“DarkSword” iOS Exploit Can Steal Data from iPhones

Posted in Commentary with tags on March 18, 2026 by itnerd

Researchers have uncovered a new iOS devices exploit kit dubbed “DarkSword” used to steal data from potentially millions of iPhones running iOS 18.4 through 18.6.2. The attack is linked to the Russian hacking group UNC6353 which recently used the Coruna exploit chain reported by Google and iVerify

Brian Bell, CEO of customer identity and access management platform FusionAuth, provided the following comments:

“When a device can be silently compromised when visiting a website, perimeter-based and device-based security collapse. That’s not a future risk, it’s the current reality for anyone with a mobile user base.

The right response isn’t to wait for your users to patch. It’s to build authentication that assumes the device is already compromised. Short-lived tokens, step-up authentication before sensitive actions, forced re-authentication when signals change. Design for the breach, not against it.

And here’s the piece that most teams miss: most authentication platforms are SaaS; your token policies, session controls, and audit logs live in someone else’s cloud, under someone else’s access controls. But when authentication runs inside your own infrastructure, isolated from external dependencies, a compromised device doesn’t cascade into a compromised system. Identity is your last defense, so make sure you own it.”

If you are worried about this new exploit, the fix is simple. Which is to update to iOS 26 as that apparently is not affected. The most recent version of iOS 18 which at the time of this article is 18.7.3 is also not affected. But I would just go straight to iOS 26 as it is likely to protect you from more than this single exploit.

Leave a comment »

SOCRadar Launches Redesigned VAR Program And Appoints Cybersecurity Partnership Leader Brian Costello as VP of Global Partnership

Posted in Commentary on March 18, 2026 by itnerd

SOCRadar today launched a new  “partner first” VAR program that will help its partners gain a greater competitive edge and increased profitability leveraging the company’s innovative AI-driven Threat Intelligence enriched with External Attack Surface Management, Digital Risk Protection, Marketing Resources, supported by a dedicated channel partner team.​ The program introduces expanded incentives, enhanced sales enablement, and deeper technical engagement designed to help high-performing partners accelerate pipeline and deliver greater value to customers.

Concurrent with the launch of its new VAR program, SOCRadar has appointed Brian Costello as VP of Global Partnerships. Throughout his career, Brian has built successful channel partner programs and led high-performing security and cloud teams, delivering innovative technology solutions that exceed targets and drive consistent year-over-year business growth in both Fortune 15 and emerging tech company spaces.

Aggressive Discounts, Stronger Partner Margins, Financial Incentives and More

The new VAR program will enable partners to benefit from more aggressive discounts and performance-based rewards, creating stronger margins and clear financial incentives for driving new opportunities. The program also introduces enhanced deal protection, incumbency advantages, and robust deal registration, ensuring partners are recognized and rewarded for the opportunities they develop.

To help partners engage customers more effectively, SOCRadar is also providing sales-focused enablement content, including concise use cases, problem statements, qualifying questions, and buyer personas. These resources enable partners to quickly identify opportunities and initiate meaningful security conversations without requiring an immediate deep technical dive.

The new VAR program includes:

  • Expanded and more aggressive discounts and rewards for high-performance partners accompanied by deeper sales and technical support.
  • Stronger margins – Discounts, incumbency and deal registration protection
  • Sales focused content – Easy to consume use cases, problem statements, qualifying questions and buyer personas to accelerate opportunity discovery without having to do a deep technical dive
  • Technical support – Scoping support, POV access and integrations mapping to understand how to fit into a customer’s environment
  • Event support – Funding and coordination to drive opportunities with prospects and customers in the field and build a close collaboration between the SOCRadar team and its partners.

SOCRadar is also expanding technical collaboration and support, offering partners scoping assistance, proof-of-value (POV) access, and integration mapping to demonstrate how the platform fits seamlessly within a customer’s security environment. In addition, the company is investing in joint field engagement, providing event funding and coordinated support to help partners generate demand, build pipeline, and strengthen relationships with prospects and customers. This initiative reinforces SOCRadar’s commitment to building close, high-impact partnerships that drive shared success in the market.

