May 8, 2026

SAP unifies API policy to enhance enterprise-grade safety for AI connectivity

SAP has announced a new API Policy aimed at enhancing security for customers utilizing AI within its enterprise software ecosystem. This policy unifies existing rate limits and prohibits the use of undocumented internal interfaces, responding to the heightened risks posed by autonomous AI agents, particularly in light of recent security incidents like the Mini Shai-Hulud supply chain attack that compromised numerous SAP-ecosystem npm packages. SAP, recognized for its proactive role in defining security standards, is a launch partner for the Agent2Agent protocol under the Linux Foundation, further illustrating its commitment to govern and secure AI interoperability while maintaining a focus on enterprise-grade safety.

SAP: SAP is a provider of enterprise software solutions including ERP systems and cloud platforms for mission-critical business processes. Recently, SAP unified its existing API usage controls into a single policy to address the performance, stability, and security challenges posed by autonomous AI agents accessing its systems. SAP promotes endorsed integration paths like the Agent2Agent protocol and governed MCP servers to enable secure AI connectivity.
Anirban Majumdar: Anirban Majumdar serves as Head of the Office of the CTO at SAP, focusing on architecture and technology strategy. He recently authored an article explaining SAP’s API policy as essential governance for enterprise-grade safety amid AI agent adoption, rather than restrictive gatekeeping. Majumdar contributes to SAP’s AI-native architecture initiatives highlighted in recent events like the Architecture Summit.

`json
{
“API Policy”: “SAP’s recent policy consolidates existing controls and clarifies restrictions on undocumented internal interfaces to mitigate risks from AI agents.”,
“Standards Role”: “SAP is a launch partner for the Agent2Agent protocol under the Linux Foundation and co-chairs agent identity work in the Agentic AI Foundation.”,
“Security Incident”: “The Mini Shai-Hulud supply chain attack compromised SAP-related npm packages, highlighting vulnerabilities in third-party tools.”
}
`