This was the week artificial intelligence stood on both sides of the front line at once. The same type of tool that lowers the cost of work also lowered the cost of attack: one criminal rebuilt botnet infrastructure in six minutes by talking to a model, while another mapped an entire Active Directory without knowing PowerShell. On the other side, AI discovered previously unknown flaws in SAP MDM and made expanded automation contracts six times larger. And in the background, the regulator: on 2 August the AI Act enters its next phase of application.

A botnet built in six minutes - an AI agent on the attacker’s side
Researchers documented a campaign in which a Russian-speaking criminal used the open Google Gemini CLI tool as an offensive agent and botnet operator. Across more than 200 sessions, the model helped deploy and maintain infrastructure controlling eight systems at a dental clinic, and migrating the entire command-and-control infrastructure - architecture, code, server deployment, Cloudflare configuration and initial debugging - took six minutes. At least 59 times, the agent itself proposed operational improvements to the attacker.
The most telling detail is the size of the operation: three text files weighing around 5 KB in total - a prompt that breaks the model’s safeguards, a botnet operations handbook and a migration guide. The barrier to entry for a botnet operator drops to the ability to hold a conversation with a model. Organisations covered by NIS2 and national cybersecurity regulations should factor AI-assisted attacks into their threat model today, not treat them as a scenario from the future.

Active Directory reconnaissance without knowing PowerShell
A second signal from the same current: researchers described an incident in which an attacker used an AI-generated PowerShell script to enumerate Active Directory. The script located the domain controller, mapped users, computers and domains, and exported the result to an HTML file - all without the attacker knowing anything about the mechanics of AD or PowerShell.
The conclusion is uncomfortable but practical: the reconnaissance technique is now supplied by the model, not by the attacker’s experience. One control question worth asking yourself - would your Active Directory monitoring detect enumeration run by a script like this? We cover this in more depth in the context of cybersecurity.

AI discovers unknown flaws in SAP MDM - the same technology on the defender’s side
SecurityBridge, a SNOK partner, announced in late June that, working with Anthropic’s Claude model, it had discovered previously unpublished security flaws in SAP MDM 7.1 - and this week the story resonated strongly across industry media. The flaws remain in coordinated disclosure and do not yet have CVE numbers, but the mechanism itself is a qualitative shift: an AI model can systematically scan SAP code and configurations for vulnerabilities that a purely rule-based approach does not see.
This is exactly the same type of capability as in the first two stories - only on the right side. For organisations running SAP, it means that application-layer security review is moving to a new level. As a SecurityBridge partner, we work at the intersection of that platform and AI - more on our approach in the SAP security section.

40% of companies still on ECC, and support ends in 2027
According to an analysis by the ITwiz portal, more than 40% of organisations have still not started their move off SAP ECC, even though standard support ends in late 2027. After that date, only the more expensive Extended Maintenance path remains. The authors call it a “delayed decision crisis”: companies are not so much planning a transformation as postponing the inevitable, out of concern about cost, complexity and the business risk of the cutover.
The calendar is unforgiving: little more than a year remains, and every quarter of delay narrows the window for a calm S/4HANA conversion. Organisations that start in autumn 2026 have a real chance of making it in comfortable conditions. There is also a second side to this decision: the conversion is the foundation of AI readiness - clean data, data governance and an integration layer are the precondition for moving AI pilots into production.

AI agents enter the SAP consultant’s job
The startup KTern.AI announced a network of specialised AI agents built on AWS Bedrock, designed to automate the stages of SAP transformation that until now required heavy consultant involvement: discovery, assessment, project planning, change impact analysis and testing. Other market players are building similar approaches.
Is this the end of the SAP consultant? In our view, no - it is a change in the consultant’s role. The agent speeds up analytical work, but someone has to validate the result, take responsibility for the decision and sign off on quality. This model - an agent plus an experienced consultant as the guarantor of quality - also has hard regulatory backing: the AI Act explicitly requires human oversight of high-risk systems.

UiPath: first operating profit and AI contracts six times more valuable
In the first quarter of fiscal year 2027, UiPath achieved its first-ever positive GAAP operating profit: 28 million USD, with revenue above market expectations. For automation practitioners, however, the most interesting number is a different one: according to the company’s management, contract expansions that include AI are six times larger than those without it. A fresh example is The Very Group - a three-year contract for agentic pricing automation covering more than 200,000 products in UK retail.
This confirms the direction we see with our customers: value is shifting from simple robotic automation to the agentic layer. That is exactly the layer we implement as a UiPath partner - from classic automation to agentic AI.

AI Act: the next phase of obligations from 2 August
2 August 2026 is the next milestone in the application of the AI Act - the regulation covers, among others, high-risk systems in the areas of employment and credit scoring. The penalty ranges are significant: up to 35 million EUR or 7% of global annual turnover for prohibited practices, and up to 15 million EUR or 3% for breaches of the obligations concerning high-risk systems. For agentic systems, this means three hard requirements in practice: human oversight of high-risk decisions, tamper-evident audit logs and a transparent record of every AI call.
The market is not ready for this: according to research, for every governance hire in Europe there are seven engineers building AI systems. If you are deploying AI in HR, credit or other decisions with a high impact on people, a complete inventory of AI systems and a risk classification is a task for now. We describe the oversight and auditability requirements in more depth in the context of AI security.

Nadella warns: companies are handing their knowledge to model vendors
According to industry reports, Microsoft CEO Satya Nadella warned that companies using AI models are unknowingly handing their proprietary knowledge to vendors - through prompts, corrections and evaluations. He called it the “Reverse Information Paradox”: an organisation pays twice, with money for tokens and with the loss of unique institutional knowledge. His recommendation: control your own learning loops within trusted boundaries and build a middle layer independent of any specific model.
The context is worth remembering - Microsoft is thereby promoting its own architecture, in which data stays within the customer’s environment. But the problem itself is real and applies to every AI deployment: data sovereignty, deliberate management of retention at model vendors and a “data stays under the customer’s control” architecture are now part of deployment design, not an optional extra.

The common thread of the week
This week, AI is simultaneously a weapon, a shield, a value lever and a subject of regulation. The conclusion for boards is a single one: the advantage is not whether you use AI, but how - with what oversight, with what control over data and with what readiness for regulation. The same mechanism that builds an attacker a botnet in six minutes finds SAP vulnerabilities for the defender, and makes contract expansions six times larger for the mature implementer.
Which of these signals affects your organisation most? We would be happy to discuss it. You can also find a condensed, carousel version of this review on the SNOK LinkedIn profile.
Based on publicly available industry sources from the week of 11-17 July 2026.