Leave a comment »

Oleria Ends the Era of Legacy IGA with the Launch of Adaptive Identity Governance

Posted in Commentary with tags on March 18, 2026 by itnerd

Oleria today announced Adaptive Identity Governance, a fundamentally new approach to identity governance built on its data-first, AI-native platform. Deployable in under an hour and fueled by rich identity intelligence, Adaptive Identity Governance finally gives organizations clear insight into who has access to what and whether that access is justified.

At the core of Adaptive Identity Governance is Oleria’s Trustfusion platform, which continuously aggregates identity, entitlement, and activity data across cloud, SaaS, on-premises, and custom applications. This unified identity intelligence layer enables adaptive governance and empowers  scale-ups to Fortune 10 organizations to make access decisions based on real-time identity and activity data rather than siloed tools, static role models, or infrequent review cycles.

With Oleria, organizations can govern and control access across the most complex enterprise environments, with a system that adapts alongside growing SaaS adoption, machine identities, and AI agents. Customers are empowered to:

  • Make defensible access decisions with real activity and peer insights
  • Continuously enforce least privilege with automated lifecycle governance
  • Enable secure, fast through service workflows embedded in employee productivity tools

Learn more here about how enterprises are replacing legacy IGA with adaptive identity governance or come find Oleria at the RSAC 2026 Conference, Booth #5164, North Hall.

Leave a comment »

Posted in Commentary with tags on March 18, 2026 by itnerd

Cybersecurity researchers at Akamai are reporting a sharp rise in malicious online activity following the outbreak of conflict involving Iran, with cybercrime increasing by 245% since late February. The surge includes widespread activity such as credential harvesting attempts, automated reconnaissance, and probing of enterprise infrastructure as attackers capitalize on geopolitical instability.

The financial sector has been the most heavily impacted, accounting for approximately 40% of observed malicious traffic, followed by e-commerce, gaming, and technology companies.

Researchers also observed significant increases in:

  • Automated reconnaissance traffic – Up 65%
  • Credential harvesting attempts – Up 45%
  • Infrastructure scanning for exposed services Up 52%
  • Botnet-driven discovery traffic – Up 70%
  • DDoS reconnaissance – Up 38%

Analysts warn that the volume and sophistication of activity are likely to persist as cyber operations continue to accompany broader geopolitical tensions.

Sunil Gottumukkala, CEO, Averlon provided this comment:

   “The surge in activity following geopolitical tensions is consistent with what we typically see in these environments. Early-stage signals like reconnaissance, credential harvesting, and infrastructure probing tend to increase significantly as attackers look for initial access opportunities.

   “Enterprises should assume this activity will persist and focus on preparedness. That means staying on top of attack surface and exposure management to reduce exploitable vulnerabilities and ensure known weaknesses cannot be used to gain initial access. It also means strengthening identity security and monitoring for credential misuse, since many of these campaigns rely on stolen credentials.

   “The organizations that fare best are the ones that treat this activity as a precursor to more targeted attacks and invest in visibility into their exposure and rapid remediation of high-risk issues.”

Michael Bell, Founder & CEO, Suzu Labs supplied this comment:

   “The 245% number is real but the breakdown underneath it matters more than the headline. Only 14% of the malicious traffic Akamai observed originated from Iranian IPs. Russia accounted for 35% and China 28%, which tells you this isn’t just Iranian retaliation. Russia and China are taking a “never let a good crisis go to waste” approach, using the conflict as operational cover to ramp up scanning, credential harvesting, and infrastructure mapping while defenders are focused on the named adversary.

   “The attack mix confirms it. Botnet discovery traffic up 70% and automated reconnaissance up 65% means most of what Akamai is measuring is the setup phase, not the main event. The actual attacks that follow this reconnaissance, using the access and mapping being built right now, will be worse than the current numbers suggest.”

Phillip Wylie, Chief Security Evangelist & Senior Consultant, Suzu Labs follows with this comment:

   “Geopolitical conflict has always created opportunity for cyber threat actors, whether they are nation-state aligned groups, cybercriminals exploiting distraction, or opportunistic attackers taking advantage of heightened uncertainty. What we are seeing now is consistent with historical patterns where global instability increases scanning, credential attacks, and reconnaissance activity as organizations shift attention toward crisis response.

