Not sure where to start?

Take our free 3-minute AI Workflow Readiness Scorecard. See where your team is strong, where you're stuck, and what to fix first — plus a personalized 30-day plan.

Take the Free Scorecard →

Workshop formats

Every workshop is hands-on. Remote workshops run in a pre-provisioned sandbox; the in-person workshop runs against your team's real challenges in a per-attendee lab. Your team leaves with a working AI-Native DevSecOps workflow — not slides.

Half-Day Remote $7,500

Four hours of instructor-led training for up to 15 engineers. Three modules from the AI-Native DevSecOps curriculum, selected on a brief discovery call to match where your team is stuck.

Zero pre-work, zero installs. Engineers join with a browser and a GitHub login.

Outcome: A 30/60/90 adoption plan grounded in the discipline, plus access to the pattern library and a recorded session for team replay.

Full-Day Remote $15,000

Seven hours for up to 20 engineers. Morning: the full curriculum across all three loops — inner (editor and agent hooks), middle (CI checks, security scans, build verification), and outer (production telemetry feeding back into specs and context). Afternoon: applied patterns in a pre-provisioned sandbox, with each engineer drafting a 30/60/90 commitment for their own team.

Zero pre-work. The sandbox runs in GitHub Codespaces — no laptop installs, no corp-VPN debugging. Engineers join with a browser and a GitHub login.

Outcome: A drafted 30/60/90 commitment, applied patterns from the workshop sandbox, and a recorded session your team can carry back to your codebase.

Two-Day In-Person $50,000

Day 1: full-day instructor-led training for up to 30 engineering builders (developers, platform, security, operations, etc.). Day 2: real-challenge hackathon — teams build prototypes against your team's actual challenges, scored on AIBuilderScore, our LLM-driven evaluation rubric across quality, security, and continuous delivery.

Per-attendee sandbox lab provisioned by Redacted Ventures — no customer infrastructure access required. NAMER travel inclusive.

Includes a sample evidence bundle, a finalized 30/60/90 commitment with a two-week checkpoint, and 30 days of asynchronous Q&A with the instructor post-workshop.

Outcome: A working prototype scored on AIBuilderScore, a finalized 30/60/90 plan, and the patterns and pipelines your team can apply in your own environment.

Book a Conversation →

What a workshop looks like

Every workshop starts with an assessment of your team's AI-Native DevSecOps maturity across the three pillars. The workshop itself runs a fixed curriculum — your engineers apply it to their own codebase, and in the two-day format, choose the real challenges their hackathon teams build against.

Assessment

We start by understanding where your team stands today across the three development loops: the inner loop (what happens on the developer's machine — edit, test, lint, type-check), the middle loop (commit to merge — CI pipelines, PR checks, security scans, review), and the outer loop (production — observability, incidents, user feedback). We find where feedback is slow, where signals get dropped, and where the gaps matter most for agent-authored code.

Agent-authored code introduces six failure modes the pre-agent pipeline did not have to handle:

  • Missing context — agents writing against an incomplete picture of the codebase.
  • Drifted conventions — output that no longer matches the team's standards.
  • Brittle abstractions — code that works for the prompt but breaks on the second use.
  • Untested edges — happy paths covered, boundary conditions skipped.
  • Prompt injection — a genuinely new class of vulnerability with no full mitigation.
  • Agent-emitted secrets — credentials surfacing in tool calls, logs, or generated code.

Each failure mode has a named control. The workshop teaches the controls; the assessment finds which ones your pipeline is already running and which ones it isn't.

Hands-on workshop

Your engineers work on their own codebase during the session. They leave with working AI-Native DevSecOps workflows — not slides, not theory. Remote or on-site. Pick the format that fits — half-day, full-day, or two-day with a hackathon.

Ongoing advisory

After the workshop, we can stay engaged to help your team embed the patterns into daily practice. Adoption without follow-through is just a training exercise.

What your team learns

The curriculum is spined on the three development loops of AI-Native DevSecOps, each with its own latency budget and control surface. Your team learns the controls that hold the line at every latency — from the editor through CI through production.

1. Inner Loop (seconds — editor and agent hooks)

What runs on the developer's machine before a commit lands. The earliest place a control can intervene against agent-authored code.

