Subscribe to the Non-Human & AI Identity Journal

Forums
The Non-Human & AI ...
Agentic AI, AI Agen...
MSP identity securi...
 
Notifications
Clear all

MSP identity security in 2025: what changed for IAM teams?

 
    Last Post
  RSS

 NHI Mgmt Group
(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 4368
Topic starter 11/06/2026 12:04 am  

TL;DR: 2025 exposed three pressures on MSPs: supply-chain attacks on managed service providers, SaaS cost squeeze, and rising compliance demands, while 2026 is expected to bring agentic AI that changes how work gets done, according to JumpCloud. The real shift is that identity, governance, and delegated access now sit at the center of MSP resilience, not the edge.

NHIMG editorial — based on content published by JumpCloud: an MSP year-end reflection on 2025 security, compliance, and 2026 agentic AI trends

Questions worth separating out

Q: How should MSPs govern technician access across multiple client environments?

A: MSPs should separate identities by customer, task, and privilege tier so one account cannot reach every tenant.

Q: Why do MSPs need stronger identity controls when tool sprawl increases?

A: Every extra platform adds credentials, delegated roles, secrets, and logging obligations.

Q: What do security teams get wrong about agentic AI in managed services?

A: They often treat AI agents as workflow shortcuts rather than governed identities.

Practitioner guidance

  • Segment technician access by customer and function Separate admin identities by client, support tier, and task type so one compromised credential cannot traverse the entire MSP estate.
  • Reduce duplicate tools that duplicate privileged access paths Inventory every platform that creates its own login, API token, service account, or delegated admin role.
  • Treat AI agents as governed non-human identities Before deploying agentic workflows, define which tools the agent may call, what actions it may trigger, and what evidence is retained for audit.

What's in the full article

JumpCloud's full post covers the operational detail this post intentionally leaves for the source:

  • The specific MSP business pressures behind the 2025 recap, including the ticket volume, margin squeeze, and compliance shift described by the vendor.
  • The discussion of Qilin's supply-chain campaign and why managed service credentials became a central target in downstream attacks.
  • The vendor's own view of how SaaS pricing changes and tool consolidation affected MSP operating models in 2025.
  • The 2026 agentic AI outlook and the vendor's framing of how MSPs might use automation to prevent tickets before they appear.

👉 Read JumpCloud's 2025 MSP security recap and 2026 outlook →

MSP identity security in 2025: what changed for IAM teams?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
Topic Tags
jumpcloud msp-security delegated-access agentic-ai non-human-identity
Forum Jump:
  Previous Topic
Next Topic  
Related Topics
Topic Tags:  jumpcloud (71) , msp-security (2) , delegated-access (30) , agentic-ai (614) , non-human-identity (281) ,
Share:

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.