African organisations are facing the same AI-accelerated cyber threats as global peers, but often with fewer resources and tighter regulatory pressure, according to Palo Alto Networks.
Speaking on Thursday at the company’s Ignite On Tour Johannesburg event, executives said the speed of attacks has collapsed from days to minutes, driven by generative and agentic AI.
Ignite On Tour Johannesburg forms part of Palo Alto Networks’ global Ignite series, focused on translating cyber security vision into execution through zero trust, modern security operations centres (SOC) and automation across hybrid cloud and multicloud estates.
Opening the event, Justin Lee, regional leader for southern Africa at Palo Alto Networks, said organisations are now operating in an environment where seconds determine whether an incident escalates into a crisis.
“We’re all connected to the same internet. We’re all navigating the same AI challenges,” he told delegates, drawing parallels between cyber defence and Formula 1 racing, where milliseconds determine outcomes.
However, the central message at the event was not expansion, it was speed.
Executives said generative AI has dramatically reduced the time it takes for attackers to build ransomware, develop exploit code and automate campaigns. Identity compromise remains the primary entry point, with most breaches stemming from valid credentials rather than technical intrusion.
During a media roundtable ahead of the main event, Lee said: “Most attackers are not hacking in. They are logging in.” He warned that the rise of AI agents and machine identities is expanding the attack surface. As organisations deploy autonomous systems to improve productivity and customer experience, they are also increasing identity-related risk.
The company positioned identity security and privileged access management as central to defending AI-enabled environments, signalling deeper integration of identity controls into its broader platform strategy.
Automation was another dominant theme. Palo Alto Networks promoted what it described as an “autonomous SOC” model, using AI to reduce mean time to detect and respond from hours or days to minutes. The focus is on consolidating network, cloud, endpoint and identity security into a single platform to reduce tool sprawl and operational complexity.
The push towards consolidation is particularly relevant in Africa, where organisations face budget constraints and data sovereignty requirements. Most presenters agreed that customers are increasingly seeking to replace multiple security vendors with integrated platforms to reduce cost and improve visibility.
Helmut Reisinger, CEO for EMEA at Palo Alto Networks, said cyber attacks are escalating from initial compromise to critical impact in as little as 72 minutes, down from nine days, as threat actors weaponise AI and automation.
Reisinger said the shrinking window between breach and operational impact is being driven by attackers using machine learning and AI to increase speed and sophistication.
He also pointed to large-scale nation-state data exfiltration campaigns. He referenced a recently published report describing how 37 countries and more than 75 institutions and ministries were exposed to large-scale data theft.
He warned that motivations are no longer purely financial, citing attacks on energy infrastructure aimed at disruption rather than ransom.
Looking ahead, Reisinger flagged quantum computing as a structural risk, with adversaries already adopting a “harvest now, decrypt later” approach, stealing encrypted data today in anticipation of future decryption capabilities.
Reisinger argued that traditional reactive security models are no longer sufficient, calling for real-time, highly automated, AI-driven defence platforms capable of correlating telemetry across networks, endpoints and cloud environments.
“Cyber is a data challenge. The more data you have and the better you organise it with AI, the better you are able to automatically detect and respond,” he said.
Jordi Botifoll, VP for EMEA South at Palo Alto Networks, said Africa is experiencing a sharp rise in cyber attacks, particularly against critical infrastructure and public institutions.
He argued that cyber security must be integrated into AI deployments from the design stage, particularly in sectors operating critical infrastructure.
He warned that AI is being used by both defenders and attackers, including attempts to manipulate large language models through prompt injection and the creation of fake autonomous agents.
Botifoll said organisations are under pressure to deploy AI to improve operational efficiency, productivity and customer experience. At the same time, attackers are using AI to scale and automate threats.
“Everybody needs to improve operational efficiency and productivity. But AI must be secured from the beginning,” Botifoll said.
Share