in Artificial Intelligence, Cybersecurity, Executive Spotlights, News

Why SAP NS2 BISO Ted Wagner Treats AI Security as Mission Critical

Ted Wagner
Ted Wagner. The BISO talked with ExecutiveBiz about new developments in AI and defensive cyber at SAP NS2
Ted Wagner VP & BISO SAP NS2

Ted Wagner’s career in cybersecurity was shaped in mission environments where failure was not an option.

A longtime Army Reservist, Wagner supported early cyber mission units, conducted cyber investigations and response planning, and held senior leadership roles overseeing information systems for thousands of soldiers. That operational experience carried into the private sector, where he now serves as vice president and business information security officer at SAP National Security Services.

At SAP NS2, Wagner has overseen the security and compliance of the corporate network and for overseeing FedRAMP-authorized and commercial cloud offerings that support the War Department, intelligence community and civilian agencies. More recently he is leading cyber risk management functions and is leading the security of our AI implementations.

In this Spotlight interview, he discusses how SAP NS2 is approaching responsible AI, the challenges of fielding generative AI for defense customers, the evolution of FedRAMP and how his military background continues to inform his approach to risk and trust.

Potomac Officers Club’s 2026 Artificial Intelligence Summit on March 18 is the best place to find out about the latest AI missions and partnership opportunities right from U.S. federal and military officials. Register now!

ExecutiveBiz: Can you talk about responsible AI and what steps organizations should take to ensure AI tools are safe, accurate and ethical?

Ted Wagner: One of the things I’ve been doing in our working group around AI is threat modeling and looking at the different security frameworks that can mitigate risks and help us understand how those risks present themselves in an AI environment.

Having worked in the federal market and being very cognizant of controlled unclassified information and different data categories, we’re very sensitive to how we manage and protect our data. For example, we have a launchpad internally using a well-known large language model, but we keep it private. We’re not sharing any learning with the public model.

We also force authentication and multi-factor authentication for every user. Even though it’s internal, we enforce MFA so we can really restrict access only to those inside our organization.

We’ve published a governance model and we’re practicing it. As we evolve, develop new use cases and implement new technologies, we look at the risks, we mitigate them, and then we put those decisions to a vote with our security boards.

EBiz: Is there an AI effort at SAP NS2 that you’re particularly excited about?

Wagner: We’re going to bring SAP’s AI Core to our customers in the first half of 2026, so we’re very excited about that.

What I’ve been doing is combining different security frameworks to be more comprehensive in how we look at threats. There’s threat modeling work from Carnegie Mellon’s Software Engineering Institute that I’ve combined with the NIST AI Risk Management Framework and MITRE’s ATLAS project.

What I’ve found is that when you combine all of them, you get a much more comprehensive view of the problem. That’s really helping us be diligent.

I’m doing this in the backdrop of reports that have been published about large compromises in AI environments. We’re trying to gain lessons learned from what’s been shared so that as we roll this out to our customers, they don’t have to face those same challenges.

We deliver our cloud services with very strict access controls and through the FedRAMP authorization process, so we don’t have the same risk model as some public AI providers. But we don’t want to leave anything to chance. We want to maintain the same level of security our customers expect as we embed AI into our cloud services.

EBiz: What are the primary challenges in developing and fielding generative AI tools for defense customers?

Wagner: Defense customers are conservative, and rightly so. They don’t want to put their information at risk, so we have to demonstrate our diligence and the effort we’re putting into security.

Many of these customers are also moving from on-premise environments to cloud-based environments. SAP customers have very large landscapes, so it’s not something you deploy quickly. Even after a deal is signed, it can take months to migrate data, deploy in the cloud, integrate modules and then go live.

That said, we’ve found that automation and AI can help shorten those timelines over time. It doesn’t remove the rigor, but it can make the process more efficient.

EBiz: How has SAP NS2’s FedRAMP journey evolved over time?

