Key Takeaways
- Managed hosting providers are no stranger to the next thing that clients are asking help for. AI access may be the next one.
- A few security experts told HostingAdvice that security risk doesn't come from the model itself, but the permissions it can inherit.
- As customers deploy more AI agents on their websites and databases, do hosts have an opportunity to expand into managed services territory?
Every few years, managed hosting providers get another job responsibility whether or not they asked for it. (Hint: They usually didn’t.) Keeping servers online was the baseline, and then came expectations around backups, patching, malware scanning, DDoS protection, and WAFs. Now, it’s agentic AI.
Organizations are happily giving agents access to things like shared drives, repositories, CRMS, and plenty of other sensitive internal docs. No, this isn’t exactly news, but there is still a looming question: Once an AI agent is inside an environment, who’s making sure it only accesses what it’s supposed to?
Garrett Gross, who’s the field CISO at Portnox, says this kind of new cyber resilience has to start at the access layer. “Before organizations can protect sensitive information, they must control who and what gets near it in the first place,” he said.
Yup, he said “who and what” — as in, non-human identities like AI agents, which are accessing entire systems right alongside actual human employees. Legacy network access control platforms, Gross said, rely on manual policy updates and dedicated personnel to maintain them. That’s exactly what adversaries exploit.
What Happens Once the AI Is Already Inside?
Visibility between agentic AI and entire systems is a major issue — especially since agents are very good at finding things humans overlook. It could be the simplest things someone just forgot, like old permissions or files no one has opened in years. But it doesn’t matter because the agent sees that as part of its data it’s supposed to learn from.
That’s exactly what concerns David Stuart at Sentra: “AI assistants and agents are changing what data protection has to account for,” he said. “They inherit permissions, interact with large volumes of unstructured information and operate at a scale that manual reviews and legacy controls were not designed to handle.”
AI agents are not inherently malicious. They’re just obedient, even if you forget what it was you told them to do. If an employee can access a folder, the agent often can too. It just accesses what it can, based on the permissions it was given.
“Organizations cannot effectively secure AI systems if they do not understand what sensitive data exists, who can access it or how that data is being used across copilots and agents,” Stuart said.
According to NVIDIA’s 2026 State of AI report, 48% of organizations say data-related challenges are their biggest obstacle to deploying AI successfully.
Clyde Williamson, a security architect at Protegrity, compares today’s security strategies to the walls that protected ancient cities. And he reminds us that eventually, every wall fell: “The walls of Babylon didn’t stop the Persians. The walls of Athens didn’t stop the Spartans, and it’s Istanbul, not Constantinople, because the walls couldn’t withstand the Ottoman cannons.”
Where Hosts Can Add the Most Value
Even if orgs know where their data lives and who accesses it, they still have to respond when something goes wrong. Sachin Jade, Chief Product Officer at Cyware, knows that organizations have threat intelligence, but he’s still worried about whether anyone’s actually using it.
“Many teams already collect large volumes of intelligence, but the harder problem is applying it consistently across detection, investigation and response workflows,” he explained.
There is some progress: Organizations reporting effective automation between threat intelligence and security operations rose from 13% to 26%. Real-time threat intelligence sharing also grew from 17% to 32%. But it also means most are still leaning on partial automation and manual handing-off.
Perhaps as a result, 84% of MSPs say customers expect cybersecurity alongside traditional infrastructure management. Firewalls and patch schedules were built for systems that were static, like drives or servers. Agents don’t because they act more like humans, moving through permissions the same way a new hire would.
Hosting providers have spent years protecting the infrastructure around customer environments. AI is pushing them toward protecting the data, permissions, and identities inside those environments, too. And maybe that’s the next chapter of managed hosting.
