South African organisations are already failing to patch conventional systems on time. The AI agents now being deployed across enterprise environments are about to make that gap significantly harder to close.
That’s the warning from Zaheer Ebrahim, solutions architect at TrendAI AMEA (Asia, Middle East and Africa), who said patching is the most consistent failure he encounters when working with local clients across the private and public sectors.
“Our patching is a big, big problem. Whether in the private sector, public sector, wherever you are, patching is a big problem,” Ebrahim told TechCentral at a recent TrendAI event in Cape Town. “You bring up that word in any organisation, it’s a swear word.”
The resistance is not laziness, he said. Organisations fear that applying a patch and rebooting a system will break something else, and that caution leaves known vulnerabilities open for weeks or months at a time.
His concern is what happens when AI agents are added to the mix.
“If our organisations can’t get patching done correctly at a speedy rate, how fast are they going to be able to patch an agentic AI agent that lives in the organisation?” Ebrahim said.
AI agents are software programs that read e-mails, take actions and access data on behalf of users with minimal human oversight. Enterprises are deploying them faster than security teams can track them. A March 2026 TrendAI study found that 67% of organisations feel pressured to approve AI tools despite security concerns.
When the agent reads the e-mail
The patching risk is not theoretical. The Auditor-General of South Africa’s consolidated report on national and provincial audit outcomes for 2024/2025 found that 45 of 70 assessed government entities had notable weaknesses in their cybersecurity posture, with the absence of vulnerability management tools among the most common failings.
Ebrahim said TrendAI had run a simulation using the open-source autonomous AI agent platform called OpenClaw that demonstrated how AI agents can be manipulated through hidden instructions embedded in e-mails. In the scenario, an AI agent processed an inbound message and followed instructions concealed within it without the user noticing.
Read more: Paying ransomware attackers is making companies more vulnerable
“That is the level of where we are,” Ebrahim said. The attack required no malware and no user interaction, with the agent executing the hidden instruction in the e-mail itself.
Most large South African enterprises do not have a chief AI officer. Ebrahim said that when an AI agent causes a breach, responsibility defaults to the CIO or the chief information security officer – neither of whom necessarily has full visibility over every agent running in the environment.
“Between a CIO and a CISO, somebody needs to take accountability,” he said.
That accountability gap is not unique to South Africa. CrowdStrike’s 2025 Global Threat Report flagged that adversaries are increasingly targeting identity infrastructure and software supply chains precisely because enterprises have poor visibility into what is running in their environments. Palo Alto Networks Unit 42’s 2026 Global Incident Response Report shows attack speeds accelerating sharply, with the fastest incidents moving from initial access to data exfiltration in roughly 72 minutes.
Read: AI is rewriting the threat playbook
Ebrahim’s prescription is unfussy: fix the basics first.
“We need to get the basics done properly to be able to make sure that those AI agents are patched as quickly as possible,” he said. – © 2026 NewsCentral Media
Get breaking news from TechCentral on WhatsApp. Sign up here.