Software Risk Intelligence

Your Oracle audit defence,
ready in 48 hours.

Oracle LMS. IBM ILMT. SAP LAW.

Mima runs the auditor's own methodology against your estate every night — Oracle LMS, IBM ILMT, SAP LAW — and delivers a defensible position before they arrive. Not a report. A defence.

$4.2M→ $180K Oracle settlement
48hto defensible position
94%audit success rate
LIVE ESTATE ANALYSIS · TONIGHT 02:14
Scroll
Oracle Audit DefenceIBM ILMT ComplianceSAP LAW Gap AnalysisBroadcom VMwareMicrosoft SA ReviewShadow AI GovernanceSOC2 CC6.1GDPR Art. 28Cryptographic Evidence48-Hour DefensibilityOracle Audit DefenceIBM ILMT ComplianceSAP LAW Gap AnalysisBroadcom VMwareMicrosoft SA ReviewShadow AI GovernanceSOC2 CC6.1GDPR Art. 28Cryptographic Evidence48-Hour Defensibility

Five things every SAM manager
already knows are true.

01

Oracle audits cost an average $4.2M in unplanned settlements.

The auditor arrives with your own contract terms and a methodology you've never run. The settlement is rarely about what you owe — it's about what you can't prove.

02

You have 30 days from audit notice to defensible position.

Current SAM tools generate reports. Auditors want evidence — citable rows, hash-linked findings, verifiable methodology. Reports lose audits. Evidence wins them.

03

Shadow AI is the new audit vector nobody has mapped.

35 employees using ChatGPT Enterprise with customer data. None of it in your SSO. None of it in your SAM tool. Mima found it with five-layer detection in the first overnight run.

04

SAM, AI Governance and Compliance are not separate risks.

A leaver with an Oracle ghost seat and an active AI tool is a SAM violation, an AI governance breach and a GDPR Article 28 exposure. One person, one finding, three domains. No other tool connects these.

05

The machine runs while you sleep. The brief arrives at 06:45.

You should not spend 2–3 hours every morning manually checking licence dashboards. The overnight pipeline does this for every vendor, every night, with a cryptographic evidence chain you can hand to an auditor.

§03 / AUTONOMOUS BACKGROUND ENGINESTATUS: ACTIVE · CONTROLLER LOOP RUNNING
12 AM06 AM12 PM06 PM
TIMESTAMP03:14[ zombie_hunter.rs ]

While you slept, the Zombie Hunter swept.

At 03:14, zombie_hunter.rs interrogated FlexLM licence daemons across 14 hosts. 18 ANSYS Mechanical seats dormant 30+ days. ARR recovery staged: $55,400.

[ zombie_hunter.rs ]
[zombie_hunter.rs] INITIATING SWEEP
> querying FlexLM daemon on port 27000
> FOUND: 18 licences inactive > 30 days
> ARR recovery staged: $55,400
> deprovision payload ready
MERKLE ROOT: 0x4f89b9ee3f01c890…892e
0%

One intelligence layer.
Three risks converging.

SAM, AI Governance, and Compliance are not separate programmes. They share assets, users, and risk vectors. The machine treats them as one estate.

SAM

Software Asset Management

Licence positions, audit exposure, ghost seats, harvest risks. Every vendor, every methodology, every night.

Oracle LMSIBM ILMTSAP LAWBroadcom VMwareMicrosoft SA
$4.2M → $180KOracle audit settlement
AI GOV

AI Governance

Shadow AI detected before the regulator finds it. 5-layer detection stack catches what your SSO misses.

Browser extensionOAuth grantsEndpoint agentSSO auditZero-day classifier
35 toolsaverage estate, first scan
COMPLY

Regulatory Compliance

Cryptographic evidence chain from source row to audit document. Every finding has a Merkle hash.

SOC2 CC6.1GDPR Art. 28ISO 27001NIS2FCA SYSC
100%findings hash-linked
THE FINDING NO OTHER PLATFORM SURFACES

One leaver. Three violations.

A departing employee with an Oracle ghost seat, authenticated to ChatGPT Enterprise with customer data. Mima connects all three domains in one finding — SAM exposure, AI governance breach, and GDPR Article 28 violation. One brief. Three regulatory vectors.

SAM: Ghost seat · $28kAI Gov: Unauthorised toolGDPR: Art. 28 breach1 finding · 3 domains

The product is the brief.
Not the dashboard.

Every morning at 06:45, the overnight analysis is ready. Not a report — a defensible position, with every finding citable in an auditor meeting.

