Putting AI to work on your SAP data — safely
The pitch is genuinely exciting: ask your SAP Business One data a question in plain language and get an answer — an aging report, your top open orders, a live dashboard — without writing a query. The hesitation is just as real: what exactly can the AI see, and where does that data go? Both deserve a straight answer.
What an MCP server actually is
An MCP (Model Context Protocol) server is a bridge. On one side sits an AI assistant; on the other, SAP Business One's Service Layer — the same secure REST interface your other integrations use. The assistant can't touch your database directly. It can only ask the bridge to run specific, allowed operations, and the bridge does the talking to B1. That indirection is the whole point: a controlled doorway, not an open window.
Read-only by default
The safe starting posture is read-only. The assistant can query — open orders, invoices, aging — but it cannot create, change, or delete anything. For most of the value people want (answers, reports, dashboards) read-only is all you need, and it removes the scariest failure mode entirely: the AI can't act, only report.
Your permissions, not a shared key
The best setups don't hand the AI one master login. Each person signs in with their own B1 credentials, so Business One's own permission model applies — the assistant can only see what that user could already see in the client. A salesperson's questions are answered against a salesperson's access. There's no new set of permissions to get wrong, because it reuses the ones you already maintain.
Nothing stored centrally
A well-built connector runs against your own Service Layer and keeps nothing. Your data isn't copied into a vendor's cloud or a central warehouse to be queried later — each question is answered live, from your system, and then it's gone. That keeps you out of data-residency debates and shrinks the attack surface to almost nothing.
So what does “the AI can see it” really mean?
It means: for the specific question you asked, the assistant fetched the specific records needed to answer it, subject to your permissions, and used them to write the reply. It isn't browsing your database, it isn't training on your invoices, and it isn't holding a copy. Scope the access down, start read-only, and “the AI can see it” becomes a feature — your data, answered on demand — rather than a worry.
Getting value without the risk
Start narrow and prove it: read-only, per-user sign-in, a handful of reports your team asks for constantly — A/R aging, open orders by customer, a live sales dashboard. Once the security model has earned trust, you can decide, deliberately, whether any write operations are worth enabling. The technology is ready for real work; the trick is letting it earn its way in, one safe capability at a time.
See it on your own Business One
Book a 30-minute walkthrough tailored to the way your team works.