June 9, 2026

Why MSPs Need a VCAIO (Not Just a VCISO) for AI Risk

This article has been written by Tim Hickle

The Virtual CISO (vCISO) and Virtual Chief AI Officer (VCAIO) are adjacent roles, not duplicate ones. The vCISO owns enterprise security posture and compliance frameworks. The VCAIO owns AI-specific governance — acceptable use, shadow AI, data classification for AI use, and the AI Policy. Where they overlap (data classification, sensitivity labels, identity for Copilot), the two coordinate. The VCAIO does not write the security program. The VCISO does not write the AI roadmap. Both report to the same executive sponsor on shared concerns. 


Why MSPs Need a VCAIO and a VCISO to Sell AI Risk 

For MSPs, the VCISO/VCAIO boundary is one of the most commercially important distinctions in the 2026 channel. Drawing it correctly lets MSPs sell both practices in the same client without scope confusion. Drawing it incorrectly — collapsing AI into the vCISO motion — leaves significant revenue on the table and shortchanges the client's AI program. 


What the vCISO owns: 


  • Enterprise security posture. Risk frameworks, control catalogs, audit readiness. 
  • Compliance frameworks. SOC 2, HIPAA, PCI, ISO 27001, NIST CSF, state privacy laws. 
  • Incident response strategy. Breach detection, escalation paths, regulatory notification. 
  • Vendor risk. Third-party assessments, contract review for security clauses. 
  • Identity and access posture. MFA, conditional access, privileged access management. 


What the VCAIO owns: 


  • AI strategy. Roadmap, use case sequencing, Maturity Score. 
  • AI governance. AUP authoring and enforcement, shadow AI inventory, data classification for AI use. 
  • AI adoption and absorption. Training, manager modeling, Council facilitation. 
  • AI observability. Active users, agent invocations, observability vs. survey alignment. 
  • AI-specific incident response. Coordination with VCISO on overlap, but VCAIO leads on AI-specific incidents (model hallucination, prompt injection, data leakage into AI tools). 


Where they overlap: 


  • Data classification. Both roles use sensitivity labels. The VCISO sets the classification scheme; the VCAIO applies it to AI use. 
  • Conditional access for Copilot. Both roles coordinate on Copilot identity and access policies. 
  • Shadow AI as a security exposure. The VCAIO leads on AI-tool inventory; the VCISO advises on the broader exposure surface. 
  • Compliance with AI-specific regulation. EU AI Act, NIST AI RMF, state-level AI disclosure laws — joint workstream. 


The commercial logic for MSPs: a client paying for a vCISO retainer does not have an AI strategist in the relationship. The VCAIO sells separately. Most SMB AI risk — the AUP, shadow AI, the use case roadmap, the manager-modeling effect — falls in the VCAIO's lane, not the vCISO's. An MSP that sells only vCISO is missing the AI-side practice. 


How SMBs Recognize the VCAIO vs. VCISO Boundary in Their Own AI Risk 

For SMB executives, the VCISO/VCAIO question shows up as a buying decision: *we have a vCISO. Do we also need a VCAIO?* The honest answer for most SMBs in 2026 is yes — because the two roles are adjacent, not duplicate. 

The fastest test: 


  • Who at our MSP owns our AUP? If the answer is the vCISO, the AUP is probably under-developed because the vCISO's focus is broader security posture. The VCAIO is the dedicated owner. 
  • Who runs our Monthly AI Council? The vCISO doesn't run AI Councils. The VCAIO does. 
  • Who tracks our AI Maturity Score? Not the vCISO. The VCAIO. 
  • Who decides which Copilot use cases we ship next? Not the vCISO. The VCAIO. 
  • Who responds when ChatGPT shows up on the network without authorization? Joint — the VCISO on the security exposure, the VCAIO on the AUP and adoption response. 


If your vCISO is trying to cover the AI lane, the practice is likely thin in both directions. The vCISO motion gets diluted; the AI motion never gets the dedicated strategist it requires. The fix is naming both roles. 


How Lemhi Formalizes the VCAIO/VCISO Boundary for MSP Delivery 

Lemhi formalizes the VCISO/VCAIO boundary inside the platform so MSPs can sell and deliver both motions without scope confusion. 


  • Authority-level charter. The Phase 0 engagement charter explicitly maps VCAIO authority (operational, tactical, strategic) and identifies the VCISO coordination points. 
  • Joint governance workstream. The platform supports shared work on data classification, conditional access, and AI-specific compliance — without overlap or duplication. 
  • Council and QBR coordination. The vCISO can attend the Monthly AI Council as a contributor when security topics are on the agenda. The VCAIO can present in the security QBR when AI-specific findings warrant it. Neither role assumes ownership of the other's domain. 
  • PSA integration. Technical remediation findings — whether they originate from the Continuous Scanner (VCAIO) or the vCISO assessment — flow to the same PSA queue, sequenced by impact. 
  • Career path clarity. Lemhi defines distinct competency profiles for VCAIOs and VCISOs, so MSPs can hire and develop for each role specifically. 
  • 

Selling both motions is the MIP strategy. Selling neither, or collapsing them, is how MSPs leave revenue and client value on the table. 


