Integrating AI Agents With Your ERP and MES
A plant operator's guide to AI agent ERP integration: read vs. write access, the integration layers, MES timing, and what breaks in production.
Most AI agent ERP integration projects die in the same place: the demo works against a spreadsheet export, then someone asks how it writes a production order back into the system, and the room goes quiet. The model was never the hard part. The hard part is wiring an agent into the system of record that runs your business and into the MES that runs your floor, without it making a mess you can't undo. I ran this at a $250M furniture manufacturer. Here is what actually works.
Your ERP and MES are not data sources you point a model at. They are transactional systems with locking, audit trails, and downstream consequences. An agent that reads a stale work order is annoying. An agent that releases the wrong work order to the floor costs real money. Treat the two systems differently, and treat read and write as two completely separate maturity levels.
Start with read-only. Always.
The single most common mistake is wiring write access on day one because the demo is more impressive. Don't. Most of the value in the first 90 days comes from read-only agents that answer questions humans currently chase through screens, emails, and reports.
Read-only agents you can ship fast and safely:
- Order-status and exception lookup. "Which jobs scheduled this week are short on material?" answered against live ERP data instead of a Tuesday-morning report.
- Supplier and PO intelligence. Lead times, open POs, receipt history, pulled together in one answer.
- Ops-review prep. The agent reads ERP plus your BI layer and drafts the weekly exception list — late jobs, margin slips, at-risk orders.
None of these can corrupt your system of record. The worst case is a wrong answer a human catches, not a bad transaction. That asymmetry is the whole reason to start here.
When you do move to write access, you are crossing a real line. Earn it. Prove the agent is reliable on reads, then add write capability one transaction type at a time, each with a human approval step before commit.
The four integration paths, ranked by sanity
There is no single way to connect an agent to an ERP. There are four, and the right one depends on your ERP's age and your appetite for risk.
| Path | Best for | Latency | Risk | Effort |
|---|---|---|---|---|
| Vendor REST/OData API | Modern ERP (S/4HANA, NetSuite, recent Epicor/Infor) | Real-time | Low | Low |
| Middleware / iPaaS | Multiple systems, existing integration layer | Near real-time | Low–med | Medium |
| Direct DB read replica | Older ERP, no clean API, read-only use | Real-time read | Med | Medium |
| RPA / screen automation | Legacy with no API and no DB access | Slow | High | High |
The API path is the obvious first choice when it exists. The trap is assuming your ERP's API covers the transaction you need. Many cover master data and orders well, but the specific write you want — say, rescheduling an operation or adjusting an allocation — isn't exposed. Confirm the exact endpoint exists before you scope the agent, not after.
For reads against an older ERP, a read replica of the database beats fighting a thin API. You get full data access, real-time, and zero write risk because the replica is read-only by construction. We ran several read-only agents off a replica precisely because it removed the "what if it writes something wrong" question entirely.
Reserve RPA for the case where there is genuinely no other door. It's brittle, it breaks on UI changes, and it's the integration equivalent of duct tape. Useful duct tape, sometimes. Still duct tape.
MES is a different animal
ERP integration is mostly about transactions. MES integration is about timing. Your MES is closer to the machines, the data moves faster, and a wrong action has a shorter fuse. A bad ERP write you can usually reverse with a correcting entry. A bad MES action can scrap a part before anyone reads the screen.
Three rules for agents touching the MES:
- Read MES, act through ERP. Let the agent read production status, downtime, and quality data from the MES, but route any action — reschedule, hold, reallocate — back through ERP or a human, where the controls already live. Don't let an agent command the floor directly in v1.
- Latency is a feature, not a bug. The agent does not need sub-second MES data for a planning or status use case. A 5-minute read cadence is fine and far safer than a live write loop.
- Respect the ISA-95 boundary. Keep the agent at Level 3/4 (operations and planning). It has no business issuing Level 1/2 control commands. That line exists for safety reasons that predate AI by decades.
The integration architecture that holds up
The agents that survive production share a shape. Put a thin integration layer between the agent and your systems — not the agent calling ERP and MES directly. That layer does four jobs:
- Scopes access. A service account with read-only or narrowly-scoped write permissions, never an admin credential. The agent can only touch what the layer allows.
- Validates writes. Every write passes a schema and business-rule check before it reaches the ERP. Wrong config, impossible date, missing field — caught here, not on the floor.
- Logs everything. Every read and especially every write gets an audit entry: who (which agent), what, when, with what inputs. When finance asks how a transaction happened, you have the answer.
- Enforces human-in-the-loop. High-stakes writes queue for a one-click approval. The human stays in control of the commit; the agent does the 90% of work that leads up to it.
This layer is also where your reliability lives. Before any write-capable agent touches production, run it against real historical cases — actual orders, actual exceptions — and measure accuracy. Evals on your data, not toy prompts. If it can't hit the bar on last quarter's orders, it isn't ready for this quarter's.
What to ship first
Don't boil the ocean. Pick one read-only agent against your ERP — order-status exception lookup is the usual winner — and get it live and used within 30 days. Wire it through the integration layer so the path to write-capable agents is already built. Measure hours saved or errors caught. Then add the next.
The sequence that works: read before write, ERP before MES, one transaction type at a time, human-in-the-loop on anything that touches the floor or the books.
If you want to see what a properly-wired agent looks like against your stack, grab the free First 5 Agents teardown — I'll map the five highest-ROI agents for your ERP and MES setup and show exactly where read-only ends and write access begins. Then book a 20-minute call and we'll pressure-test the integration path for your specific ERP before you spend a dollar building.
Let's see what's worth building first.
A 15-minute call: tell me where your AI or planning is stuck, and I'll tell you the one thing worth building first — and whether it's worth doing at all.