By: Boland Lithebe - Security Lead for Accenture, Africa

Artificial intelligence has become one of the most transformative forces shaping business today. From banks rolling out AI-driven fraud detection, to retailers using algorithms for personalised recommendations, and hospitals adopting diagnostic tools, AI is now woven into the fabric of South Africa’s economy. But with these gains come new risks. The same systems that promise efficiency and innovation also open doors to cyber threats, model manipulation, and data breaches. For South African businesses, securing AI is not only about safeguarding operations, but also about protecting customer trust, meeting regulatory requirements, and ensuring competitiveness in an increasingly digital economy. Four actions stand out as critical for organisations looking to build confidence in AI while mitigating its risks.

The first action is to develop and deploy a fit-for-purpose security governance framework and operating model that accounts for the realities of an AI-disrupted world. Too often, AI adoption in South Africa is happening faster than the frameworks designed to govern it. While regulations such as the Protection of Personal Information Act (POPIA) set guardrails around data usage, they were not built with generative AI and large-scale machine learning in mind. 

A modern governance model must bridge this gap, establishing clear accountability across boards, executives, and technology leaders. For instance, if an AI credit-scoring model unintentionally discriminates or is manipulated, who is responsible—the CIO, the data science team, or the board? Defining these lines of accountability ensures risks are not overlooked. Governance should also align AI security with business objectives, recognising that secure, trustworthy AI is not only a compliance issue but also a competitive differentiator. In South Africa’s highly regulated industries like financial services and healthcare, organisations that can demonstrate strong AI governance will build trust faster with customers, regulators, and investors alike.

The second action is to design a digital core that is generative AI secure from the onset by embedding protection into AI development, deployment, and operational processes. Many South African companies are eager to experiment with generative AI tools to drive efficiency, whether for customer service chatbots, content generation, or supply chain optimisation. But adopting these technologies without embedding security upfront is risky. Consider a retailer using a generative AI model to interact with customers online—if that model is not secured, it can be manipulated through prompt injection attacks, leading to reputational damage or even fraudulent transactions. 

By embedding security into development and deployment from the beginning, businesses can avoid costly retrofits. Secure coding practices, adversarial testing, data validation, and strong identity access controls must be treated as standard. South African organisations building digital cores should also focus on interoperability, ensuring that AI systems integrate securely with legacy infrastructure. This approach not only reduces vulnerabilities but also allows businesses to innovate with confidence, knowing that their AI is designed for resilience rather than patched as an afterthought.

The third action is to maintain resilient AI systems with secure foundations that proactively address emerging threats. AI environments are dynamic, and so too are the risks. A model trained today can be vulnerable tomorrow as attackers find new ways to exploit it. South Africa has already seen an uptick in cyberattacks targeting critical infrastructure and the financial sector. Adding AI into the mix multiplies the threat landscape. To counter this, businesses must enhance detection capabilities, enable robust model testing, and improve response mechanisms. 

Continuous monitoring is key—systems must be able to detect anomalies in both inputs and outputs, such as attempts to feed poisoned data into training sets or unusual behaviour in live models. Beyond monitoring, response mechanisms must be agile. A static security approach will not keep pace with evolving AI threats. Instead, South African businesses need to invest in AI-specific incident response playbooks, red-teaming exercises, and resilience testing to ensure they can recover quickly when incidents occur. Building resilience also means planning for systemic risk: if one AI system fails or is compromised, there should be contingency measures in place to keep core business functions running.

The fourth action is to reinvent cybersecurity with generative AI by leveraging it to automate security processes, strengthen defences, and detect threats sooner. This is where AI becomes both the problem and the solution. While generative AI introduces risks, it also offers powerful tools to combat them. In South Africa, where cybersecurity skills are in short supply, generative AI can help close the gap by automating routine security tasks such as log analysis, anomaly detection, and threat hunting. This frees up skilled professionals to focus on higher-value activities like strategy and response. 

Generative AI can also improve threat intelligence, parsing vast amounts of data from across industries to identify emerging risks before they impact businesses. For example, local banks could use AI-driven monitoring systems to identify fraudulent patterns across multiple payment networks in real time, while telecoms could deploy AI to detect anomalies in traffic that might indicate a breach. By adopting generative AI defensively, South African businesses can build cyber resilience while easing the burden on overstretched teams.

Taken together, these four actions provide a roadmap for South African organisations navigating the complex intersection of AI and cybersecurity. Governance frameworks ensure accountability and alignment with local regulatory realities. Secure digital cores embed resilience from the ground up, avoiding costly fixes down the line. Resilient AI systems keep pace with evolving threats through continuous monitoring and agile responses. And generative AI, used wisely, strengthens defences in a market facing both growing cyber threats and a shortage of skilled security professionals.

For South African business leaders, the urgency is clear. AI adoption will only accelerate, with the potential to transform industries from mining to healthcare. But without robust security, the risks could undermine both trust and progress. By acting now, organisations can position themselves not just as adopters of AI, but as leaders in secure, responsible, and innovative AI deployment. In doing so, they protect not only their own operations but also contribute to a safer and more competitive digital economy for the country.