Field Notes

Build the AI service line your clients are already asking for.

Every week, we send practical guidance for MSPs turning AI from scattered conversations into a repeatable managed service. No hype. No generic AI takes. Just the operating playbook.

AI Transformation as a Service VCAIO playbooks MSP-ready sales motions
Subscribe to Field Notes

For MSP leaders building the next recurring revenue category.

Frequently Asked Questions

vCISO vs. VCAIO FAQ

Practical answers for MSPs defining the boundary between security leadership and AI governance, including AUP ownership, shadow AI, Copilot controls, incidents, and QBR responsibilities.

What's the difference between a vCISO and a VCAIO?

The vCISO owns enterprise security posture and compliance frameworks. The VCAIO owns AI-specific governance, including AUP, shadow AI, data classification for AI use, and AI Council facilitation. They coordinate where they overlap.

Can the same person hold both roles?

It is possible at small MSPs, but not recommended at scale. The skill sets overlap, especially executive presence and governance literacy, but the depth required in AI use case judgment, change management, and AI observability is its own competency.

Does the VCAIO replace the vCISO?

No. The VCAIO is an adjacent practice, not a replacement. Most SMBs need both.

What AI risks fall in the vCISO lane?

The vCISO owns the broader security posture impact of AI tools, including network exposure, identity risk, vendor risk, compliance framework alignment, and incident response strategy for AI-related breaches.

What AI risks fall in the VCAIO lane?

The VCAIO owns AUP authoring and enforcement, shadow AI inventory, data classification for AI use, AI Council decisions, and AI-specific incident response such as hallucination, prompt injection, and data leakage to AI tools.

How do the two roles coordinate?

The two roles coordinate through joint workstreams on data classification, conditional access for Copilot, shadow AI as a security exposure, and AI-specific regulation. Both report to the same executive sponsor on shared concerns.

Where does shadow AI fall: vCISO or VCAIO?

The VCAIO leads on AI-tool inventory and AUP-level response. The vCISO advises on the broader exposure surface. The Monthly AI Council coordinates the response.

Who owns the AUP?

The VCAIO owns the AUP. The vCISO may review for security-clause alignment, but the AUP is an AI-specific governance artifact authored and enforced by the VCAIO.

Who owns Copilot conditional access policy?

Ownership is joint. Conditional access is a vCISO control surface, while the VCAIO defines the AI-specific data-handling requirements that shape the policy.

What happens when an AI incident occurs?

The VCAIO leads on AI-specific aspects such as AUP violation, model behavior, and AI tool data exposure. The vCISO leads on broader breach response. Both report to the executive sponsor.

Does the EU AI Act fall in the vCISO or VCAIO lane?

It is joint. The VCAIO maps AI-specific obligations to internal practice, and the vCISO maps compliance framework integration.

How does the VCAIO fit alongside the vCIO?

The vCIO owns IT strategy, and the VCAIO owns AI strategy. They coordinate because AI adoption depends on IT infrastructure. The vCIO is not the VCAIO's substitute.

Should an MSP sell vCISO and VCAIO as bundled retainers?

They can. Most MSPs find that bundling improves capture, but separating the named roles keeps accountability clear. The VCAIO and vCISO are distinct contacts even when retainers are bundled.

What's the typical price difference between vCISO and VCAIO retainers?

The retainers are comparable. Both reflect roughly 8–12 dedicated hours per month at full-Council or full-engagement size. Compass-style VCAIO engagements are lighter and lower priced.

How does the VCAIO/vCISO boundary affect the QBR?

Each role typically presents in the QBR. The vCISO reports on security posture and compliance, while the VCAIO reports on AI maturity and ROI. The 10–15 minute AI Segment is the VCAIO's standard QBR allocation.

Where can I learn more?

Lemhi publishes the VCAIO/vCISO boundary document, the authority-level charter, and the joint governance workstream guidance as part of the TaaS framework. Sign up for Field Notes to get the weekly playbook.

The MAGIC Framework

Scale AI transformation across your entire book of business.

Most MSPs are stuck selling AI as scattered projects, Copilot rollouts, or one-off workshops. The MAGIC Framework gives you a repeatable path to package, sell, deliver, and manage AI Transformation as a Service across your client base.

Map the opportunity Align the business Govern the rollout Implement the roadmap Continuously prove value
See the MAGIC Framework

For MSPs ready to turn AI demand into a managed service motion.

< Older Post

Newer Post >