South African organisations are still struggling to patch ordinary systems on time, and now AI agents are set to make that weakness far more dangerous. That is the stark warning from Zaheer Ebrahim, solutions architect at TrendAI AMEA, who says local businesses and government departments are already failing at one of cybersecurity’s most basic disciplines.
Speaking at a recent TrendAI event in Cape Town, Ebrahim told us the patching problem is not a marginal issue or a niche IT gripe. It is, in his words, a systemic failure that cuts across the private sector and the public sector alike.
“Our patching is a big, big problem. Whether in the private sector, public sector, wherever you are, patching is a big problem,” he said. “You bring up that word in any organisation, it’s a swear word.”
That kind of resistance, he stressed, is not necessarily due to laziness or indifference. In many cases, organisations are afraid that installing a patch, then rebooting a system, could break another part of the environment. The result is familiar to anyone following South Africa’s cyber risk landscape: known vulnerabilities stay open for far too long, sometimes for weeks or even months.
The issue matters even more now because enterprise adoption of AI is moving faster than most security teams can monitor. Ebrahim’s concern is simple and uncomfortable: if organisations cannot patch traditional infrastructure quickly, how are they expected to secure the new generation of autonomous tools now being introduced into business workflows?
“If our organisations can’t get patching done correctly at a speedy rate, how fast are they going to be able to patch an agentic AI agent that lives in the organisation?” he asked.
AI agents are not just chatbots with a nicer interface. They are software systems that can read e-mails, access data and carry out actions on behalf of users, often with minimal human supervision. That makes them attractive to companies looking to save time and cut admin, but it also broadens the attack surface in ways many boards still do not fully understand.
A March 2026 TrendAI study found that 67% of organisations feel pressure to approve AI tools despite security concerns. That statistic captures the mood in many boardrooms: the rush to innovate is real, but so is the fear of being left behind.
Why patching AI agents in South Africa is becoming a cybersecurity flashpoint
The warning is especially relevant in South Africa because our public-sector cyber resilience is already under strain. The Auditor-General of South Africa’s 2024/2025 consolidated report on national and provincial audit outcomes found that 45 of 70 assessed government entities showed notable weaknesses in their cybersecurity posture. Among the most common problems was the lack of proper vulnerability management tools.
That matters because patching is only one part of the broader security lifecycle. If an organisation cannot identify vulnerabilities, prioritise them and apply fixes at speed, the environment becomes a sitting target. Ebrahim’s point is that AI agents will inherit those same structural weaknesses unless companies change how they manage software, identities and oversight.
To illustrate the risk, TrendAI ran a simulation using OpenClaw, an open-source autonomous AI agent platform. In the test, an AI agent processed an incoming e-mail and followed instructions hidden inside the message without the user noticing. In other words, the attack worked without malware in the traditional sense and without the kind of obvious user interaction people often expect in phishing cases.
“That is the level of where we are,” Ebrahim said.
That example should concern any South African enterprise experimenting with autonomous workflows. Once an AI agent has access to inboxes, internal systems or documents, the old boundaries between data entry, human approval and automated action begin to blur. A maliciously crafted message can potentially influence behaviour in ways that are subtle, fast and hard to trace.
The accountability question is another major headache. Ebrahim noted that most large South African organisations do not yet have a chief AI officer. That means if something goes wrong, the blame usually lands on the CIO or the chief information security officer — even if neither person has full visibility over every AI agent running inside the environment.
“Between a CIO and a CISO, somebody needs to take accountability,” he said.
That gap is not unique to South Africa, but it is especially concerning here because many organisations are already operating with lean security teams and legacy systems. As we have reported before, businesses often adopt new technology faster than they strengthen controls around identity, access and patching. The arrival of agentic AI raises the stakes considerably.
Global threat intelligence is pointing in the same direction. CrowdStrike’s 2025 Global Threat Report says attackers are increasingly going after identity infrastructure and software supply chains, largely because enterprises still lack clear visibility into what is running in their environments. Meanwhile, Palo Alto Networks Unit 42’s 2026 Global Incident Response Report shows attack timelines are shrinking fast, with the fastest incidents moving from initial access to data theft in about 72 minutes.
That speed makes delayed patching even more dangerous. If a vulnerability is left exposed for days or weeks, attackers may not need advanced tools at all. They simply need time, and many organisations are handing it to them.
Ebrahim’s advice is, in some ways, unglamorous — but it is exactly the sort of message South African businesses need to hear. He says the answer is to get the fundamentals right before layering on more complex AI systems.
“We need to get the basics done properly to be able to make sure that those AI agents are patched as quickly as possible,” he said.
For South Africa’s private and public sectors, that means treating patch management as a core business function, not an annoying IT task to be deferred until next quarter. It also means putting proper governance around AI adoption before autonomous tools are given broad access to sensitive systems.
The headline warning here is clear: AI agents will not fix weak cybersecurity hygiene — they will expose it faster. If South African organisations are already struggling with patching today, the arrival of agentic AI could turn an old problem into a far more serious operational and security crisis.