Absa Group is gearing up for a new era of cyber defence, with the bank planning to use AI-powered “super agents” to hunt for weaknesses in its own systems and cut the time it takes to patch them. The move comes as South Africa’s lenders confront a rapidly changing threat landscape shaped by frontier AI models that can identify and exploit software flaws at a pace that would have been unimaginable only a few years ago.
That warning comes directly from Johnson Idesoh, Absa Group chief information and technology officer, who says the bank is preparing for a world in which attackers may have access to tools once reserved for the most sophisticated state-backed cyber operations. Speaking on TechCentral’s Meet the CIO podcast, in an interview due to be published next week, Idesoh said Absa is already thinking hard about how to stay ahead.
“The answer I give to our board and to our executive is we will use AI to counter adversaries who use AI,” Idesoh said. “Essentially we will have super agents that use the same technology to do the scanning and vulnerability management ourselves. And then of course, the rate at which a company like ourselves patches these vulnerabilities is also going to have to increase.”
For a major South African bank to speak so openly about this shift is significant. It is one of the clearest public indications yet that local financial institutions are moving beyond the traditional cyber model of human-led monitoring and slower patch cycles. Instead, they are preparing for a race in which machines will increasingly be deployed to find and fix weaknesses before criminals can weaponise them.
The timing matters. Anthropic, the company behind the model named Mythos, announced it on 7 April and said the system’s offensive cybersecurity abilities were too dangerous to release widely to the public. Rather than roll it out broadly, the company previewed it to about 40 organisations under a closed initiative called Project Glasswing. Those organisations reportedly included Amazon, Apple, Microsoft, Google, JPMorgan Chase and the Linux Foundation.
The concern is not theoretical. According to reports from pre-release testing, Mythos has been credited with uncovering thousands of previously unknown zero-day vulnerabilities across major operating systems and web browsers. That kind of capability is exactly what has alarmed security teams, because zero-day flaws are the sort of weaknesses that can be exploited before software makers even know they exist.
Absa Group’s AI-driven cyber defence strategy
Idesoh confirmed that Absa has engaged directly with Anthropic and with other members of the Glasswing consortium, and said the issue is now being discussed at board level. That puts the bank among a growing number of global financial institutions treating frontier AI not just as a productivity tool, but as a serious security and governance challenge.
The broader implication is that banks may need to use AI in both directions: to support customer service and internal operations on one side, and to defend against AI-enhanced attacks on the other. In practical terms, that means automated scanning of code, quicker identification of vulnerabilities, faster remediation processes and tighter oversight of systems that can act with a degree of autonomy.
As we reported earlier, the banking sector’s fear is that agentic AI systems could dramatically lower the technical skill required to launch highly targeted attacks. What once demanded deep expertise and significant resources may soon be available to a far wider pool of criminals, including opportunistic fraudsters and organised syndicates.
That risk is especially relevant in South Africa, where digital banking is widely used and fraud attempts continue to rise. According to the SA Banking Risk Information Centre, digital banking fraud losses rose 74% in 2024 to about R1.9-billion. That figure was recorded before frontier AI tools had fully begun to reshape the offensive toolkit available to criminals.
For Absa and its peers, the challenge is no longer only about responding to known threats. It is about anticipating what happens when attackers can test systems at machine speed, probe for weaknesses continuously and adapt in real time. In that environment, traditional security controls on their own may no longer be enough.
There are signs the local banking industry is already moving in that direction. Capitec, in its 2026 integrated report, said its AI-driven fraud models had blocked more than 131 000 fraudulent beneficiaries, stopped more than 394 000 scam payments and prevented roughly R673-million in customer losses. The bank also elevated model risk management to a tier-1 risk and listed AI black-box and agentic AI risks among its emerging concerns.
Those numbers show just how embedded AI has become in financial crime prevention. But they also underline the pressure on banks to keep upgrading their defensive capabilities as criminal methods evolve. If AI can help detect scams faster, it can also help attackers scale up their operations and improve the success rate of phishing, credential theft and system exploitation.
For Absa, the strategy appears to be to meet that threat head-on with equally advanced tools. The idea of “super agents” scanning for vulnerabilities is more than just a buzz phrase. It points to a future in which security teams are likely to work alongside AI systems that continuously test infrastructure, prioritise risks and accelerate response times.
That will not remove human oversight. If anything, it makes governance more important. Banks will still need specialists to validate alerts, approve fixes and make sure automated systems do not create new blind spots. But the direction of travel is clear: the institutions with the fastest and smartest defences will be the ones best placed to absorb the next wave of cyber pressure.
The conversation around Absa Group’s AI-powered “super agents” also reflects a broader reality facing South African business. Frontier AI is no longer a distant Silicon Valley talking point. It is already influencing boardroom decisions, security budgets and risk frameworks in sectors where trust, data protection and uptime are everything.
The full Meet the CIO interview with Johnson Idesoh, presented by NTT Data, is due next week. For now, his message is simple: as cybercriminals get better tools, banks will have to fight back with the same kind of intelligence, speed and automation.