AI agents are moving from experimental projects into production systems across enterprise software, and the code that powers your SAP systems is about to become the critical interface between intelligent automation and sensitive business data. Unlike traditional generative AI that answers questions, agentic AI systems autonomously decompose tasks, call tools, read files, and iterate until work is complete. This shift means ABAP developers and SAP architects must rethink how they expose data and enforce security when agents become routine users of your systems .

The scale of this change is staggering. Computing demand has grown one million times in the last two years, driven almost entirely by agentic inference, where every agent action, file read, tool call, and output generation consumes tokens and processing power. This is not a gradual transition. At NVIDIA's GTC 2026 keynote, Jensen Huang presented twelve production blueprints from major enterprises that had already rebuilt their products around AI agents, declaring that "every single SaaS company will become an Agentic as a Service company" .

What Changes When Agents Start Using Your SAP System?

In the pre-agentic world, a procurement manager might ask a human analyst to find which of the top twenty suppliers have delivery performance below 90% this quarter and calculate total open invoice value against them. That analyst writes a report, schedules it, exports to Excel, and manually cross-references tables. The work takes hours or days. With agentic AI, the same question gets decomposed into sub-tasks: one agent queries supplier delivery performance data via an OData endpoint backed by a CDS view, another queries open invoice data from finance systems, and the results synthesize into a structured answer in seconds. The entire chain runs through security controls and your ABAP authorization framework .

This speed and autonomy create a new problem. A human clicks a button every thirty seconds. An agent may call your BAPI (Business Application Programming Interface) ten thousand times per hour. Interfaces that perform acceptably under human load can collapse completely under agent load. More critically, an agent running as a service user with overly broad authorizations becomes an insider threat waiting to happen.

How to Prepare Your ABAP Code for Agent-Ready Systems

• Semantic Annotations on CDS Views: CDS views are the primary structured data interface for AI agents in SAP. Agents do not navigate transaction codes; they call OData endpoints backed by CDS. Without semantic annotations that tell the language model what each field means, the agent is guessing from column names. With proper annotations like @Semantics.businessPartner.role and @Semantics.percentage, agents can reason correctly about data relationships and constraints .
• Authority Checks on Every Agent-Callable Interface: Every function module, BAPI, and method that an agent can call must perform explicit authority checks. The policy engine delegates final security enforcement to ABAP, which is the correct architecture because language models should not be trusted with authorization decisions. ABAP should enforce who can access what data, regardless of whether a human or agent is making the request .
• Performance Optimization for Agent-Scale Load: Review agent-callable interfaces against strict criteria: no SELECT * statements in performance-critical paths since agents fetch data in loops and need field-level selects only, buffer vendor master and material master data where appropriate, and avoid dialogue modules and unnecessary commits in agent-exposed functions .
• Access Control Annotations on Data Models: The minimum bar for agent-ready CDS includes @AccessControl.authorizationCheck: #CHECK to ensure every view enforces authorization, @EndUserText.label for human-readable descriptions, @VDM.viewType: #CONSUMPTION to mark consumption views, and @OData.publish: true to expose the view as an OData endpoint that agents can call .

Who Controls Agent Security in Enterprise Systems?

NVIDIA introduced NemoClaw, an enterprise-hardened version of OpenClaw (an open-source agentic operating system), which adds three security layers on top of the base agent framework. OpenShell sandboxes agent execution and controls what agents can read, write, and call. A Policy Engine enforces the enterprise's own business rules. A Network Guardrail and Privacy Router prevents sensitive data from leaving the enterprise boundary .

However, NemoClaw is not the foundation of SAP Joule, SAP's own AI product. Joule has its own architecture, models, and AI infrastructure running on SAP's Business Technology Platform (BTP) and SAP AI Core. NemoClaw is NVIDIA technology that SAP, as a launch enterprise partner, is integrating as an optional security and governance layer within BTP, tied specifically to Joule Studio. It is available for customers who require the strongest possible compliance controls when agents interact with sensitive ERP (Enterprise Resource Planning), financial, or supply chain data .

The critical point: regardless of which security envelope is in play, when an agent needs to do something in SAP, it calls your ABAP. The agent's service user has only the authorizations you have granted. Every CDS view it accesses must have the proper access control annotation and a corresponding DCL (Data Control Language) policy. This means the responsibility for secure agent deployment falls directly on ABAP developers and SAP architects who design these interfaces.

What Does the Agentic Shift Mean for Enterprise IT Strategy?

The parallels are instructive. When Linux arrived, every company needed a Linux strategy. When HTML and HTTP arrived, every company needed a web strategy. When Kubernetes arrived, every company needed a cloud-native strategy. Now that OpenClaw has arrived as the operating system of agentic computers, every company needs an agentic strategy . For SAP customers, this means auditing your ABAP codebase, identifying which functions and CDS views agents will call, hardening those interfaces with proper authorization checks and semantic annotations, and stress-testing them against agent-scale load patterns.

The agentic revolution is not coming. It is already here, running in production at major enterprises. Your ABAP code is no longer just the backend of human-facing applications. It is the foundation upon which autonomous agents will make business decisions, access sensitive data, and execute workflows. Getting it right is not optional.