Wagner: We started this journey about seven years ago with FedRAMP Moderate controls and Impact Level 4. We’re now moving into Impact Level 5 for federal customers, and we have plans to go even higher.

Those are difficult environments to operate in and to support from a security perspective. But we’re committed to it, and our customers are demanding it. They want these services and this technology, and meeting those security requirements takes a significant amount of effort.

EBiz: How does your Army and Army Cyber Command experience inform how you approach security at SAP NS2?

Wagner: When something is mission critical, details matter. I’ve been deployed twice, and I know what it means to operate in adverse environments and to be diligent down to the last detail.

That same perspective carries over into how we support our customers. They have national security requirements and they expect commitment. I expect that level of commitment from myself, and I share that expectation with my colleagues.

Many of us have served or have government experience, and that background translates well for our customers. They understand our commitment, and they see it in how we deliver our services.

EBiz: If you could change one thing about FedRAMP, what would it be?

Wagner: We’re excited to see how AI will be more fully adopted within FedRAMP. There is guidance today, but there are still many use cases and deployment models where additional clarity would help.

As technology evolves and AI becomes more prevalent, that guidance is going to be necessary, and I think we’ll see more of it in the coming months and years.

EBiz: What is the top challenge agencies face when migrating to the cloud, and what’s the solution?

Wagner: One of the biggest challenges is adapting to the shared responsibility model. Agencies are accustomed to on-premise environments, so when hosting, auditing and logging responsibilities shift, it can be an adjustment.

We see variations across agencies in how they approach that model. We do have a responsibility framework that outlines who owns each control, but adoption and understanding take time. Sometimes we have to work closely with individual agencies to walk through it, and that collaboration is important.

EBiz: Is there anything else you wanted to add?

Wagner: Integration is an area we’re very focused on, especially as it relates to AI.

When you look at threat models and attack vectors, that’s where you see API vulnerabilities and system-to-system authentication risks. Integration is one of SAP’s strengths, but if we’re not diligent about how integrations are implemented, we can open ourselves up to risk.

We’re very focused on putting the right technical controls and mitigations in place to protect our customers and their information as these AI-enabled integrations expand.

Who Is Ted Wagner?

Ted Wagner is vice president and business information security officer at SAP National Security Services. He represents SAP NS2 on SAP’s BISO Council and works with SAP product teams to ensure NS2 security requirements are met. He leads cyber risk management functions and is responsible for the security of our AI implementations for SAP NS2’s FedRAMP-authorized and commercial cloud offerings supporting defense, intelligence and civilian agencies.

Wagner brings decades of experience supporting national security missions, including senior cyber operations roles with the U.S. Army Reserve and leadership positions in the private sector. He is also an adjunct professor at the University of Maryland Global Campus and previously served as an advisor to MIT’s Geospatial Data Center.

What Is SAP NS2?

SAP National Security Services is an independent subsidiary of SAP that delivers secure cloud and enterprise solutions designed for highly regulated industries, including defense, intelligence, civilian government, healthcare and critical infrastructure.

SAP NS2 combines SAP’s commercial innovation with a security and data sovereignty model tailored to mission-critical environments, supporting FedRAMP-authorized cloud services and secure deployments across the federal market.

Why SAP NS2 BISO Ted Wagner Treats AI Security as Mission Critical - top government contractors - best government contracting event
ExecutiveBiz Logo

Sign Up Now! ExecutiveBiz provides you with Daily Updates and News Briefings about Artificial Intelligence

mm

Written by Charles Lyons-Burt

Charles Lyons-Burt is senior content specialist at Executive Mosaic, a media and events company serving the U.S. federal contracting community. A passionate lover of language, the arts, aesthetics and fitness, he also writes film and music criticism for outlets such as Slant Magazine and Spectrum Culture.

Logo: The Chertoff Group Company
The Chertoff Group logo. Leaders at The Chertoff Group discussed a guide on how to evaluate software supply chain risk.
Chertoff Group Leaders on How Buyers Should Evaluate Software Supply Chain Risk