WatchGuard CloudDR detects compromised identities and 'shadow‑AI' activity across MSP customers

Cloud security is turning into an MSP problem fast — and not in the old firewall-and-endpoint way. The weak spots now are SaaS logins, OAuth connections, bad tenant settings, and employees quietly wiring AI tools into company workflows. That mix is hard to see and even harder to manage across dozens or hundreds of customers. WatchGuard’s move this week was to buy Perimeters.io and ship a new service, CloudDR, on May 6, 2026, aimed squarely at that gap. (watchguard.com) ### What actually launched? WatchGuard announced two things at once: the acquisition of Perimeters.io and the availability of WatchGuard Cloud Detection and Response, or CloudDR. The point is not just another cloud dashboard. CloudDR is pitched as a multi-tenant service for MSPs that continuously discovers cloud risks, detects suspicious identity activity, and automates response actions across customer environments. (watchguard.com) ### Why is identity the center of this? Because a lot of cloud breaches do not start with malware landing on a laptop. They start with a valid account, a stolen token, a risky OAuth grant, or an overprivileged user logging into the right service. WatchGuard’s own framing is blunt — attackers often do not hack in(watchguard.com)ore they turn into a bigger incident. (watchguard.com) ### Where does “shadow AI” fit in? Basically, shadow AI is the cloud-era cousin of shadow IT. Employees connect unsanctioned AI tools, browser plugins, or SaaS integrations to company data without security teams really tracking it. WatchGuard is treating that as a first-class risk, not a side note. CloudDR says it can discover unknown cloud apps, risky AI tools, and unmanaged integrations, then help MSPs revoke dangerous access in bulk. (watchguard.com) ### Why are misconfigurations such a big deal? Because bad settings are boring right up until they become the breach. A tenant with weak sharing rules, loose admin roles, stale external access, or drifted security settings can stay exposed for months without tripping a loud alarm. CloudDR’s second big promise is(watchguard.com)one-off audits. (watchguard.com) ### Why does this matter specifically for MSPs? MSPs usually end up stuck between two bad choices. They either use the native tools inside Microsoft 365 or Google Workspace and live with the blind spots, or they stitch together separate tools for identity, SaaS visibility, and configuration review. That means multiple consoles, disconnected alerts, an(watchguard.com)workflow with centralized visibility and bulk actions across tenants. (watchguard.com) ### How broad is the first release? The initial release went live on May 6, 2026. WatchGuard says CloudDR supports more than 40 applications at launch, including Microsoft 365, Google Workspace, Salesforce, HubSpot, ConnectWise, Jira, and OpenAI. That matters because the risk is not sitting in one cloud stack anymore — it is spread across the messy app layer where users actually work. (watchguard.com) ### Is this just WatchGuard’s story? Not really. The broader cloud-security world is moving the same way. CSA is pushing AI governance frameworks and warning that shadow AI and AI-agent incidents are becoming common while governance lags. So WatchGuard’s pitch lands in a market that is already shifting from “protect the endpoint” to “govern the identity, app, and AI layer too.” (cloudsecurityalliance.org) ### Bottom line? The interesting part is not that WatchGuard added another security product. It is that the company is betting the next MSP security battle sits above the network — in identities, SaaS settings, and unsanctioned AI use. If that read is right, CloudDR is less a feature launch than a sign of where managed security is heading next. (watchguard.com)tersio-scale-cloud-security-msps))