2025-10-05
sod remediation ai mcp

AI Meets SAP Security: How MCP Transforms MTC Skopos

We've connected MTC Skopos to AI assistants using Model Context Protocol (MCP). Translation: you can now have a conversation with your SAP security data.

What is MCP and Why It Matters

Model Context Protocol is a standardized way for AI to connect with specialized applications. Think of it as a universal connector between AI and your data sources. Instead of AI providing generic advice based on general knowledge, MCP creates a structured communication channel that lets AI access actual analysis from your systems.
The breakthrough isn't just about connecting things, it's about doing it efficiently. Querying SAP tables directly would consume enormous amounts of AI tokens and processing time. A single comprehensive SoD analysis might require joining millions of rows across dozens of tables, potentially exceeding context windows and making real-time interaction impossible.

That's why the MCP server connects directly to MTC Skopos, not to raw SAP tables

MCP Server Diagram
MCP Powered AI Agents

Skopos continuously analyzes your SAP authorization data, identifies SoD conflicts, tracks usage patterns, evaluates risk severity, maps role relationships, and stores the results in optimized structures. When you ask "What conflicts exist for user SMITHJ?", the MCP server doesn't trigger table scans, it requests pre-computed analysis from Skopos. The response is targeted and complete: Skopos has already identified that SMITHJ has role Z_FI_AP (enabling vendor creation) and role Z_FI_PAYMENT (enabling payment posting), creating a P2P-001 conflict. You get conflict severity, affected transactions, usage history, and remediation options, all without parsing massive datasets.

The Transformation: See It In Action

Before MCP: Generic AI guidance

When asked "What is the most triggered Segregation of Duties conflicts in Finance?", AI provides theoretical knowledge:

  • F001 (General Ledger Maintenance + Posting) - undetected errors and financial misstatement
  • F002 (Cost Center Maintenance + Cost Transfer) - hiding fraudulent costs
  • F012 (Asset Master Maintenance + Asset Transactions) - asset misappropriation
  • F064 (Asset Maintenance + Invoice Processing) - manipulation of capitalization

This is helpful background, but it's not YOUR data. It doesn't tell you which risks exist in your environment or who's affected.

After MCP: Your Actual Data

The conversation transforms when you ask: "Can you load analysis from users-analysis--2025-09-28--23-24-58.log" The MCP server retrieves actual analysis from Skopos:

Analysis Overview

  • System: SAP PRDCLNT100
  • Analysis Type: User-level Segregation of Duties
  • Ruleset: Business Risks (SAP)
  • Date: September 28, 2025

Key Metrics

  • Total Users Analyzed: 2,417
  • Distinct SoD Risks: 75 (all High severity)
  • Impacted Users: 433
  • Impact Rate: ~18% of your user base has violations

Risk Distribution by Business Process

  • Procure to Pay (PR00/MM00): 18 risks - Vendor maintenance, invoice processing, payments, inventory
  • Sales & Distribution (SD00): 18 risks - Customer maintenance, invoicing, credit management, AR clearing
  • Financial Accounting (FI00): 12 risks - GL posting, asset management, bank accounts, cost centers
  • Human Resources (HR00): 14 risks - Employee maintenance, payroll processing, time entry
  • Basis/Security (BS00): 6 risks - Security administration, transport management, configuration
  • Treasury (TR00): 5 risks - Securities, payments, treasury transactions

Now you can have focused conversations based on real data:

"Which Finance risks affect the most users?" Skopos shows F001 (GL Maintenance + Posting) has the highest user count, while F002 (Cost Center manipulation) shows the most transaction activity.

"Show me users with F001 conflicts" Immediate list with role assignments, usage patterns, and last activity dates from your actual system.

"If I remove XK01 from Z_FI_AP, who else is affected?" Skopos returns that 15 users have this role, with usage statistics showing 3 users actively employ the transaction while 12 have never used it.

"What alternative roles could work?" Skopos suggests Z_FI_AP_VIEW as a display-only alternative, already validated against your role catalog.

