For most of 2023, the IT team at Queensland freight broker Coastline Logistics was spending around 35 percent of its capacity on what its head of technology, Nathan Drummond, describes as "toil" — repetitive, low-cognitive tasks that needed to be done but added no strategic value. Password resets. Routine ticket triage. Weekly patch status reports assembled manually from four different tools. Scheduled server restarts at 2 am.

By mid-2024, after Coastline's managed service provider, Harbour IT, deployed an AI-assisted operations platform across their environment, that figure had dropped to around 11 percent. The same two-person IT team was handling a 40 percent larger infrastructure footprint. "The work didn't disappear," Drummond says. "We just stopped being the ones doing it."

This is the operational reality that sits behind the industry's current enthusiasm for AI in managed services. The transformation is less dramatic than the marketing language suggests — there are no sentient systems autonomously managing networks — but it is also more substantive than sceptics allow.

What AI Is Actually Doing Inside MSPs

The most mature AI deployments in Australian managed services are concentrated in three areas: anomaly detection and alerting, automated remediation of known issue patterns, and predictive analytics for infrastructure capacity.

Anomaly detection is where the value proposition is clearest. Traditional monitoring systems operate on thresholds — alert when CPU usage exceeds 90 percent, alert when disk space drops below 10 percent. AI-driven systems learn the normal behaviour patterns of individual systems and flag deviations from baseline, even when no threshold is breached. A server that normally processes 4,000 transactions per hour and is now processing 400 is flagged, even if all its traditional health metrics look normal.

Melbourne-based MSP Nexus Technology Group reports that this approach identifies approximately 60 percent more actionable alerts than threshold-based monitoring alone, while simultaneously reducing false positive rates by around 45 percent — meaning technicians spend less time chasing alerts that turn out to be nothing and more time on alerts that actually matter.

The Remediation Layer

Beyond detection, AI is beginning to handle remediation for a defined category of known issue types. ServiceNow, which underpins service management at a significant proportion of large Australian MSPs, has deployed AI models capable of resolving common ticket categories without human intervention: password resets, account unlocks, software installation from approved catalogues, and a growing library of connectivity diagnostics.

Ben Carmichael, chief technology officer at Sydney-headquartered MSP Irongate Systems, estimates that roughly 30 percent of his firm's inbound tickets are now resolved without a technician ever being assigned. "The client experience is actually better, not worse," he says. "A password reset used to take eight minutes end-to-end, including the time for a technician to pick up the ticket. Now it takes 90 seconds, any time of day."

The economic logic for MSPs is straightforward: if AI handles 30 percent of ticket volume, the same technical workforce can serve more clients, or the same client base with faster response. For clients, the benefit is lower wait times on routine issues and — in theory at least — more senior attention available for complex problems.

Security Monitoring at Machine Speed

The security application of AI in managed services is arguably the most consequential for client businesses. Human analysts reviewing security logs face an impossible volume problem: a mid-sized enterprise generates millions of log events per day, of which a vanishingly small proportion are indicators of genuine threat activity. The signal-to-noise ratio is brutal.

AI-driven security information and event management platforms — the dominant vendors in Australia are Microsoft Sentinel, Splunk, and Darktrace — apply machine learning models trained on global threat intelligence to identify patterns that human analysts would miss or find too slowly to act on. When Darktrace's platform detected unusual lateral movement across the network of a Brisbane professional services firm last year, the system isolated the affected segment and generated an alert within four minutes of the anomaly beginning. The estimated containment window for that category of attack, without automated response, is measured in hours.

"The attackers are automated," says Dr. Rachael Horne, a cybersecurity researcher at the University of Technology Sydney who has studied MSP security operations. "They run scripts that probe thousands of targets simultaneously. The idea that you're going to defend against that with a human sitting at a screen reviewing logs is just not realistic anymore."

The Human Role Is Not Disappearing

None of this eliminates the need for skilled IT professionals. The pattern that is emerging — across Coastline Logistics, across the MSPs developing these capabilities, and in the academic literature on AI in IT operations — is task recomposition rather than workforce reduction. The work that AI handles poorly is exactly the work that humans do well: ambiguous situations, novel problem categories, client relationships, and strategic decisions about technology direction.

What is changing is the ratio. The same number of engineers can manage a larger, more complex environment when routine cognitive labour is automated. For MSPs, that changes the unit economics. For their clients, it changes what they can reasonably expect in terms of responsiveness and coverage.

Drummond at Coastline Logistics puts it plainly. The two members of his IT team are now primarily doing what they were trained and hired to do: architecture work, vendor management, and strategic planning. "They were spending half their time on things that didn't need a human," he says. "Now they're not. That's the actual story of AI in managed services. It's less exciting than the headlines. It's also more useful."

What to Ask Your MSP

Businesses evaluating AI claims from managed service providers should push past the marketing language and ask for specifics: which platforms are in production, what categories of tickets are being auto-resolved, what the false positive rate on anomaly detection looks like, and what evidence exists that response times have actually improved. The MSPs with genuine AI capability will answer these questions with data. Those still selling the concept rather than the reality will struggle to do so.