Every AI action inside an ERP runs under a human's credentials. If you can't name the human who authorized that class of action in advance, you've built a compliance gap — not a productivity gain.
Everyone wants AI in their ERP. Few define what it's allowed to do.
That gap is where systems break.
Authority Laundering
When AI acts inside your ERP, it acts under someone's credentials. The audit trail says "the AI did it." But AI cannot be held accountable.
The pattern looks like this:
- a user asks
- the AI executes under a service identity
- the blame is diffused
- the control gap is invisible
Treat AI as a Deputy Operator
The fix isn't to disable AI until it's useless. The fix is to treat AI as a deputy operator.
Every action must trace back to:
- a named human
- who authorized that class of action
- in advance
From Access to Authority
The shift is simple:
From"The AI has ERP access."
To"The AI can prepare drafts on scope X, for human approval, under SOP_3."
Now AI authority becomes data.
How ERPs Survive AI
- Tiered roles — read / draft / execute.
- Per-user identity — the audit trail names the human, not the service.
- Hard boundaries nothing crosses, regardless of who asks.
- Drift reports that catch bleed before it compounds.
The Principle
AI can assist in preparation and detection.
A machine can never make a management decision.
If you can't name the human who pre-authorized the action, the AI shouldn't be doing it.
