Microsoft and OpenAI Expand AI Agents While Shifting Governance Costs to MSPs

A structural shift is occurring in the managed IT services landscape as AI capabilities are rapidly embedded across enterprise applications, with oversight and risk management functions increasingly separated out and monetized as add-on services. Vendors, including Microsoft and OpenAI, are deploying AI agents in essential tools such as Outlook, Teams, and Excel, then selling governance, security, and compliance capabilities as additional paid layers. The core mechanism is the transfer of operational and liability risk downstream to IT service providers and their clients, while ownership of the control plane and margin on risk mitigation remain with the vendors. The episode highlights consequential findings regarding AI reliability and adoption. A Nature Medicine study found that OpenAI's ChatGPT Health underestimated emergency severity in 51.6% of cases, prompting concerns about overreliance on AI for critical decisions. Additionally, Confluent’s UK executive survey indicated that 62% of organizations are already shifting decision-making to AI, but only 7% have a company-wide AI strategy, and fewer than half of executives and employees agree on actual daily AI usage. Most leaders receive little formal AI training yet are second-guessing their own judgment in favor of AI output. Further reinforcing the governance gap, Microsoft is launching Agent 365 and new enterprise security tiers, while OpenAI’s acquisition of Promptfoo signals a focus on AI reliability testing and compliance monitoring. Funding for GRC platforms like IntelliGRC demonstrates capital flowing into third-party oversight solutions. The recurring pattern is vendors first pushing broad agent adoption, then introducing and monetizing governance as a discrete add-on, often outside the default package. Operationally, MSPs and IT leaders face increased liability exposure if they rely on vendor-native governance without independent audit or measurement capability. The absence of industry-standard reliability metrics for AI, combined with the perception and usage gaps inside organizations, calls for MSPs to lead in auditing, documenting, and independently measuring AI usage and performance. Failing to proactively manage these controls can result in silent risk absorption and unfavorable positioning as vendors bundle compliance and pass residual risk downstream to service providers. Three things to know today 00:00 AI vs. Judgment                            02:35 Agents vs. Oversight 04:04 AI Reliability Gap 05:15 Why Do We Care?  Supported by:  ScalePad   ? All Our SponsorsSupport the vendors who support the show:?