Amid an ever-changing cyber threat landscape, security leaders face a new challenge: no longer can they defend only what they see – they must defend against what they cannot see, in an environment growing at machine speed.
This is the view of Noko Terrence Tuwe, regional director for Africa at Cyberrey, who is scheduled to present at the ITWeb Security Summit JHB 2026. He will explain how companies must deal with attackers who exploit digital exposure to orchestrate live breaches.
This is the new kill chain, says Tuwe.
Speaking to ITWeb ahead of the summit, Tuwe outlined Cyberrey’s view that every new device, application, API endpoint or cloud workload represents a potential entry point for threat actors. Shadow IT has always complicated this picture, but AI has supercharged the problem in ways not anticipated even two or three years ago.
ITWeb Security Summit 2026
Cyber security professionals can join hundreds of industry peers at ITWeb Security Summit Cape Town 2026 and ITWeb Security Summit 2026 in Johannesburg, where expert speakers will explore how organisations can stay resilient in the face of AI-driven attacks and an increasingly complex threat landscape.
“Employees are independently adopting AI-powered productivity tools, browser extensions and automation platforms at a pace that far outstrips any formal security review process. Sensitive business data is being fed into third-party AI models without organisational awareness or consent. Each interaction is a potential exposure event. Collectively, they represent an attack surface that is no longer growing linearly – it is growing exponentially,” Tuwe said.
This acceleration is one of the most pressing risk trends the company observes across its client base.
“Organisations are deploying technology faster than they are securing it. AI has multiplied that gap significantly. The speed at which new tools are being adopted, often without any security review whatsoever, is creating blind spots at a scale we have not seen before. Hybrid work compounds the problem further. When employees use home networks and personal devices to interact with AI tools and services, the exposure extends well beyond anything a traditional perimeter security model was designed to address,” said Tuwe.
Third-party and supply chain risk
High-profile breaches repeatedly show that attackers often avoid primary targets, instead compromising trusted suppliers or vendors with privileged access, according to Cyberrey.
AI is reshaping this risk. The rise of AI-assisted development – sometimes called vibe coding – means organisations increasingly rely on software built with minimal human oversight, the company added.
“Developers – and even non-developers – use AI tools to rapidly generate applications, often without fully understanding the code or rigorously testing it for security. This creates serious supply chain concerns. Vendors delivering software largely generated by AI may unknowingly include subtle vulnerabilities, insecure dependencies or logic flaws missed by both humans and machines. When integrated into client environments, these weaknesses persist,” said Tuwe.
This emerging risk is under-appreciated, and traditional vendor assessments were not designed to detect it. A vendor may perform well on security questionnaires while still deploying unreviewed AI-generated code. Fourth-party risk – vulnerabilities from vendors’ own vendors – adds further complexity.
Many organisations lack mature third-party risk management programmes, and point-in-time assessments are inadequate when vendor risk can shift rapidly with AI adoption.
Cyberrey asserts that while not every threat can be anticipated, the goal is to build a security architecture strong enough to stop most adversaries in their tracks, and resilient enough to detect, respond and recover rapidly when it matters most.
To this end, the company advocates several best practices, including:
- Continuous attack surface management
- Zero-trust architecture
- AI-aware third-party risk management
- Scrutiny of AI-generated software
- Incident response readiness
Cyberrey’s position is clear: security must evolve from a compliance exercise into a continuous, adaptive discipline – one that keeps pace with AI adoption, not just traditional IT change.
Share
