▲ AI

Your first draft is already written.

The AI runs ahead of you. Every output that would otherwise need an analyst's first pass is already drafted by the time you open the deal. You review and approve. The work moves at the speed of decisions, not the speed of typing.

Document intelligence: SOC 2s, ISO reports, policies, and contracts are tagged, summarized, and surfaced in a unified view on upload. Controls extract automatically.

Pre-drafted outputs: assessment scores, integration plan, IC-ready report, all proposed before you start typing. Gap descriptions and control narratives cite their source documents.

Approval gates on every write. The AI proposes; your team approves; the audit trail records every decision. Discovery first, action second.

AI-powered assessment view with pre-drafted control ratings and evidence extraction

▲ TECHNOLOGY

Quantify integration cost before you sign.

A complete inventory of the target's stack with overlap detection and a consolidation savings model. The numbers your operating partner needs to defend the IRR.

SaaS, on-prem, infrastructure, and developer tooling categorized across 40+ functions. Per-tool: vendor, function, owner, contract end date, annual spend.

Auto-flagging of duplicates with your existing stack. Consolidation savings, integration cost, and net Year-1 impact, all defensible to the IC.

Day-1 / Day-30 / Day-90 consolidation roadmap generated from actual spend, not list prices. Every number is auditable to source.

Technology inventory showing stack overlap detection and consolidation savings model

▲ VENDOR

The target's vendors become yours at close.

A complete map of the third-party relationships you're inheriting, with criticality, spend, and disposition all in one view. No surprises Day 1.

Criticality tiers: Critical, High, Medium, Low (production-path through commodity). Spend visibility and contract terms inline on every vendor.

Disposition workflow: Retain, Consolidate, Review, Exit. Drag-and-drop kanban moves vendors through the decision queue.

Decisions feed straight into the Integration Plan with owners and dates. The same view runs through Day 1 and beyond.

Vendor disposition kanban with criticality ratings and spend visibility

▲ ASSESSMENT

Control-by-control assessment with AI scoring.

Structured assessments mapped to the frameworks that matter. Scales from a two-day pre-LOI screen to a three-week confirmatory deep-dive on the same platform.

AI-drafted gap descriptions and remediation cost per control. Drop a SOC 2 or ISO report and the AI walks every control with proposed evidence and ratings.

Shareable fill-in links to target-company respondents, with multi-respondent status tracking and per-respondent progress views.

Frameworks supported: Anvil DD, NIST CSF 2.0, SOC 2 Type II, ISO 27001:2022, NIST 800-53, CIS Controls v8, HIPAA, PCI DSS 4.0, GDPR. Evidence uploads with PDF and DOCX text extraction.

▲ POLICY

Side-by-side policy comparison.

A 23-policy-area comparison matrix between the target and your firm. Alignment ratings, missing policies flagged, harmonization plan ready to hand to the integration team.

23 policy areas: information security, access control, incident response, vendor management, encryption, business continuity, and more. Area-by-area alignment matrix: target vs. acquirer.

Major gap flags with severity classification. Day-1 policy actions for the combined entity generated automatically.

Harmonization plan with priority and effort estimates. The artifact you hand to the integration team at close.

Policy comparison matrix showing side-by-side analysis of acquirer and target policies

▲ SBOM

SBOM analysis: see the software risk.

Upload an SBOM and get instant CVE analysis, license risk classification, and severity breakdown. The technical risk view that doesn't fit in a data room.

Supported formats: CycloneDX (1.4, 1.5, 1.6) in JSON or XML; SPDX 2.3 in JSON, YAML, or RDF. Direct upload or generation from common build tools.

CVE enrichment from NVD and OSV with CVSS severity. License classification: permissive, copyleft, restricted, unknown. Highest-risk components ranked for remediation.

License risk in a target's codebase can block downstream commercial use, especially in PE platform-build scenarios. SBOM analysis surfaces those issues before they become an integration blocker.

SBOM analysis showing CVE breakdown, license risk classification, and vulnerability severity

▲ REPORTING

Investment-committee-ready in one click.