   “What stands out is not just the volume increase but the automation behind it. Attackers are clearly leveraging AI-assisted tooling, botnets, and automated discovery techniques to quickly identify weak points while defenders are distracted. This reinforces the importance of continuous exposure management, strong identity security, and monitoring for abnormal reconnaissance behavior, not just traditional alert-driven detection.

   “Organizations should treat these spikes as a reminder that external events often translate into increased cyber risk. Security teams should prioritize basic defensive discipline such as patching exposed services, enforcing MFA, monitoring for credential abuse, and validating DDoS readiness. In periods of global tension, good cyber hygiene and visibility often make the biggest difference.”

Jacob Warner, Director of IT, Xcape, Inc. had this comment:

   “The recent surge in Iranian cyber activity following Operation Epic Fury highlights a sophisticated “loud vs. quiet” strategic pivot. High-profile “wiper” attacks, where large amounts of data are deleted, on entities like Stryker dominate headlines and cause immediate operational paralysis. Meanwhile, state-sponsored actors are simultaneously executing quiet, long-term espionage campaigns.

   “For security professionals, the danger lies in the “loud” attacks serving as a massive smoke screen, drawing incident response resources away from deep-seated persistence in critical infrastructure.

   “Defenders must look past the immediate carnage of defacements and wipers to hunt for “living off the land” techniques and compromised administrative tools like UEM and MDM platforms. Prioritizing identity security and behavioral analytics is the only way to catch the quiet intruder while the sirens are blaring.

   “In modern conflict, the wiper attack is just a loud invitation to a heist that has been running for months.”

We clearly live in interesting times. That is a bad thing at the moment as threats from threat actors are all around us. Meaning that we all have to be on our toes to counter those threats.

Leave a comment »

Review: Sharp Dynabook Portege Z240L-N

Posted in Products with tags on March 18, 2026 by itnerd

This is the second of two Sharp Dynabook laptops that I am reviewing this week. You can read about the firstSharp Dynabook that I reviewed here. And that was a light and reasonably quick laptop. Today I have something that is lighter than that one and faster in a lot of ways. It’s the Portege Z240L-N and it clocks in at a mere 2.11 pounds which is insanely light. In fact, if I needed a notebook to carry on the daily, this would likely be my choice.

But just because it’s light doesn’t mean that you give up anything. I’m going to start with performance based on the following specs:

  • Intel Core Ultra 7 Processor 258V
  • Windows 11 Pro
  • 14.0″ diagonal widescreen
  • 32 GB RAM
  • 512 GB PCIe NVMe SSD
  • Fingerprint reader
  • 2 x USB-C/Thunderbolt 3 ports
  • Intel ARC Graphics
  • WiFi 7, Bluetooth, Ethernet
  • 56 W battery

First let’s start with the CPU and GPU performance. I did my testing using Geekbench 6 and I did one test on battery and one test on AC power as PC laptops can have radically different results in each scenario. Here’s the results:

On battery:

  • Single Core: 2144
  • Multi Core: 9292
  • GPU (OpenCL): 26777

And here’s the results while on AC Power: 

  • Single Core: 2544
  • Multi Core: 9784
  • GPU (OpenCL): 24840

To put that in perspective, my M1 Pro MacBook Pro hit these numbers (both on battery and on AC power) for the CPU:

  • Single Core: 1762
  • Multi Core: 12431

So despite being a small and thin laptop, it put out pretty impressive numbers. And I had to run the GPU test three times to validate the numbers as it was odd that it had a higher score versus on AC power. But the results came out the same every time so I have to assume that this is a legitimate score.

Now onto the disk test. Here’s the results on both AC and battery power:

  • Read: 3420.61 MB/s
  • Write: 2319.43 MB/s

So it’s not the fastest SSD around as my MacBook Pro posted up a score of over 5000 MB/s in both read and write tests. But it’s far from slow.

