Built For and By SAP Defenders: Where Research & Experience Defines the Category

March 12, 2026

There are defining moments that test whether a company’s positioning reflects real substance. For us, one of those moments came when a major SAP zero-day vulnerability, CVE-2025-31324, was actively exploited in the wild.

When something like that surfaces, the market moves fast, headlines spread, opinions multiply. What truly matters, though, is experience and depth.

The Foundation of True SAP Security Depth

What does it take to have that depth in SAP security? A team and technology that delivers when the stakes are high

Our Onapsis Research Labs team brings together more than 85 years of combined SAP security expertise. Over the years, they have discovered and responsibly disclosed more than 1,000 zero-day vulnerabilities affecting SAP and ERP environments.

That kind of foundation changes how you respond in a crisis.

It means you understand how SAP systems are architected operationally, not just conceptually.
It means that you’ve been in the trenches, helping SAP customers investigate and recover from attacks.
It means you’ve worked hand-in-hand with SAP through coordinated disclosures and incidents
It means you know the difference between noise and true systemic risk.
And it means you never misjudge a major risk when customers’ businesses are on the line.

Action Over Marketing in a Crisis

When SAP CVE-2025-31324 emerged, marketing didn’t matter. What mattered was:

Who worked directly with SAP to properly scope and mitigate the threat
Who partnered with European and US government agencies to minimize impact to critical infrastructure
Who developed and released open-source capabilities to help protect all SAP customers, and not just ours
Who helped customers respond decisively and reduce exposure immediately through unique threat intelligence and actionable guidance

That level of response is not created in a day or even a year. It’s built over decades of hands-on defender experience, research, credibility, and partnership.

Authenticity Cannot Be Reverse-Engineered

There’s something interesting that happens when you invest this deeply and show up authentically with a differentiated brand. Your research begins to shape the market. Your point of view challenges assumptions. And eventually, you start to see echoes of it elsewhere.

But in cybersecurity, especially in SAP and ERP security, lived experience cannot be replicated. Technical depth cannot be reverse engineered. And credibility built through more than 1,000 zero-day vulnerabilities mitigated thanks to deep security research and real-world ERP incident response cannot simply be mirrored.

Built for and by Defenders is More Than a Tagline. It’s an Origin Story.

This statement reflects the genesis of our company. The need for a solution that protected these applications that were (and continue to be) so vital for organizations. It highlights:

Nearly 20 years of original vulnerability research
Responsible, coordinated disclosures with SAP
Impactful partnerships with cybersecurity industry leaders
Defenders who stand shoulder to shoulder with customers during critical incidents
A commitment to integrity in how we communicate risk

Category Leadership Backed by Substance

I’ve also learned that recognition tends to follow substance. In 2025, our team was honored with an Inc. Best in Business award for Innovation and Enduring Impact because of the measurable impact during moments like our zero-day response efforts alongside SAP.

Awards are meaningful, and I’m proud of what our team accomplished. But what matters far more is this: when customers call during a crisis, they know they are speaking to people who have lived through, and helped solve, the exact problem they are facing.

In this space, authenticity compounds. Committing and investing in a quality solution that actually helps customers, that compounds too.

Category leadership is not about who shouts the loudest. It’s about who invests in original research, builds technical authority, and consistently shows up when it matters most.

Our Ongoing Promise

We will continue investing in our Onapsis Research Labs.
We will continue discovering zero-day vulnerabilities, closing the gaps to the bad guys.
We will continue partnering with other industry leaders and sharing threat intelligence..
And we will continue responding when customers need us most.Built for and by SAP Defenders is not a campaign. It is a commitment backed by decades of experience,research depth and a pace of innovation and execution that keeps pushing us to do better for our customers- every. single. day.

TagsThreat Research

About the Author

Mariano Nunez

CEO & Co-founder

As CEO and Co-Founder of Onapsis, Mariano drives the strategic direction of the company. Under his leadership, Onapsis has become one of the fastest-growing technology and cybersecurity companies in the world. With 20+ years of experience in the cybersecurity industry, both as an executive and as a cyber security expert, Mariano was the first to publicly present on cybersecurity risks affecting ERP platforms and how to mitigate them at major conferences such as RSA, Black Hat and SANS. Mariano’s contributions to the cybersecurity community include developing the first open-source SAP and ERP Penetration Testing frameworks, and uncovering critical zero-day vulnerabilities in SAP, Oracle, IBM, and Microsoft applications. Mariano’s insights are regularly featured in major media outlets such as CNN, Reuters, Wall Street Journal, Nasdaq, Fortune and The New York Times.

More about this author

Back To Blog

Safeguarding Tomorrow: Empowering SAP Customers with Advanced Cyber Risk Management

Securing Your Future: Preparing for a Successful SAP RISE Transformation

Executive Threat Overview: Reported SAP Cyber Attack Severely Impacts Business Operations, Compromises Data at Global Manufacturer

Critical SAP Zero-Day Vulnerability Under Active Exploitation (CVE-2025-31324)

10 Reasons Why More Companies Choose Onapsis