Knightscope
By William Santana Li
Founder, Chairman and CEO, Knightscope, Inc. (NASDAQ: KSCP)
| LinkedIn |
Two executives sit down the hall from each other. One signs a single recurring contract that covers detection, monitoring, incident response, executive reporting, and regulatory compliance. One contract. One platform. One escalation owner. When something goes wrong at 3 AM, one phone rings.
The other manages eight to twelve vendors. Guards from one company. Cameras from another. Access control from a third. Central station monitoring from a fourth. Patrol robots from a fifth. Investigations and forensics from a sixth. When something goes wrong at 3 AM, the phone tree starts.
Same enterprise. Same board. Increasingly, the same threat surface. Two completely different operating models. The first is the Chief Information Security Officer (CISO). The second is the Chief Security Officer (CSO). Why is the CSO a second-class citizen?
This is the asymmetry that has defined physical security for the last thirty years. It is no longer defensible.
The model the CISO already has
A generation ago, the cybersecurity industry looked the way physical security looks today. Enterprises bought firewalls from one vendor, intrusion detection from another, SOC services from a third, incident response from a fourth, and stitched the stack together internally. The architecture was fragmented. Accountability was diffuse. Outcomes were inconsistent.
The market solution was the Managed Service Provider (MSP) and its security-focused counterpart, the Managed Security Service Provider (MSSP). The model is mature, well-documented, and standard in every Fortune 500. Per Gartner and Forrester architecture conventions, a modern cybersecurity MSP delivers across five integrated layers: an Endpoint and Asset layer that generates telemetry; a Detection and Telemetry layer that correlates and prioritizes it; a Security Operations Center (SOC) staffed in tiers; an Incident Response function that contains and recovers; and a Governance, Risk, and Compliance layer that closes the loop with the board.
The defining feature is not any single layer. It is the integration. One contract. One escalation owner. One accountable party when the audit committee asks the only question that matters: what are we getting for the money?
This pattern is not unique to cyber
The MSP model is not a peculiarity of IT. It is how mature, complex, mission-critical operating functions get delivered at scale across the modern enterprise:
-
Integrated Facilities Management – JLL, CBRE, ISS, Sodexo. Buildings, cleaning, food service, maintenance, even security, bundled under one prime contractor.
-
Third-Party Logistics – UPS Supply Chain, DHL, XPO. End-to-end logistics outsourced to a single operator.
-
HR BPO and PEO – ADP, TriNet. Payroll, benefits, compliance, and employment liability transferred to a specialist.
-
Power-by-the-Hour –Rolls-Royce TotalCare. Caterpillar. Airlines pay per flight hour. The vendor owns the asset, the maintenance, and the outcome.
-
Defense LOGCAP – KBR, Leidos. Entire forward-operating-base operations delivered under a single prime contract.
-
Healthcare Revenue Cycle Management – R1, Conifer. End-to-end revenue cycle with regulatory complexity bundled in.
The pattern is consistent. As enterprise functions grow more complex, more regulated, and more consequential, buyers move from point solutions to integrated, outcome-based services. Every function except physical security.
Why physical security never developed its MSP
There are reasons the model did not emerge organically.
The industry grew up in vertical silos. Guard firms became guard firms. Camera vendors became camera vendors. Central stations became central stations. Robotics and AI arrived in the last decade as yet another silo. Each layer optimized for its own margin, its own scope of work, and its own narrow accountability. None was structurally equipped to own the outcome end-to-end.
The CSO has been the system integrator by default – and not what they spent their respective careers training to do. When something breaks, the CSO is the one stitching together the vendors, harmonizing the protocols, reconciling the dashboards, owning the liability, and explaining the result to the board. It is a structural defect, not a personal one.
It is also expensive. Multi-vendor architectures generate redundant headcount, inconsistent service levels, capability gaps at the seams, slower response times, and outcomes that are persistently difficult to measure. The labor model behind traditional guarding – high turnover, thin margins, undertrained officers – is breaking down at exactly the moment enterprises are being asked to demonstrate measurable security outcomes to their boards, regulators, and insurers.
The market has been waiting for an integrated operating model in physical security. Until now, it did not exist.
The architecture of an actual physical-security MSP
Knightscope is building the nation’s first Autonomous Security Force (ASF) – a Managed Service Provider to deliver physical security in one integrated and orchestrated manner. Structurally, it maps onto the cybersecurity MSP framework, organized across three coordinated layers and a seven-level escalation model.
Autonomous Layer – the always-on detection and deterrence backbone, the structural equivalent of the Endpoint and Detection layers of a cyber MSP.
-
Level 1 – Autonomous Detection. Autonomous Security Robots and connected sensors capture and classify activity 24/7.
-
Level 2 – AI Agents. Software filters noise, suppresses false positives, and auto-resolves routine events. Direct analog to SIEM and AI-driven alert suppression.
-
Level 3 – Orchestrated Autonomy. Machines and AI coordinate without human intervention – repositioning assets, cueing cameras, issuing automated warnings.
Remote Command Layer – the 24/7 human command function, operating from the Risk and Threat Exposure (RTX) center, the structural equivalent of the SOC.
-
Level 4 – RTX Analyst. Human verification, incident documentation, controlled intervention. Tier 1 / Tier 2 SOC equivalent.
-
Level 5 – RTX Supervisor. Risk assessment, escalation authority, command-level decisions. Tier 3 SOC equivalent.
Physical Response Layer – kinetic, on-the-ground response, the structural analog to incident response.
-
Level 6 – Augmented Security Agent (ASA). Licensed officers, armed or unarmed, supported by live machine intelligence and the RTX team. The cyber analog is the IR specialist. The physical reality is a sworn human on the ground.
-
Level 7 – Law Enforcement Engagement. Public authority engaged once the legal threshold is met.
One Team. One Contract. One Accountable Force.
The model is not designed to replace human security. It is designed to orchestrate human, machine, and AI capability under a single operating system – the architectural principle that made the MSP a default standard in enterprise IT for the last two decades.
What this changes for the CSO
The implications run further than vendor consolidation.
Accountability becomes contractually unified. The 3 AM phone call rings once.
Liability shifts. Just as PEOs transferred employment risk and IFM contracts transferred facility risk, an integrated physical-security operator absorbs liability across the response chain. The CSO stops carrying the seams.
Outcomes become measurable. Multi-vendor architectures generate dashboards. Integrated operators generate outcomes – response times, deterrence effects, audit-ready documentation, and executive reporting on a cadence the board can act on.
Talent strain becomes the vendor’s problem. The fragile labor model breaking the traditional guard industry is no longer the buyer’s problem to solve.
The CSO walks into the boardroom with the same operating model the CISO has. A quiet, important, long-overdue equivalence. Promoted to a first-class citizen where a CSO belongs.
Closing the thirty-year gap
The traditional MSP solved the digital perimeter. Its architecture, accountability model, and recurring-revenue economics are mature, well-understood, and accepted by every serious enterprise buyer.
The ASF model takes that proven framework and extends it to the physical perimeter – closing the longstanding gap between “the network is secure” and “the site is secure.”
For the executive responsible for both, this is no longer an analogy. It is the operating model the physical security industry has needed for thirty years.