• Blog 1: How ChatGPT works
• Blog 2: How SAP Customers are Using ChatGPT
• Blog 3: ChatGPT for Business Process Optimization & Data Cleansing
• Blog 4: ChatGPT-SAP Integration | Challenges and Solutions

The promise of combining ChatGPT and SAP is undeniably alluring. Over this blog series, we have highlighted the tremendous potential of this integration to optimize processes, enhance data quality, and augment human capabilities. However, in this final post, we explore the challenges that may arise when bringing together two complex systems – ChatGPT and SAP. By illuminating potential pitfalls, we empower you to navigate them successfully as you consider integrating ChatGPT into your SAP ecosystem. By the end of this concluding article, you’ll have a comprehensive understanding of the nuanced complexities and strategies to surmount them, ensuring a smoother and more productive integration of ChatGPT into your SAP ecosystem.

Specifically, we will examine security risks, technical barriers, implementation costs, and change management hurdles. Understanding these challenges upfront equips you to devise strategies to overcome them. Our goal is not to discourage but to equip – providing a balanced perspective so you can evaluate if the benefits outweigh the effort required. With diligence and care, obstacles can be transformed into opportunities. We hope this series has delved into the practical considerations so you can determine if integrating ChatGPT into your SAP landscape is the right strategic move for your organization. As we conclude our exploration of ChatGPT and SAP, we encourage you to thoughtfully weigh both the advantages and challenges as you chart your integration journey.

midjourney: @aleksandr_60345

While the potential of combining ChatGPT and SAP is compelling, realizing this vision requires navigating various challenges. Successfully integrating these complex systems demands diligence and strategic planning. In this section, we will examine the major hurdles that may surface so you can proactively develop mitigation strategies. Being forewarned forearms you to tackle these challenges head-on.

Specifically, we will unpack four critical categories of potential obstacles:

• Security Risks: Transmitting data between systems creates vulnerabilities, such as potential data leaks, which require robust controls. Furthermore, the risks become multiplied if your business-critical data is stored on an outside server.
• Technical Barriers: Integrating GPT and SAP can be complex. Misalignments in protocols and APIs can hamper seamless linkage. Additionally, ChatGPT’s tendencies for hallucinations and imperfect interpretations could lead to unexpected errors or faulty outputs when integrated with SAP systems.
• Implementation Costs: Developing custom integrations carries high costs, from services to training. The investment must align with value.
• Change Management Hurdles: Adoption issues can emerge with any new workflow overhaul. Stakeholder buy-in and training are essential.

Let’s explore each of these challenges in greater detail to understand how they may manifest and prepare your mitigation strategy. Being equipped with this holistic perspective will allow you to determine if the benefits warrant the effort required.

Security risks

While integrating exciting new technologies like ChatGPT into enterprise landscapes enables operational innovation, it also expands the attack surface for potential cyber threats. As recent events underscore, vulnerabilities in external systems open the door for unauthorized data access or system sabotage. Since SAP contains precious proprietary information and supports mission-critical processes, customers must approach integrations with extreme care and implement rigorous controls. This section will explore examples of security risks that can emerge when linking ChatGPT to SAP, from data leaks to compromised credentials. More importantly, we will outline specific mitigation strategies to balance innovation with disciplined governance and risk management. With proactive preparation and resilient safeguards, organizations can confidently pursue integration opportunities, knowing their most critical assets stay protected.

ChatGPT experienced a data breach on March 20, 2023, which lasted nine hours and potentially impacted up to 1.2% of active ChatGPT Plus subscribers. Exposed data included users’ names, email and payment addresses, partial credit card details, and the first message of some user conversations.

The breach was due to a bug in the Redis client library. While Redis has since patched the bug, and OpenAI has taken steps to enhance the robustness of their Redis cluster and launched a bug bounty program, there is no knowing how many more bugs are out there ready to be exploited. While this incident has come to light and the issue has since been addressed, there could be more unknown incidents to the users and even OpenAI.

https://xkcd.com/2347

Post this incident, Italy banned ChatGPT, citing data privacy concerns. This incident highlights that the number of attacks on open-source code bases is skyrocketing, often due to technical debt and inadequate vulnerability management. With open source now underlying most modern applications, inherited risks abound.

