As artificial intelligence continues to move deeper into enterprise systems, SAP security teams are beginning to explore its practical role beyond experimentation. While initial skepticism remains, early use cases are already demonstrating how AI can accelerate vulnerability analysis, prioritize risks, and support faster remediation.
At the same time, the integration of AI into security workflows raises important questions around governance, accountability, and control. Enterprises are navigating a delicate balance — leveraging AI for speed and insight while maintaining human oversight in critical decision-making processes.
This shift is also redefining how organizations approach SAP security more broadly. Traditional periodic assessments are giving way to continuous, risk-driven monitoring models, where AI plays a central role in identifying and contextualizing threats in real time.
In this Q&A, Ivan Mans, Co-Founder and Board Member at SecurityBridge, shares insights on how AI is being applied in SAP security environments today, what enterprises are learning from early adoption, and how the role of security teams is evolving as AI takes on more analytical responsibilities.
AI Adoption, Skepticism, and Real-World Use
Q: Since launching the AI Companion, what has surprised you most about how SAP security teams are actually using AI in day-to-day operations?
A: While it wasn’t entirely unexpected, we’ve seen a degree of skepticism among SAP security professionals about the immediate value AI can bring to their day-to-day operations. That said, this is typical for any transformative technology. As the capabilities evolve and teams begin to experience tangible benefits—particularly in areas like faster vulnerability analysis and accelerated remediation—we expect that skepticism to quickly give way to broader adoption. In our view, AI will soon become a natural part of the SAP security workflow rather than something experimental.
Q: How are enterprises balancing speed and automation with governance and accountability as AI becomes embedded in SAP security workflows?
A: At this stage, SecurityBridge does not yet deploy AI-driven automation for remediation. While AI can significantly accelerate detection and analysis, many enterprises remain cautious about automating corrective actions. In particular, organizations operating in jurisdictions with strong employee representation—such as works councils—often face restrictions around automated monitoring of user identities and SAP terminal activity. As a result, the current balance typically favors AI-assisted insight and prioritization, while keeping remediation decisions firmly under human oversight to ensure governance, transparency, and accountability.
Q: What lessons have you learned from early customer deployments that are shaping SecurityBridge’s next phase of AI development?
A: One of the biggest lessons is that AI enablement cannot be reduced to ticking a feature box. In enterprise security environments, AI must be built with full traceability and auditability in mind. Customers need to understand how conclusions are reached and be able to trace decisions end-to-end—especially when those insights influence security operations.
The Evolving Role of SAP Security Teams
Q: How do you see the role of SAP security teams evolving as AI takes on more analytical and advisory responsibilities?
A: Much like in software development, AI may take over parts of the coding, but not the creativity behind it. In the SAP security space, AI will significantly reduce the tedious work of collecting data and identifying meaningful signals within large volumes of noise. However, the critical tasks—such as contextual decision-making, risk prioritization, and determining the right remediation strategy—will continue to require human judgment. Rather than replacing security teams, AI will allow them to focus more on strategic security decisions and less on manual analysis.
From Analysis to Action: Closing the Security Gap
Q: Many organizations struggle to move from findings to remediation. Where does AI make the biggest practical difference in closing that gap?
A: The biggest impact is in turning findings into clear, actionable remediation steps. AI helps teams immediately understand the real risk behind an issue and provides best-practice guidance on how to fix it. Instead of searching through documentation or interpreting lengthy security notes, the solution is effectively presented on a silver platter—making remediation faster and accessible to a much wider group of SAP engineers.
Governance, Explainability, and Trust in AI
Q: How is SecurityBridge ensuring that AI-driven recommendations remain explainable, auditable, and aligned with regulatory expectations?
A: Since the early days of SecurityBridge, we have built and maintained a comprehensive knowledge base of SAP security findings, recommendations, best practices, and technical guidance. This curated body of expertise now serves as the foundation for training our embedded AI Companion and AI-powered support agents. By anchoring AI recommendations in this structured and traceable knowledge base, we ensure that the output remains explainable, auditable, and aligned with enterprise governance and regulatory expectations.
Q: What types of SAP security risks are best suited for AI-assisted decision-making today — and which still require deep human expertise?
A: SAP configuration and authorization recommendations are currently the easiest areas to support with AI, as they are largely based on well-defined patterns and established best practices. More complex scenarios—such as identifying insecure custom code or evaluating the potential impact of implementing SAP Security Notes—still require significant human expertise. These situations depend heavily on context within the customer’s SAP landscape and business processes, where experienced security professionals remain critical to making the right decisions.
Toward Continuous, AI-Driven Security Operations
Q: Looking ahead, how do you envision AI supporting continuous SAP security monitoring rather than periodic assessments?
A: Continuous SAP security monitoring should already be the standard today. Periodic assessments largely serve compliance requirements but are often insufficient for managing real security risk in dynamic SAP environments. With AI entering the picture, scarce security resources can be focused where they create the most value—prioritizing the most critical findings, identifying emerging risks faster, and supporting faster remediation. AI therefore strengthens the shift from periodic reviews toward truly continuous and risk-driven SAP security operations.
Q: What advice would you give SAP customers who are interested in AI-driven security but are unsure where to start?
A: In many cases, we still need to evangelize the importance of SAP security, as it has historically been a blind spot for many organizations. Whether AI is involved or not, these customers often need guidance to establish a solid security foundation first. For those looking to embrace AI-driven security, my advice is to start in a controlled and transparent way. Ensure you understand how the AI operates, how data is handled, and where recommendations originate. Most importantly, avoid blindly feeding sensitive configuration data, logs, or system details into large language models that may train on your data. Security and governance must remain the priority.
Q: Over the next 12–24 months, what milestones or developments should the market watch for from SecurityBridge in the AI security space?
A: We continue to innovate at a very rapid pace. While I cannot disclose too many details yet, SecurityBridge is expanding its capabilities beyond traditional SAP security monitoring into areas such as real-time business process monitoring, fraud detection, and complex cross-system correlation of business events. These developments will allow organizations to move from purely technical security insights to a much deeper understanding of business risk within their SAP landscap
ERP News Editorial Team
The ERPNews Editorial Team covers global developments in ERP (Enterprise Resource Planning), enterprise software, cloud platforms, AI, automation, and digital transformation, providing independent news and editorial analysis for senior business and technology leaders. Our reporting focuses on market signals, strategic shifts, and enterprise impact across the ERP and enterprise technology ecosystem.
For editorial inquiries, please contact:
đź“© [email protected]