MORNING BRIEF
Saturday 18 July · 06:45
94findings
3domains
£380Kat risk
48hto defensible
HIGHOracleGhost seat — J. Harrington — idle 94 days$28,000/yr
HIGHSAP12 indirect access users — MM-PO touchpoints$180,000 exposure
MEDAI GovChatGPT Enterprise — 35 users — customer dataSOC2-CC6.1 risk
HIGHIBMILMT — 4 VMs reporting incorrect PVU count$89,000 liability

When the numbers are right,
the audit is over.

Oracle LMS
$0Kclaim
$180Ksettlement

Global 500 manufacturer. Partitioning defence + unused licences. Audit closed in 11 weeks.

IBM Passport Advantage
$0Kclaim
$0settlement

Financial services. ILMT misconfiguration corrected before audit scope was finalised.

SAP LAW
$0Kclaim
$340Ksettlement

Professional services. Indirect access reclassification. SAP audit settled 84% below claim.

Results from real engagements. Figures representative of outcomes achieved.

Six passes. Every night.
While you sleep.

No human triggers the overnight run. The pipeline executes autonomously, calibrates from your decisions, and delivers a defensible position by 06:45.

02:00
auto_dream.rs

Memory Consolidation

Compresses prior findings into rolling intelligence context.

03:00
feedback_agg.rs

Feedback Aggregation

Pulls accept/reject signals from all pending operator actions.

03:30
reflexion

Reflexion Loop

Calibrates confidence multipliers from operator decisions.

04:00
rollback.rs

Rollback Executor

Reverses any approved remediation that caused downstream issues.

05:00
audit_pack.rs

Audit Pack Generation

Merkle-chains Oracle LMS + IBM ILMT + Microsoft MAP findings.

06:00
model_sweep.rs

Model Analysis Sweep

Gemini Flash scans for novel patterns. Confidence-gated before emit.

ACTIVE BACKGROUND JOBS12 running
zombie_hunter
spend_sentinel
harvest_sweep
orphan_detector
blind_spot_map
shadow_ai_watch
jml_deactivator
flexlm_reclaim
pvu_calculator
trust_evaluator
reactivation_detector
finding_router

Every tool you've seen
has a structural gap.

ToolWhat they doThe gap
Flexera / SnowLicence optimisation reportsStatic reports. No audit defence. No AI governance. No evidence chain.
Zylo / ProductivSaaS spend managementSaaS-only. Blind to Oracle, IBM, SAP on-prem. No compliance posture.
ServiceNow ITSAMIT service + asset trackingWorkflow platform. Not an intelligence engine. 6-month implementation.
ConsultantsPeriodic audit preparation$80K+ per engagement. 2–3 week cycle. No continuous overnight machine.
Why Mima cannot be copied quickly
Audit Outcome Corpus

Every finding, settlement, and defence strategy in the training set. The Glassdoor of audit outcomes.

Endpoint Agent Network

Hardware topology data that cloud-only tools cannot see. VMware partitioning, LPAR configs, ILMT agents.

Cross-Customer Intelligence

Anonymised benchmark data. Your Oracle position compared to 200 comparable estates.

Six-Pass Reflexion Loop

The model calibrates from your accept/reject decisions. Every action improves the next night's run.

§09 / CONNECTS TO YOUR ESTATE

Oracle LMSIBM ILMTSAP LAWFlexera FlexNetServiceNowMicrosoft SCCMJiraSlackAWS Cost ExplorerAzure CostGCP BillingOkta SSOActive DirectoryQualysTenableCrowdStrikeSentinelOneSplunkDatadogSalesforceWorkdaySnowflakeGitHubGitLabConfluenceOracle LMSIBM ILMTSAP LAWFlexera FlexNetServiceNowMicrosoft SCCMJiraSlackAWS Cost ExplorerAzure CostGCP BillingOkta SSOActive DirectoryQualysTenableCrowdStrikeSentinelOneSplunkDatadogSalesforceWorkdaySnowflakeGitHubGitLabConfluence

No endpoint agent required to start. Upload a CSV and get your first brief in 24 hours.

The auditor runs
your methodology.
You should too.

Upload your Oracle audit notice and a licence CSV. Mima returns a defensible position document in 48 hours. No IT approval. No long implementation. Start with what you have.

"We had an Oracle audit notice on a Friday. By Monday morning, Mima had our full partitioning defence mapped with evidence. The auditor's own methodology — applied to our estate before they arrived."

Head of SAMGlobal 500 Manufacturer
£380Krecovered in first engagement