You also aren’t giving up anything in terms of ports:

The screen itself is very bright and vibrant. Though it does have issues with really bright reflections such as a camera flash. I won’t hold that against Sharp. The keyboard has a nice typing feel to it as well. I wasn’t a fan of the trackpad as using a MacBook Pro as my daily driver, I found getting used to a mechanical trackpad to be a problem as it is a mechanical diving board trackpad. But that’s a me problem. I am pretty sure it will not be a you problem.

On the left side, you get a USB-C/Thunderbolt 3 port for power and data, an HDMI port, a USB-A port, a headphone jack, and a microSD slot.

On the right side you get a USB-A port, a USB-C/Thunderbolt 3 port and an Ethernet jack along with an Kensington lock slot.

In short, This notebook is fully featured and missing nothing. Except maybe for battery life. It’s rated for “up to” 8 hours. I barely got past 5 hours. Your mileage may vary on that front. But given the overall package that’s on offer here, I will give Sharp a free pass on that one. You can pick one up for about $2600. And in my opinion, if you want a light laptop that doesn’t force you to give up on speed or connectivity, it would be money well spent.

Leave a comment »

Windsurf IDE Extension Drops Malware via Solana Blockchain Targeting Developers In The Process

Posted in Commentary with tags on March 18, 2026 by itnerd

Bitdefender has released research warning of an active attack using a malicious extension for the Windsurf IDE (integrated development environment). The campaign intentionally targets software developers, who typically have privileged access, API keys, and other high-value credentials.

Disguised as a legitimate R programming language tool, the extension installs a multi-stage NodeJS credential stealer that retrieves encrypted payloads from the Solana blockchain, leveraging legitimate third-party infrastructure instead of traditional command-and-control (C2) servers to evade detection.

Cybercriminals are increasingly abusing trusted developer ecosystems and decentralized infrastructure to plant malware and establish persistence.

You can read the research here: https://www.bitdefender.com/en-us/blog/labs/windsurf-extension-malware-solana

Leave a comment »

TrojAI Extends Enterprise AI Security with Agent-Led Red Teaming, Runtime Intelligence, and Coding Agent Protection

Posted in Commentary with tags on March 18, 2026 by itnerd

TrojAI today announced major new capabilities designed to secure the growing deployment of agentic AI in the enterprise going beyond the prompt layer. 

Agent-Led AI Red Teaming

TrojAI Detect now includes Agent-Led AI Red Teaming,which uses coordinated autonomous agents to conduct red team testing on AI agents, applications and models. This advancement allows AI security teams to easily perform complex testing scenarios that map to a wide range of known security frameworks with the click of a button. 

Key features include: 

  • Agentic testing: Specialized agents work together to test AI models, apps and agents, automatically correlating results into a single, actionable report.
  • Multi-turn attacks: Agents automatically orchestrate multi-turn and dynamic attack chains, eliminating manual configuration and using TrojAI’s vast library of datasets and manipulations.
  • Adaptive learning: Testing agents retain history and memory to evolve strategies across attacks, becoming more effective with each new cycle of testing.
  • Framework mapping: Test results are automatically mapped to OWASP, MITRE and NIST. 

Agent-Led AI Red Teaming transforms AI security testing from a complex, multi-step process into a streamlined, intelligent assessment aligned to industry-standard frameworks.

To learn more about how TrojAI secures AI through Agent-Led AI Red Teaming, read the full blog.

Agent Runtime Intelligence

To complement build-time risk assessment, Agent Runtime Intelligence is available as a new platform capability in private preview. It goes beyond the prompt layer to capture and analyze full AI agent execution traces, giving enterprises deep visibility into how AI agents behave at runtime, including tool usage, memory access, data retrieval patterns and system prompt exposure. This enables security teams to govern, test and enforce policy across complex, multi-step AI workflows.

With Agent Runtime Intelligence, TrojAI enables visibility for: 

  • Tool exposure and excessive agency
  • Prompt injection propagation across workflows 
  • Sensitive data access during retrieval 
  • System prompt exposure and memory interactions

The capability integrates seamlessly with TrojAI’s existing dashboards, MCP governance, SIEM integrations and compliance tooling.

Real-Time Protection of Coding Agents

As AI coding agents become embedded in development workflows, they introduce a new class of security risk. Real-Time Protection of Coding Agents extends TrojAI Defend to safeguard AI coding assistants such as Claude Code and Codex as they generate, retrieve and modify code.

