Cybersecurity is no longer a standalone industry — it is becoming a native function of cloud infrastructure as evidenced by Google’s recent purchase of Wiz for a staggering $32B. As hyperscalers like Amazon Web Services, Microsoft Azure and Google Cloud embed AI-powered security features into their platforms, the $30 billion Managed Detection and Response market faces an existential threat. This isn’t just vendor jostling — it has deep implications for enterprise IT budgets, private equity-backed investments and even national security.
For years, hyperscalers operated as neutral enablers — providing compute and storage while security vendors built the intelligence layer. But history tells us what happens next. First it was storage, then compute, then databases. Now it is security. The same pattern is unfolding again — and this time, they are not just partners. They are poised to be predators. History is the roadmap — and it shows exactly how they plan to attack and absorb this vulnerable, fragmented security services market.
What was once outsourced — threat detection, endpoint protection, identity access management and data loss prevention — is now being baked directly into the core of their platforms. Embedded, automated and bundled — not sold as a product, but delivered as a feature.
A History Of Partnership — Now Turning Competitive
The original relationship was symbiotic. Security vendors brought innovation, the clouds brought scale. But now that balance has collapsed. The hyperscalers are no longer just competing — they are outpacing.
They are building security into every layer of their platforms — from AI-powered identity controls to default encryption and automated threat intelligence. And because they control the infrastructure, they control the data. They have access to platform-native telemetry, logs and behaviors that no third party can match.
MORE FOR YOU
Google Starts Scanning Your Photos—3 Billion Users Must Now Decide
Google Confirms Gmail Update—How To Keep Your Email Account
NYT Mini Crossword Clues And Answers For Friday, April 25
The use of artificial intelligence gives them yet another advantage — one measured not in features but in speed, integration and insight. While independent providers race to keep up, the clouds are already embedding adaptive security into the very foundation of modern IT.
The MDR Squeeze: Rapid7 As A Case Study
MDR vendors like eSentire, Arctic Wolf, Expel, ReliaQuest and Rapid7 have grown fast by investing in automation and extended detection capabilities. But they are running uphill. These firms must build, market and sell their platforms to survive — all while hyperscalers quietly integrate competing capabilities into enterprise agreements.
Look at Rapid7 — one of the only publicly traded players in this space. In 2024, it reported $844 million in revenue, up 9 percent year over year, with a 19 percent operating margin. But its stock fell 41 percent. Activist investor Jana Partners, holding a 5.8 percent stake, forced board changes and is now demanding a sale or strategic overhaul. Why? Because markets can smell what’s coming — margin compression and disruption from the inside out.
Security Is No Longer A Product — It Is A Cloud Feature
Consider Microsoft Defender, Amazon GuardDuty, Google Chronicle and Microsoft Sentinel. These tools are not sold — they are embedded. They are often activated by default and subsidized through broader infrastructure contracts. They do not need to generate standalone profit — they exist to increase stickiness, lower churn and lock in the customer.
In 2024 alone, Amazon, Microsoft, Google and Meta spent over $250 billion in capital expenditures — much of it directed at embedding AI and security across their platforms. That figure is larger than the entire combined valuation of independent cybersecurity vendors. This is not competition. It is gravitational collapse, and it is exactly what happened in the last decade to smaller infrastructure providers.
AI Is Not Enhancing Security — It Is Redefining It
Artificial intelligence is the core disruptor. Hyperscalers are not merely building smarter tools — they are reinventing the security stack from the inside. AI is being trained on massive datasets, with full access to platform behaviors, identity systems and telemetry that no outsider can replicate.
The result is security that is real-time, adaptive and invisible — not bolted on, but built in. That is not incremental innovation. That is systemic displacement.
Regulatory Alarm Bells Are Ringing
Regulators are waking up, but the question is whether it too late before the damage is done. In April 2025, Google lost its second antitrust case in less than a year. Meta is under scrutiny for monopolistic bundling. The hypercalers strategy is familiar — extend the platform, entrench the offering, exclude the competition.
Cybersecurity is next. When hyperscalers start bundling endpoint detection and response, policy enforcement and threat management into their infrastructure deals — while underpricing or disabling competitive solutions — regulators will ask whether these behaviors mirror the extend-and-entrench tactics already flagged in other sectors.
The questions now on the table in Washington and Brussels:
- Are hyperscalers leveraging infrastructure dominance to dominate cybersecurity?
- Are native tools being self-preferenced at the expense of the ecosystem?
- Is this the same monopolistic pattern we saw in search, social media and online advertising?
