MSPs should look for three signals: whether data is centralised, whether cloud access is established, and whether policy can cover new tools without exceptions. If those conditions are missing, modernization comes first. If they are present, the client may be ready for a narrow, governed AI pilot.
Why This Matters for Security Teams
For MSPs, the modernization-versus-AI question is really a readiness question: whether the client can safely absorb new automation without creating new identity, data, and policy risk. If access is fragmented, data is scattered, or exceptions are already normalised, an AI pilot usually amplifies the mess instead of improving it. That is why current guidance increasingly treats AI enablement as a governance decision, not just a feature rollout, consistent with the NIST Cybersecurity Framework 2.0 and the threat patterns seen in NHIMG research such as the DeepSeek breach. The practical issue is not whether AI can be used, but whether the environment can constrain it.
MSPs often get asked to “add AI” before the client has basic asset visibility, centralized secrets handling, or enforceable policy paths. That order creates avoidable failure modes: over-permissioned tools, shadow integrations, and credentials that outlive the business need. In practice, many security teams encounter AI-related exposure only after a pilot has already touched production systems, rather than through intentional readiness assessment.
How It Works in Practice
The simplest decision model is to test the client against three conditions: data centralisation, cloud access maturity, and policy coverage. If the client cannot identify where critical data lives, cannot authenticate workloads consistently, or needs repeated manual exceptions for new tools, modernization should come first. That means building the identity, data, and access foundations before introducing AI systems that will depend on them.
When the foundations are present, AI enablement can begin with a narrow, governed use case. Best practice is evolving, but the usual pattern is to start with a low-risk workflow, define the allowed data sets, bind the AI service to a workload identity, and issue just-in-time credentials that expire after the task. In parallel, policies should be evaluated at runtime rather than written as static exceptions. That is where modern controls from NIST Cybersecurity Framework 2.0 and research on AI-compromised identities, including NHIMG’s JetBrains GitHub plugin token exposure, become operationally useful.
- Use modernization-first when identity is fragmented, secrets are long-lived, or cloud access is inconsistent.
- Use AI-first only when data access is scoped, policy is enforceable, and exceptions are rare.
- Prefer workload identity, short-lived tokens, and runtime policy checks over shared accounts or static API keys.
- Document the client’s approved data domains before any agent, copilots, or automation tools are connected.
For MSPs, the practical test is whether a new tool can be introduced without widening trust boundaries. These controls tend to break down in hybrid environments with unmanaged legacy apps because identity, logging, and policy enforcement are not uniform.
Common Variations and Edge Cases
Tighter access and policy controls often increase implementation overhead, so organisations have to balance faster AI adoption against the cost of remediation and governance. That tradeoff is most visible in mid-market clients that want quick productivity gains but still rely on shared credentials, ad hoc file shares, or undocumented integrations.
One common edge case is a client that has cloud maturity but weak data discipline. In that situation, AI may be technically deployable but still unsafe because the model can reach sensitive information that was never classified or segmented. Another is a client with strong centralisation but no operational appetite for control changes; there, modernization can stall unless the MSP frames it as risk reduction rather than infrastructure work.
There is no universal standard for sequencing every AI rollout yet, but the direction of travel is clear: if policy cannot govern the workload without exceptions, modernize first. If the client already has centralized identity, cloud access, and runtime controls, a limited pilot may be appropriate, provided it stays inside a defined data boundary and does not rely on standing privileges.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Agentic AI Top 10 | A04 | Covers over-privileged agent/tool access and unsafe autonomous actions. |
| CSA MAESTRO | GOV-02 | Addresses governance readiness before deploying agentic or AI workflows. |
| NIST AI RMF | The GOVERN function supports readiness, accountability, and risk decisions. |
Use AI RMF governance to decide whether modernization or AI enablement should come first.
Related resources from NHI Mgmt Group
- How can teams decide whether a private AI app belongs in the enterprise?
- How should organisations decide whether to invest in ITDR or stronger identity governance first?
- How do teams decide whether an automation platform needs privileged access management?
- How do organisations decide whether an AI workflow needs stricter controls?
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
