BREAKING  Onapsis marks 15 years securing SAP & Oracle systems Research Labs disclosed SAP zero-day CVE-2025-31324, added to CISA KEV catalog Only Premium Certified SAP Endorsed App for security & compliance $115M+ raised across four rounds • ~380 employees Trusted by Colgate, Dow, Roche, Levi’s & more 2026: expanded go-to-market leadership for partner-led growth
Onapsis logo
ONAPSIS — the connected-node mark in company orange, photographed against navy. The interlocking squares nod to the interfaces that make ERP both powerful and exposed. — Boston, Massachusetts
Company Profile • Cybersecurity

Onapsis

The Boston company guarding the software layer nobody watched - the SAP and Oracle systems that quietly run payroll, supply chains and financials for the world’s largest enterprises.

Founded 2009 SAP & ERP Security Boston, USA B2B SaaS
Share LinkedIn X Facebook Instagram
The Story

Guarding the systems everyone depends on and nobody audits

In 2009, a small group of ethical hackers noticed something odd. The software that ran the Fortune 500 - the enterprise resource planning systems handling money, inventory, employees and manufacturing - was among the least examined by corporate security teams. Firewalls, endpoints and email got attention. The SAP box quietly running the whole business did not. That gap became Onapsis.

Onapsis protects business-critical applications: the ERP, CRM, PLM, HCM, SCM and BI systems from SAP, Oracle and leading SaaS providers. These are the platforms where a company’s crown jewels actually live. A single misconfigured interface or unpatched vulnerability inside them can expose an entire financial backbone or halt a factory floor. Onapsis gives security and SAP teams one place to find those weaknesses, watch for attacks in real time, and prove compliance.

The company is headquartered at 101 Federal Street in Boston, employs roughly 380 people, and is led by co-founder and CEO Mariano Nunez, who was among the first researchers to publicly present ERP cybersecurity risks at conferences including RSA, Black Hat and SANS. What began as a niche concern has, over fifteen years, become a recognized category - and in 2025, a front-page one.

By the Numbers

A specialist, not a generalist

2009
Founded
$115M+
Total Raised
~380
Employees
15 yrs
SAP Security Focus

Onapsis is the only SAP security and compliance platform certified as a Premium Certified SAP Endorsed App - a distinction that reflects how narrow and how deep its focus runs.

Products & Services

Assess. Defend. Control.

The Onapsis Platform is organized around three jobs, wrapped in threat intelligence from its own research lab.

01 / ASSESS

Onapsis Assess

Continuously scans the entire SAP landscape for vulnerabilities, misconfigurations, dangerous interfaces and risky user authorizations - then prioritizes what to fix first.

02 / DEFEND

Onapsis Defend

A real-time early-warning system that monitors SAP for unauthorized changes, zero-day exploitation and malicious activity, so teams can detect and respond as attacks happen.

03 / CONTROL

Onapsis Control

Secure development and code security testing for custom SAP (ABAP) code, embedding application security directly into DevSecOps pipelines.

Research

Onapsis Research Labs

A dedicated threat-research team that discovers SAP and Oracle zero-day vulnerabilities, publishes intelligence, and coordinates disclosure directly with SAP and CISA - the engine that keeps the platform current.

Services

Advisory & Incident Response

Security assessments, penetration testing and incident response for SAP - including a joint incident-response offering with SAP for RISE with SAP customers.

The Difference

Why the research lab matters

Plenty of vendors sell scanners. Fewer run a research operation whose only job is to find what attackers will use next. In 2025, that distinction stopped being academic. A wave of SAP zero-days swept through manufacturing and other industries, and Onapsis Research Labs was in the middle of it.

The lab surfaced CVE-2025-31324, a critical flaw that let unauthenticated attackers upload arbitrary files and take full control of SAP systems. Threat actors used it to plant persistent webshells across hundreds of systems worldwide. CISA added it to its Known Exploited Vulnerabilities catalog in April 2025, and Onapsis released an open-source scanner so anyone could check exposure. When the lab reconstructed the attacks, its findings led SAP to issue Security Note 3604119, fixing the root cause.

“Our team discovers zero-day vulnerabilities, works directly with SAP and CISA, and fuels the platform with real-time threat intelligence so you’re protected before attacks happen.”

