SAP
Coverage of SAP in the Nexus archive.
- Former Infosys chief has a new startup that wants to challenge the IT services world
Vishal Sikka’s new startup, backed by Mayfield and Aramco Ventures, aims to challenge the IT services industry. The venture includes professionals from SAP, Infosys, and VianAI.
- ERP users may soon get ahead by going headless, says Rimini Street boss
Rimini Street CEO Seth Ravin advocates for 'headless ERP' as a solution for enterprises to bypass traditional ERP upgrade cycles by using open-source databases like PostgreSQL and MongoDB. Salesforce's Headless 360 and SAP's policy shift on AI agents highlight growing interest in decoupling ERP systems from monolithic vendors. A survey by Rimini Street found 70% of executives doubt traditional ERP's future, favoring modular, API-driven, or AI-driven alternatives.
- Salesforce reels in customer support AI specialist Fin for $3.6B
Salesforce has agreed to acquire AI customer support company Fin for $3.6 billion to enhance its Agentforce business. The acquisition aims to expand Salesforce's AI agent capabilities, with Fin's technology handling 76% of support requests without human intervention. The deal is expected to close in Q4 2027 and follows Salesforce's recent strategic moves, including layoffs and other acquisitions.
- SAP fixes critical flaws in NetWeaver and Commerce Cloud
SAP has released fixes for 15 vulnerabilities in its June 2026 Security Patch package, including four critical flaws affecting SAP NetWeaver and SAP Commerce Cloud.
- 4 in 10 AI agents headed for demotion or the rubbish bin
Gartner reports 40% of organizations will demote or decommission AI agents due to governance challenges. The tech giant SAP promotes AI agents for business automation, but experts warn that flawed governance models—treating AI agents as either fully trusted or overly restricted—lead to operational risks and compliance failures. Legal and commercial uncertainties further complicate accountability for AI agent actions.
- SAP customers warned AI agents could put costs on autopilot
SAP customers are warned about potential spiraling costs due to the company's new commercial model for AI agents, which charges based on the value of actions completed by the agents. Gartner has raised concerns that the costs could quickly increase if SAP defines an 'action' too broadly. The company is introducing Autonomous Domain Blueprints to help estimate costs.
- SAP's AI strategy: Come for the openness, stay because you have to
SAP has announced a new vision for GenAI integration across its enterprise apps and analytics portfolio, introducing Joule Studio 2.0 with features to create and manage AI agents. The company is also partnering with Anthropic to bring the Claud model into its SAP Business AI Platform. However, critics argue that SAP's API policy may control access to capabilities inside the platform.
- Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. A critical flaw impacting Ivanti Xtraction could be exploited to achieve information disclosure or client-side attacks. The vulnerabilities affect multiple products from these companies.
- OpenAI caught in TanStack npm supply chain chaos after employee devices compromised
OpenAI was caught up in the TanStack npm supply chain compromise after employee devices were compromised, forcing the company to rotate signing certificates for several desktop products. The incident is part of a wider campaign targeting npm ecosystems and developer infrastructure. No customer data or production systems were compromised.
- SAP U-turn brings AI features to ECC and on-prem S/4HANA
SAP has reversed its decision to not introduce AI features to its legacy and on-prem ERP systems, including ECC and S/4HANA. The company will make AI agents available to customers on-prem, as long as they have signed up for a cloud journey. General availability is planned for May 2026.
- SAP fixes critical vulnerabilities in Commerce Cloud and S/4HANA
SAP released May 2026 security updates addressing 15 vulnerabilities across multiple products, including critical flaws in Commerce Cloud and S/4HANA. The updates fix two critical vulnerabilities in these platforms. This move aims to secure SAP's enterprise-grade e-commerce platform and ERP suite.
- SAP bets $1.16B on 18-month-old German AI lab and says yes to NemoClaw
SAP plans to acquire German AI startup Prior Labs and invest heavily in it, while also restricting customers' use of certain agents like Nvidia's NemoClaw. The investment amount is $1.16 billion. This move indicates SAP's commitment to AI research and development.
- SAP dives deeper into Iceberg with Dremio acquisition
SAP has acquired Dremio to extend its data analytics and AI capabilities into external data sources. This move allows SAP to deepen its integration with Iceberg. Previously, SAP relied on Databricks for integration.
- SAP dives deeper into Iceberg with Dremio acquisition
SAP acquired Dremio to expand its data analytics and AI capabilities, aiming to eliminate data fragmentation and improve integration. The acquisition complements SAP's Business Data Cloud and SAP HANA Cloud platforms. Dremio's technology is based on Apache Iceberg, an open table format.
- The never-ending supply chain attacks worm into SAP npm packages, other dev tools
A new wave of supply chain attacks has targeted SAP and Intercom npm packages, as well as the lightning PyPI package, spreading credential-stealing malware named Mini Shai-Hulud. The attacks highlight ongoing vulnerabilities in developer tools and package repositories.
- TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack
Several npm packages for SAP's cloud application development ecosystem have been compromised by TeamPCP's 'Mini Shai-Hulud' supply chain attack, expanding the group's cyberattack activities.
- SAP user group slams 'uncertainty' in ERP giant's API policy
An influential SAP user group has criticized the vendor's updated API policy for lacking clarity, warning it could hinder customer innovation and adoption of technologies like AI on SAP platforms. The policy changes have raised concerns about uncertainty and potential barriers to new projects.
- Official SAP npm packages compromised to steal credentials
Multiple official SAP npm packages were compromised in a TeamPCP supply-chain attack, aiming to steal developer credentials and authentication tokens. The breach highlights vulnerabilities in software supply chains and developer security practices.
- SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware
Cybersecurity researchers have identified a supply chain attack campaign targeting SAP-related npm packages with the 'Mini Shai-Hulud' credential-stealing malware. Multiple security firms, including Aikido Security, SafeDep, Socket, StepSecurity, and Wiz, reported the compromise affecting SAP's JavaScript and cloud application packages.
- AI clause in new SAP API policy has partners worried over lock-in
SAP has introduced a new API policy prohibiting the use of its APIs to integrate with AI systems outside its approved architectures, causing concern among partners about potential vendor lock-in and the exclusion of third-party AI tools from customer data.
- April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
April's Patch Tuesday addresses critical vulnerabilities in products from Adobe, Fortinet, Microsoft, and SAP. A high-severity SQL injection flaw (CVE-2026-27681) in SAP's Business Planning and Consolidation and Business Warehouse systems could allow arbitrary database execution.
- Britain's biggest nuclear site skips competition, hands SAP £33M to start ERP switch
Sellafield, the UK's largest nuclear site, has awarded a £33 million contract to SAP without competition to replace its legacy ERP system. The decision aims to address outdated ECC infrastructure before mainstream SAP support ends in 2027.