Packaging
AI CONTRACTOR GOVERNANCE
FROM PILOT TO ROLLOUT.
START WITH ONE WORKSPACE. SCALE TO EVERY CONTRACTOR.
Give external developers Claude, Cursor, shell, and curated MCP servers inside a browser-isolated workspace with policy on every tool call and audit on every action.
Self-serve for teams. Security-led rollout for Enterprise. Multi-tenant packaging for MSSPs and vCISOs.
1
Free contractor workspace to prove the flow.
4
Gateway decisions: allow, deny, redact, step-up.
90d
Readiness program for security buyers.
MSSP
Multi-tenant packaging for service providers.
Browser-isolated
Every contractor workspace
MCP policy gateway
Allow · deny · redact · step-up
Signed audit trail
Every AI-assisted action
SOC 2 / ISO 27001
Audit-ready evidence export
Free Pilot
One isolated contractor workspace so the team can see a blocked action and audit chain before buying.
- 1 contractor workspace
- Claude, Cursor, shell, and sample MCP policy set
- Sample repo or sandbox repo connection
- 7-day audit log retention
- Core MCP allow / deny policy templates
- Prompt-to-action audit chain preview
- Community support
Contractor Team
For one engineering team giving external developers AI access to real repos without managed laptops.
- Up to 5 active contractor workspaces
- GitHub repo and branch scoping
- MCP gateway policy enforcement
- 30-day signed audit log retention
- Slack, Discord, Teams, and email alerts
- Device-bound contractor enrollment
- Basic SOC 2 / ISO 27001 evidence export
- Email support
Governance Team
For platform and security teams standardizing contractor AI access across multiple repos.
- Up to 25 active contractor workspaces
- SSO via Google, GitHub, Okta, or Entra ID
- SIEM export and webhook routing
- Custom policy templates for repos, MCP, and cloud
- 90-day signed audit log retention
- Trust Graph baseline and blast-radius view
- Compliance evidence packs for SOC 2 and ISO 27001
- Priority support
Enterprise Governance
For regulated orgs rolling out AI contractor workspaces with security and compliance ownership.
- Up to 250 active contractor workspaces
- SAML / OIDC SSO and SCIM provisioning
- OPA policy bundle integration
- Splunk, Sentinel, Datadog, and PagerDuty integrations
- 1-year audit retention with longer retention available
- SOC 2, ISO 27001, EU AI Act evidence mapping
- Custom data residency and dedicated Cloudflare workspace
- Quarterly security review
- 99.9% SLA target
MSSP / Vendor Tier
For MSSPs, vCISOs, and AI consultancies governing contractors across many customer tenants.
- Multi-tenant customer management
- Per-customer policy packs and evidence exports
- White-label customer portal option
- Bulk workspace pricing
- Partner revenue-share program
- Co-branded AI contractor governance assessments
- Dedicated partner success channel
- Monthly threat and product briefing
- Custom onboarding playbooks
Buyer comparison
WHAT SHOULD OWN AI CONTRACTOR ACCESS?
IDE controls help inside one tool. Scanners help after code changes. OpenSyber owns the runtime layer between contractors, agents, MCP tools, repos, and infra.
| Capability | OpenSyber | IDE-native controls | DIY bastion | SAST / CI scanners |
|---|---|---|---|---|
| Browser-isolated contractor workspace | ||||
| MCP gateway: allow, deny, redact, step-up | ||||
| Works across Claude, Cursor, VS Code, Windsurf, and raw MCP | ||||
| Device-bound contractor identity | ||||
| Prompt-to-tool-to-repo audit chain | ||||
| GitHub scoped credential bridge | ||||
| SIEM and compliance evidence export | custom | |||
| MSSP multi-tenant packaging | custom | |||
| Entry path | Free pilot | Enterprise seat | Internal project | Repo scan |
MSSPS, VCISOS, AND AI CONSULTANCIES
Standardize AI contractor governance across many customer tenants. Per-customer workspaces, policy packs, evidence exports, and a white-label option.
TokenForge is included from the Governance Team tier.
Device-bound session security for contractors and reviewers. Learn about TokenForge →
Start with a free pilot workspace. Upgrade when you connect real repos or need SSO, SIEM, and evidence exports.