‘You’re going to need AI to fight AI. You’re going to need agents fighting agents. That’s where this industry is headed,’ says Blackpoint Cyber CEO Gagan Singh.
As cybercriminals turn to AI to launch faster, more convincing identity-based attacks, Blackpoint Cyber’s CEO believes the industry’s response has to be deploying AI against AI.
That’s the strategy behind the cybersecurity vendor’s new AI Security Operations Center (SOC) agent for identity threat detection and response (ITDR), an autonomous capability that detects and contains credential-based attacks targeting Microsoft 365 and Google Workspace accounts in as little as 21 seconds. The new technology combines AI with human oversight, allowing high-confidence threats, including token theft, impossible travel and business email compromise, to be investigated and contained at machine speed.
For CEO Gagan Singh, the launch represents more than another AI feature but rather the next evolution of managed cybersecurity.
[Related: Blackpoint Cyber Launches CompassOne Unified Platform: 5 Things To Know]
“I tell MSPs all the time to ask their security vendors what they think the world is going to look like six months from now,” Singh (pictured) told CRN in an exclusive interview. “Do you agree with that view of the world? And if you do, what are they doing today to prepare for it? From where we sit, the genie is out of the bottle when it comes to agentic AI and large language models. Those capabilities are becoming available to everyone, including the bad guys.”
He said attackers are no longer limited by traditional phishing campaigns as AI now allows them to personalize every attack, sift through millions of targets automatically and launch sophisticated social engineering campaigns.
“You’re going to need AI to fight AI,” he said. “You’re going to need agents fighting agents. That’s where this industry is headed.”
The AI SOC agent was trained using years of SOC analyst decisions, forensic evidence from hundreds of security investigations and telemetry collected from more than one million protected endpoints across the company’s MSP customer base. Before allowing the system to take autonomous action, the company spent months validating every recommendation against human analysts.
“We intentionally had the AI stop at the recommendation stage for a long time,” he said. “It would investigate an incident, reason through it, reach a conclusion and then our SOC analysts would ask, ‘Is this exactly what I would have done?’ That process repeated over and over again until we had enough confidence that the AI wasn’t skipping steps. It follows our standard operating procedures every single time. It doesn’t get tired. It doesn’t overlook something because it’s the end of a long shift.”
For MSPs, the biggest benefit isn’t simply automation, it’s reducing the time attackers have to move through customer environments.
“The only KPI that ultimately mattered to me was time to containment,” Singh said. “How quickly can we identify that a bad actor has entered an environment and stop them? That’s what this is about. If we can preserve the quality of our SOC while acting an order of magnitude faster than we could before, that’s a win for every partner we support.”
Joe Ussia, CEO of Toronto-based Blackpoint Cyber partner Infinite IT Solutions, said it’s encouraging to see vendors embracing the technology and pushing the industry forward.
“I’m really glad that market-leading MDRs, like Blackpoint, are getting ahead of the ITDR technology,” Ussia told CRN. “They’re exactly the right type of company to be doing this. Every EDR platform should have this built in technically, and if they’re not doing it, they’re going to get left behind. Companies like Blackpoint are going to take market share because this is something the entire channel needs, and it’s something every company is going to expect.”
He added that the shift extends beyond any single vendor, arguing that AI-powered detection and response should become a standard capability across the security ecosystem, “Hopefully every EDR platform and every SOC will have this built in, because that’s where the industry is headed.”
Looking ahead, he expects autonomous cybersecurity capabilities to evolve quickly as AI-generated attacks become more sophisticated.
“We’re not satisfied with 21 seconds,” he said. “Ultimately, we want to get to the point where we stop an attack at the instant it happens. But it’s not just about speed. The attacks are going to become more complex. The volume is going to increase. Human analysts are still incredibly important because their judgment is what teaches these systems how to make good decisions. Our goal is to have AI and our elite SOC analysts working together so partners get both machine-speed response and human expertise.”







