As AI Enters SAP Systems, CISOs Confront Visibility and Control Gaps

Most large enterprises say AI systems already have access to core business applications, yet few believe those privileges are governed effectively.

The 2026 CISO AI Risk Report, published by Saviynt, finds 71% of CISOs report AI access to platforms such as SAP and Salesforce, while only 16% say that access is under effective control. Nearly half of respondents have already observed unintended or unauthorized AI behavior, and one-third report an incident or near-miss within the past year.

In SAP landscapes, where tightly coupled modules share roles, data models, and trust relationships, the findings point to a widening gap between automation and oversight. Identity programs designed around human behavior are encountering software actors that inherit entitlements, traverse integrations, and execute actions at machine speed.

Where AI Risk Is Concentrating

The survey results depict environments where AI capability is advancing faster than the mechanisms designed to supervise it. Access is widespread, yet oversight remains limited.

A lack of visibility dominates the findings, with 92% of respondents saying they cannot fully account for AI identities and 95% doubting they could detect or contain misuse. These gaps make it difficult for security teams to reconstruct activity or confirm whether actions aligned with policy, particularly when agents move across interconnected systems.

Policy frameworks trail even further behind. Another 86% report they either lack formal governance for AI identities or fail to enforce it consistently. Human-equivalent rigor applies to only a fraction of accounts in most environments, and just 5% express confidence they could contain a compromised agent once it begins operating.

Unapproved deployments intensify exposure. Roughly 75% of CISOs say they have already discovered unsanctioned generative AI tools in production, frequently tied to embedded credentials or API integrations outside normal provisioning and certification workflows.

Technology stacks show similar pressure. About 60% of organizations still depend on SSO or MFA approaches even as AI systems interact through tokens, services, and automated calls. Only 25% report using controls designed specifically to govern AI identities.

The picture that emerges is one of autonomous access expanding faster than attribution, policy enforcement, and containment capabilities.

How CISOs Are Responding

CISOs are beginning to reposition AI identities as durable actors inside the enterprise, with expectations for accountability that resemble those applied to employees and partners.

Many start with visibility. Roughly 73% report building broader inventories to determine which agents exist and what resources they touch, while 68% are investing in continuous monitoring and posture analytics that replace episodic certification with live telemetry.

Another shift centers on lifecycle control. About 44% say AI accounts are moving into automated provisioning, recertification, and revocation processes so that entitlements do not accumulate silently as integrations multiply.

Efforts at the architectural level are also emerging, though at earlier stages of maturity. Close to one-third of respondents describe plans to converge governance, privileged access, and analytics into unified platforms, a move intended to compress investigation time and establish clearer ownership when anomalies appear.

Security teams describe a consistent objective. Detection must translate into action quickly enough to matter, whether through removal of dormant access, time-bound elevation, or policy-based revocation when risk thresholds are breached.

That trajectory carries weight in SAP estates. Authorizations propagate across modules, trust relationships extend through APIs, and a single credential can influence finance, logistics, and operational data simultaneously, which makes shared identity context one of the few control mechanisms capable of keeping pace with automation.

What This Means for SAPinsiders

• Identity maturity is becoming central to AI oversight. Access already exists inside SAP estates, while attribution, containment, and policy discipline lag operational reality, placing governance programs under renewed strain as automation spreads.
• Control starts with knowing what exists. Incomplete inventories and unclear ownership weaken enforcement, which is why organizations are concentrating first on discovery and continuous awareness before attempting more advanced interventions.
• The window to correct mistakes is shrinking. Autonomous agents extend permissions across connected systems quickly, pushing security teams to favor mechanisms that reduce the time between detection and remediation.