Implications For The Ecosystem
This is not just a shift in architecture — it is a realignment of power. As cybersecurity collapses inward into the cloud platform itself, the ripple effects are being felt across the entire ecosystem. Every stakeholder — from service providers to financial sponsors to national defense agencies — must now reassess assumptions, business models and risk profiles.
1. For MSPs and MSSPs:
Managed Service Providers and Managed Security Service Providers built their business models on integrating best-of-breed, third-party cybersecurity tools — layering value through orchestration, visibility and incident response. But that stack is being flattened. Hyperscalers are disintermediating this layer by offering native tools that are cheaper, easier to deploy and pre-integrated with the infrastructure itself.
Margins are under pressure. Many MSSPs rely on licensing arbitrage and volume-based resale models that are collapsing as cloud-native security offerings become bundled and commoditized. According to Canalys, spending on MSSPs is growing at just 8 percent annually — a slowdown from prior years — even as demand for cybersecurity services remains strong. That delta reflects erosion in value capture.
Differentiation is also eroding. When every enterprise workload sits on a platform that already includes threat detection, identity and log correlation, MSSPs must go deeper — into vertical-specific advisory, regulatory mapping, zero-trust strategy and response playbooks. Those that cannot evolve beyond tool management will become expendable.
The next-generation MSSP must pivot away from being a product stack integrator and toward being a trusted advisor. That means investing in proprietary frameworks, industry depth and human-led services that the hyperscalers — by design — cannot replicate.
2. For Private Equity:
The private equity community has invested tens of billions into roll-ups, platform plays and specialty MSSPs under a common thesis: scale drives efficiency, and efficiency drives margins. But when hyperscalers remove the very foundation of third-party tool layers, that thesis begins to unravel.
Multiples are already under pressure. Valuations that assumed sustainable 20 to 30 percent EBITDA on recurring security services may no longer hold. As bundled features reduce the need for outsourced detection or SIEM management, customer stickiness weakens — and churn risk increases.
In several recent transactions, we’ve seen diligence processes stall or valuations renegotiated after cloud-native roadmap reviews showed major overlap with portfolio offerings. Even public market signals are clear — Rapid7’s steep stock price decline, despite revenue growth, reflects investor skepticism on long-term margin durability in this segment.
Sponsors must now re-underwrite portfolios and exit timelines. The path forward lies in pushing platform companies into verticals or service layers that maintain pricing power — compliance-as-a-service, specialized forensics, incident response retainers — rather than assuming the old playbook of bundling tools will survive.
3. For National Security:
There is no margin for error when it comes to national defense. Yet the same hyperscaler platforms that now power enterprise productivity are also hosting some of the most sensitive workloads in the world — from defense contractors and intelligence agencies to critical infrastructure providers. As cybersecurity becomes a native feature of these platforms, we are not just consolidating capabilities — we are consolidating control and amplifying systemic risk.
This introduces a dangerous paradox: the cloud has become both the fortress and the attack surface.
A single breach. A single rogue insider. A single software update gone wrong. That’s all it takes. The consequences could cascade across military logistics, energy grids, transportation systems and real-time battlefield surveillance. This is not a hypothetical scenario. The 2020 SolarWinds breach exposed how deeply embedded vulnerabilities can compromise trusted environments. In 2024, we saw how a single botched CrowdStrike update grounded flights, froze retailers and disabled hospital systems. The next time, it could be a compromised core service — not just a patch — and the damage could be exponential.
Even more concerning is the opacity of the platforms themselves. When detection, prevention and response functions are all owned, operated and monitored by the same cloud provider, transparency disappears. Federal agencies are left with limited visibility and reduced oversight — unable to independently validate the integrity of the systems they now depend on.
At the very moment when national cybersecurity defense should be distributed and resilient, we are centralizing it into a small number of hyperscaler environments. That may be efficient — but it is not safe. And it is certainly not sustainable.
The Window For Action Is Closing
The same fate that befell private cloud hosting companies — disintermediated by the public cloud — now threatens MDR and MSSP vendors. This is not theoretical. This is déjà vu. And it is already underway.
The industry has five years — maybe less — to adapt. That means redefining value, moving up the stack and delivering what the hyperscalers cannot: trust, objectivity, service and independence. If not, the industry will consolidate further — and this time, the collapse will be silent.
This is not just a technology trend. It is a restructuring of the cybersecurity marketplace. And it is happening in real time.
The only question is — will vendors, investors and regulators respond before it is too late?
