cancel
Showing results for 
Search instead for 
Did you mean: 

SAP A.I. Privacy and Security

Reinhardt
Explorer
279

Hi Experts,

An important factor with generative A.I. is security - Does our data we submit to an A.I. train a model and potentially thereby expose confidential information?

AWS Bedrock is an A.I. service offered by Amazon and they clearly state that it is secure and private. It is safe to submit confidential information.

SAP A.I. Launchpad / Generative A.I. Hub offers access to many models - are these models hosted on SAP servers or does it just connect to the A.I. providers servers?

We're looking for a definitive answer that submitting confidential/sensitive data to a model on SAP A.I. Launchpad is safe, and that our data is not exposed to the public internet or used to train models?

Kind Regards,

Reinhardt

Accepted Solutions (1)

Accepted Solutions (1)

MarioDeFelipe
Active Contributor

Hi @Reinhardt 

Does our data we submit to an A.I. train a model and potentially thereby expose confidential information?

in SAP we have three options, 1 we have Joule, 2 we can host the model on BTP using AI Core, or 3 we can use BTP to call a 3rd party hosted model on Azure, AWS, or openAI.

Assuming you are asking about 2, the model is in our domain, meaning we don't expose the information outside BTP.

In #3. You do expose the information outside SAP, be careful here

in #1, SAP recommends not to share any GDPR sensitive data like medical history of a user to its model, Joule, or Business AI

source; Joule T&Csource; Joule T&C

AWS Bedrock is an A.I. service offered by Amazon and they clearly state that it is secure and private. It is safe to submit confidential information.

It's secure and private, any LLM served through Bedrock is a private version of the LLM from the user's AWS tenant.

Source; AWSSource; AWS

SAP A.I. Launchpad / Generative A.I. Hub offers access to many models - are these models hosted on SAP servers or does it just connect to the A.I. providers servers?

Mixed, sometimes they are hosted on BTP, some other times you call the model hosted on Azure or AWS, check out this note and the terms Hosted, Managed or Remote.

Source; SAPSource; SAP

 

We're looking for a definitive answer that submitting confidential/sensitive data to a model on SAP A.I. Launchpad is safe, and that our data is not exposed to the public internet or used to train models?

Be careful, for example, there is no guidance from SAP to use DeepSeek v3, but since we can do it, and its trendy and cheap, every time we call a hosted API we must read carefully its T&C, in this case, you will be calling an API in China, and you are fully responsible of what happens.

source; DeepSeeksource; DeepSeek

 

Then, I would never use self-hosted APIs (ChatGPT, Gemini) for enterprise use cases, I would only use models hosted on our tenants of BTP, AWS, Azure, or GCP.

Reinhardt
Explorer
0 Kudos
This is very helpful, thank you Mario.
Reinhardt
Explorer

I have some follow up questions to pick your brain with:

We register our own BEDROCK on AWS
- we get a private instance

We use BEDROCK through BTP AI Launchpad
- is this connecting to a shared BEDROCK private instance?
- or do we still have our very own private instance?

We're looking into connecting our Private AWS Bedrock service in BTP through Core AI - this should be different from using the predefined available BEDROCK models in launchpad?

Much Appreciated!

Answers (1)

Answers (1)

MarioDeFelipe
Active Contributor
0 Kudos

hi @Reinhardt 

If I got your question correctly, if the LLM is hosted with Bedrock, its on AWS, and what we do from BTP is call an AWS endpoint, but the model is hosted on your private account on Amazon.

 

Screenshot 2025-01-18 at 11.50.57.png

 Now, what SAP means when they say "Region Availability SAP AI Core" is that essentially in SAP Generative AI Hub, you create a "model deployment", and that template is for the available models. SAP works with the hyperscalers to be up to date and enable these templates quite fast as soon as the vendors release new models, like Nova from AWS which is already available on Generative AI Hub.

Screenshot 2025-01-18 at 11.58.02.png