You probably don’t think about data security all that much. Fair enough. But thanks to AI, it’s about to become everyone’s problem.
Earlier this month, US-based AI company Anthropic claimed it had built a model so powerful… it couldn’t release it. The model, called Mythos, forms part of its broader AI system Claude – think along the lines of ChatGPT or Google Gemini.
So what’s the issue? During testing, Anthropic found Mythos was extremely good at hacking. Like, better-than-humans good. It could dig up long-forgotten bugs buried in decades-old code and exploit them with ease. The company says it’s already identified thousands of serious vulnerabilities across major systems.
You can see why that makes people nervous – especially finance ministers. Imagine that level of skill pointed at, say, global banking systems.
Instead of releasing Mythos publicly, Anthropic launched a controlled roll-out called Project Glasswing, granting limited access to big players like Amazon, Microsoft, Nvidia, and Apple. Even then, things got messy: reports suggest unauthorised users accessed the model almost immediately. This week, Bloomberg reported that users in a private forum managed to access the model without the usual permissions, prompting Anthropic to issue a statement saying it was investigating the unauthorised access. Not ideal for something you’re trying to keep contained.
But how much of this is hype and how much is cause for real concern?
As the BBC notes, it is in Anthropic’s interests to suggest its tool has never-seen-before capabilities, meaning – as ever with AI – the job of distinguishing between justified claims and hype can be tricky. Ciaran Martin, former head of the UK’s National Cyber Security Centre, told the broadcaster: “For some this is an apocalyptic event; for others it seems to be a lot of hype.”
South Africa, though, should probably be paying attention.
We’re already a prime target. South Africa is the most targeted country in Africa for cybercrime, according to a 2025 report by cybersecurity company Eset. Recent events back that up. In March, Statistics SA was hit by ransomware, with hackers claiming they stole 154GB of sensitive data and demanding a ransom of R1.7 million. The same group also targeted the Gauteng government, allegedly grabbing 3.8TB of data. Before that, South African Airways and Cell C were both hit in 2025.
The bigger problem? Most attacks are still embarrassingly basic. Phishing emails, weak passwords, good old human error. Meanwhile, there’s a shortage of cybersecurity skills, and enforcement of laws like Popia isn’t exactly watertight.
Now add AI tools that can automate and scale hacking.
There’s no sign Mythos itself is going public any time soon. But it points to where things are heading. For a country already struggling to keep up, that future is arriving a bit too fast.