To securely harness the power of AI integration while safeguarding critical assets, organizations must implement multilayered security defenses. From least-privilege access controls to encryption and data minimization, proactive mitigation strategies are essential. In this section, we outline key technical, governance, and architectural safeguards that SAP customers should consider implementing to bolster security posture when linking to external systems like ChatGPT. With rigorous security protocols and governance foundations, enterprises can balance digital transformation with disciplined risk management. Here is a short list of potential mitigation strategies to address security risks when integrating ChatGPT with SAP:

Opt for GPT API Access Over ChatGPT Web Interface: Avoid using the ChatGPT web interface and opt for GPT API access instead. While limiting access to your data is possible, the web GUI, by default, grants data access to OpenAI for training purposes, potentially compromising user privacy. In contrast, the API channel defaults to denial of data access, ensuring higher security and privacy for user interactions.

Utilize Microsoft Azure OpenAI for Data Privacy: Use Microsoft Azure OpenAI, which keeps data private and does not share it with OpenAI for model improvement. Azure hosts models separately from OpenAI services. More details can be found at Microsoft Azure OpenAI Data Privacy.

https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy

Conduct Rigorous Code Reviews and Penetration Testing: Uncover flaws in integration points or APIs through comprehensive reviews and ethical hacking exercises to strengthen security.

Install Advanced Security Tools: Leveraging advanced technological tools is crucial in today’s digital age. Firewalls act as barriers, monitoring and controlling incoming and outgoing traffic based on predetermined security policies. Intrusion detection systems alert administrators about potential security breaches. AI-driven attack monitoring learns from patterns and can predict and defend against novel threats. Segmenting networks can further restrict internet access, adding another layer of protection.

Consider Deployment of Local Large Language Models (LLMs): As of October 9, 2023, the Hugging Face Models webpage displays 353,875 models. Several of these models are open-source and can be utilized for commercial purposes. By selecting and deploying suitable local Large Language Models (LLMs), it is possible to prevent any transmission of data externally. However, this might incur expenses related to infrastructure and licensing unless opting for the use of open-source models.

Implement Strict Access Controls: Strengthen system defenses by employing advanced security measures like multi-factor authentication, which requires users to provide multiple forms of identification before gaining access. Using role-based permissions ensures that individuals can only access data pertinent to their job functions. Regularly reviewing and updating these permissions guarantees that unauthorized users do not get access, especially as organizational roles evolve.

Maintain Proactive Incident Response Plans: In the event of a security breach, having a well-prepared incident response plan is paramount. By conducting simulations or “war games,” teams can rehearse their response to different threat scenarios. These plans should include containment strategies to stop the threat from spreading and recovery protocols to restore normal operations swiftly, minimizing disruption and potential damage.

Undergo Recurring Security Audits and Risk Assessments: Leverage third-party auditors for unbiased perspectives and perform regular audits to identify and mitigate risks.

Anonymize or Synthesize Data: To protect the confidentiality of individuals, it’s essential to remove or mask Personally Identifiable Information (PII) from databases and other data storage locations. Instead of using real-world data, you can generate fictional yet realistic datasets, ensuring that while the insights remain valid, the data does not compromise anyone’s privacy. This not only upholds ethical standards but also minimizes potential security risks associated with mishandling PII.

Dall-E: Vishwas Madhuvarshi

Institute Data Minimization Practices: In a data-driven world, collecting more information than necessary is easy. To enhance security and privacy, organizations should adopt the principle of sharing and retaining only essential data. Anonymizing data, even within internal teams, ensures that high data security and privacy levels are maintained, reducing the risk of data breaches and potential misuse.

Using a combination of these technical and governance strategies, organizations can effectively reduce security risks by adopting a layered defense approach. This approach ensures that multiple layers of security measures are in place to protect against various threats, thereby providing a comprehensive security framework.

Technical barriers

While ChatGPT produces remarkably human-like text, it is powered by artificial intelligence with inherent limitations. When integrating ChatGPT with mission-critical ERPs like SAP, technical barriers can emerge that require mitigation strategies. In this section, we examine key challenges like imperfect interpretations and hallucinations. Understanding these constraints allows organizations to realistically calibrate expectations and implement human-in-the-loop checks to ensure output validity.