The capability detects exposed secrets, prevents sensitive data leakage, including PII, and blocks indirect prompt injection attacks, such as malicious instructions embedded within a retrieved file. By monitoring agent behavior in real time, TrojAI ensures that coding agents operate within defined security guardrails without disrupting developer productivity.

With these three platform enhancements, TrojAI is redefining how enterprises protect the next generation of intelligent systems so they can confidently embrace AI innovation securely, transparently, and at scale.

Leave a comment »

Multiply raises $9.5m for self-learning ads, reports 300%-500% pipeline increase for B2B companies

Posted in Commentary with tags on March 18, 2026 by itnerd

Multiply is the first AI-native media agency for B2B companies. All marketers know that in traditional advertising, campaigns start losing effectiveness the moment they launch. Creative gets stale and audiences tune out. Multiply calls this phenomenon “decaying ads.”

Today, the company emerged from stealth with $9.5 million in funding to introduce what it calls the next paradigm: Self-Learning Advertising, where ads use internal data to continuously get better on their own. The round was led by Mayfield, with participation from Sorenson Capital, Instacart Co-Founder Max Mullen, Google Head of Gemini and Google Labs Josh Woodward, and executives from HubSpot, Braze, Issuu, Brex, Sierra, and Common Room, among others.

Early customers report outsized impact in sales pipeline generated from ads. Vanta, a leader in security automation, which has raised over $500 million from Sequoia Capital and other top VCs, shared: “We’ve seen 770% more sales meetings, we build and test faster with their AI, and their team is strategic, hands-on, and operates as trusted partners.” Listen Labs, the leading AI customer research platform that has raised $100M, said LinkedIn has become its most efficient paid channel for new leads, with campaigns performing 5X above LinkedIn benchmarks. Across customers, the common thread is velocity, and lead quality, and pipeline impact.

Multiply was founded by Matt Jayson, formerly at Google and Brex, and Ashish Warty, formerly SVP Engineering at HackerOne and engineering leader at Dropbox and Airship.

To tackle something this ambitious, Multiply couldn’t just build AI software. The company operates as a media agency staffed by expert strategists, who use Multiply’s proprietary AI to operate campaigns at speeds and with impact previously impossible.

Multiply’s Customer Insights AI Agent extracts real customer language from sales calls and uses it to personalize ads. The ICP Agent analyzes closed-won deals to refine targeting. The Quality Score Agent continuously tune copy and keyword alignment. The Creative Design Agent refreshes images weekly. The A/B Testing Agent runs hundreds of experiments, quickly identifying winners and cutting losers. Ashish Warty, Co-founder and CTO of Multiply, describes, “Together, these systems allow Multiply to iterate faster than any traditional agency model.”

While Multiply launched first with Google and LinkedIn ads, the company says its infrastructure was designed for emerging AI-driven ad platforms like ChatGPT ads. Multiply is already helping its customers prepare for ChatGPT ads. All campaign learnings and experimentation systems can extend directly into new formats, including conversational and AI-driven advertising experiences.

Looking ahead, Multiply will expand into a full omni-channel ad buyer for B2B companies, enabling businesses to launch and optimize advertising across all major platforms from a single system. The roadmap includes expansion to additional channels, daily creative refresh, unified cross-channel attribution, and AI-driven budget allocation across ad channels to maximize pipeline impact. As new AI-powered advertising channels emerge, Multiply aims to help customers adopt them early while continuing to outperform across existing platforms.

Leave a comment »

Polygraf AI Launches Desktop Overlay as a Real-time AI Behavior Control Plane Across Enterprise Operations

Posted in Commentary with tags on March 18, 2026 by itnerd

Polygraf AI today announced the launch of its Desktop Overlay, a new product designed to provide continuous, real-time guidance for compliance operations and data protection directly at the user interface level, as a personal compliance assistant. Built for highly regulated and government agencies, the Desktop Overlay runs at the edge and preemptively warns users of sensitive data exposure while they are writing, before the data is sent to third-party models, external systems, or leaves device endpoints  – and requires no integration.

