The Clock Is Ticking: Blackpoint Cyber Brings Autonomous Identity Threat Detection and Response to MSPs
Identity has become one of the most efficient ways into an environment, and one of the most difficult to catch in time.
Microsoft reported a 32% increase in identity-based attacks in the first half of 2025, and that trend is accelerating. As AI-powered attacks increase in speed and volume, attackers are using compromised credentials to move faster, blend into legitimate activity, and evade traditional detection.
For managed service providers (MSPs), the risk extends far beyond a single user or endpoint. MSPs are specifically targeted because they provide such broad access; scripted lateral movement through MSP cloud tools can put dozens, even hundreds, of clients at risk in a single operation. As attackers lean on AI for improved social engineering, vulnerability exploits, and crafting ransomware, defenders need response that keeps pace without sacrificing judgment or control.
Introducing the AI SOC Agent for ITDR
Today, Blackpoint Cyber announces the general availability of the Blackpoint AI SOC Agent for Identity Threat Detection and Response (ITDR). It’s our first autonomous response capability that is generally available, built to contain credential-based attacks in under two minutes on average and as little as 21 seconds.
The AI SOC Agent acts on high-confidence threats targeting Microsoft 365 and Google Workspace accounts. It’s the product of more than three years of development, trained on intelligence from millions of protected accounts, forensic evidence from thousands of real breaches, and over a decade of decisions made by Blackpoint’s own SOC analysts during live incidents.
Before it ever acted autonomously, the model ran alongside human analysts until its recommendations consistently matched validated SOC judgment. It keeps retraining on analyst decisions with every incident it processes.
“When vendors or
How the AI SOC Agent Detects and Contains Threats in Seconds
The AI SOC Agent runs on a hybrid model: autonomous speed with human accountability. A machine learning pre-filter separates real threats from noise, then acts only when confidence thresholds are met for attack patterns, such as suspicious logins, suspicious inbox rules, and other high-fidelity indicators of business email compromise. When it acts, the Agent suspends the account, forces a password reset, disrupts active sessions, and logs its full reasoning.
Anything outside the Agent’s validated confidence threshold is escalated to a human analyst, available immediately, who receives the Agent’s complete reasoning.
What This Means for MSPS and Their Clients
Credential misuse was the leading cause of breaches in 2025, according to Verizon’s 2025 Data Breach Investigations Report. In that same year, Blackpoint disrupted a compromised cloud account every 18 minutes on average.
For MSP partners, autonomous containment can change what happens in the critical first seconds of an attack. Defined high-confidence threats can be stopped at the start of the kill-chain rather than the end and long before they become full blown incidents . For clients, this means staying protected even when their teams are offline, with partners delivering the always-on response that builds lasting confidence and trust.
By handling defined, repeatable threat patterns at machine speed, the AI SOC Agent helps the SOC scale detection and response across client environments without requiring partners to add staff every time they add clients. Blackpoint’s human SOC stays focused on the situations that genuinely require investigation and judgment. When something escalates, a Blackpoint analyst with a deep offensive and defensive security background is only a phone call away: someone who knows the environment and is ready to act.
“Over the past five years, Blackpoint’s SOC has been a trusted extension of our team,” said Sean Furman, President, STF Consulting. “Every minute matters when protecting our clients from today’s cyber threats. The combination of Blackpoint’s AI and security analysts gives us confidence that we’re staying ahead of the growing volume of attacks.”
The result is broader protection across every client environment, delivered at a level that scales with the business and included across all Blackpoint ITDR service tiers at no additional charge.
The Clock Doesn’t Wait, and Neither Do We
The threat landscape is only ramping up. Attacks are faster, identity-driven, and increasingly difficult to distinguish from legitimate activity. For MSPs, that means protection can no longer depend on detection alone. It requires validated, accountable response that can contain threats before they compromise client environments.
Blackpoint’s AI SOC Agent brings that speed into a model built on real MSP threat patterns, validated SOC judgment, and human expertise. In a time where every compromised credential can open the door to broader client impact, Blackpoint gives partners the ability to contain identity attacks before they become business disruptions. For MSPs, that means faster protection at scale, with human analysts focused on where their judgment matters most.
Ready to see the AI SOC Agent in action? Book a demo.
DATE PUBLISHEDJuly 8, 2026
AUTHORBlackpoint Cyber
SHARE ON
2026 Annual Threat Report
What actually worked for attackers in 2025.
Most attackers aren’t breaking in
They’re logging in
Explore the real patterns behind modern intrusions in the 2026 Annual Threat Report