"Explain our P2P risks to the CFO" 18 users can both create vendors AND process payments to them. That's like giving someone both the company checkbook and the ability to add recipients. Here's the fraud scenario: Monday they create a vendor for their friend's company, Tuesday they process a payment. Without segregation, there's no control stopping this."

"Can you create a visualisation of the risk in the process flow?" Creates a visual

The time savings are dramatic, but that's not the full story. Accuracy improves because recommendations stem from Skopos's pre-analyzed data rather than manual interpretation of reports. Completeness is guaranteed as the AI can instantly access all dimensions of Skopos's analysis simultaneously rather than requiring manual correlation across multiple exports

Risk description
Detailed and comprehensive risk description for business users
Deep dive into risk
Risk deep dive and visual business slide generation
Remediation with AI
Remediation step-by-step action plan

Why This Architecture Works

Token Efficiency

Instead of processing millions of SAP table rows through the AI's context window, only Skopos's analyzed results flow through MCP. A query that might require 100,000 tokens if parsing raw tables directly needs only 2,000 tokens when Skopos provides pre-processed insights.

Response Speed

Skopos maintains optimized indexes and cached analyses. Responses are instant because the computational heavy lifting happened during the analysis phase, not during your conversation.

Data Security

Sensitive authorization data stays within Skopos's infrastructure. The AI reasons about summaries and aggregates, not raw user permissions. Your security data never leaves your environment.

Flexibility

The MTC Skopos MCP server declares what resources (analysis results, risk matrices, user profiles), tools (simulation functions, report generators, conflict checks), and prompts (common remediation workflows, audit response templates) it exposes. As Skopos evolves, adding support for new authorization objects, Fiori app permissions, cloud applications, the MCP server updates its capabilities without requiring changes to the AI applications using it.

What This Means for Security Teams

You're managing thousands of users and roles across 10+ SAP systems in hybrid cloud and on-premise landscapes. A typical first-time risk analysis might reveal 50,000 SoD violations, that's approximately two years of part-time work to remediate to zero. You're responding to constant access requests while maintaining audit readiness and demonstrating control effectiveness.

The shift is fundamental: from data gatherer to strategic risk manager.

Instead of spending days extracting and cross-referencing information, you focus on high-value decisions:

  • Evaluating risk trade-offs
  • Coordinating with business process owners
  • Prioritizing remediation efforts
  • Designing controls aligned with organizational objectives

MTC Skopos handles the computational analysis. The MCP server provides conversational access. You apply judgment and expertise.

Real-time monitoring becomes natural

Instead of discovering conflicts during quarterly reviews, you can periodically ask "What new SoD violations were introduced this month?" and receive Skopos's delta analysis conversationally. Track which roles generate the most conflicts over time. Identify authorization creep as it develops. Provide executives with current risk posture summaries rather than stale quarterly reports.
Instead of learning complex query languages or navigating multiple report screens, you ask questions. Instead of manually correlating findings across different analyses, you request synthesis. Instead of building presentations to explain risks to executives, you ask for business-language summaries.

The Bottom Line

MCP doesn't replace Skopos's analytical engine, it makes that engine conversationally accessible. Skopos continues doing what it does best: continuously analyzing SAP authorization data, computing complex conflict patterns, tracking multi-dimensional relationships, simulating remediation scenarios, and maintaining optimized intelligence about your security posture. The MCP server transforms this from a platform you query through reports and interfaces into one you can converse with naturally. Ask questions. Get specific answers based on your data. Iterate quickly. Make informed decisions faster. The future of SAP security analysis isn't about choosing between specialized tools and AI, it's about using MCP to make specialized tools like Skopos work through AI interfaces. The analytical engine that took years to build remains the source of truth. The AI becomes the interface, making that truth accessible, explainable, and actionable through natural conversation.

Ready to experience the difference? [Learn more about MTC Skopos] or [contact our team] to schedule a demonstration.

« All posts