south african Organizations are already failing to fix legacy systems in a timely manner. AI agents now being deployed in enterprise environments will make that gap much more difficult to bridge.
This is the warning from zaheer ibrahimSolution Architect at TrendAI AMEA (Asia, Middle East and Africa), who said that patching is the most frequent failure they face when working with local customers in the private and public sectors.
“We have a big, big problem with patching. Whether in the private sector, in the public sector, wherever you are, patching is a big problem,” Ibrahim told TechCentral at a recent TrendAI event in Cape Town. “You bring this word into any organization, it's a slur.”
Resistance, he said, is not laziness. Organizations fear that applying patches and rebooting the system will break something else, and this caution leaves known vulnerabilities open for weeks or months at a time.
Their concern is what happens when AI agents are added to the mix.
“If our organizations can't do patching correctly at an accelerated pace, how fast will they be able to patch an AI agent that lives in the organization?” Ibrahim said.
AI agents are software programs that read e-mail, take actions, and access data on behalf of users with minimal human oversight. Enterprises are deploying them faster than security teams can track them. A March 2026 TrendAI study found that 67% of organizations feel pressure to approve AI tools despite security concerns.
When the agent reads the email
The patching risk is not theoretical. The Auditor General of South Africa's consolidated report on national and provincial audit outcomes for 2024/2025 found that 45 of 70 assessed government entities had significant weaknesses in their cybersecurity posture, with the most common failings including the absence of vulnerability management tools.
Ibrahim said TrendAI had run a simulation using the open-source Autonomous AI Agent Platform open paw It demonstrated how AI agents could be manipulated through hidden instructions embedded in e-mails. In the scenario, an AI agent processed an inbound message and followed the instructions hidden in it without the user noticing.
Read more: Paying ransomware attackers is making companies more vulnerable
“That's the level we're at,” Ibrahim said. The attack required no malware and no user interaction, with the agent simply executing instructions hidden in the e-mail itself.
Most large South African enterprises have no chief AI officer. Ibrahim said that when an AI agent causes a breach, responsibility falls to the CIO or chief information security officer — neither of whom have full visibility over every agent running in the environment.
“Between the CIO and CISO, someone needs to take accountability,” he said.
This accountability gap is not unique to South Africa. CrowdStrike's 2025 Global Threat Report It has been shown that adversaries are increasingly targeting identity infrastructure and software supply chains, as enterprises have less visibility into what is going on in their environments. The 2026 Global Incident Response Report from Palo Alto Networks Unit 42 shows that the pace of attacks is increasing rapidly, with the fastest incidents occurring from initial access to data exfiltration in approximately 72 minutes.
Reading: AI is rewriting the danger handbook
Ibrahim's prescription is simple: Get the basics right first.
“We need to get the basics right to be able to make sure that those AI agents get fine-tuned as quickly as possible,” he said. – © 2026 NewsCentral Media
Get breaking news from TechCentral on WhatsApp. Sign up here.