Real tool use along an M&A case

Guided tours at the M&A Excellence Days 2026

At this event the working group on M&A automation used a fictional case with a real target to show visitors a comprehensive tool scenario. This is the case followed by tool scenarios.

Hardsoft Inc. and the Search for Zero-Trust Security in Germany

Hardsoft Inc. is a Nasdaq-listed enterprise software company headquartered in Austin, Texas, with annual revenues of $4.2 billion and a dominant position in IT infrastructure management and device lifecycle software. Despite its strong foothold in North American enterprise accounts, Hardsoft has struggled to penetrate the European market, where customers — particularly in Germany's highly regulated DACH region — demand locally hosted, GDPR-compliant solutions and prefer vendors with demonstrable roots in European data sovereignty frameworks. 

The CEO has tasked her corporate development team with identifying an acquisition target that can provide Hardsoft with immediate market credibility in Germany while filling a critical product gap: zero-trust endpoint security software, an architecture that assumes no device or user is inherently trusted and enforces continuous identity verification across every network interaction. The board has approved an acquisition budget of up to $800 million and set a nine-month execution window, recognizing that competitors CrowdStrike and SentinelOne are already expanding aggressively into the German Mittelstand.

Tool scenario for Target Search: Grasp.ai and Palturai

Hardsoft's corporate development team opened the search process by configuring a custom screening model inside Grasp.ai, feeding the platform four prioritization parameters: BSI certification status or active BSI audit engagement, zero-trust architecture as a verifiable core product claim rather than a marketing label, annual recurring revenue between €40 million and €150 million, and German legal domicile with primary engineering operations in the DACH region.

Grasp.ai cross-referenced these parameters against its aggregated dataset of startup funding records, patent filings in endpoint telemetry and identity verification, hiring signals on German-language job boards, and cybersecurity conference speaker registries — a data mosaic that no traditional investment bank coverage list could replicate at the same speed. Within twelve days, the platform returned a ranked longlist of 12  candidates, with devicetrust GmbH scoring highest at 93 out of 100, boosted by a recent spike in kernel-level telemetry patent filings, a verified BSI certification badge detected in government procurement portal data, and a Grasp.ai-identified hiring surge for senior identity access management engineers in Munich — all interpreted as signals of a platform approaching commercial maturity.

This process reduced the longlist from 12 to 3 priority targets within one week. For each of the remaining 3, transact.digital auto-generated a standardized one-page deal brief, populated from Grasp.ai's data, and launched a templated confidential outreach sequence. The platform's sentiment analysis module tracked email response patterns, flagging devicetrust GmbH's replies as "highly engaged and time-aware" — language consistent with founders who are actively considering an exit and conscious of competitive dynamics around them.

With 3 targets in active dialogue and devicetrust GmbH clearly leading the shortlist, Hardsoft's team turned to Palturai to identify the right humans to approach and to understand the hidden relationship networks surrounding each target. Palturai's corporate graph platform mapped the board memberships, supervisory board seats, alumni networks, and advisory relationships.

With the right contacts at the three targets  — a warm introduction path that bypassed the cold outreach dynamic entirely and significantly reduced the risk of the approach being misread as an unwelcome hostile signal. devicetrust GmbH was selected for acquisition.

Tool Scenario for Due Diligence: Intralinks, Arc Intelligence, and PATEV

Following the signing of an exclusivity agreement in September 2025, Hardsoft formally launched a five-week due diligence process of devicetrust GmbH under the coordination of its Frankfurt-based legal counsel and financial advisors. 

devicetrust GmbH's co-founders elected to host the entire due diligence process on Intralinks, the enterprise-grade virtual data room platform they had pre-configured in anticipation of an eventual exit process. The Intralinks workspace was structured across seven folders — corporate governance, financials, technology and IP, customer contracts, HR and compensation, regulatory certifications, and IT infrastructure — and contained 2,840 documents at opening, with devicetrust GmbH's management committing to a 24-hour turnaround on any supplemental document requests. 

Hardsoft's war room team of 19 specialists was granted role-based access permissions through Intralinks, ensuring that, for example, Hardsoft's competitive intelligence personnel could not access devicetrust GmbH's customer contract terms, a sensitivity that Dr. Hartmann had insisted upon as a condition of granting exclusivity. Intralinks' activity tracking dashboard gave devicetrust GmbH's advisors full visibility into which documents Hardsoft's team was spending the most time reviewing — intelligence that proved tactically valuable when devicetrust GmbH's bankers noticed an unusual concentration of time on the BSI certification renewal correspondence and proactively prepared a briefing note addressing likely concerns before they were formally raised.

For commercial and organizational due diligence, Hardsoft deployed Arc Intelligence, an AI-powered diligence platform that specializes in synthesizing unstructured data — customer reviews, employee sentiment, regulatory filings, and competitive positioning signals — into structured risk and opportunity assessments. 

Arc Intelligence scraped and analyzed 1,400 data points relating to devicetrust GmbH, including verified customer reviews on G2 and Gartner Peer Insights, employee reviews on Kununu and Glassdoor Germany, BSI and ENISA regulatory publications citing KernShield™, and a corpus of German-language cybersecurity procurement tender documents in which devicetrust GmbH had participated. Arc Intelligence flagged a meaningful risks. First, employee sentiment data revealed a statistically significant drop in satisfaction scores among devicetrust GmbH's engineering team in the six months following a recent round of venture debt financing, suggesting organizational stress that could complicate post-acquisition retention.  

The IP workstream was handled entirely by PATEV, which ingested devicetrust GmbH's 44-patent portfolio — spanning kernel-level endpoint telemetry, zero-trust policy enforcement engines, and device identity attestation protocols — and returned a full four-dimensional scoring analysis within 96 hours. The results were broadly strong: 28 of the 44 patents scored above 80 on PATEV's composite scale, with the zero-trust policy enforcement cluster achieving the highest average composite score of 88, reflecting dense third-party citations and legally robust claim structures that had survived two rounds of examiner objections during prosecution. PATEV's citation influence analysis confirmed that three patents in the device identity attestation family were being cited by researchers at both Siemens and Bosch, a powerful signal of foundational value in the German industrial IoT ecosystem that Hardsoft had not fully appreciated before diligence. On the risk side, PATEV's freedom-to-operate screening identified that NullVector Security's recently filed applications — the same startup Arc Intelligence had flagged independently — overlapped with two of devicetrust GmbH's mid-tier telemetry patents in a way that could generate interference proceedings within 18 to 24 months if NullVector's applications were granted. 

The convergence of Arc Intelligence's competitive signal and followalsdkfjasdlkfj's FTO analysis around the same emerging threat gave Hardsoft's deal team a high-confidence view of a specific, bounded risk rather than a diffuse uncertainty. 

A Modern Post-Merger Integration Playbook: From M&A Models to AI Solutions
By Dr. Karl Michael Popp

Master integration due diligence to transform your M&A success. Learn more at manda-automation.com