When Kaseya's VSA platform was compromised in July 2021, the REvil ransomware group didn't just breach one company—they simultaneously encrypted data across 1,500 downstream companies through a single supply chain attack. The incident exposed a fundamental vulnerability in managed service provider (MSP) operations: the sprawling, ungovernable distribution of client credentials across automated systems that were never designed to handle secrets securely.
Two years later, the problem has intensified. MSPs now deploy AI-powered helpdesk agents and increasingly sophisticated remote monitoring and management (RMM) scripts, all requiring privileged access to client environments. These systems hold thousands of hardcoded credentials, often unrotated for months, with no centralised oversight of who—or what—has access to which client systems.
The MSP credential sprawl crisis
MSPs operate on a fundamentally different security model from traditional enterprises. Where a single organisation might manage credentials for its own infrastructure, MSPs maintain privileged access to hundreds or thousands of client environments simultaneously. Each client relationship multiplies the credential attack surface exponentially.
Consider the typical MSP workflow: RMM agents require local administrator rights across client endpoints. PowerShell scripts embed service account credentials to automate patch management. AI helpdesk systems store domain administrator passwords to reset user accounts. Backup solutions maintain database credentials with read access to entire client datasets. Each system becomes a potential pivot point for attackers seeking to traverse from MSP infrastructure into client networks.
"The MSP model creates an inverted trust relationship," explains a senior partner at a Big Four consultancy who requested anonymity. "Traditional security assumes you're protecting your own assets. MSPs must protect everyone else's assets while maintaining operational efficiency. The mathematics of credential management simply don't scale."
The challenge intensifies with AI integration. Modern helpdesk agents require broad permissions to resolve tickets automatically—password resets, account unlocks, software installations. Unlike human technicians who might rotate credentials quarterly, AI systems expect persistent, programmatic access to client directories and administrative interfaces.
The data reveals systematic exposure
Recent research from the Cybersecurity and Infrastructure Security Agency (CISA) found that 68% of successful MSP breaches involved the compromise of stored credentials. The agency's 2023 MSP Security Guidelines specifically highlighted "hardcoded secrets in automation scripts" as a primary attack vector.
Independent analysis by threat intelligence firm Recorded Future identified over 12,000 exposed RMM credentials across dark web marketplaces during 2023, representing a 340% increase from the previous year. The credentials provided administrative access to client environments across sectors including healthcare, finance, and critical infrastructure.
More concerning is the rotation gap. ConnectWise's 2023 MSP Security Report found that 47% of MSPs rotate client credentials less than twice annually, with 23% admitting to rotation cycles exceeding 12 months. For AI-powered systems, the numbers worsen—71% of automated agents use credentials that have never been rotated since initial deployment.
The European Union Agency for Cybersecurity (ENISA) quantified the downstream impact in its 2023 Supply Chain Threat Landscape report: the average MSP breach now affects 47 client organisations, with median recovery costs of €2.3 million per affected client. The report identified credential management as the single largest controllable risk factor.
Traditional identity and access management (IAM) solutions were designed for single-organisation use cases. They assume a unified directory, consistent policy enforcement, and direct administrative control—assumptions that break down in MSP environments where technicians require privileged access across dozens of disparate client domains.
Privileged access management (PAM) tools fare slightly better but struggle with the automation requirements of modern MSP operations. PAM solutions typically require interactive checkout processes and time-limited sessions—incompatible with AI agents that need persistent, programmatic access to resolve tickets at scale.
Single sign-on (SSO) and multi-factor authentication (MFA) provide perimeter security but cannot address the fundamental issue: credentials must still exist somewhere in plaintext form for automated systems to consume them. Whether stored in configuration files, environment variables, or encrypted vaults, the credentials remain discoverable and extractable by attackers who compromise the underlying systems.
Zero Trust architectures promise to eliminate persistent credentials through continuous verification, but implementation complexity makes them impractical for MSPs managing hundreds of heterogeneous client environments. The administrative overhead of maintaining zero trust policies across multiple client domains often exceeds the security benefits.
The core problem remains structural: all existing solutions assume that legitimate users and systems must ultimately possess credentials to authenticate. This assumption creates an irreducible attack surface—credentials exist, therefore they can be stolen.
Separating identity from access control
The solution requires abandoning the fundamental assumption that users and systems must hold credentials to prove their identity. Advanced cryptographic techniques now enable organisations to maintain complete control over credential generation, distribution, and revocation while still providing seamless access to authorised users and systems.
Under this model, MSPs generate unique credentials for each client environment but never distribute them to technicians or automated systems. Instead, access requests are cryptographically validated against centralised policies, with credentials transmitted directly from the MSP's secure infrastructure to client systems without intermediate storage or exposure.
When an AI helpdesk agent needs to reset a client password, it submits an authenticated request to the MSP's credential infrastructure. The system validates the request against predefined policies, generates the necessary authentication tokens, and executes the password reset directly—without the AI agent ever receiving or storing client credentials.
This approach eliminates the attack surface that enabled incidents like Kaseya. Compromised RMM scripts cannot extract hardcoded credentials because none exist. Stolen AI agent databases contain no reusable authentication material. Client credentials remain under direct MSP control even as access scales across thousands of automated interactions.
The regulatory imperative
MSPs cannot afford to treat credential security as a technical nicety. The EU's NIS2 Directive, effective October 2024, explicitly mandates "appropriate technical and organisational measures" for supply chain cybersecurity, with fines reaching 2% of global turnover. The directive specifically mentions managed service providers as "essential entities" subject to stringent security requirements.
In the United States, the SEC's new cybersecurity disclosure rules require public companies to report material incidents within four business days. MSP breaches that affect public company clients now trigger mandatory disclosure obligations, creating direct regulatory liability for credential management failures.
Forward-thinking MSPs are recognising that credential control represents both a compliance requirement and a competitive advantage. As client organisations face mounting regulatory pressure, they increasingly favour MSP partners who can demonstrate provable security controls over critical access credentials.
The mathematics are stark: MSPs that continue relying on distributed credential models face an expanding attack surface, accelerating regulatory obligations, and growing client demands for security assurance. The question is not whether to implement centralised credential control, but how quickly it can be deployed before the next supply chain incident.