Editor's Note
Last week something unusual happened in the AI industry that is directly relevant to your security posture as a South African business. Anthropic - the company behind Claude, one of the world's leading AI systems - released its most powerful model to date. Three days later, the US government ordered it shut down.
The reason it was shut down is the reason this issue of the Briefing exists.
AI IS ALREADY LOOKING FOR YOUR WEAKNESSES
What Happened This Week
On Tuesday, Anthropic released Claude Fable 5 - described as its most capable model ever and the first to reach what the company calls "Mythos-class" capability. Three days later, the Trump administration issued an export control directive ordering Anthropic to suspend all access to Fable 5 and its restricted counterpart Mythos 5 for any foreign national. Anthropic disabled both models for all customers worldwide to comply.
The reason was not political. The model was particularly effective at identifying software vulnerabilities. Anthropic had already been privately warning government officials that a model like this in the wrong hands makes large-scale cyberattacks significantly more likely. The US government agreed - and acted.
As a South African business, you cannot currently access either model. But the story raises a question that matters far more than access: if the most capable publicly released AI model ever built was shut down specifically because it was too good at finding security weaknesses, what does that tell you about what attackers are already working with?
The Attacker Has a New Weapon
The thing that made Fable 5 dangerous is the same thing that makes AI valuable across every other industry: it can do at scale and at speed what previously required significant human expertise and time.
AI can now automate reconnaissance, scanning vast attack surfaces to identify vulnerabilities faster than manual methods ever could. It can generate exploits, including malware that adapts to evade detection. It can orchestrate full attack chains - coordinating initial access, lateral movement, and data exfiltration with minimal human input. Zero-days are no longer rare or reserved for nation-state actors. AI is industrialising discovery, making exploitation faster, cheaper, and more accessible.
The practical consequence for South African businesses is significant. Cybercriminals no longer need specialised skills to carry out these attacks, and those who do possess these skills are made even stronger by AI. An attacker who previously needed weeks to identify and exploit a vulnerability in your network can now do it in hours. An attacker who previously needed expertise in social engineering can now generate convincing, targeted phishing content at scale with no effort.
Fifty-five percent of cybersecurity decision-makers now cite AI-enabled threats - autonomous attack tooling and synthetic impersonations - as their top concern for 2026. As threat actors leverage AI to identify vulnerabilities and launch attacks at machine speed, traditional, fragmented security controls are no longer sufficient.
Why Unpatched Vulnerabilities Are Now Urgent
There has always been a gap between when a vulnerability is discovered and when organisations patch it. Historically, that gap was manageable - attackers needed time and skill to find and exploit weaknesses, which gave defenders a reasonable window to respond.
AI models can now autonomously discover weaknesses, chain multiple lower-severity issues into working end-to-end exploits, and produce working proof-of-concept code. This significantly compresses the window between vulnerability discovery and active exploitation.
For South African SMEs, this changes the calculus on patching and vulnerability management significantly. A vulnerability that might have gone undetected for months is now something an AI-powered scanner can find and flag to an attacker in minutes. The assumption that your systems are too small or too obscure to attract attention has never been less reliable. Africa is experiencing over 3,000 cyberattacks per week, and South Africa is consistently among the most targeted countries on the continent.
What the Defender Can Do
The same AI capability that is accelerating attacks is also accelerating defence - but only for organisations that have the right foundation in place. AI-powered threat detection, autonomous endpoint response, and continuous vulnerability scanning are now the baseline standard for organisations that want to stay ahead of AI-powered attackers.
The critical point is this: without prioritisation and context, large volumes of vulnerability findings can overwhelm teams. This is exactly why a risk-based approach to vulnerability management matters now more than it ever has. Not every finding requires immediate action. What requires immediate action is the small subset of vulnerabilities that are exploitable from the outside, that sit on systems holding sensitive data, and that have not been patched. Finding that subset - and fixing it before an AI-powered attacker finds it first - is the practical security task for every South African business in 2026.
The Bottom Line
The US government shut down an AI model this week because it was too effective at finding vulnerabilities. That capability does not disappear because one model was taken offline. The economics of cyber offence are being rewritten. AI is making exploitation faster, cheaper, and more accessible. The question for your business is not whether attackers have access to these tools. They do. The question is whether your vulnerabilities are visible to you before they are visible to someone else.


