Most GRC tools trap your data behind dashboard-first interfaces. MTC Skopos takes the opposite approach: AI is built into the analysis workflow, and your data is structured so external AI agents can work with it too.
Three modes of AI integration. One philosophy: your data stays under your control.
The vision: AI-native GRC
Traditional GRC tools were built for humans clicking through menus. AI agents don't need guided workflows or dashboards. They need structured data they can parse and reason about.
| What AI Needs | What MTC Skopos Provides |
|---|---|
| In-context AI assistance | Built-in AI chat with predefined and custom questions |
| Structured data exports | JSON, CSV optimized for token efficiency |
| Consistent schemas | Stable formats that don't change with updates |
| Real-time data access | MCP server for live queries |
| Local processing option | Works with Ollama, LM Studio, any local LLM |
Ask questions about your SAP security posture in plain English. Get answers based on your actual data, whether from inside Skopos or from the AI assistant you already use.
Mode 1: Built-in AI assistant
AI is available in every analysis view. Bring your API key and start asking questions. No external tools needed.
How it works
Each Skopos view offers predefined AI questions tailored to the data you're looking at. Reviewing a user's risk profile? One click to get a summary. Analyzing SoD conflicts? Trigger a prioritized remediation recommendation. You can also type your own questions about Access Risk, IT Audit, segregation of duties, or anything related to the current analysis.
Before sending data to the AI provider, MTC Skopos automatically anonymizes sensitive information: user names, role names, and system names are replaced with generic identifiers. The AI reasons about risk patterns without ever seeing your actual identifiers. No copy-pasting, no switching windows, and no sensitive data leaving your environment in readable form.
Example interactions
From the user risk overview:
"Why does this user have a high risk score?" The AI explains the specific conflict combinations, transaction usage patterns, and organizational exposure driving the score.
From the SoD conflict detail:
"What's the fastest way to remediate this conflict?" The AI suggests role changes, transaction reassignments, or mitigating controls based on usage data and organizational context.
Custom question from any view:
"How would an auditor evaluate this risk?" The AI gives an auditor's perspective on the finding, referencing common audit frameworks and expected documentation.
What you get
- Connect your API key once, start querying immediately
- User names, role names, and system names are automatically anonymized before reaching the AI
- The AI sees the data in your current view, no manual context needed
- Predefined prompts for each analysis view, so no prompt engineering required
- Ask your own questions about Access Risk, IT Audit, or SoD
- Works with Claude, OpenAI, or other compatible APIs
Mode 2: MCP server and local LLM integration
The Model Context Protocol (MCP) server connects MTC Skopos to external AI assistants, whether cloud-based like Claude and ChatGPT, or running locally on your own hardware.
How it works
Instead of querying raw SAP tables (which would consume enormous tokens and exceed context windows), the MCP server connects to MTC Skopos's pre-computed analysis. You ask a question, the AI gets complete results instantly.
Example conversations
"Which Finance risks affect the most users?"
Skopos shows F001 (GL Maintenance + Posting) has the highest user count at 47 users, while F002 (Cost Center manipulation) shows the most transaction activity with 1,247 executions this quarter.
"Show me users with payment conflicts who actually executed both sides"
Based on did-do analysis, 3 users have both created vendors AND processed payments to those vendors in the past 90 days. User SMITHJ has the highest activity with 47 vendor changes and 312 payment transactions.
"If I remove transaction XK01 from role Z_FI_AP, who is affected?"
15 users have this role. Usage analysis shows 3 users actively use XK01 (average 12 executions/month), while 12 users have never executed it. Removing XK01 would resolve SoD conflicts for all 15 users.
"Explain our P2P risks to the CFO"
18 users can both create vendors AND process payments to them. That's like giving someone both the company checkbook and the ability to add recipients. Here's the fraud scenario: Monday they create a vendor for their friend's company, Tuesday they process a payment. Without segregation, there's no control stopping this.
Supported AI assistants
The MCP server works with any AI that supports the Model Context Protocol:
- Claude (Desktop app, API)
- ChatGPT (via MCP-compatible interfaces)
- Custom AI agents (any MCP-compatible implementation)
Local LLM for zero cloud exposure
For organizations that need AI capabilities but won't accept any cloud data exposure, the MCP server also works with local LLMs:
- Ollama: run Llama, Mistral, and other models locally
- LM Studio: desktop app for running local models
- LocalAI: OpenAI-compatible local API
- Any local model: feed JSON exports directly
Your SAP authorization data never leaves your network. Your AI queries never leave your network. Full analysis capability with zero external data transmission.
Why this matters
SAP authorization data is sensitive. It shows who can do what in your most critical business systems, your organizational structure, and potential attack vectors. Many security teams in regulated industries refuse to send this data to external SaaS platforms, regardless of compliance certifications.
With a local LLM, that conversation never happens. AI-powered analysis, complete data sovereignty.
Read the full MCP integration guide
Mode 3: AI-optimized exports
Every analysis in MTC Skopos exports to structured formats that AI can consume directly.
