AI is changing the rules in cybersecurity, just like it is in any other industry. On one hand, it is helping security teams move faster and smarter. On the other, it is giving attackers new tools to bypass controls, exploit identities, and create deepfakes that are tough to spot, let alone defend against. And while there’s no shortage of threat intel out there, turning it into something useful is a whole different challenge.
That’s where managed security players like LevelBlue are trying to cut through the noise. A year into its run as a standalone company, LevelBlue is leaning into a model that’s less about alerts and more about outcomes, focused on helping customers build cyber resilience that’s proactive, not reactive.
I caught up with Theresa Lanowitz, Chief Evangelist at LevelBlue, to talk about what’s shifting in security, how AI is shaping both the threat landscape and defense strategies, and why MSSPs need to meet customers where they are, not just with tools, but with clarity.
Identity attacks and adversarial AI are getting a lot more attention lately. How are those trends showing up in your day-to-day work with customers?
We’ve observed a significant uptick in concerns surrounding identity-based attacks and adversarial AI, reflecting broader industry trends. Identity-based attacks, such as phishing-as-a-service (PhaaS) kits and business email compromise (BEC), have become more prevalent according to our inaugural Threat Trends Report, often exploiting valid credentials and bypassing traditional security measures like multi-factor authentication (MFA). Concurrently, adversarial AI has emerged as a critical concern, with cybercriminals leveraging generative AI to create deepfakes and synthetic identities that deceive traditional biometric and authentication systems. In fact, 59% of organizations revealed it’s becoming more difficult for employees to discern real from fake, according to the 2025 LevelBlue Futures Report. Despite this growing concern, the data shows a stark gap between awareness and readiness. Only 32% of organizations feel prepared to handle deepfake threats, even though 44% expect to face them. On a broader scale, just 29% of executives believe their organization is equipped to defend against AI-powered threats, while 42% believe they will happen.
LevelBlue’s latest Futures Report highlights a real tension. On one hand, AI is unlocking innovation and efficiency, and on the other, it’s amplifying the threat landscape. How are you seeing security teams actually reconcile those two forces in practice?
While AI solutions promise the world unprecedented levels of efficiency, speed, and automation, they pose a significant threat in the hands of bad actors. This duality has created a critical inflection point for security teams: how to harness the power of AI without exposing the business to additional risk. We’ve found that those who prioritize a culture of cyber resilience are most successful at finding a balance between the two. Rather than reacting to threats, these organizations design their entire security posture to anticipate, absorb, and recover from them while supporting innovation. These organizations are also distinguished by their ability to align cybersecurity with broader business objectives, integrating it into strategic planning and focusing on the “critical few” priorities that directly impact business performance.
In doing so, cyber-resilient organizations are not just defending the status quo, they’re enabling innovation. According to recent LevelBlue research, 79% of these organizations say they can take on more risk when innovating because of their adaptive cybersecurity strategy. In fact, 91% are already investing in advanced threat detection technologies, which is well above the industry average.
What practical steps are the most forward-thinking orgs taking today to prepare for the next wave of AI-driven threats, especially in terms of readiness beyond just tools and tech?
As AI rapidly evolves, so do the tactics of cybercriminals. Bad actors are now taking advantage of readily available and affordable AI tools to generate highly convincing phishing messages, create synthetic identities through deepfakes, automate malware deployment, and exploit vulnerabilities at unprecedented speed. As a result, organizations are being forced to take cybersecurity more seriously.
To successfully adapt to today’s AI-powered landscape, the most forward-thinking organizations are going beyond tool-based fixes and traditional cybersecurity defenses to embed cyber resilience into their core business strategy. According to our research, all cyber-resilient organizations share five common characteristics: they’re defending against AI-powered attacks, enhancing security using AI, prepared for new threats, aligning security with business goals and preventing security breaches.
Building cyber resilience starts with aligning cybersecurity priorities with broader business goals and ensuring that every security investment supports operational resilience and long-term growth. Cyber-resilient organizations must also foster a culture of cross-functional collaboration, where cybersecurity is no longer the sole responsibility of IT but a shared mandate across departments. Regular tabletop exercises, incident response simulations, and executive-level crisis planning are becoming standard practice, helping teams rehearse coordinated responses to sophisticated, fast-moving attacks. By investing in readiness at the human and organizational level, not just in tools, these businesses are positioning themselves to innovate securely and recover quickly when AI-powered adversaries strike.
Are you seeing a shift in what CISOs want from their security partners? How are buyer conversations changing compared to a year ago?
As AI takes on a more significant role in cybersecurity, there is a noticeable shift in what CISOs are seeking from their security partners. Our research from last year revealed that CISOs are feeling heightened pressure to implement AI strategies, with 73% citing this need compared to just 58% of CIOs and CTOs. This urgency reflects a broader demand for forward-looking solutions that go beyond traditional security tools to include AI-powered capabilities that can proactively detect, respond to, and even anticipate threats.
As cybersecurity becomes more complex and unwieldy (another concern voiced by 73% of CISOs) there is a growing expectation that partners will deliver AI-driven insights and automation to ease operational burdens and enhance threat resilience. Now, CISOs are no longer just looking for vendors with point solutions; they want strategic partners who can help them navigate the rapid pace of AI adoption and the challenges of reactive budgeting.
There’s no shortage of threat intel out there, but turning it into action is a different story. How is LevelBlue helping customers make that leap from data to real results?
LevelBlue bridges the gap between abundant threat intelligence and actionable security outcomes through its comprehensive Security Operations Center (SOC). Operating 24/7, the SOC leverages the USM Anywhere platform to provide continuous monitoring, proactive threat hunting, and timely incident investigation. By integrating curated threat intelligence from LevelBlue Labs and the Open Threat Exchange (OTX), the SOC enables real-time detection and response across on-premises, cloud, and hybrid environments. This centralized approach allows security teams to focus on high-priority threats, reducing noise and enhancing operational efficiency.
The SOC’s capabilities extend beyond detection to include comprehensive investigations and collaborative response guidance. LevelBlue’s threat hunters proactively search for emerging threats using the latest intelligence, ensuring that organizations stay ahead of potential risks. This proactive stance, combined with timely and actionable insights, empowers customers to transform threat data into meaningful security actions, thereby strengthening their overall cybersecurity posture.
LevelBlue just crossed its first year as a standalone company. How are you defining success, and what’s been most critical in building out an MSSP model that prioritizes outcomes over noise?
In our first year as a standalone company, LevelBlue has defined success through strategic growth, innovation, and a commitment to delivering measurable cybersecurity outcomes. The company achieved a significant milestone by ranking fourth on MSSP Alert’s 2024 Top 250 MSSPs list, underscoring its leadership in the managed security services sector. This recognition reflects LevelBlue’s dedication to providing effective, scalable, and outcome-focused cybersecurity solutions that address the evolving needs of its clients.
Central to building an MSSP model that prioritizes outcomes over noise is LevelBlue’s newly launched partner program, which empowers partners to simplify security, scale effortlessly, and drive revenue. This program is designed with flexibility and scalability at its core, allowing partners to customize offerings based on customer needs. By removing rigid engagement structures and offering tiered incentives, enablement resources, and technical support, LevelBlue is enabling partners to accelerate growth and deliver more meaningful security outcomes. This approach ensures that security isn’t just managed, it’s optimized for impact, helping clients realize measurable improvements in their cybersecurity posture while driving increased revenue opportunities for partners.