  • CLAUDE.md, AGENTS.md, and rules files that encode your team's standards at session start
  • Specs and task decomposition before the agent acts
  • Agent PreToolUse / PostToolUse hooks for secrets, dangerous commands, and complexity
  • Pre-commit checks before code leaves the developer's machine

2. Middle Loop (minutes — commit and CI)

What runs between commit and merge. The composite gate that holds the line at agent throughput.

  • Spec ↔ test ↔ implementation traceability in PR review
  • Context-file drift checks in CI
  • SAST, SCA, secrets, IaC, container, and SBOM scans tuned for agent-velocity PR cadence
  • Signed artifacts and SLSA Level 2 build provenance

3. Outer Loop (hours — deploy and telemetry)

What runs in production and feeds back. Agent-authored code that passes a vibe check in a PR but fails in production is worse than no AI at all — the outer loop catches what the earlier loops missed, and the signals flow back into specs, context files, and agent hooks.

  • Deploy-time gates and credential-free deploys (OIDC)
  • OpenTelemetry traces and structured logs
  • LLM anomaly detection and runtime guardrails
  • Production failures feed back into CLAUDE.md and AGENTS.md, closing the loop

Three cross-cutting competencies — Context Persistence, Multi-Agent Orchestration, and Secure CI/CD Integration — span all three loops. Each shows up at every latency.

What your team walks away with

  • The patterns, templates, and rules files needed to build a production-ready AI-Native DevSecOps workflow on your own stack
  • Context files (CLAUDE.md, rules) configured for your codebase
  • A GitHub repository with code, docs, and tests from the session
  • Recorded demos for internal review and onboarding
  • A pattern library that reduces build time on future projects
  • A 30/60/90 adoption plan scoped to the format you choose (half-day remote, full-day remote, or two-day in-person)

Who this is for

  • Engineering leaders, platform leads, DevSecOps and security engineers, and technical ICs adopting AI-Native DevSecOps for their teams
  • Teams using AI tools inconsistently and needing standardized, secure workflows
  • Engineering organizations that need secure CI/CD integration for agent-authored code

Teams with existing CI/CD pipelines and code review practices see the fastest results.

What teams are saying

The amount of useful content is remarkable. Our team is already using the work from the hackathon with customers.

— CEO, workshop customer

Paul co-founded Stelligent and grew it to nearly 100 enterprise customers, AWS Premier Partner status, and $10M+ annual revenue — by helping engineering teams adopt the discipline of Continuous Integration. He sold his stake to Hosting.com in 2017 and co-led the subsequent $25M sale to Mphasis in 2018. This workshop applies that same playbook to AI-native development.

The patterns taught in this workshop are drawn from the open-source ai-development-patterns framework (400+ stars) — read, forked, and critiqued before they reach your team.

What you keep after the workshop

  • Access to the workshop pattern library and all code samples
  • Recorded session for team onboarding and reference
  • Context files (CLAUDE.md, rules) configured during the workshop
  • Updates when new AI-Native DevSecOps patterns and tool integrations ship

What this workshop does not promise

  • Production-ready software in a single session
  • Replacement of your existing SDLC controls
  • Deployment to regulated environments without further work

This workshop builds skills, patterns, and prototypes. Your team still follows your normal processes for security, data governance, and production deployment.

Who you'll work with

Paul Duvall wrote the book on Continuous Integration. Literally. His Jolt Award-winning Continuous Integration: Improving Software Quality and Reducing Risk (Martin Fowler Signature Series) defined the discipline for a generation of engineers. Now he is building the AI-Native DevSecOps playbook — the discipline that makes agent-authored code continuously verifiable across engineering, security, and operations.

  • CI/CD Pioneer: Authored the foundational book on Continuous Integration
  • Company Builder: Co-founded Stelligent, scaling to nearly 100 enterprise customers, AWS Premier Partner status, and $10M+ annual revenue. Sold stake to Hosting.com in 2017; co-led subsequent sale to Mphasis in 2018 for $25M
  • AWS Engineering Leader: Led DevSecOps and Security Innovation teams at AWS (2021–2024)
  • AWS Hero (2016–2021): Recognized for contributions to the cloud community
  • AI Coding Practitioner: Three years of daily hands-on experience with AI coding workflows, building production patterns for context persistence, multi-agent orchestration, and CI/CD integration