Skip to content

AI Contractor Safety Lab

Secure AI contractors on your repos in 60 minutes.

A live workshop for engineering, platform, and security leads rolling out Cursor, Claude Code, or MCP-connected coding agents with external developers.

Workshop offer

  • 60-minute live session over Zoom or Loom.
  • Cursor / Claude / VS Code workflow examples.
  • Prompt-injection and supply-chain scenarios.
  • Guided 30-day pilot offer at the end.

Agenda

00-10

How contractors work today

Unmanaged laptops, shared tokens, direct repo access, and AI tools that act before security sees them.

10-25

Two attacks to model

Prompt injection in code comments and supply-chain package drift that traditional CI checks catch too late.

25-40

Runtime governance pattern

Browser isolation, device-bound identity, scoped GitHub credentials, MCP policy, and signed audit chains.

40-55

Live contractor demo

A contractor asks Claude for a risky action. The gateway denies it and links prompt, MCP call, repo, and policy.

55-60

Pilot plan

Leave with a 30-day pilot checklist: one repo, one contractor group, one evidence export.

What attendees learn

How AI coding agents bypass CI/CD and secrets scanners, where an MCP gateway fits, and how to produce a complete prompt-to-infra audit chain for security review.

Success metrics

RegistrationsShow-up ratePilot bookingsTime to first blocked action

The follow-up is a 30-day guided pilot.

One contractor group, one repo, one MCP policy set, one audit export. The goal is a blocked action and evidence pack in the first week.

Book the pilot call