Eighty-nine percent of SMBs monitored by Guardz, AI-driven cybersecurity platform, had at least one user with confirmed credential compromise at any point in time, according to the cybersecurity vendor’s 2026 State of MSP Threat Report.
The finding points to a shift in MSP-managed environments: attackers are increasingly using valid access, session tokens and trusted tools rather than relying only on malware or software exploits.
Guardz based the report on telemetry from its platform data lake, covering SMB environments managed by MSPs globally from September 2025 through February 2026. The data includes authentication, email, endpoint and cloud productivity activity from Microsoft 365 and Google Workspace tenants across North America, EMEA and APAC.
That makes the findings vendor telemetry, not a market-wide sample, but the report says they are drawn from billions of observed audit events.
Identity abuse and session hijacking
The report’s main findings center on identity abuse. Guardz found that over a third of users had compromised passwords every month, session hijacking incidents rose about a quarter over 180 days and more than 14,000 unique spray IPs per month targeted 10 or more accounts.
The report also found that non-human identities, including service principals, system accounts, managed identities, OAuth applications and guest accounts, outnumbered human users by 25:1 in many Microsoft 365 tenants.
The access risk extended beyond passwords. Guardz recorded a 2,000% spike in Google Workspace OAuth abuse between September 2025 and February 2026, while OAuth consent events rose 45% between October and January and another 24% from January to February.
Microsoft Graph permissions documentation separately notes that apps need granted permissions to access data, and warns that granting more privileges than necessary is poor security practice.
Exploiting legacy protocols and RMM tools
Legacy authentication remains another open path. Guardz analyzed 7.39 million legacy protocol events across five protocols and found 114,827 successful logins through BAV2ROPC, a legacy resource-owner password credential flow, where multi-factor authentication was bypassed.
Microsoft’s broader Exchange Online Basic Authentication deprecation has already curtailed legacy access, but SMTP AUTH Basic Authentication behavior remains unchanged until December 2026, when it will be disabled by default for existing tenants while administrators can still re-enable it.
The same trusted-access pattern appears on endpoints. Guardz identified remote monitoring and management (RMM) tool abuse as the top endpoint campaign, accounting for 26.2% of all threats, with tools including ScreenConnect, MeshAgent, AteraAgent and NinjaRMM observed in suspicious deployment or persistence activity.
Microsoft documented a similar technique in March, disclosing phishing campaigns that delivered signed malware impersonating workplace apps and installed RMM tools to establish persistent access.
ConnectWise’s 2026 MSP Threat Report describes the same shift from another MSP security data set, finding that attackers are increasingly exploiting trusted identities, legitimate system tools, remote access infrastructure and software supply chains rather than relying primarily on novel exploits.
Financial risk and the impact of AI
Email is where many of those identity compromises turn into financial risk. Guardz analyzed 1.396 billion Exchange Online audit events and found that inbox rule modifications doubled, quarantine activity rose 240% and nearly 2 million SendAs operations reflected legitimate delegation and possible BEC abuse.
The report also recorded confirmed BEC fraud incidents ranging from $140,000 to $1.5 million. The FBI’s 2025 Internet Crime Report said reported losses to IC3 surpassed $20 billion, with business email compromise among the largest loss categories after investment fraud.
Cloud productivity tools added another exposure point in Guardz’s telemetry. Guardz ranked OneDrive anonymous link use and creation as the top two Microsoft 365 cloud productivity threats in its data set, both marked critical.
Microsoft says Microsoft 365 Copilot accesses content and context through Microsoft Graph, including documents, emails, calendar, chats, meetings and contacts, and only surfaces organizational data that users already have permission to view. That means oversharing and stale permissions can become easier to discover once AI assistants are deployed.
Proofpoint’s 2026 AI and Human Risk Landscape Report puts that exposure in a broader enterprise context: 87% of organizations have AI assistants deployed beyond pilot, 76% are piloting or rolling out autonomous agents and 42% reported a suspicious or confirmed AI-related incident.
Malware volume and future predictions
Guardz’s endpoint data shows malware remained the largest threat classification by volume. Guardz recorded 7,960 malware threats over 180 days, making malware the largest classification by volume.
But ransomware behavioral detections rose 190% over a 50-day window, while RMM abuse, network scanning, commodity malware, ransomware operations and vulnerable-driver exploitation formed the report’s top campaign clusters.
For MSPs, the report’s clearest operational signal is the concentration of risk in shared access paths. The same credentials, OAuth grants, RMM tools, inbox rules, cloud links and collaboration permissions that make managed services scalable also give attackers quiet ways to persist across client environments. Guardz’s H2 2026 predictions extend that pattern, warning that AiTM phishing kits, OAuth token abuse, Graph API manipulation, cloud-native ransomware and Google Workspace targeting will intensify if those access paths remain weakly governed.
