Guardz Report: 9 Out Of 10 SMBs Have Compromised Users as AI-Driven Attacks Reshape the MSP Threat Landscape
New research shows session hijacking surging 23%, ransomware up 190%, and non-human identities outnumbering users 25:1 as AI accelerates attacks across identity, email, and cloud environments
MIAMI, April 28, 2026 /PRNewswire/ -- Guardz, the cybersecurity company empowering Managed Service Providers (MSPs) to protect small and medium-sized businesses (SMBs), today released its 2026 State of MSP Threat Report, revealing how AI is rapidly reshaping the threat landscape while exposing persistent gaps in identity, authentication, endpoint and cloud security. The findings point to a growing imbalance between the speed at which threats are evolving and the ways that security operations are structured to respond, particularly for security tools that still rely on manual processes and lack agentic workflows to automate triage, enrichment, and remediation.
Drawing on Guardz data across SMB environments over the past two quarters, the report shows that while AI has dramatically increased the speed and scale of cyberattacks, the underlying points of compromise remain unchanged. Instead, attackers are exploiting the same weaknesses more efficiently, especially across identity systems, authentication flows, and misconfigured cloud environments.
Key findings from the report include:
- Widespread Identity Compromise: 89% of monitored SMBs had at least one user with confirmed credential compromise at any given time, with nearly one-third of users (31%) exposed to compromised passwords monthly
- Session Hijacking Surging: Session hijacking incidents increased by 23% over a 180-day period, emerging as the fastest-growing attack vector and enabling attackers to bypass MFA entirely
- Non-Human Identities Expand Attack Surface: Machine identities now outnumber human users by 25:1 in Microsoft 365 environments, creating a largely unmonitored and high-risk entry point for attackers
- Ransomware and Fileless Attacks Rise: Ransomware behavioral detections surged 190% over a 50-day window, while attackers increasingly shifted away from traditional malware toward "living-off-the-land" techniques
- BEC Losses Escalate Dramatically: Confirmed business email compromise (BEC) incidents ranged from $140,000 to $1.5 million, a significant increase from the ~ roughly $40,000 average seen in early 2025
The threat is particularly acute for MSPs because the attack surface is multiplied across every client they manage. The report found that RMM tool abuse was the single largest endpoint threat campaign, accounting for 26% of all detections. Tools including ScreenConnect, AteraAgent, and MeshAgent were observed being deployed for unauthorized persistent access. A single compromised MSP tool doesn't affect one business; it opens a direct path into every client in their portfolio. The Guardz Threat Hunting team predicts MSP supply chain attacks will intensify in H2 2026 as threat actors increasingly impersonate legitimate RMM infrastructure to establish that access.
The report highlights a critical shift in attacker behavior: rather than expanding their reach, threat actors are increasingly deepening access within compromised accounts. This is reflected in the rise of session-based attacks, OAuth abuse, and post-authentication persistence techniques that evade traditional defenses. Simultaneously, the adoption of AI by defenders is becoming essential to keep pace. Guardz's research shows that AI-driven detection and response systems can significantly improve speed and accuracy, enabling security teams to triage, investigate, and respond to threats at scale.
"Threat data shows that entry points haven't changed; attackers are still getting in through identity gaps, weak controls, and misconfigurations, just faster and at greater scale. What determines outcomes now is how security is structured, whether signals across identity, email, endpoints, and cloud are connected and can be acted on in time," said Dor Eisner, CEO and Co-founder of Guardz. "For MSPs, that means leveraging AI the same way attackers are, at scale, across every client environment, simultaneously. Our research shows AI-driven detection achieves 92.4% accuracy compared to 67% for human analysts alone. That gap is where MSPs either win or lose their clients' trust."
The findings reinforce a central challenge facing MSPs: attackers are now using AI to move faster than any human-led security operation can match. For MSPs managing dozens of client environments with limited staff, the answer isn't more tools, but rather a unified visibility and AI-assisted response that works at the same scale as threats do. The 2026 State of MSP Threat Report makes the case that for MSPs, AI is no longer optional infrastructure. It's the only way to stay ahead.
With AI-driven attacks accelerating across every layer of the SMB stack, understanding where the gaps are is the first step. Download the full 2026 State of MSP Threat Report for the complete findings, threat-by-threat breakdowns, and Guardz's predictions for what MSPs will face in the second half of 2026.
About Guardz
Guardz is the leading cybersecurity platform empowering managed cybersecurity providers to elevate security, drive efficiency, and grow with confidence. It consolidates essential security controls and ensures nothing slips through the cracks, with every incident contained and every SMB protected. By cutting noise, prioritizing what matters, and enabling faster, smarter responses, Guardz delivers real-time insights and 24/7 managed detection and response. Guardz enables partners to operate securely and scale confidently in today's evolving threat landscape.
Press Contact
Mike Katznelson
Headline Media
[email protected]
+1 914 233 5302
SOURCE Guardz
Share this article