As AI adoption accelerates across everyday workflows, organizations face a growing challenge: sensitive information is increasingly shared unintentionally through chat tools, AI assistants, email, and browser-based applications. Traditional Data Loss Prevention (DLP)  tools rely on post-exposure audits, endpoint monitoring, or reactive controls that introduce friction and often fail to stop human error in the moment. Polygraf AI’s Desktop Overlay addresses this gap.

Data Protection at the Edge.

Operating directly at the desktop interface, across all applications, the Overlay identifies and flags sensitive information within 100 milliseconds, as users type. Using intuitive color-coding, it highlights confidential data, such as employee IDs or contact information, in yellow, and critical regulatory data, like Social Security numbers, API keys, or protected health information, in red, providing immediate visual feedback so users can correct mistakes before data leaves the organization.

Unlike legacy DLP systems, the Overlay does not wait for data to be transmitted or logged. It proactively highlights sensitive content in real time using Polygraf’s task-specific Small Language Models. These models run entirely within customer infrastructure, requiring as little as 1.3 GHz CPU and 8GB RAM while consuming just 40-120MB RAM giving organizations complete control, visibility, and auditability over AI interactions. 

The result is a shift from reactive enforcement to continuous protection and education.

Additionally, with the Overlay, Polygraf provides real-time behavioral training for employees. Rather than blocking workflows or relying solely on annual compliance trainings, the Desktop Overlay serves as an always-on security coach. As employees see real-time highlighting across email, chat, AI tools, and internal systems, they develop a practical understanding of what constitutes sensitive information within their organization. Over time, this builds lasting security awareness while reducing accidental exposure. During the pilot testing, customers saw up to a 72% decline in their DLP (Data Leakage Prevention) triggers within 4 weeks of Overlay adoption. 

For organizations operating under SOC2, HIPAA, GDPR, NIST-RMF, or other compliance frameworks, the Overlay combines immediate safeguards with long-term improvements in workforce behavior. It enables productivity while strengthening governance.

This shift toward preemptive control is becoming imperative as organizations struggle to govern  autonomous AI deployments. According to Gartner, By 2027, 40% of agentic AI projects will be canceled due to high costs, unclear value, and inadequate controls.” Polygraf AI directly addresses the “controls” gap by embedding security into the user’s natural workflow, ensuring AI initiatives move from pilot to production safely.

Over the past year, Polygraf AI has expanded its footprint across the defense, financial services, insurance, and healthcare sectors, where data sovereignty and compliance are mission-critical. The company’s premise-agnostic AI Behavioral Usage Control Layer provides explainable, auditable controls that align with strict regulatory and operational requirements, offering organizations a practical alternative to opaque, cloud-dependent AI security tools.

With the launch of the Desktop Overlay, Polygraf extends its AI security platform directly to the individual user, embedding protection into daily workflows without disrupting productivity. The company will showcase the Desktop Overlay and its broader AI usage control platform during the RSAC Conference, where attendees can see how the technology protects AI interactions in real time across enterprise environments.

Source: Gartner Report, When AI Goes Rogue: Building Guardrails and Kill Paths for Agentic I&O, By Apurva Singh, February 2026. Gartner is a trademark of Gartner, Inc. and/or its affiliates.

Leave a comment »

Building the Future of Travel & Expense: New Innovations from the SAP Concur and Amex GBT Alliance

Posted in Commentary with tags on March 17, 2026 by itnerd

Today at SAP Concur Fusion, SAP Concur and American Express Global Business Travel (Amex GBT) are announcing new advancements in Complete by SAP Concur and Amex GBT, an AI-enabled, co-developed solution for travel booking, servicing, payments, and expensing. These updates mark an important milestone in building the framework and foundations for next gen business travel between the two companies, expanding content access, strengthening service, and further integrating travel and expense into a more seamless and intelligent experience enhancing customer value.

Since announcing the strategic alliance in October 2025, adoption of Complete has continued to accelerate. Product and engineering teams from both companies have been focused on building the foundations to connect Amex GBT’s marketplace and servicing with Concur Travel & Expense to deliver features that simplify process, increase visibility and support smarter decision making across the entire travel lifecycle.  