A DD Intelligence Report with composite scoring, weighted risk components, executive summary, and full findings detail. The artifact you hand to the IC, the GP, or the board.

Composite DD score with letter grade and weighting rationale. Executive summary written for the GP, not buried in technical jargon.

Full findings detail by category with severity and remediation cost. Integration cost summary and Day-1 action list included.

PDF export, shareable link, or branded handoff. The same report structure every time, so the IC always knows what they're reading.

▲ FINDINGS

Every finding, in one register.

A consolidated risk register that pulls findings from every assessment, policy gap, vendor review, and SBOM analysis. The artifact your IC and your integration team both work from.

Severity, cost estimate, owner, target date, and status per finding. Source citation on every item: which assessment or framework surfaced it.

Evidence references with stale-evidence flags. Risk-acceptance link if formally accepted, with audit trail that shows up across every source tab.

Without consolidation, the integration team rebuilds the picture from PDFs. The Findings register travels from DD straight into Day 1.

Consolidated findings register showing severity, cost, evidence references, and remediation status

▲ PERSONNEL

Map the team you're inheriting.

A roster of the target's tech and security staff with role, tenure, and key-person dependency flags. Spot retention risk before close.

Role, function, reporting structure, tenure, and time-in-role indicators. Key-person dependency flags for critical knowledge holders.

Retention-risk scoring with notes for comp, retention packages, or transition concerns. The people view that rarely makes it into a data room.

Tech and security teams are built on a small number of people. Lose two in the first 90 days and the integration plan stops working. Personnel surfaces the people the deal actually depends on.

Personnel roster showing roles, tenure, and key-person dependency flags

▲ INFRASTRUCTURE

Cloud, on-prem, and what it takes to integrate.

Cloud composition, on-prem footprint, and architectural complexity. Migration cost and risk surface immediately, before they become an integration surprise.

Cloud provider mix (AWS, GCP, Azure, others) with workload split. On-prem footprint with location, age, and refresh status. Critical dependencies and single points of failure.

Architectural patterns and their integration implications. Network topology, identity providers, and data flow boundaries all mapped.

Most integration cost surprises live in infrastructure. Hidden on-prem dependencies, mismatched cloud, or homegrown identity stacks can each add millions to the bill. This view forces the conversation early.

Infrastructure view showing cloud composition, on-prem footprint, and migration complexity

▲ INTEGRATION PLAN

Diligence becomes the integration plan.

The findings, vendor dispositions, and cost estimates that justified the deal auto-organize into a 4-phase post-close roadmap. Configurable risk tolerance, accepted risks logged with an audit trail, and the same workspace that ran DD now runs Day 1 and beyond.

Four phases: Stabilization (Day-1 critical actions), Remediation (findings the deal turned on), Consolidation (tool migrations and vendor exits), Maturity (bringing the target to platform standards).

Risk tolerance toggle: Conservative, Balanced, or Aggressive. Each mode adjusts remediation timelines, accepted risk thresholds, and integration spend estimates.

Most diligence platforms produce a PDF and disappear at close. Anvil stays. The plan is built from the same data the IC saw, so the integration team works against the same baseline the deal was priced on.

Integration Plan showing 4 post-close phases populated from findings, vendor dispositions, and cost estimates

▲ DOCUMENTS

Every artifact, in one place.

A unified workspace for assessment evidence, phase uploads, and target-submitted documents. The AI classifies and summarizes on upload, and a source filter shows you exactly where each artifact lives in the deal.

Auto-classification across 8 document types: SOC 2, ISO certifications, policies, contracts, SBOMs, and more. AI-generated summary per document, available without opening the file.

Source filter: assessment evidence, integration phase uploads, or all. Stale-evidence flags when documents referenced by findings go out of date.

PDF and DOCX text extraction for inline search and AI grounding. The default state for diligence documents is buried in someone's email. This is the opposite.

Unified documents workspace with auto-classification, AI summaries, and source filter

Every feature, in detail.