Episode Details
Back to Episodes
Priviso Live Episode 86: The Regulator shows her teeth
Description
Two themes. Both urgent. Both directly relevant to anyone working in information security or privacy in South Africa.
π€ Theme 1: Agentic AI and the Identity Crisis Nobody Planned For
AI is no longer just answering your questions. It is booking meetings, executing code, sending emails, and making API calls, autonomously, around the clock, with credentials your IAM tools were never designed to govern.
These are called Non-Human Identities (NHIs), and the numbers should make you sit up:
π 78% of organisations have no formal policies for creating or removing AI agent identities.
π 92% are not confident their existing IAM tools can manage the associated risks.
π 88% of organisations running AI agents have already experienced a confirmed or suspected security incident.
π Only 6% of security budgets are currently dedicated to AI agent security.
We also unpack Anthropic's Claude Mythos, Project Glasswing, and what Cisco's recent acquisition of Astrix Security signals about where the market is heading.
πΏπ¦ Theme 2: The South African Information Regulator Means Business
The era of POPIA being treated as a suggestion is well and truly over.
β οΈ The Department of Justice: R5 million fine.
β οΈ The Department of Basic Education: R5 million fine.
β οΈ WhatsApp: enforcement notice, following a three-year investigation.
Proposed amendments for 2026/2027 may also remove the grace period that currently gives organisations time to remediate non-compliance before sanctions are applied. The new POPIA Health Information Regulations, binding since 6 March 2026, add a further layer of obligation for eight categories of organisations. If your company processes health data in any form, the clock is already running.
π‘ Governance frameworks, updated IAM policies, and POPIA compliance reviews are not optional. Not next quarter. Now.
π§ Available on Apple, Spotify, iHeartRadio, Samsung, and YouTube.