and Response gives MSPs an autonomous, human-guided way to contain high-confidence c…

Read More

Identity Is the New Perimeter and MSPs Are on the Front Line

By: Erik Linask    7/8/2026

Barracuda's acquisition of Evo Security expands BarracudaONE with MSP-focused IAM and PAM capabilities, highlighting how identity resilience is becomi…

Read More

MSPs: The Network Is No Longer Someone Else's Problem

By: Erik Linask    6/30/2026

Reinvent's new MyCloud SecureLink offering gives MSPs and resellers a partner-ready way to deliver managed SD-WAN, network security, and resilient con…

Read More

Why the Fastest-Growing MSPs Are Saying "No" More Often

By: Special Guest    6/30/2026

The fastest-growing MSPs in the U.S. are boosting margins, reducing cyber risk, and scaling more sustainably by adopting stricter customer qualificati…

Read More

The AI ROI Problem Was Never About the Model; It's About Integration

By: Erik Linask    6/24/2026

Xurrent's new built-in iPaaS is designed to help AI agents move from recommendation to execution by connecting ITSM workflows directly to systems like…

Read More