Security & Compliance
Built for CFOs who get audited.
An AI agent writing to your SAP system is a serious decision. Here is exactly how we handle confidence, control, audit trail, and credential security — no marketing language.
Confidence scoring
Every invoice gets a score before it touches SAP
Capped AI computes a composite confidence score across five extraction components: document quality, vendor name match, field completeness, tax code validity, and amount consistency. Only invoices above your configured threshold are auto-posted.
- Composite score = weighted average of 5 independent components
- Configurable posting threshold (default: 0.85) — you set the bar
- Sub-threshold invoices routed to exception queue, not discarded
- Score breakdown shown per-invoice in the audit trail
Shadow mode
We run in parallel for 30 days before writing a single SAP document
During the pilot, Capped AI processes invoices alongside your existing AP team. It predicts what it would post — but does not post. You compare outcomes. When accuracy is validated on your real data, you flip the switch.
- Full extraction + confidence scoring runs silently in parallel
- Daily accuracy report vs. what your clerks actually posted
- No SAP writes until you explicitly authorize production mode
- Shadow period can be extended indefinitely — your call
Never autonomous on sensitive postings
Hard rules enforced at the infrastructure layer
Certain invoice categories require human approval regardless of confidence score — these are infrastructure-layer rules, not AI judgment calls.
- New vendor (not in SAP vendor master) — always human approval
- Invoice amount > $10K — human approval required
- Tax-sensitive postings — human approval
- Credit memos and debit notes — human approval
Audit trail
Every Fiori action logged for 7 years — SOX-grade, immutable
The Capped AI audit log is append-only. Every field extracted, every confidence score computed, every Fiori action taken, every screenshot captured, every human approval or rejection — timestamped, actor-attributed, and cryptographically signed at write time.
- Per-step screenshot of every SAP Fiori action during posting
- 7-year retention policy (configurable up, not down)
- Append-only: records cannot be altered or deleted
- SAP document number cross-referenced on every posting entry
- Exportable to CSV for external audit or SIEM integration
Credential security
AES-256-GCM encrypted SAP credentials
The SAP service account credentials used by the browser agent are encrypted at rest with AES-256-GCM. No SAP data leaves Capped AI infrastructure beyond what is necessary to complete the posting.
- AES-256-GCM encryption for stored credentials
- Credentials never logged or stored in plaintext
- Separate encryption key per customer tenant
- Access is scoped to the minimum required SAP permissions
Compliance
Compliance certifications planned post-launch
We are a design-partner stage company. Our security practices are built to enterprise standards. Formal compliance certifications are planned for after the V1 launch.
- Internal quarterly security reviews against Trust Services Criteria
- Penetration test report (Q1 2026) available to enterprise customers under NDA
- SBOM and dependency manifest available on request
- Compliance certifications planned post-launch
Available on request
Penetration test report (last conducted Q1 2026), Software Bill of Materials (SBOM), dependency manifest, vulnerability disclosure policy, and data processing agreement (DPA) — available to qualified enterprise customers under NDA.
Speak to our security team
If your IT, InfoSec, or internal audit team needs a deeper briefing, architecture diagram, or compliance documentation, reach out and we will schedule a technical call.
Request a security briefingOr email us directly at security@capped.ai