South Africa’s cybersecurity infrastructure faces a critical reckoning as AI-powered vulnerability discovery accelerates faster than organisations can respond, leaving the nation dangerously exposed to a new generation of cyberattacks. The warning comes from leading security practitioners who argue that the gap between machine-speed threat identification and human-paced remediation has become the defining vulnerability of our time.
The catalyst for this urgent reassessment is Anthropic’s Claude Mythos model, officially unveiled in early April. The advanced AI system can identify software vulnerabilities in minutes — a capability that fundamentally rewrites the rules of cybersecurity. Yet here’s the problem: according to the Adaptiva State of Patch Management 2025 report, 77% of organisations globally need more than a week to deploy patches. That mismatch between rapid discovery and glacial remediation creates an unprecedented window of exposure.
Armand Kruger, head of cybersecurity at NEC XON, frames this as nothing short of a paradigm shift. He tells us that security must transition from periodic testing cycles to continuous exposure management. “The challenge is no longer finding vulnerabilities,” Kruger explains. “It’s how quickly you can prioritise and remediate them.” This demands a fundamental rethinking of how South African businesses architect their systems — moving away from detection-based security toward defensive design that limits damage when breaches occur.
The honest assessment from industry leaders is sobering: South Africa is not ready. Kruger is blunt on this point, noting that “most organisations still operate on periodic testing models and fragmented tooling, which will struggle in a world of continuous discovery.” Whilst pockets of maturity exist — particularly in financial services — the broader South African market remains unprepared for AI-accelerated cyberattacks.
Phaphani Boya, head of information security and risk at Sanlam, points to recent breaches at government entities as proof that the country is already paying the price. Speaking at a TrendAI customer event in Cape Town last week, Boya argued these compromises are no accident: “As a South African industry, if we were prepared, we wouldn’t have seen that much.” The evidence is written across our national security landscape.
How AI-accelerated cyberattacks are reshaping South Africa’s security landscape
What makes this threat particularly acute is the compression of response timelines. Standard remediation windows of seven to 90 days were already challenging for most organisations. But when an AI system can discover a vulnerability in minutes, that seven-day window becomes the timeframe in which attackers exploit the flaw — not the timeframe in which we fix it. Boya describes this as the new reality every CISO must confront.
Zaheer Ebrahim, solutions engineer at TrendAI AMEA, identifies patching infrastructure as South Africa’s most critical vulnerability point. “Whether in the private sector, public sector, wherever you are, patching is a big problem,” he tells us. His demonstration of an attack against OpenClaw, an open-source AI agent framework, illustrated how easily AI systems can be manipulated through adversarial prompts embedded in routine communications — extracting credentials and compromising systems before anyone realises what happened.
The economics compound the problem. Vulnerability discovery is becoming cheaper thanks to automation, which means organisations now face exploding costs at the remediation end. Kruger’s prescription is radical but necessary: move security into the development lifecycle rather than treating it as a post-production afterthought. This requires architectural thinking, not just better tools.
Boya identifies an opportunity within the threat. If organisations embed AI into their development pipelines early enough — assessing code before compilation, before testing environments — they can catch weaknesses before production deployment. This represents a fundamental inversion: instead of discovering vulnerabilities after damage is done, identify and fix them before they become liabilities.
When asked whether South African CISOs should panic, Kruger resists the word but embraces the sentiment. “Panic is not useful. But urgency is required.” For organisations still clinging to delayed patching cycles and annual audits, his message is unambiguous: this is not a future threat we can postpone. AI-accelerated cyberattacks are an acceleration of what is already happening, and South Africa’s vulnerability window is closing fast.