NOMINATION HIGHLIGHTS

When a critical SAP zero-day vulnerability (CVE-2025-31324) was actively exploited in the wild, organizations around the world faced a defining moment. ERP systems like SAP power revenue, supply chains, and financial reporting. A breach at this layer is not just an IT issue, it is a business crisis and at that moment, Onapsis led the way.

Onapsis Research Labs worked in conjunction with SAP to identify, analyze, and help remediate the vulnerability, accelerating guidance and response for customers globally. As threat actors rapidly targeted unpatched systems, Onapsis delivered immediate detection capabilities, actionable intelligence, and prioritized remediation support.

This support included two open source scanning tools to support the broader SAP community’s response to this unprecedented zero-day. Onapsis and Mandiant developed and released an open source tool to identify Indicators of Compromise (IoCs) on potentially-affected SAP systems. Onapsis Research Labs (ORL) then created a second open source scanner focusing on helping SAP customers with exposure and compromise assessments.

More than 70 media outlets cited Onapsis research, amplifying awareness and driving urgent action across industries. This innovation and decisive leadership earned Onapsis recognition from Inc. Magazine as a Best in Business award winner for Innovation, Enduring Impact, and the Northeast Region.

However, what differentiates Onapsis is not simply discovery, it is execution. Cyber threat intelligence from Onapsis Research Labs is operationalized directly into the Onapsis Platform, enabling customers to assess exposure, detect exploitation attempts in real time, and accelerate remediation from a single solution. Onapsis Assess identifies vulnerable systems and misconfigurations across complex SAP landscapes. Onapsis Defend provides real-time monitoring to detect malicious activity and unauthorized changes inside SAP applications. Onapsis Control embeds security directly into SAP development and S/4HANA transformation workflows, reducing risk long before go-live.

When minutes and hours matter most, Onapsis customers already have the power of reduced vulnerability remediation timelines upwards of 75%, cutting SAP Security Note analysis cycles by 88%, and reducing control testing time by 99%. When attackers were actively exploiting SAP systems, Onapsis helped organizations move from uncertainty to control in days, not months. This is just one reason why customer satisfaction exceeds 95%, with an average retention of more than six years.

In a year defined by real-world ERP exploitation, Onapsis did more than respond. We set the standard for how ERP cybersecurity should be done.