Skip to content

When AI starts to attack - agentic ransomware, a cascade of SAP CVEs and a turn towards sovereignty

The week the first fully agentic ransomware appeared, SAP froze costs to fund an AI push, and the market started saying the same thing: an AI agent is a new attack surface, and the answer is control - over the model, the data and the governance layer.

This was the week artificial intelligence stopped being purely a tool of defence and became a tool of attack as well. Below are the most important signals from the SAP, cybersecurity and automation market, and what they actually mean for boards and IT departments.

Abstract visualisation of AI threats and a governance layer - SNOK Aurora style

The first fully agentic ransomware

A case has come to light in which a language model independently carried out an entire attack chain - from exploiting a vulnerability, through harvesting credentials and lateral movement across the network, to encrypting data and demanding a ransom. The encryption key was ephemeral, which means the data cannot be recovered even after payment. This is a qualitative shift in the threat model: an autonomous agent can now assemble stages that until recently required a team of operators.

The conclusion for organisations is simple. Securing the agent layer - what a model is allowed to do, what it has access to and under what supervision it operates - is no longer an academic subject.

A cascade of SAP vulnerabilities and an actively exploited SharePoint

Over the past week, a series of significant vulnerabilities in SAP NetWeaver came to light, covering, among others, directory traversal, memory corruption and a SAML authentication bypass, as well as privilege escalation flaws in packaging tools. In parallel, a critical RCE vulnerability in SharePoint Server (on-premises versions) was actively exploited and placed on the US CISA Known Exploited Vulnerabilities catalogue.

For organisations running SAP this means one thing: patch-management discipline and a review of application-layer security are now an operational obligation, not a project for “some day”. We cover this in more depth in the context of SAP security and SecurityBridge.

SAP freezes costs to fund an AI push

According to industry reports, SAP has introduced a hiring freeze and travel cost cuts, redirecting the funds towards developing its Business AI layer, the Joule assistant and the BTP platform. This is a directional signal: pressure to migrate to S/4HANA and the cloud will grow, and the agentic layer in SAP (Joule for Consultants, orchestration of agents in finance and supply chain) will begin to automate work previously carried out by implementation partners.

For customers this is an argument to view migration not as an end in itself, but as the foundation of AI readiness - with clean data, data governance and an integration layer as the precondition for moving pilots into production.

AI agents move into the mainstream

Market analysts forecast that by the end of 2026 a significant proportion of enterprise applications will include AI agents - a sharp increase on the previous year. Among the orchestration platforms cited are UiPath Maestro and competing solutions. The main challenges remain data sovereignty, security, private cloud and dependence on a single vendor.

This is the same lesson as with the ransomware, only from the implementation side: autonomy without a governance layer is a risk, not an advantage. That is why in agentic projects we apply an AI security review and human-in-the-loop oversight - which we describe in the context of AI Security and the AI Trust Layer.

A turn towards sovereignty: control over model and data

One theme ran through the week: a shift from “cloud-first” to “sovereignty-first”. Organisations regulated by NIS2, DORA and the AI Act are increasingly seeking control over where their data resides and which model processes it. Market discussion featured criticism of the unpredictable costs of “per-token” billing, alongside growing interest in the BYO LLM model (your own, chosen model) and on-premises deployments.

For the Polish market this is a tangible topic: cybersecurity remains the fastest-growing area of advisory, and digital sovereignty is becoming part of the public sector’s procurement strategy.

The common thread of the week

An AI agent is a new attack surface - in SAP, in automation, everywhere autonomy meets access to data. The answer is not to abandon AI, but to exercise control: over the model, over the data and over the governance layer. This is good news for organisations that implement thoughtfully - because the advantage today depends on the quality and security of the implementation, not merely on having AI at all.

Which of these signals affects your organisation most? We would be happy to discuss it.


Based on publicly available industry sources from the week of 26 June - 2 July 2026. Figures, vulnerability identifiers and specific cases should be confirmed against primary sources.

Tematy: SAP Cybersecurity AI Agentic AI UiPath AISecurity
Found this useful? Please pass it on:

Get in touch