Why Enterprise AI Needs A Constitution: Using Adversarial Agents To Secure The ERP

A single, belated audit after an AI model generates code for an enterprise resource planning (ERP) system is a recipe for financial and operational disaster. The consensus among cybersecurity and AI governance experts is that the audit must happen in real time, before the code touches any critical ledger. Enterprise AI needs a constitution — a predefined set of rules — enforced by adversarial agents that simulate attacks and test every output within the ERP environment, ensuring compliance, accuracy, and security from the moment of generation.

Forbes Tech Council member and AI security strategist Marina Petrova popularised this concept in a June 2026 article, arguing that conventional post-deployment code reviews are obsolete for AI-generated code. Modern ERP systems, used by companies like SAP, Oracle, and Microsoft, contain sensitive financial data and business logic. An AI assistant that writes SQL queries or automation scripts can introduce errors, vulnerabilities, or even malicious logic if not policed instantly. Petrova’s proposed solution combines two ideas: a constitutional framework (a codified set of rules like 'never delete a record without approval' or 'never access payroll data without role check') and adversarial agents (AI models that deliberately try to break those rules).

Why now? The rapid adoption of generative AI in enterprise IT, especially for low-code and no-code automation, has outpaced governance frameworks. Gartner predicts that by 2027, 40% of ERP code will be AI-generated, up from less than 5% in 2024. Without guardrails, this trend could lead to unauthorised data exports, compliance violations, or financial restatements. The constitutional approach mirrors successful experiments at companies like JPMorgan Chase and Siemens, where internal AI systems have a 'bill of rights' enforced by real-time adversarial checks. The term 'enterprise AI constitution' is increasingly discussed by AI governance professionals as a standard for safe automation.

Key details: Petrova’s framework uses a dual-agent architecture. The first agent — the 'generator' — produces code or actions based on user prompts. The second agent — the 'guardian' — an adversarial model trained to find violations of the constitution in the generator’s output. The guardian runs within milliseconds, flagging risky code before it can affect the ERP’s database. Early deployments in supply chain modules have reduced security incidents by 73% and audit findings by 90%, according to a 2025 study by the AI Risk Institute. The constitution itself must be board-approved and updated quarterly to reflect new regulations like the EU AI Act and SEC cybersecurity rules.

Analysis: The constitutional-adversarial approach represents a shift from reactive to proactive AI security. Traditional methods rely on scanning logs after the fact, which is too slow for code that can alter financial records instantly. By embedding governance into the AI’s runtime, enterprises can achieve 'continuous compliance'. However, critics caution that adversarial agents themselves can be fooled by sophisticated attacks — a problem known as adversarial evasion. The framework is only as strong as its constitution rules and the training data for the guardian model. Regulatory bodies like the European Commission are watching these developments closely, as they inform future AI auditing standards.

Outlook: Expect major ERP vendors to integrate constitutional governance natively within the next 18 months. SAP has already announced a beta of its 'AI Integrity Layer' using rule-based constitutions, and Microsoft is experimenting with adversarial agents in Dynamics 365. The next frontier is multi-enterprise constitutions — shared rules across supply chain partners — which could become a de facto standard for B2B AI interactions. Companies that delay implementing such frameworks risk regulatory fines, reputational damage, and the kind of automation failures that make headlines. The era of 'audit after the fact' for enterprise AI is ending; the constitution is here.