Artificial intelligence presents a significant opportunity within SAP. The combination of structured, high-quality data and end-to-end business processes makes SAP a highly effective environment to apply AI. Whether supporting users through embedded assistants or enabling agentic AI, the potential to improve efficiency and streamline operations is clear.
However, those same characteristics also increase the potential impact if something goes wrong. Because processes are interconnected and data is relied upon across the business, issues relating to access, behavior, and data integrity can have wide-reaching operational and financial consequences.
To take full advantage of AI in SAP, you need to approach it in a secure and controlled way. In this blog, we explore how AI is being used in SAP today, how it changes the risk landscape, and what that means for access control, segregation of duties, monitoring, and governance.
The shift AI introduces
For years, SAP security has operated with a quiet assumption: not every risk that exists will be fully exploited.
Users often have more access than they strictly need. Roles are not always perfectly designed. Segregation of duties conflicts exist. None of this is new, and in many environments, it has been accepted as part of the operational reality.
What has limited the impact of those issues is not the system itself, but the user. Most human users simply don’t know how to navigate beyond what is in front of them. They work within familiar transactions, interfaces, and processes. Access that exists in theory often remains unused in practice.
AI changes that dynamic completely.
With the introduction of AI in SAP, whether through embedded assistants or more advanced agent-based automation, that gap between what a user can do and what they know how to do starts to disappear.
In the case of AI assistants, users are no longer limited by their own familiarity with the system. The assistant can interpret their intent, identify what access is available, and guide execution across transactions, data, and processes that the user may never have navigated themselves.
In agent-based scenarios, that limitation is removed entirely. Agents operate directly within the permissions they are given. They use that access to complete tasks without the same natural constraints and at a speed and scale that would not be possible for a human user.
In both cases, access that previously existed but was rarely used becomes fully exploitable.
As a result, long-standing issues like overprovisioned access, weak role design, and segregation of duties (SoD) conflicts become easier to exercise — and more impactful when they are. What was previously limited by complexity or user knowledge becomes consistently actionable, often with broader operational consequences.
How to secure AI in SAP
AI in SAP is currently being adopted in two main ways: through embedded assistants, such as SAP Joule, and through more advanced agent-based use cases that execute parts of business processes. In the near term, most organizations are focused on assistants, but as familiarity and confidence increase, the shift toward agent-based automation is likely to accelerate.
Regardless of how AI is applied, the response should focus on applying familiar principles, but with greater rigor. Access design, SoD, monitoring, and governance all need to be strong enough for AI operating at speed and scale.
Here’s how to address the operational realities AI presents:
Start with access
In an AI-enabled environment, access becomes the starting point. Overprovisioned access is no longer a passive issue. If AI operates within a set of permissions, it will make full use of them. This makes least privilege essential. Every role needs a clear purpose, and every permission needs to be justified. Access that exists “just in case” becomes a liability.
Extend to AI agents
An AI agent is not just enabling access. It uses that access continuously. If it is given broad permissions, it can act on them at scale. It should be treated as a system user, with tightly defined access aligned to a specific task.
Rather than creating highly capable agents with broad permissions, a more effective approach is to design narrowly scoped agents that perform individual activities. More complex processes can then be achieved by combining them, without introducing unnecessary risk.
Monitor behavior, not just access
Defining access alone is not enough as AI can operate within its permissions and still behave in unexpected ways or produce unintended outcomes. This makes behavior monitoring critical.
Organizations need to define expected patterns of activity, detect deviations, and act quickly when those deviations occur. Tools such as SAP Enterprise Threat Detection (ETD) can support this by identifying unusual activity patterns and enabling rapid response.
Control how access is used
The way access is granted also needs to be controlled. Rather than providing persistent access, organizations can adopt a more dynamic approach.
Access can be granted when required, specific actions can be approved, and access can be removed once tasks are complete. This reduces exposure while maintaining control over how AI operates.
Validate outcomes
It is also important to consider the quality of outcomes, not just the actions taken. AI can perform the correct process but still produce incorrect results. Controls therefore need to validate outputs for completeness, accuracy, and consistency, ensuring that AI-driven processes can be trusted.
Taken together, these measures create a control baseline that supports AI use as it evolves.
What this means in practice
AI does not introduce fundamentally new security challenges in SAP, but it does remove the margin for error.
The controls required, including least privilege, segregation of duties, monitoring, and governance, are already well understood. What changes is the level of rigor needed to apply them. Gaps that were previously tolerated become far more significant when AI can consistently make use of the access available.
For organizations, the priority is not to rethink SAP security from the ground up. It is to address the gaps that already exist and ensure that controls are working as intended.
When that foundation is in place, AI becomes a powerful enabler. It allows organizations to operate more efficiently, make better use of their data, and execute processes with greater speed and consistency.
The opportunity is significant. The difference is that in an AI-enabled environment taking advantage of that opportunity depends on getting the fundamentals right.
FAQs
How are organizations using AI in SAP today?
Most organizations are still at an early stage of AI adoption in SAP. The primary use case today is embedded assistants, such as SAP Joule, which help users navigate processes and access information more efficiently. Over time, this is expected to evolve toward more advanced agent-based use cases that can execute parts of business processes independently.
Does AI require a completely new approach to SAP security?
No. The core principles of SAP security remain the same, including least privilege, segregation of duties, and monitoring. What changes is the level of rigor required. AI makes it easier to use the access available, which increases the importance of ensuring those controls are properly designed and enforced.
What changes when AI agents are introduced into SAP processes?
AI agents introduce a different operating model. Instead of supporting a user, they can execute tasks directly within the system using the permissions they are given. This increases the importance of tightly defined roles, clear task boundaries, and strong oversight to ensure agents only perform the activities they are intended to.