With prudent planning, governance, and supplementary tooling, the risks posed by technical barriers can be overcome. The goal is not to dismiss ChatGPT’s potential but rather harness it strategically. When thoughtfully augmented with human expertise, ChatGPT can enhance organizations’ digital capabilities while minimizing disruptions. Now, let’s explore the specific technical challenges and how SAP customers can address them.

Imperfect Interpretations:  While GPT models can generate human-like text, they may not always correctly interpret or generate appropriate responses. It’s essential to have safeguards in place to ensure that incorrect interpretations don’t lead to incorrect actions in the SAP system.

One SAP developer tried to use ChatGPT to convert a Java algorithm into ABAP code, specifically an algorithm to group anagrams. While ChatGPT could generate a version of the code, the developer found that the code was not only uncompileable but also had incorrect logic. Trying to understand and fix the code generated by ChatGPT proved to be a time-consuming endeavor. They had to first understand the original Java algorithm, then decipher the inaccurate code produced by ChatGPT, and finally make the necessary adjustments. Ultimately, they concluded that it took three times as long to fix the ChatGPT-generated code as it would have taken to write the algorithm from scratch in ABAP. Despite this, they believe that ChatGPT’s potential should not be dismissed completely, suggesting that with more training on ABAP code equivalent to Java code, ChatGPT might produce more reusable code.

https://www.linkedin.com/pulse/chatgpt-errors-eelko-de-vos-/

Hallucinations: Hallucinations refer to the phenomenon where ChatGPT generates responses that are not based on factual or accurate information. These responses can be imaginative, fictional, or wholly fabricated. ChatGPT’s training data consists of a vast amount of text from the internet, which can include incorrect or biased information. As a result, the model can produce responses that sound convincing but are not reliable or accurate. It’s essential to critically evaluate and verify information generated by ChatGPT to ensure its validity.

https://twitter.com/goodside/status/1609972546954317824/photo/1

For instance, when posed with a question to generate an SAP HANA SQL query to create a small table and answer the question based on this table about the best-selling fruit in Australia in January, ChatGPT promptly provided an answer – oranges. However, since ChatGPT had no access to the HANA database, this response was not derived from actual data but simply a guess. The issue becomes particularly evident considering the discrepancy in the quantity sold, where ChatGPT’s response was a fictitious figure of 250.15 kg. In comparison, the actual data in the Hana database indicated a much larger quantity of 3346.279 kg.

This example illustrates the inherent limitations of language models like ChatGPT. It underlines the need for careful scrutiny when interpreting their outputs, especially when using them with ERPs like SAP. The current hallucination rates for ChatGPT are estimated to be 15% to 20%. OpenAI, the parent company of ChatGPT, is working hard to bring these rates down soon.

While revolutionary, ChatGPT still exhibits constraints typical of current AI systems. Imperfect interpretations and hallucinations underscore the technology’s limitations. However, with governance and human oversight, these technical barriers can be overcome. Subject matter experts must scrutinize and validate outputs, especially when integrated with mission-critical platforms like SAP. Continued model training will also help address deficiencies over time. Though prudent precautions are necessary, ChatGPT’s capabilities should not be dismissed outright. When thoughtfully augmented, this technology can enhance organizations’ digital capabilities and knowledge work. With realistic expectations and safeguards, customers can unlock ChatGPT’s possibilities while minimizing disruptions.

As we conclude the discussion on technical barriers, it’s essential to highlight the various strategies that can be employed to counteract these challenges. Here are several mitigation measures that organizations can adopt to harness the full potential of ChatGPT while minimizing risks:

Human-in-the-Loop Checks: In the integration of ChatGPT with SAP, the role of human oversight becomes paramount. Given the intricacies and critical nature of SAP processes, which often drive key business functions, the validity of any AI-generated output must be closely monitored. Organizations should consider implementing a tiered human review system based on the risk profile of each task. Human oversight could be increased up to 100% for functions of high complexity or criticality, ensuring an expert vets every AI decision or recommendation. This is especially crucial for operations where even a minor error could have significant repercussions. Conversely, a reduced percentage of human oversight might suffice for more routine or lower-risk tasks. By employing this hybrid approach, organizations can optimize the blend of ChatGPT’s AI capabilities with human judgment, thereby ensuring both efficiency and accuracy in their SAP operations.

