Business Report Economy

South African firms urged to rethink cyber security as AI accelerates attacks

ARTIFICIAL INTELLIGENCE

Ashley Lechman|Published
As AI capabilities continue to evolve, experts warned that South African companies cannot rely on regulation alone and must invest in continuous cyber defence.

As AI capabilities continue to evolve, experts warned that South African companies cannot rely on regulation alone and must invest in continuous cyber defence.

Image: Supplied

The temporary suspension of some of the world's most advanced artificial intelligence models may have reassured many business leaders, but cyber security experts warned that restricting access to powerful AI is no substitute for strengthening cyber defences.

Richard Ford, Group Chief Technology Officer at Integrity360, said South African organisations should focus less on whether advanced AI models are available and more on the capabilities they have already demonstrated.

His comments followed the United States government's decision in June to suspend worldwide access to Anthropic's Fable 5 and Mythos 5 artificial intelligence models on national security grounds. Access to Fable 5 was restored on 1 July after export controls were lifted and new safeguards were introduced.

Ford said the brief suspension should not create a false sense of security.

"The instinctive response is to see a ban as containment, but for business leaders, that's the wrong conclusion to draw," Ford said.

"Even though a hosted model can be disabled, a demonstrated technological capacity cannot be recalled. Metaphorically speaking, genies can't be put back in bottles."

The warning came after Anthropic's own red team documented that its Mythos Preview model was capable of independently identifying and exploiting previously unknown software vulnerabilities.

One of the most significant findings involved a 27 year old vulnerability in OpenBSD, an operating system widely regarded as one of the most secure in the world. The AI model was able to identify the flaw and develop a working exploit with no human intervention beyond the initial prompt.

Perhaps more concerning was the cost.

According to Integrity360, a single vulnerability discovery run cost less than $50, while conducting 1 000 automated searches across a codebase cost less than $20 000. Ford said this dramatically lowers the barrier for cyber criminals.

For South African organisations, the greatest challenge lies in the time required to patch vulnerabilities once they are discovered.

Globally, companies typically take between 30 and 90 days to test and deploy software patches. That timeframe is often even longer in South Africa because of ongoing cyber security skills shortages.

The World Economic Forum's Global Cybersecurity Outlook 2026 found that 70% of chief executive officers in sub Saharan Africa reported that their organisations lacked the cyber security skills needed to meet current security objectives, representing the largest skills gap of any region.

Ford warned that attackers operating at machine speed fundamentally change the risk landscape.

"The ransomware operators that have already disrupted South African public enterprises and financial institutions will not hesitate to use them, automating the hunt for weak points across thousands of local networks at once," he said.

He added that artificial intelligence has effectively removed one of the biggest barriers previously limiting cyber criminals.

"AI strips out the technical resource barrier that once limited these groups, which makes the traditional model of vulnerability management obsolete."

Ford said the threat extended well beyond individual organisations because businesses increasingly rely on suppliers, municipalities and public sector entities that often have fewer cyber security resources and longer patching cycles.

He believes organisations need to move away from periodic security assessments towards continuous monitoring of their digital environments.

Integrity360 recommends Continuous Threat Exposure Management, which constantly evaluates vulnerabilities and prioritises the most critical risks, alongside Managed Detection and Response services and real time threat intelligence.

Ford said cyber resilience should no longer be viewed as solely an information technology responsibility.

"For South African executives, continuous exposure management is becoming a fiduciary duty on many levels," he said.

While regulation remains important, Ford warned that organisations cannot rely on government intervention or restrictions on advanced AI models to protect them from increasingly sophisticated cyber attacks.

He said businesses must instead focus on reducing the time between identifying vulnerabilities and responding to threats.

"Machine speed exploitation is already live in the wild, and the durable answer is to build detection and response that matches the adversary's tempo, then work to shrink the exposure window before the breach that eventually arrives."

Follow Business Report on Facebook, X and on LinkedIn for the latest Business and tech news.

BUSINESS REPORT