The Pax8 Beyond Conference in Denver brought together managed service providers, vendors, and IT professionals for several days of panels, product demos, and informal discussions. The event focused heavily on AI, security and the evolving role of MSPs in an increasingly automated landscape. In his keynote, Pax8 CEO Scott Chasin outlined a vision for the future, proposing that MSPs would soon become MIPs, or “Managed Intelligence Providers”. A term he used to describe a new class of service providers who manage and coordinate AI agents to deliver smarter, faster support. Pax8 supported this outlook with the launch of its Managed Intelligence Toolkit, expanded AI-driven Marketplace, along with a framework for agent-based service delivery.
While the event showcased a range of cybersecurity tools and integrations, the majority of our conversations focused on something more fundamental: the day-to-day challenges MSPs face when handling secure communication.
Many of the attendees spoke to us not about major system vulnerabilities or exotic exploits, but about routine workflows that still rely on unsecured methods. Password resets conducted over email, approvals shared through chat apps, and sensitive documents passed around in inboxes were all cited as examples of lingering friction points.
While most organizations now deploy MFA, endpoint protection, and phishing detection, these defenses can be sidestepped when an attacker simply asks for access and receives it.
"We can protect everything at the network level," said one attendee, a security engineer from a firm in Ontario. "But we actually had to deal with a customer breach last year because someone believed a fake Teams message. And once they were in, they have access, regardless of our security."
The engineer’s story was echoed by others. Some had experienced similar circumstances, and others were concerned that it's only a matter of time before they're targeted.
Despite these concerns, the mood at Beyond was optimistic. "Security is always evolving," said one attendee. "I guess it can seem scary, but it's just the next level we need to take, right? First we did antivirus protection, then MDR, 2-Factor everywhere, all that, and now we need something to deal with all the AI fake calls and video and all that."
While most organizations now deploy MFA, endpoint protection, and phishing detection, these defenses can be sidestepped when an attacker simply asks for access and receives it. The method isn’t new, but the execution is improving. Social engineering tactics have become more refined, and their effectiveness has been enhanced by new strides in AI. MSPs are seeing the effects firsthand.
Communication Workflows and the Limits of Policy
One common theme throughout the event was the difference between written policy and day-to-day reality. MSPs might have formal protocols for verifying identity or managing privileged access, but in practice, many of these tasks happen quickly and informally. When clients call or message in a hurry, help desk staff are expected to move fast.
That speed introduces risk, particularly when communication happens over channels like email, Slack, or Microsoft Teams. Attendees shared examples where legitimate-looking requests turned out to be spoofed or compromised, and where the consequences weren’t immediately obvious.
A representative from a U.S.-based managed SOC described a case in which a finance department approved a data access request over chat. Only after a follow-up audit did they realize the requester had not been verified.
While firewalls, antivirus software, and threat detection remain essential, they do not prevent someone from approving a fraudulent request or sending credentials to an attacker.
The term "zero trust" appeared frequently at the conference, but its interpretation varied. For some vendors, it referred mainly to endpoint, device and network authentication. For others, the idea extended into identity and access management. What was less common, though frequently discussed in the hallways, was how zero trust principles apply to internal communication.
Traceless presented at the conference and spoke about several ways MSPs can stay ahead of communication-based risks. In particular, we focused on minimizing exposure by reducing the need to store sensitive data in the first place. That includes tools for identity-verified file transfers, ephemeral messaging, and secure approval workflows. These approaches were designed to help MSPs manage access and communication more safely without adding unnecessary friction.
Several MSPs described the platform as filling a gap they hadn’t been able to solve with existing tools. “Seems very interesting,” said one attendee. “I mean, it’s certainly covering the bases that we need covered.”
Much of the conference programming emphasized that perimeter security alone is no longer sufficient. While firewalls, antivirus software, and threat detection remain essential, they do not prevent someone from approving a fraudulent request or sending credentials to an attacker. These actions happen in the spaces between systems, in conversations, support tickets, and casual internal exchanges.
A panel on the future of MSP security noted that many breaches now begin with legitimate-looking requests sent to frontline staff. These requests often avoid triggering automated alerts because they do not rely on malicious code. Instead, they depend on timing, trust, and human behavior.
The panelists agreed that while training remains important, it is not always enough. A staff member who knows the rules may still click “approve” if the message appears urgent, routine, or from a familiar source.
Common Requests from MSPs
On the floor, conversations with vendors and peers highlighted a set of shared needs. Many MSPs were not looking for more alerts or more data, they were looking for tools that simplify secure communication without creating extra overhead. Key priorities included:
- Ways to verify identity during high-trust interactions without relying on email or chat history
- Tools that support fast, secure credential resets and approvals
- Methods for sharing sensitive files without leaving long-term traces
- Auditability and compliance without introducing workflow friction
One topic that came up repeatedly, especially in conversations about client-facing services, was protection against AI-powered voice phishing attacks. Several MSPs shared that their customers have begun asking directly about these threats during QBRs, expressing concerns over how easily attackers can now impersonate execs, IT staff, or vendors over the phone. Unlike traditional phishing emails, these voice-based attacks are difficult to detect and can bypass existing security tools entirely by exploiting human trust.
Many attendees described this as a growing area of demand, particularly in sectors with high regulatory exposure or distributed workforces. For MSPs, the challenge is twofold: defending their own teams from these tactics and advising clients on how to reduce risk without slowing down ops.
Traceless was mentioned in several of these discussions, especially in contexts where MSPs were helping clients meet regulatory requirements or respond to recent security events. While not the only solution presented at the conference, it stood out for its emphasis on removing data exposure rather than managing it, and for offering identity-verified communication channels that help mitigate the kinds of social engineering attacks that now increasingly occur via voice.
Traceless takes you BEYOND the reach of voice phishing. It protects the everyday interactions attackers now exploit—verifying identity, securing approvals, and eliminating data residue before it can be used against you. Book a demo HERE and see how modern MSPs are securing trust at the source.