A briefing for CIOs, VPs of IT, and enterprise architects running AI on SAP.
Every AI initiative on your roadmap got approved on its own merits: a chatbot business case here, a copilot ROI model there. Each one made sense in isolation. Eighteen months in, you're the one who has to explain why five AI projects share the same SAP backend but none share an integration, an auth model, or an audit trail. That's integration sprawl, and if you're accountable for AI strategy on SAP Commerce Cloud, S/4HANA, or any SAP CX platform, it's already on your risk register whether it's been named yet or not.
This isn't a request for more governance process. It's an architecture decision that determines whether your AI investment compounds in value or compounds in technical debt.
The Pattern You're Already Seeing
Every business unit brings you the same underlying ask, dressed differently:
-
Customer service wants a chatbot with live order status — built as a one-off integration to SAP.
- Sales ops wants a Teams assistant for reps — another one-off integration, different team, different owner.
- Warehouse ops wants voice-enabled inventory queries — a third integration, a third security model.
- Compliance is asking you, after the fact, for a unified audit trail across all of it — and discovering there isn't one, because there's no shared layer to log against.
Four requests, one root cause: every AI surface has been allowed to build its own path into SAP. Each one you approve makes the next one harder to govern, not easier — and each one is a security surface, an auth pattern, and a vendor dependency you now own.
Why This Is an Architecture Problem, Not a Vendor Problem
SAP already holds everything an AI agent needs — order status, pricing, quotes, inventory, fulfillment, account history, with governance built in. The failure point isn't SAP. It's that every AI surface that wants that data rebuilds the connection to it from scratch: its own authentication, its own data translation layer, its own failure and rate-limit handling.
You haven't approved an AI strategy. You've approved N one-off integration projects that happen to point at the same backend — and every new channel is a full rebuild of work your last channel already did.
The Standard That Changes This: MCP
In November 2024, Anthropic released the Model Context Protocol (MCP), an open standard for connecting AI systems to external tools and data. In December 2025, Anthropic donated it to the Agentic AI Foundation, a directed fund under the Linux Foundation co-founded by Anthropic, Block, and OpenAI — with Google, Microsoft, AWS, Salesforce, and SAP among the supporting members. SAP has a direct stake in this standard's governance, which matters if you're deciding whether to build on it.
Thirteen months post-launch:
- 97 million monthly SDK downloads
- 10,000+ active MCP servers in production
- Native client support in Claude, ChatGPT, Microsoft Copilot, Cursor, Gemini, and the Microsoft Teams SDK (added November 2025)
- Gartner projects 75% of API gateway vendors will ship MCP features by end of 2026
For an architecture decision, that's the signal that matters: this isn't a single-vendor bet, it's converging toward default infrastructure the way REST and OAuth did.
What Changes When You Build the Layer Once
Instead of each AI surface owning its own SAP connection, you expose orders, inventory, pricing, quotes, and accounts through one governed layer that any MCP-compliant client can call:
-
Storefront chatbot — reads live order and stock data through the layer, no bespoke SAP connector.
- Teams assistant for sales reps — pulls live pipeline, credit status, and open quotes without a new integration, because Teams' MCP support (native since Nov 2025) speaks the same protocol.
- Partner portal, procurement agent, field service assistant — same layer, zero incremental integration cost.
The marginal cost of each new AI surface drops to the interface and the workflow. The SAP integration — the expensive, security-sensitive part — is built once and inherited by everything after it.
The Governance Case You Can Take to Audit and Security
This is the part that should carry the most weight in your business case:
-
One authentication boundary, not one per channel. Every agent connecting through the shared layer is authenticated the same way, centrally.
- One log format. Every interaction — which agent, what was requested, what SAP returned, when — lands in a single audit trail regardless of whether the request came from a website bot, a Teams agent, or a procurement bot.
- Inherited governance. When the next AI channel gets approved — by your team, a business unit, or a partner — it connects through the same boundary. You don't re-architect governance for every new use case; it's structural, not procedural.
That's a materially different answer than "we have a policy document" when your auditor or CISO asks for a complete picture of AI-assisted access to customer or order data.
The Vendor Lock-In Math
MCP separates the AI model from the integration layer underneath it. The capabilities you expose work identically whether the reasoning engine is Claude, ChatGPT, or a model that doesn't exist yet. That converts "which AI vendor do we bet the company on" from an infrastructure decision into a swappable business decision — a real hedge if you've already watched the model leaderboard shift twice in two years and don't want your integration layer married to this year's leader.
