Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Onapsis: How AI Is Transforming SAP Cybersecurity Threats

Onapsis
07/05/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


or maybe a year or so where we've seen an incredible evolution of what threat actors are actually doing with AI. I mean, I remember threat actors first starting to use AI for social engineering, creating better emails, creating them in local language, and then maybe moving to audio, video-based content to ultimately be more convincing on the social engineering side. That was where things started, but it's not where things stayed, obviously. Very quickly, threat actors realized the power of AI goes well beyond that. And obviously, we'll talk more about how powerful AI can be in discovering vulnerabilities and exploits, but even before I get to that, attackers are using AI in many, many different capabilities. At the highest level, I would say it helps them for speed, scale, and sophistication. Those are the three main drivers and values that attackers are getting out of AI. They're, for example, capable of building better attacker tools with higher speed and less knowledge that they require. We've seen them build polymorphic malware, meaning malware that can dynamically change its capabilities. Now, think about what that does to anything signature-based in terms of detection. It just completely renders any signature-based detection completely obsolete. This is malware without any human intervention can add and remove functionality through the use of AI. Extremely impressive. We saw that for the first time with our threat intelligence team, GTIC found that in the underground, and now we've also seen it actually already being used by threat actors in live attacks, right? Extremely difficult to identify that. And then, of course, threat actors are also automating different phases of the attack life cycle. One phase that, for example, oftentimes gave the defenders an advantage was the time that it took threat actors to identify the crown jewels that they were looking for. In the case of industrial espionage, finding whatever information that you're supposed to find is not a trivial task for threat actors. They're usually not subject matter experts in that specific field. They land somewhere in an enterprise. They don't know where they are. They need to find where the crown jewels are. They need to move laterally. They need to take documents and information out of the environment. Sometimes it's the right, sometimes it's the wrong information. And you see, it takes time and it creates. AI can do all that for you. AI can run a perfect discovery across a very large environment, look at thousands and thousands of documents to identify the right ones with much higher sophistication and much higher accuracy than a human without any special training could do. That is, for example, a critical phase that threat actors are automating in the attack lifecycle. Meaning again, the gaining speed, the gaining scale because fewer people are required to launch an attack. And so this usage and the sophistication is increasing and evolving really, really rapidly here. And we're seeing threat actors using the capabilities of AI more and more as this ultimately allows them to reduce the barrier for entry. It allows them to scale their attacks far faster. It allows them to run more attacks in parallel. And of course, as I was saying, it allows them to identify also vulnerabilities in new entry points. We already see exploitation of vulnerabilities like the enterprise application vulnerabilities we were talking about as the number one threat factor. Now, when you see how powerful AI is at discovering vulnerabilities in systems and applications, but also now at building exploits, this is gonna be another force multiplier for the threat actors in terms of being capable of finding new vulnerabilities and also then finding and building exploits for those threat actors. It really reduces the barrier of entry for the threat actors. And I think that is something that we as defenders need to realize. We need to use AI for the exact same reasons, speed, scale, and sophistication. And the positive is we're seeing enterprises adopting AI exactly for that.

TL;DR

  • AI has evolved threat actor capabilities far beyond social engineering, now accelerating every phase of the attack lifecycle including reconnaissance, lateral movement, and exploit development.
  • Polymorphic malware — AI-generated code that dynamically changes its own functionality — makes signature-based detection tools effectively obsolete without any human attacker involvement.
  • AI dramatically reduces the time and expertise required to locate 'crown jewels' in large enterprise environments, eliminating a phase that previously gave defenders a meaningful time advantage.
  • Defenders must adopt AI with the same urgency as attackers, leveraging it for speed, scale, and sophistication to maintain any meaningful security posture against modern threats.

Summary

In this short but dense briefing, an Onapsis security expert traces the rapid evolution of AI-powered threats targeting enterprise environments, with particular emphasis on SAP and other critical business applications. The speaker outlines how threat actors have progressed from using AI for basic social engineering — crafting more convincing phishing emails in local languages and generating synthetic audio and video — to deploying it across the full attack lifecycle. Three core advantages AI delivers to attackers are identified: speed, scale, and sophistication. Polymorphic malware — code that dynamically adds and removes functionality without human intervention — is highlighted as a concrete and already-observed example, one that renders traditional signature-based detection effectively obsolete. The speaker also explains how AI accelerates the 'crown jewel discovery' phase of an intrusion, enabling attackers to scan thousands of documents across large enterprise environments with far greater accuracy than an untrained human operative. This reduces both the time and the specialized knowledge required to execute a successful attack. The briefing closes with a call to action for defenders: organizations must adopt AI for the same reasons attackers do — speed, scale, and sophistication — and the speaker notes that enterprise adoption of defensive AI is already underway.

Chapters

0:00 - AI Threat Evolution Overview
0:48 - Speed, Scale, and Sophistication
1:07 - Polymorphic Malware in the Wild
1:46 - Automating Crown Jewel Discovery
3:06 - AI as a Defender's Imperative

Key Quotes

0:51 "At the highest level, I would say it helps them for speed, scale, and sophistication. Those are the three main drivers and values that attackers are getting out of AI."
1:13 "Think about what that does to anything signature-based in terms of detection. It just completely renders any signature-based detection completely obsolete."
2:32 "AI can run a perfect discovery across a very large environment, look at thousands and thousands of documents to identify the right ones with much higher sophistication and much higher accuracy than a human without any special training could do."
4:06 "It really reduces the barrier of entry for the threat actors. And I think that is something that we as defenders need to realize. We need to use AI for the exact same reasons, speed, scale, and sophistication."

FAQ

How is AI changing the threat actor attack lifecycle specifically?

AI is automating multiple phases that previously required significant time and expertise. This includes reconnaissance and crown jewel discovery (scanning large environments to identify high-value data), malware development (building polymorphic malware that evades signature detection), and exploit creation (identifying and weaponizing vulnerabilities in enterprise applications like SAP). The net effect is that fewer attackers are needed to launch more sophisticated attacks in less time.

What should defenders do in response to AI-powered threats?

The speaker argues defenders must adopt AI for the same core reasons attackers do: speed, scale, and sophistication. This means using AI to accelerate vulnerability discovery, threat detection, and response — rather than relying on legacy signature-based tools that polymorphic malware can already evade. The good news, according to the speaker, is that enterprise adoption of defensive AI is already increasing.


Categories:
  • » Cybersecurity » Application Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Threat Intelligence
  • AI & Machine Learning
  • Application Security
  • Security Operations
  • Thought Leadership
  • Executive Briefing
  • AI-powered cyberattacks
  • SAP security
  • Polymorphic malware
  • Attack lifecycle automation
  • Vulnerability discovery
  • Threat intelligence
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Onapsis: How AI Is Transforming SAP Cybersecurity Threats

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Level Security Team for Unmatched Defense Success
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-level-security-team-for-unmatched-defense-success/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Innovations in Data Privacy and Digital Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-innovations-in-data-privacy-and-digital-protection/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting a Championship-Level Security Team for Unmatched Defense Success

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        21

                        HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

                        07/21/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version