Utilize a Secondary Language Learning Model (LLM): When integrating ChatGPT with complex systems like SAP, the accuracy of generated outputs becomes paramount. Given the intricate nature of ERP processes and the criticality of the data involved, a single error can have cascading effects. By deploying a secondary LLM, organizations can create a system where outputs from ChatGPT are cross-referenced and validated by this secondary model. This dual-check mechanism acts as a failsafe, ensuring that any generated information, be it code snippets, data queries, or configuration scripts, is doubly vetted before being integrated into SAP. Such redundancy minimizes risks and offers a robust safeguard against potential misinterpretations or inaccuracies that might arise from relying on a single AI model.

Vishwas Madhuvarshi

Educate Users: SAP users, developers, and system administrators must be well-informed about ChatGPT’s capabilities and limitations. They should be provided with comprehensive training sessions and workshops to understand scenarios where ChatGPT excels and areas where it might falter. By doing so, when they receive an output from ChatGPT, they can critically evaluate its accuracy and relevance within the SAP environment. This educated scrutiny can prevent errors affecting SAP’s critical processes and workflows.

Implementation costs

The promise of enhanced productivity and efficiency from integrating ChatGPT with SAP is understandably enticing, but realizing this potential requires careful planning and budgeting across numerous complex dimensions. While the long-term benefits may be substantial, the upfront costs and effort involved in a successful integration can be extensive. Without adequately investing in the prerequisites for effective linkage of these two systems, organizations risk wasted time, runaway costs, stakeholder frustration, and failed adoption. However, with diligent advance planning and commitment to the required integration investments, companies can thoughtfully execute a phased rollout that tangibly proves value at each milestone while controlling costs. This prudent approach sets up integration success while avoiding sticker shock. Specifically, organizations need to plan and budget for a range of critical integration components, including specialized skills, usage fees, proof of concepts, data preparation, program management, training, change management, infrastructure, validation mechanisms, and ongoing support. Underestimating any of these foundational elements can derail initiatives, but giving each its due focus lays the groundwork for technology adoption that transforms operations. This section will unpack the core integration investment considerations so leaders can make informed strategic decisions.

Specialist Consulting Fees: The fees for specialist consulting services such as solution architecture, API development, systems integration, and process analysis can be significant. The cost of these services can vary widely and tend to be substantial, depending on the scope of the project.

GPT API Usage and Queries GPT API usage and queries incur a charge based on volume, which varies but can be a substantial amount monthly for enterprise integration. Monitoring usage metrics helps optimize plans.

Proof of Concept Development Proof of concept development is critical for testing capabilities and confidence building with limited scope before enterprise-wide rollout. POC costs include specialist time and trial account fees. The timeline for developing a proof of concept can range from 2 weeks to 12 weeks or more, depending on the complexity of the use case and the availability of any pre-existing solution accelerators.

Data Preparation and Management Data preparation and management spans activities like identification, extraction, cleansing, and analysis. The required data rigor may demand substantial data engineering hours.

Program Management and Product Ownership Given the numerous integration complexities, dedicated program management and product ownership are needed. This requirement may necessitate at least one technically aware PM FTE.

User Training Development and Delivery User training development and delivery ensures teams understand how to leverage new capabilities and are bought into changed workflows. As ChatGPT & SAP integration is an emerging capability, scheduling ongoing iterative training sessions to equip the hands-on operations team is essential. With this innovative technology still new, training cannot be one-and-done. Plan for multi-phase upskilling with refreshers to ensure the team has sufficient understanding.

Effective Change Management Effective change management is critical for integration success and involves activities like formal communications, training reinforcement, user incentives, and feedback channels. As research shows, programs with poor change management rarely meet objectives. Therefore, it is essential to dedicate an adequate budget and planning to this crucial set of activities. With proactive and strategic change management, user adoption hurdles can be overcome.

Change Management

Infrastructure Costs Infrastructure costs can include cloud services for security, storage, and scalability as usage grows, alongside server and networking capital costs for on-premise hosting, if needed.

