89% of the monitored SMEs have recently encountered at least one user with compromised login credentials. Nearly one-third of all users (31 percent) are exposed to leaked passwords every month.
This is according to research by Guardz. AI enables faster, larger-scale cyberattacks, but the entry points remain unchanged: identity issues, weak authentication, and misconfigurations. For MSPs, the threat is particularly acute, as a single compromised tool grants access to all client environments simultaneously. Based on data from SMB environments over the past two quarters, Guardz describes a growing gap between the speed of attacks and the response capacity of security teams.
Machine identities now outnumber human users in Microsoft 365 environments by a ratio of 25:1, creating a largely unguarded attack surface. At the same time, session hijacking increased by 23 percent over 180 days, making it the fastest-growing attack vector. With this technique, attackers completely bypass MFA.
RMM tools and the supply chain as the biggest threat
Ransomware detections rose by 190 percent over a 50-day period, while attackers are increasingly opting for “living-off-the-land” techniques instead of traditional malware. BEC (Business Email Compromise) incidents resulted in losses ranging from $140,000 to $1.5 million per case, compared to an average of approximately $40,000 in early 2025.
RMM tool abuse was the biggest endpoint threat, accounting for 26 percent of all detections. Tools such as ScreenConnect, AteraAgent, and MeshAgent were used to gain unauthorized access. The Guardz Threat Hunting team expects supply chain attacks on MSPs to increase further in the second half of 2026.
Guardz research shows that AI-driven detection achieves 92.4 percent accuracy, compared to 67 percent for human analysts alone.
Tip: Critical vulnerability in MCP highlights the need for better security