cancel
Showing results for 
Search instead for 
Did you mean: 

SAP A.I. Privacy and Security

Reinhardt
Explorer
406

Hi Experts,

An important factor with generative A.I. is security - Does our data we submit to an A.I. train a model and potentially thereby expose confidential information?

AWS Bedrock is an A.I. service offered by Amazon and they clearly state that it is secure and private. It is safe to submit confidential information.

SAP A.I. Launchpad / Generative A.I. Hub offers access to many models - are these models hosted on SAP servers or does it just connect to the A.I. providers servers?

We're looking for a definitive answer that submitting confidential/sensitive data to a model on SAP A.I. Launchpad is safe, and that our data is not exposed to the public internet or used to train models?

Kind Regards,

Reinhardt

View Entire Topic
MarioDeFelipe
Active Contributor

Hi @Reinhardt 

Does our data we submit to an A.I. train a model and potentially thereby expose confidential information?

in SAP we have three options, 1 we have Joule, 2 we can host the model on BTP using AI Core, or 3 we can use BTP to call a 3rd party hosted model on Azure, AWS, or openAI.

Assuming you are asking about 2, the model is in our domain, meaning we don't expose the information outside BTP.

In #3. You do expose the information outside SAP, be careful here

in #1, SAP recommends not to share any GDPR sensitive data like medical history of a user to its model, Joule, or Business AI

source; Joule T&Csource; Joule T&C

AWS Bedrock is an A.I. service offered by Amazon and they clearly state that it is secure and private. It is safe to submit confidential information.

It's secure and private, any LLM served through Bedrock is a private version of the LLM from the user's AWS tenant.

Source; AWSSource; AWS

SAP A.I. Launchpad / Generative A.I. Hub offers access to many models - are these models hosted on SAP servers or does it just connect to the A.I. providers servers?

Mixed, sometimes they are hosted on BTP, some other times you call the model hosted on Azure or AWS, check out this note and the terms Hosted, Managed or Remote.

Source; SAPSource; SAP

 

We're looking for a definitive answer that submitting confidential/sensitive data to a model on SAP A.I. Launchpad is safe, and that our data is not exposed to the public internet or used to train models?

Be careful, for example, there is no guidance from SAP to use DeepSeek v3, but since we can do it, and its trendy and cheap, every time we call a hosted API we must read carefully its T&C, in this case, you will be calling an API in China, and you are fully responsible of what happens.

source; DeepSeeksource; DeepSeek

 

Then, I would never use self-hosted APIs (ChatGPT, Gemini) for enterprise use cases, I would only use models hosted on our tenants of BTP, AWS, Azure, or GCP.

Reinhardt
Explorer
0 Kudos
This is very helpful, thank you Mario.
Reinhardt
Explorer

I have some follow up questions to pick your brain with:

We register our own BEDROCK on AWS
- we get a private instance

We use BEDROCK through BTP AI Launchpad
- is this connecting to a shared BEDROCK private instance?
- or do we still have our very own private instance?

We're looking into connecting our Private AWS Bedrock service in BTP through Core AI - this should be different from using the predefined available BEDROCK models in launchpad?

Much Appreciated!