Human-in-the-Loop Validation Human-in-the-loop validation involves manual oversight by subject matter experts to ensure the ongoing accuracy of ChatGPT outputs, as the LLM models can hallucinate or infer incorrectly. The costs of this validation process must be budgeted for. Options exist to optimize validation costs, like prompt engineering techniques that allow re-validating with the same LLM model or incorporating a second LLM to validate the first output. However, exploring validation optimization tactics in more depth is best saved for a future discussion – the key takeaway is that human validation represents an ongoing operational cost that organizations must plan for, though mitigation strategies can help manage spend.

Ongoing Post-Launch Support This is essential to maintain continuity and optimize value from the SAP-ChatGPT integration. This support encompasses maintenance, troubleshooting, and feature enhancements. Organizations should allocate sufficient budget for these post-implementation support activities to ensure the solution continues meeting business needs.

Additional Tools Additional tools should be procured or developed to monitor integration performance, track usage metrics, and log model training data. A budget will be required to purchase or custom-build these IT monitoring and analytics capabilities.

Carefully budgeting across all the necessary solution components is crucial for a successful deployment. Organizations should take a phased approach by first rolling out limited-scope proofs of concept. This approach allows validating return on investment before committing to large-scale budgets. With pragmatic planning, costs can be aligned with potential benefits in a calibrated manner.

However, underinvesting often dooms initiatives to failure. Allocating an adequate budget demonstrates the commitment and resources required to earn stakeholder buy-in across the organization. This thoughtful approach paves the way for project success.

Change management hurdles

One of the most overlooked challenges is managing the human side of technology change. Integrating ChatGPT into SAP workflows requires evolving ingrained habits, mindsets, and processes – no easy feat in any organization. Employees may resist the overhaul, lacking motivation or skills to adopt new tools.

According to Prosci research, only 13% or about 1 in 8 transformation initiatives with poor change management programs met or exceeded objectives, underscoring how critical it is to get the people’s side right.

Prosci Inc.

This manifests in a lack of user buy-in, training gaps, and low adoption. For example, call center agents comfortable with traditional scripts may view ChatGPT suspiciously, underutilizing its capabilities. Or finance teams might input data manually as they always have, failing to leverage new automations. Only with thoughtful leadership and change management will users embrace the productivity potential. Tactics like immersive training, transparent communications, and user incentives help drive adoption.

Additionally, change agents within the company can model new behaviors and provide peer support. As Chip Heath highlighted in his book “Switch: How to Change Things When Change is Hard,” leveraging social pressure and peer influence is critical in changing behaviors. Respecting long-time employees’ ingrained workflows while encouraging early adopters to be positive role models can help smooth the adoption transition. With a judicious change management strategy, organizations can transform obstacles into opportunities. The goal is to demonstrate how ChatGPT augments human capabilities so it is viewed as an asset rather than a threat.

Switch|How to change things when change is hard

In this final blog, we have ventured deep into the potential challenges of integrating ChatGPT with SAP, focusing on the security risks involved in transmitting data, the technical barriers that might hinder seamless integration, the substantial implementation costs, and the hurdles in change management that often accompany new workflow overhauls. Each topic we’ve discussed serves to educate and prepare organizations to confront and mitigate the complexities and obstacles that might arise during integration, ensuring that every step taken is well-informed and strategically sound.

It is with the understanding of both the potential and the challenges of such an integration that organizations can truly harness the revolutionary capabilities of combining ChatGPT and SAP, turning potential vulnerabilities and misalignments into opportunities for innovation and enhancement. By contemplating the insights shared in this blog, organizations can approach the integration with a balance of caution and ambition, ensuring the alignment of investments with the value envisioned.

As we conclude this series on integrating ChatGPT and SAP, we hope that the insights and knowledge shared have illuminated the path for those considering this venture, equipping them with a comprehensive understanding and a balanced perspective. May the information provided guide you in your decision-making processes and strategic planning, turning every challenge into an opportunity for learning and growth and ultimately leading to the successful realization of the benefits that the amalgamation of ChatGPT and SAP can bring to your organization.

References:

https://www.prosci.com/blog/the-correlation-between-change-management-and-project-success

https://www.amazon.com/gp/product/0385528752

https://openai.com/blog/march-20-chatgpt-outage

https://learn.microsoft.com/en-us/legal/cognitive-services/openai/data-privacy