Three Questions for Your Next Architecture Review
-
How many independent AI-to-SAP integrations exist today, or are planned in the next 18 months? More than one means integration debt is already accumulating on your books.
- If your AI model vendor changed pricing, API terms, or direction tomorrow, how much of your program would need to be rebuilt? If the answer is "most of it," the exposure is architectural, not contractual — and it's fixable at the integration layer.
- Can you produce, today, a single unified log of every AI-assisted interaction that touched SAP data in the last 90 days? If not, that's a governance gap that will surface in an audit before it surfaces in a strategy review.
The Timing Argument
Shared-integration standards are the rare enterprise investments that don't show up in a press release but determine your AI program's cost curve for years. The cost of building this layer goes up every quarter you wait, because every additional one-off integration is more debt to unwind later. The decision isn't whether your organization ends up with a unified AI layer over SAP — the economics make that close to inevitable. The decision is whether you architect it deliberately now or absorb it as forced remediation after the fifth uncoordinated AI project.
Frequently Asked Questions
What is MCP, in one sentence? The Model Context Protocol is an open standard, released by Anthropic in November 2024, that lets any AI agent connect to external systems — like SAP — through one common interface instead of a custom-built connection per agent.
Does adopting MCP mean replacing our existing SAP integration tools? No. MCP sits above your existing SAP APIs and middleware as a standardized access layer for AI agents specifically. It doesn't replace SAP Integration Suite, your existing iPaaS, or your ERP connectors — it gives AI clients a consistent way to call into the capabilities those tools already expose.
Who governs MCP, and is it safe to build on a single vendor's standard? As of December 2025, MCP is owned by the Agentic AI Foundation, a directed fund under the Linux Foundation co-founded by Anthropic, Block, and OpenAI, with Google, Microsoft, AWS, Salesforce, and SAP among the supporting members. It's no longer a single-company standard — SAP has a direct seat in its governance.
Does this require a rip-and-replace of our current AI projects? No. The shared layer is additive: existing chatbots, copilots, and agents can be migrated to call through it incrementally, and new AI projects connect to it from day one instead of building their own SAP integration.
What's the actual security benefit over our current setup? Centralization. Instead of N separate authentication schemes and N separate logs across N AI channels, every agent authenticates at one boundary and every interaction is logged in one format — which is what makes a single, complete audit trail possible in the first place.
Does MCP lock us into a specific AI model provider? The opposite. MCP is designed to decouple the AI model from the integration layer, so the same SAP-connected capabilities work regardless of which model — Claude, ChatGPT, or a future model — is doing the reasoning. Switching providers becomes a configuration change, not an integration rebuild.
How does this relate to SAP's own AI tooling, like Joule? They're complementary layers. SAP's native AI tooling operates inside the SAP ecosystem; MCP standardizes how AI agents outside that ecosystem — a Teams bot, a partner portal agent, a custom copilot — access the same SAP data and capabilities without a bespoke integration for each one.
What's a realistic first step? Most teams start by exposing a narrow, well-governed set of SAP capabilities (e.g., order status and inventory lookup) through the shared layer for one existing AI use case, then extend the same layer to the next channel rather than building a new connection.
Knack Systems is an SAP Gold Partner with Recognized Expertise in Sales, Service, and Marketing, delivering SAP Customer Experience and Autonomous CX implementations since 1998. We work with IT and enterprise architecture teams to design the shared AI integration layer described here — scoped to your existing SAP landscape, not a rip-and-replace.
Schedule an architecture review with our team
Sources
-
Anthropic, "Donating the Model Context Protocol and establishing the Agentic AI Foundation," Dec. 2025
- Linux Foundation, "Announcing the Agentic AI Foundation," Dec. 9, 2025
- Model Context Protocol Blog, "MCP joins the Agentic AI Foundation," Dec. 9, 2025
- Microsoft 365 Developer Blog, "Announcing the Updated Teams AI Library and MCP Support," Nov. 2025
- Microsoft Community Hub, "How Sales Development Agent Helps Teams Scale Outbound Outreach"
- Gartner-referenced MCP/API gateway convergence projection, cited via multiple 2026 industry analyses of Gartner's Software Engineering research