Table of contents
Episode Summary
In this episode of Syncronized, host Brandon Garcin sits down with Bryant Tow, Chief Security Officer at Leapfrog Services. They explore the expanding “galaxy” of AI and what it means for managed service providers and IT teams. Bryant breaks down why rushing to adopt AI for its own sake often backfires, comparing it to buying a new saw before you have anything to cut. He stresses the value of starting with real business needs, building strong governance, and focusing on cyber hygiene before layering on new technology.
Bryant shares how most AI risk stems from everyday users and third-party vendors, not just the core technology. He explains why MSPs should “stay in their lane” by enabling productivity, managing infrastructure, and supporting data security—while letting clients lead on business process changes. Bryant highlights the importance of readiness assessments, clear policies, and keeping close watch on how data moves both inside and outside the organization.
The conversation turns to the rising threat of AI-powered phishing attacks and the need for practical defenses. Bryant shares his perspective on recent incidents and reminds listeners that basic vigilance and strong frameworks still matter most, even as tools evolve. The episode offers a grounded look at how MSPs can help clients adopt AI safely and productively, without losing sight of security or business priorities.
Guest-at-a-glance
💡 Name: Bryant Tow
💡 What he does: Chief Security Officer
💡 Company: Leapfrog Services
💡 Noteworthy: Known for helping organizations strengthen cybersecurity, AI governance, and risk readiness with a practical, business-focused approach to managed IT and security.
💡 Where to find him: LinkedIn
Key Insights
Don’t Let the Tool Drive the Problem
AI adoption often fails when organizations jump to implement new technology without first clarifying the real business problem. Many teams feel pressured to keep up with trends, so they invest in AI tools before knowing what they actually need to solve. This “hammer and nail” mindset leads to wasted resources and missed expectations. To get value from AI, start with a clear-eyed look at your current challenges and processes. Identify which tasks are mundane, repetitive, or error-prone, and consider whether AI is truly the right fit. Let the problem define the technology, not the other way around. This approach keeps projects focused, minimizes risk, and creates a strong foundation for real improvement. When AI is used with purpose, it can elevate staff and streamline work. When it’s just another shiny object, it rarely delivers.
Governance Is Your First Line of Defense
In today’s interconnected world, risk doesn’t stop at your company’s walls. AI-powered tools and third-party vendors add new layers of complexity, making strong governance essential. Good governance starts with clear policies about data retention, classification, and acceptable use—before any technology rollout. User training is vital, as most breaches trace back to human mistakes or overlooked gaps in process. Proactive steps like readiness assessments, regular audits, and documented procedures can prevent common pitfalls. It’s not enough to secure your own systems; you also need to understand how your partners handle your data and where AI fits into their offerings. By focusing on governance and basic cyber hygiene, organizations build resilience and avoid scrambling when new threats emerge. A secure foundation lets you experiment with AI without putting business or client trust at risk.
AI Ups the Stakes for Social Engineering
AI has supercharged phishing and social engineering attacks. Attackers now use generative AI to craft convincing emails, texts, and even QR codes that slip past old defenses. These messages are tailored, grammatically correct, and often based on real social data, making them harder to spot. The sheer volume and sophistication of these attacks have exploded, with some sources showing more than a 1,000% increase in phishing. Yet the most effective defenses remain practical: strong user awareness, regular training, and consistent habits like checking links and avoiding suspicious attachments. Technology tools help, but attackers adapt quickly. Staying vigilant and updating security programs to include new vectors—like QR codes and cloud sharing—keeps defenses strong. In the arms race between attackers and defenders, organizations that focus on people, process, and technology together will stay a step ahead.
Listener Takeaways
The Expanding Galaxy of AI and Its Risks
The conversation opens with a look at how AI now stretches far beyond simple tools or single applications. Instead, AI weaves through every aspect of IT, including cloud services, vendors, and even the extended supply chain. This vast “galaxy” brings new opportunities but also exposes organizations to risks they may not fully understand. The complexity of interconnected vendors, third parties, and underlying software—many now with AI layers—means that potential vulnerabilities don’t stop at a company’s own network. The challenge lies in staying alert to these new boundaries and maintaining strong oversight as AI becomes part of daily operations.
Staying in Your Lane as an MSP
Managed service providers (MSPs) often feel pressure to solve every client problem, but this discussion highlights the importance of knowing where to draw the line. Rather than dictating how clients should run their business processes, MSPs deliver more value by focusing on what they do best: ensuring secure, available, and well-governed technology. This means enabling the foundation—licensing, infrastructure, governance, and data classification—while letting clients own their unique business decisions. Staying in your lane as an MSP creates clearer roles, builds stronger partnerships, and avoids overstepping into areas where you may not add real expertise.
AI-Driven Productivity Tools Gain Traction
AI’s most tangible benefits often show up in daily productivity tools, especially those that build on platforms teams already use. By integrating AI-powered features like Microsoft Copilot, businesses can make tasks like meeting transcription, email summarization, and document drafting much easier. This approach lowers barriers to adoption, as users see immediate, practical gains without needing to learn entirely new systems. The result is higher engagement, faster onboarding, and more measurable productivity improvements. Focusing on tools that fit naturally into existing workflows ensures AI serves as an enabler—not a distraction or burden.
Media Hype and Realities of AI-Powered Threats
The episode covers a timely discussion about how media outlets report on AI-driven cyberattacks, sometimes with more drama than accuracy. A recent high-profile incident involving an Anthropic AI tool illustrates how quickly stories spread, even when technical details are lacking or misunderstood. While the attack itself may not have been as groundbreaking as headlines suggest, it highlights how fast threat actors are experimenting with generative AI and how the security industry needs to keep pace. The takeaway? Stay focused on fundamentals, validate sources, and remember that frameworks for risk and response remain steady even as new technologies emerge and media coverage swells.
Syncronized is the MSP podcast that drives MSP growth, from startup to scale-up. In each episode, we dive into the topics that matter most to IT providers, such as automation, AI, service delivery and profitability. Join us as we engage with experts and gain hands-on insights and practical advice you can directly apply to propel your business forward.
Share
Related Resources