JSON exports
{
"user": "JSMITH",
"risk_id": "F071",
"risk_level": "High",
"conflicting_access": {
"function_1": {
"name": "Maintain Vendor Master",
"transactions": ["XK01", "XK02"],
"execution_count": 147,
"last_execution": "2025-10-15",
"source_roles": ["ZS:FI:AP-PROCESS:C"]
},
"function_2": {
"name": "Process Payments",
"transactions": ["F110", "F111"],
"execution_count": 89,
"did_do_changes": 23,
"source_roles": ["ZS:FI:AP-PAYMENTS:C"]
}
},
"remediation_complexity": "medium"
}
Copy this into any AI assistant and start asking questions. No data transformation required.
Token-efficient design
The data is pre-processed to minimize token consumption:
- Compact field names reduce overhead
- Pre-aggregated statistics eliminate redundant data
- Hierarchical structure allows selective loading
- Consistent schemas mean AI learns the format once
Lower AI processing costs, faster responses.
Export formats
| Format | Best For |
|---|---|
| JSON | AI agents, programmatic analysis, MCP integration |
| CSV | Spreadsheet tools, Power BI, Tableau |
| Excel | Manual review, stakeholder sharing |
Role Designer AI
Describe what you need in plain English. Get SAP role configurations back.
How it works
Instead of manually configuring authorization objects and values, describe what the role should do:
"Create a role for AP clerks who need to create and modify vendor invoices but not process payments"
The AI generates:
- Required authorization objects
- Appropriate field values
- SoD conflict warnings
- Suggested mitigating controls
Benefits
- Role design in minutes instead of hours
- SoD conflicts flagged during design, not after
- Authorization values default to SAP best practices
- Role purpose and scope are auto-documented
Prompt templates
Copy these prompts to start analyzing your SoD data with AI.
Risk overview
You are a GRC analyst. I'm providing SAP Segregation of Duties analysis
results in JSON format.
Summarize the key findings:
- Total users with violations
- Most common risk categories
- Users with highest risk exposure
- Recommendations for immediate action
[Paste JSON export here]
Remediation prioritization
Based on this SoD analysis data, identify the top 10 remediation priorities.
Consider:
- Risk severity (High > Medium > Low)
- Did-do analysis (actual execution > theoretical access)
- Number of affected users
- Business impact of changes
Provide a prioritized list with specific remediation actions.
[Paste JSON export here]
Executive summary
Create a one-page executive summary of this SoD analysis for the CFO.
Use business language, not technical jargon. Focus on:
- What's the business risk?
- What's the exposure (users, transactions, dollars)?
- What should we do about it?
[Paste JSON export here]
Audit response
We received an audit finding about Segregation of Duties in our
SAP environment. Based on this analysis data, draft a response that:
1. Acknowledges the finding
2. Shows our current risk posture
3. Presents our remediation plan with timeline
4. Demonstrates monitoring controls in place
[Paste JSON export here]
Getting started
Step 1: Run your analysis
Export your SAP data and run SoD analysis in MTC Skopos. It completes in minutes.
Step 2: Choose your AI mode
| If you want... | Use this mode |
|---|---|
| Instant AI answers within Skopos | Built-in AI Assistant |
| Conversational queries from your AI tool | MCP Server |
| Complete privacy, no cloud | Local LLM + MCP |
| One-time analysis with any AI | JSON/CSV Export |
Step 3: Start asking questions
Whether through the built-in assistant, MCP, or by pasting exports, your AI has access to your actual SAP security data. Ask anything:
- "What are our highest-risk users?"
- "Which conflicts have actually been exploited?"
- "What's the fastest path to SOX compliance?"
- "Generate a remediation roadmap for Q2"
Why this approach?
Traditional GRC tools invested heavily in visualization layers, dashboards, and reporting engines. But your organization already has Power BI reporting or Tableau, AI can generate charts on demand, and every hour spent wrestling data out of dashboards is an hour not spent on analysis.
MTC Skopos prepares the data, then gets out of the way. You choose how to analyze it. See how we compare to other SoD tools.
Frequently asked questions
Can AI actually analyze SAP segregation of duties data?
Yes. SAP authorization data is highly structured (roles, profiles, authorization objects, transaction codes), which makes it well-suited for AI analysis. The challenge is preparing the data so it fits within AI context windows and token limits. MTC Skopos pre-computes the SoD analysis and structures the output specifically for AI consumption.
Is my SAP authorization data safe when using AI?
MTC Skopos offers three levels of protection. The built-in AI assistant automatically anonymizes user names, role names, and system names before sending anything to the AI provider. The MCP server can connect to local LLMs running on your own hardware, so data never leaves your network. And with JSON/CSV exports, you control exactly what you share and with whom.
What AI models work with MTC Skopos?
The built-in assistant works with any OpenAI-compatible API, including Claude and OpenAI. The MCP server supports Claude Desktop, ChatGPT, and any MCP-compatible client. For local deployment, it works with Ollama, LM Studio, LocalAI, and any model that can consume structured JSON.
Do I need AI expertise to use this?
No. The built-in assistant comes with predefined questions for each analysis view. Click a question, get an answer. For more advanced use, you can type custom questions in plain English or use the provided prompt templates with exported data.
Want to try it? Start your free trial or schedule a demo.