Integrated Travel Support from Joule and Travel Counselor

An enterprise integrated chat platform with automated hand-off to a live travel counsellor for additional support is in pilot for customers now. This is the first of many features to go live for Complete customers. Layering in Joule in Q2 2026 will bring SAP’s agentic AI directly into the experience to help travellers find answers faster and with greater confidence.

Joule will be trained on Amex GBT’s most common inquiries and supplier marketplace data, enabling it to resolve frequent questions more effectively throughout the trip lifecycle. When a request requires additional support, the conversation can transition to a live travel counselor from Amex GBT without the traveler needing to leave Complete. This experience brings together the convenience of AI and the reassurance of human support, all in one place.

New Travel Manager Home Page

As the role of the Travel Manager continues to expand, bringing information together in one place helps reduce friction, improve efficiency, and keep teams focused on optimizing their travel program rather than managing multiple systems.

To support this need, Complete is introducing a new home page designed specifically for Travel Managers. This home page integrates SAP Concur and Amex GBT data and brings key travel and expense tools, insights, and controls into one central place, with a cleaner look and simpler navigation. Travel managers will have a single starting point to monitor programs, access reports, manage approvals, and connect to duty-of-care information.

Initially, the home page will provide essential insights, with more advanced analytics and reporting planned over time. In the future, it will deliver a comprehensive, real-time view of the travel program to help travel managers make faster, more informed decisions, including spend trends, savings opportunities, and policy compliance to reduce leakage.

Expanded Content Across Air, Hotel and Ground

Content breadth is foundational to delivering a better travel experience, and Complete continues to expand access across key categories. The Amex GBT marketplace is being fully built into Complete and will provide access to all of Amex GBT’s Air, Hotel and Ground content. This will include NDC, core GDS content, Booking.com and Expedia hotel content and much more.   Complete users also now have access to more than 80 rail providers. These live rail connections expand transportation options and support regional travel needs, particularly in regions where rail is a preferred or more sustainable choice.

SAP Concur and Amex GBT are also building the foundation for expanded NDC content with a single, unified implementation to lay the groundwork for symmetry across the SAP Concur and Amex GBT ecosystem. This will help provide customers with consistent, predictable access to NDC airline content without needing to worry about where or how that content is sourced.

Concur Expense and Amex GBT Egencia Integration

Additionally, Concur Expense is integrating with the Amex GBT Egencia solution, introducing enhanced e-receipt and itinerary data integration. This integration is enabling Egencia travel bookings to automatically flow into Concur Expense, with eligible items pre-populated and enriched with detailed itinerary and transaction data.

Travelers no longer need to manually enter booking details, making it easier to move from booking to expensing without re-entering information or manually uploading receipts. Finance and travel teams will also benefit from more timely, accurate expense data that supports stronger compliance, reporting, and visibility into travel spend.

The pilot integration is delivering a configurable, personalized, end-to-end digital travel experience for joint customers now and will be generally available in April 2026.

A Continuation of Their Shared Vision

Together, SAP Concur and Amex GBT are delivering:

  • A unified marketplace with access to 600+ airlines and 2 million+ properties, offering greater incentives and cost savings
  • Accelerated NDC releases and modern retailing capabilities
  • AI-powered tools trained on unmatched travel and expense data
  • Integrated traveler support through conversational, connected channels
  • Streamlined processes across booking, servicing, payments, and expensing

TMC Partner Program by SAP Concur and GBTNetwork

SAP Concur and GBTNetwork have announced the TMC Partner Program by SAP Concur and GBTNetwork. This joint program extends select benefits to our most trusted and capable mutual TMC partners—those who can bring this vision of superior travel marketplace content and travel technology of the future to customers and prospects. 

With this program launch, we’re also introducing two levels of partner capability and competency recognition – TMC Gold and TMC Silver aligned to travel content, and technology adoption, and delivery excellence. These levels are intended to help customers understand which TMCs have earned our highest level of trust to bring this vision to life. 

Learn more about Complete from SAP Concur and Amex GBT here: https://www.concur.com/solutions/complete.

Leave a comment »

« Older Entries