SAP Cybersecurity in the AI Era: The ERP Blindspot No Organisation Can Afford in 2026

The Most Critical Blindspot in Enterprise IT

SAP systems are the operational core of the world's most significant enterprises — they manage financial transactions, payroll data, supply chain execution, procurement spending, and production records. They are, by any objective measure, among the highest-value targets in any organisation's IT estate.

Yet SAPinsider's 2026 benchmark delivers a deeply concerning finding: only 17% of SAP technology leaders cite cybersecurity as a top 2026 priority. The gap between the sensitivity of SAP data and the attention given to protecting it has never been wider — and threat actors are actively exploiting that gap.

April 2026 Patch Day: A CVSS 9.9 in Production Systems

SAP's April 2026 Security Patch Day is a concrete illustration of the risk. Among the 20 security notes released was CVE-2026-27681 — a CVSS score of 9.9 critical SQL injection vulnerability in SAP Business Planning and Consolidation (BPC) and SAP Business Warehouse (BW). A CVSS 9.9 means: unauthenticated remote exploitation, arbitrary code execution, full system compromise.

BPC and BW are not fringe SAP components. They are core financial planning and analytics infrastructure at thousands of enterprises globally. The vulnerability, if unpatched, allows an attacker with network access to execute arbitrary code on the application server — with no authentication required.

How many organisations patched within the first two weeks? Based on historical SAP patching behaviour, a significant minority. The rest remain exposed.

AI Is a Double-Edged Sword for SAP Security

The rise of AI in enterprise operations creates both new risks and, eventually, new defences for SAP security. On the risk side, the threat landscape has fundamentally changed:

• AI-powered reconnaissance: Threat actors are using AI to scan SAP landscapes for misconfigurations — open RFC connections, default credentials, unpatched interfaces — at speeds and scales impossible with manual methods.
• Automated exploit generation: Large language models fine-tuned on vulnerability databases can now generate proof-of-concept exploit code for newly disclosed CVEs within hours of patch release — dramatically compressing the window between disclosure and exploitation.
• AI-assisted social engineering: SAP administrative credentials are the highest-value target in an ERP attack. AI-generated phishing campaigns, personalised to SAP Basis administrators using LinkedIn and HR data scraping, are now indistinguishable from legitimate communications.
• Lateral movement through BTP: As organisations expand their SAP BTP footprint and deploy AI agents with broad data access, every new integration endpoint becomes a potential lateral movement path. A compromised BTP integration service can traverse to S/4HANA production data that the attacker could not reach directly.

SAP AI Core: The New Attack Surface

SAP AI Core vulnerabilities — first publicly disclosed in 2024 and continuing through 2026 patch cycles — have demonstrated a critical architectural risk: AI capabilities built on BTP without security-first design expose the entire ERP ecosystem.

The vulnerabilities disclosed in AI Core allowed attackers to access other customers' AI training data, credentials, and model configurations — a cross-tenant isolation failure in a shared cloud service. The lesson is not that SAP AI Core is uniquely dangerous, but that the principle applies broadly: every AI service connected to SAP carries access rights into the SAP landscape, and those rights must be explicitly governed.

In 2026, as Joule AI agents acquire access to financial, HR, procurement, and supply chain data — the access governance question becomes existential. Which agents have access to what data? Under what conditions can they act? Who can audit their actions? These are not academic questions; they are active attack vectors if left unaddressed.

The Clean Core Security Dividend

There is an under-marketed security benefit to SAP's Clean Core strategy: fewer customisations mean a smaller, more auditable attack surface. Every custom ABAP programme, custom RFC interface, and custom API endpoint is a potential vulnerability — code that was written without the same security review rigour as SAP standard deliveries, and code that may not have received security patches since it was written.

Organisations that are remediating custom code as part of their S/4HANA migration should treat the clean-core process as a security improvement, not just an architectural one. Retiring unused custom code, moving extensions to BTP with proper API governance, and eliminating custom RFC connections reduce the attack surface in ways that are measurable and defensible to a security auditor.

SAP and Uptycs: AI-Powered Security Response

Recognising the AI-era threat landscape, SAP and Uptycs launched a Hybrid AI Security Model in 2026 that combines SAP's identity and access management with Uptycs' behavioural threat detection for real-time anomaly response. The integration monitors SAP user behaviour patterns — login times, transaction volumes, data extraction patterns, RFC call sequences — and surfaces anomalies that deviate from established baselines.

This represents the maturation of SAP security from a compliance-driven, patch-and-access-control model to a detection-and-response model more aligned with modern security operations. For organisations running SAP on hyperscaler infrastructure, the Uptycs integration is a significant step towards a genuinely modern SAP security posture.

The Five Non-Negotiables for SAP Security in 2026

1. Patch within 72 hours of CVSS 9.0+: High-criticality SAP patches must be treated with the same urgency as production incidents. Build the patching process and approval workflow before the next critical CVE drops.
2. Govern AI agent access explicitly: Every Joule AI agent deployed must have an explicitly defined access scope, with least-privilege principles applied. Generic "admin" access for AI agents is a critical vulnerability.
3. Audit your RFC and API landscape: Run an inventory of every RFC destination, API endpoint, and integration interface in your SAP landscape. Retire anything unused. Restrict everything active to the minimum required access.
4. Implement User Access Review cycles: SAP role assignments accumulate over time. Quarterly access certification campaigns — where managers review and reconfirm their team's SAP authorisations — are now a baseline security practice, not an optional audit exercise.
5. Deploy SAP Enterprise Threat Detection (ETD): SAP ETD provides SIEM-level monitoring specifically designed for SAP audit logs. Without it, the forensic trail needed to detect and investigate breaches in SAP systems is effectively invisible to your SOC.

SAVIC's SAP Security Practice

SAVIC's Basis and Security practice provides SAP security assessments, authorisation design, ETD implementation, and custom code security reviews. We work with organisations across financial services, pharma, and manufacturing to build SAP security programmes that match the sophistication of their threat environment. If your SAP security posture hasn't been formally assessed in the past 12 months, contact SAVIC to schedule a security health check before the next critical patch day arrives.