IT Brief UK - Technology news for CIOs & IT decision-makers
United Kingdom
Cybersecurity ops center explainable ai data analyst monitors
#
Hybrid Cloud
#
Cloud Security
#
SOCs

SAP teams with Uptycs on 'Glass Box' AI security analyst

Fri, 6th Mar 2026
Author image
By Mark Tarre, News Chief

SAP has partnered with cybersecurity firm Uptycs on an AI analyst product the companies describe as a "virtual employee" for security operations teams.

Uptycs says its AI analyst platform, Juno, works alongside human analysts in a hybrid model. It is positioned as an augmentation for security operations centre workloads, with a focus on threat hunting and attack path analysis.

The agreement links a large enterprise software supplier with a smaller security vendor as many organisations weigh how far to extend AI into security decision-making. Security teams face growing alert volumes, tighter budgets and pressure to report cyber risk in business terms.

Scale and reach

SAP has more than 110,000 employees across more than 150 countries and reported over €34 billion in annual revenue for FY2024. The company sells cloud services, AI, ERP and enterprise applications used by hundreds of thousands of customers, and has been shifting further towards a cloud-first subscription model.

Uptycs markets itself as a cloud-native threat hunting business with coverage across cloud-native and on-premise environments. It says Juno was originally built to hunt threats across those settings, and that the SAP collaboration has expanded it into a broader advisory role in some early adopter organisations.

Roland Costea, CISO and Executive Vice President, Enterprise Cloud Services at SAP, framed the partnership as part of a move towards security tooling that supports decisions beyond detection.

"Security in today's cloud‐centric world demands tools that not only detect threats, but elevate strategic decision‐making," Costea said. "Our partnership with Uptycs reflects a shared commitment to verifiable, intelligent cybersecurity solutions that empower teams to stay ahead of risk while transforming how enterprise security operates."

Verifiable outputs

Uptycs is pitching Juno on verifiability, saying it generates reports with citations linked back to an organisation's own telemetry. These outputs are designed for review and audit by human teams.

Juno uses what Uptycs calls a "Glass Box" architecture, which it says enables teams to test and use agent-based AI systems with stronger controls than typical black-box models.

Uptycs also says Juno relies on a "unified ontology" covering 150,000 telemetry columns-a structured map of terms and relationships across security data. It says the structure improves accuracy when the tool answers analyst questions.

Another element is the use of external references. Uptycs says Juno verifies guidance against sources such as CVE databases, aiming to reduce incorrect outputs from AI systems, often referred to as hallucinations.

Agentic AI debate

The partnership comes amid wider debate about "agentic" AI systems that can act with a degree of autonomy. Uptycs pointed to an "OpenClaw moment" as an inflection point in discussions about adoption and security risk, saying the incident highlighted the danger of autonomous agents bypassing traditional controls.

Uptycs is positioning Juno as a way for security leaders to ask direct questions and receive answers that can be checked against evidence. It also says teams in the automotive and financial sectors have used it for forensic investigations that previously required senior architects.

Ganesh Pai, CEO and founder of Uptycs, said security buyers have become wary of AI features that are difficult to validate.

"The industry is tired of 'Security Slop' and AI that guesses," Pai said. "This partnership demonstrates how we can safely combine human and AI capabilities, moving from reactive security to strategic transformation."

Product framing

Uptycs describes its broader platform as a unified CNAPP with integrated XDR. It says the system combines cloud configuration data with runtime telemetry from cloud, containers and endpoints, using a single data-lake approach that normalises telemetry for analysis.

Operationally, the partnership is framed around speed and workload. Uptycs says Juno can produce strategic risk reports in minutes rather than weeks, with workflows that link evidence back to private telemetry.

For SAP customers, the partnership signals continued interest in applying AI to security operations where oversight and traceability are key concerns. Adoption will depend on how the AI analyst fits with existing tooling, incident processes and compliance requirements, and how security teams test the quality of its evidence trails at scale.

Both companies say the collaboration is aimed at hybrid teams where AI agents and human analysts work side by side, with the "Glass Box" concept positioned as a control point for organisations experimenting with agent-based security workflows.

Related stories
Sysdig report says cloud security shifts to machine speed
UK launches GBP £500m sovereign AI fund amid doubts
Accounting software faces AI rivals in bookkeeping shift
Supporting service providers with their global ambitions
How does AI improve the speed of threat hunting?

Top stories

British Business Bank backs Episode 1 Fund IV with GBP £35M
Securitas names Alan Rae UK North & BAE Systems chief
BlackLine launches AI financial ops model for CFOs
RobCo unveils Alfie robot for variable factory work
Only 6% of UK firms would use AI time for advisory