US artificial intelligence firm Anthropic, the company behind the Claude AI model family, officially announced Claude Mythos Preview on 7 April, confirming it as a step-change model that poses what the company calls unprecedented cybersecurity risks.
The model’s existence first emerged in late March through a content management system misconfiguration that exposed around 3 000 draft blog posts, including one describing the new model.
According to Anthropic’s red-team documentation, the model – developed under the internal codename Capybara – can identify software vulnerabilities in minutes. The Adaptiva State of Patch Management 2025 report, by contrast, found that 77% of organisations globally need more than a week to deploy patches.
That gap – between automated discovery and human-paced remediation – is one three cybersecurity practitioners told TechCentral South Africa is not ready for.
Armand Kruger, head of cybersecurity at NEC XON, said the shift changes the entire basis of how organisations must approach software security.
“It fundamentally shifts security from periodic assurance to continuous exposure management,” Kruger said. “The challenge is no longer finding vulnerabilities. It’s how quickly you can prioritise and remediate them.”
His position is that architecture has to carry more of the load. “Our approach moves away from audit-driven security towards architecture-led security, where systems are designed to limit blast radius, enforce least privilege and reduce the impact of inevitable flaws.”
‘Not fully prepared’
On industry readiness, he is direct: “The South African market is not fully prepared for this shift. Most organisations still operate on periodic testing models and fragmented tooling, which will struggle in a world of continuous discovery.” He acknowledges pockets of maturity, particularly in financial services, but said the broader picture is uneven.
“The risk is not a lack of tools. It’s a lack of architectural thinking and operational readiness.”
Read: Paying ransomware attackers is making companies more vulnerable
Phaphani Boya, head of information security and risk at Sanlam, pointed to recent compromises at government entities as evidence the country is already behind. Speaking to TechCentral at a Cape Town customer event hosted by TrendAI last week – TrendAI is the rebranded enterprise arm of Trend Micro – Boya said the breaches were not an anomaly. “As a South African industry, if we were prepared, we wouldn’t have seen that much.”
Boya also raised a problem with response timelines that many organisations have not confronted. Standard industry remediation windows of seven to 90 days were already stretched. AI-powered discovery compresses them further. A seven-day remediation window, Boya said, is now effectively the window in which exploitation happens.
Zaheer Ebrahim, solutions engineer at TrendAI AMEA (Asia-Pacific, Middle East and Africa), said patching is where South Africa’s infrastructure is most exposed. “Whether in the private sector, public sector, wherever you are, patching is a big problem.”
He demonstrated the stakes through a simulation targeting OpenClaw, an open-source AI agent framework known to be vulnerable to adversarial prompts. Ebrahim described a scenario in which an attacker embedded a malicious instruction inside an ordinary e-mail. When an AI agent read the message, it acted on the instruction rather than simply processing the e-mail. “It extracted the passwords and replied to our e-mail and gave us all the passwords,” he said.
The economics of the shift matter, too. Kruger said vulnerability discovery is becoming cheap while remediation becomes the most expensive and time-constrained activity. His prescription is to move security into the development lifecycle rather than treat it as a post-production check.
Boya sees the same technology as an opportunity if applied early enough. Embedding AI into the development pipeline before code reaches production can catch weaknesses before they become liabilities – an AI that can “assess that code before they even compile, before they even put it into the testing environment, which is able to find all the weaknesses and also give the developer an opportunity for what to fix”.
On whether chief information security officers should be alarmed, Kruger resists using the word panic. “Panic is not useful. But urgency is required.”
Read: Anthropic’s Mythos is the cyberthreat every CISO feared
For South African organisations still running delayed patching cycles and periodic audit models, Kruger’s message is clear. “This is not a future problem. It’s an acceleration of what is already happening.” — (c) 2026 NewsCentral Media
Get breaking news from TechCentral on WhatsApp. Sign up here.