— ONAPSIS, ON THE ROLE OF RESEARCH LABS

Funding History

Four rounds, one focus

$9.5M
A ·’14
$17M
B ·’15
$31M
C ·’18
$55M
D ·’20

Disclosed rounds. Investors include .406 Ventures, Evolution Equity Partners, LLR Partners and NightDragon. Total raised: $115M+.

Who Uses It

Where Onapsis fits in the market

Onapsis sells to large enterprises and highly regulated organizations - the kind whose operations stop, or whose ledgers leak, when core applications fail. That spans manufacturing, financial services, healthcare, energy and utilities, retail and government. Publicly referenced customers include Colgate, Dow, Roche, Levi’s, Hudbay, IPG, OGE and Spartan Controls.

The business model is B2B SaaS: recurring platform subscriptions covering an organization’s SAP and business-application estate, complemented by professional services and an increasingly partner-led go-to-market with SAP, Deloitte and other integrators. It sits at the application layer - a slice of the security market distinct from network, endpoint or identity tooling, and one where alternatives include SAP’s own GRC tools, SecurityBridge, Layer Seven Security and Pathlock.

ColgateDowRocheLevi’sHudbayIPGOGE EnergySpartan Controls
Sector

Manufacturing

Sector

Financial Services

Sector

Healthcare

Sector

Energy & Utilities

Leadership

From ethical hackers to category creators

CEO & Co-Founder

Mariano Nunez

20+ years in cybersecurity; among the first to publicly present ERP security risks at RSA, Black Hat and SANS. Emails from mnunez@onapsis.com.

Co-Founder & CTO

Juan Perez-Etchegoyen

Leads Onapsis Research Labs’ work on SAP and Oracle threat research and coordinated vulnerability disclosure.

Co-Founder

Victor Montero

Part of the founding team that turned SAP’s security blind spot into a venture-backed company.

Timeline

Fifteen years, one lane

2009

Onapsis founded

Mariano Nunez, Victor Montero and Juan Perez-Etchegoyen launch Onapsis to secure SAP and other business-critical applications.

2014

Series A

Raises about $9.5M led by .406 Ventures to scale the ERP security platform.

2015

Series B & Onapsis Defend

Raises roughly $17M and expands into real-time SAP threat monitoring.

2018

Series C led by LLR Partners

Secures $31M to accelerate ERP cybersecurity growth.

2020

Series D led by NightDragon

Raises $55M and deepens threat intelligence and incident-response capabilities.

2024

15 years of SAP security leadership

Marks the anniversary with major platform innovation and an expanded SAP partnership.

2025

Front line of the SAP zero-day wave

Discloses CVE-2025-31324, ships an open-source scanner, and delivers deep new platform capabilities.

2026

Partner-led global expansion

Expands go-to-market leadership to accelerate alliances and international growth.

Latest Updates

On the wire

Jan 2026

Go-to-market leadership expands

Three executive appointments across partners, North America sales and international GTM to drive partner-led growth.

Nov 2025

Q4 platform updates

Broadened SAP DevSecOps coverage with deeper visibility and automated defenses across SAP landscapes.

Sep 2025

Deepest posture insights yet

Launched SAP Notes Command Center, Rapid Controls for Dangerous Exploits, and Alert on Anything for SAP BTP.

Apr–May 2025

CVE-2025-31324 response

Disclosed the actively exploited SAP zero-day, released an open-source scanner, and helped SAP fix the root cause.

Watch & Learn

Interviews & demos

FAQ

Questions people ask

What does Onapsis do?

Onapsis secures business-critical applications - the SAP, Oracle and SaaS ERP systems that run large enterprises - with a platform for vulnerability management, threat detection, compliance automation and secure development, backed by its own threat-research lab.

Who founded Onapsis and when?

It was founded in 2009 by Mariano Nunez (CEO), Victor Montero and Juan Perez-Etchegoyen (CTO), a team with a background in ethical hacking and ERP security research.

What are Onapsis’s main products?

The Onapsis Platform is organized around Assess (vulnerability management), Defend (threat detection and response) and Control (secure custom-code development), supported by Onapsis Research Labs and professional services.

How much funding has Onapsis raised?

More than $115M across four rounds, most recently a $55M Series D in October 2020 led by NightDragon, with earlier backing from .406 Ventures, Evolution Equity and LLR Partners.

What makes Onapsis different?

It focuses specifically on the application layer of ERP systems, pairs product with a dedicated SAP/Oracle threat-research lab that finds zero-days, and is the only platform certified as a Premium Certified SAP Endorsed App.

Connect

Find Onapsis online