Cybersecurity experts warn South African organisations may have just three to five months to prepare for a new wave of AI driven cyberattacks.
Image: IOL / Ron AI
South African organisations may have only a few months to strengthen their cyber defences as a new generation of advanced artificial intelligence models dramatically accelerates the speed and scale of cyberattacks.
The warning comes as global cybersecurity leaders report that frontier AI systems are now capable of identifying software vulnerabilities at a level comparable to all but the most skilled human security experts, fundamentally changing the threat landscape for businesses worldwide.
The shift was highlighted following the development of Mythos, a powerful AI model created by Anthropic to identify critical software security flaws.
The model demonstrated such advanced capabilities that it was not released publicly. Instead, Anthropic launched Project Glasswing, a restricted access initiative that allows a select group of technology companies to test and strengthen their security systems before the technology becomes more widely available.
Among the companies participating in the programme is Palo Alto Networks, which has also expanded its testing to include Anthropic's Claude Opus 4.7 and OpenAI's GPT 5.5 Cyber.
According to Justin Lee, Regional Vice President for Sub Saharan Africa at Palo Alto Networks, the results have been eye opening.
According to Justin Lee, Regional Vice President for Sub Saharan Africa at Palo Alto Networks
Image: Supplied.
"A key question in the weeks following Mythos' announcement was whether the industry was overstating the model's capabilities. We were not. If anything, these models are more capable than first understood," said Lee.
"We have moved from a world where AI assists attackers to one where AI can drive attacks autonomously, and the pace of change means traditional security approaches need to evolve quickly. We estimate a three to five month window for organisations to get ahead of attackers before AI driven exploits become more widespread."
The findings reveal a dramatic increase in the speed at which vulnerabilities can be identified.
Testing that traditionally took a year can now be completed in a matter of days. During recent security assessments, frontier AI models identified 75 security flaws across 26 vulnerabilities, significantly higher than the typical monthly average of fewer than five findings.
For South Africa, the implications are particularly significant.
The country ranked among the world's top 20 nations for cybercrime complaints in 2025, while global cybercrime losses surged to a record $20.8 billion.
At the same time, South Africa has emerged as Africa's leading AI economy, with adoption rates rising from 21.1% in the second half of 2025 to 23.1% in the first quarter of 2026.
While increased AI adoption offers substantial economic and productivity benefits, it also expands potential attack surfaces if cybersecurity measures fail to keep pace.
"South African businesses have shown real resilience in the face of a difficult threat landscape, but AI driven attack capability changes the economics for attackers," said Lee.
"What once required skill, time and resources can now be done faster, more cheaply and at greater scale. We need to match that shift with equally modern defences."
To help organisations prepare, Palo Alto Networks has outlined four key priorities.
The first is proactively identifying and fixing vulnerabilities before cybercriminals can exploit them. Businesses are being encouraged to use AI tools to scan their own software and code, as well as third party applications, for potential weaknesses.
The second priority is reducing exposure by understanding and managing attack surfaces. Organisations need clear visibility of their digital assets and the risks associated with them.
The third focus area is ensuring security systems are capable of defending against increasingly sophisticated threats. This includes implementing layered protections and adopting zero trust principles where no user or device is trusted by default.
The fourth priority is improving response capabilities. As AI powered attacks can unfold within minutes, security teams need tools capable of detecting and responding at similar speed, often through automation and integrated security platforms.
Lee believes the industry has already entered a new era of cybersecurity.
"The shift to AI driven attacks is not a future scenario. It is already underway. Organisations that move quickly to understand their exposure and put the right protections in place will be best positioned for what comes next," he said.
As businesses continue embracing AI technologies to drive growth and innovation, cybersecurity experts warn that the same technologies are rapidly becoming powerful tools for cybercriminals. The challenge for organisations now is ensuring their security capabilities evolve just as quickly as the threats they face.
Follow Business Report on Facebook, X and on LinkedIn for the latest Business and tech news.