Recent Activity
Building Resilient Enterprises: SAP’s Security Gains from Microsoft Defender for Cloud
t's 3 PM on a Friday, and your development team just discovered a critical production issue affecting thousands of customers. A major client demo is scheduled for Monday morning, and your lead develop...
“Don’t Lie to Me” - Containing AI Agent Threats with Plan-then-Execute
Throughout this blog series, we have repeatedly mentioned to consider your AI agents as threat actors, in addition to human adversaries. During our discussions, we kept returning to the point that Lar...
Navigating SAP Security and Cloud Compliance Topics
SAP offers customers several options to find resources and information on security and cloud compliance topics within our solution suite. This blog will walk you through some of the options, including...
Plan-then-Execute – An Architectural Pattern for Responsible Agentic AI
In the recently published paper Architecting Resilient LLM Agents: A Guide to Secure Plan-then-Execute Implementations, Ron and co-authors describe the Plan-then-Execute (P-t-E) pattern for agentic AI...
Limiting Agent Autonomy – Least Privilege and Tool Access for Agentic AI Systems
In the previous blog in this series, we covered the non-deterministic nature of agentic AI systems and the repudiation threats involved with that. To help reduce the attack surface and provide greater...
“That’s Not What We Agreed!” – Repudiation and Agentic AI Threat Modeling
What makes Large Language Models (LLMs) both powerful and unpredictable is that they are non-deterministic in nature. Ask an LLM the same question twice and you get a different response. When agents, ...
Securing Agentic AI Through Threat Modeling at SAP
Agentic AI is no longer a concept of the future—it’s here, embedded into enterprise workflows. But as AI agents begin to act with autonomy and initiative, traditional security playbooks fall short. Th...
Striking a Balance: Navigating the Open-Source Tightrope in a World of Evolving Threats - Part 3
With 'Part 3 - The Strategic Imperative of Transitioning to Inner Source Development' of the series 'Striking a Balance,' I am examining the compelling advantages of adopting an inner source developme...
Striking a Balance: Navigating the Open-Source Tightrope in a World of Evolving Threats - Part 2
With 'Part 2 - Navigating the Complex Landscape of OSS Licensing and Geopolitical Influences' of the series 'Striking a Balance,' I am exploring the labyrinth of open-source software (OSS) licensing a...
Defending Against AI Security Risks by Turning LLMs on LLMs
As a provider of both Business AI solutions and the AI Core platform that provides access to third parties and open source Large Language Models (LLMs), SAP is committed to Responsible AI. Part of tha...
The Broad Spectrum of Supply Chain Security
There is increasing understanding that supply chain security is important to the resilience of business operations. However, since it covers many different aspects, we often misunderstand each other. ...
Beyond Prioritization: Combating Alert Fatigue Through Policy Enforcement at The Edge
Cybersecurity teams, developers and system operators increasingly struggle with alert fatigue. As new technologies, regulations and security tooling are rolled out, this comes with an increasing volum...
Striking a Balance: Navigating the Open-Source Tightrope in a World of Evolving Threats - Part 1
With 'Part 1 - Understanding the Multifaceted Risks of Open-Source Reliance' of the series 'Striking a Balance,' I am unveiling the lesser-discussed side of open-source software (OSS). While OSS is ce...
Moving ERP to the Cloud is More Than Running On Someone Else’s Computer
People say that “cloud is just someone else’s computer”. That obscures significant differences between data centers and enterprise IT on one side, and cloud services on the other. Security professiona...
Managing Threats and Security Incidents for SAP Systems
Many cyber threats target core IT infrastructure, rather than specialized applications like ERP systems. However, there is a rising threat of malware specifically targeting SAP solutions – rather than...
- vietng : Striking a Balance: Navigating the Open-Source Tig...
- alex_horan2 : Managing Threats and Security Incidents for SAP Sy...
-
Clara_Villalobo-Galindo : We did it... SAP confirmed it is NIST CSF Tier 3 -
koen_claesen93
:
Protecting SAP RISE Customer Data - Building on AW...
- SIL02_SAAQ : GRC Process Control: How CCM can be leveraged to m...
-
i353gfiata
:
Risk-based Exception Management in Security Policy...
-
JayThvV
:
“What Will SAP Basis Administrators Do Once We Mov...
-
LauraClark
:
Agile, Secure, and Compliant Business Operations T...
-
Jana_Cyber
:
SAP Welcomes the Release of NSA-CISA Top 10 Cloud ...
-
Nidhi_Balooja
:
Cyber Resilience and Cloud Transformation: Resolvi...