Walma

Safe AI coding for organisations.

Your developers use Claude Code and Cursor every day. AI Hub makes sure source code, secrets and customer data stay where they belong.

AI coding tools are a productivity boost, but they also forward whatever is in the context. Source code, environment variables, customer lists, someone's database dump that happened to be open. AI Hub is the gateway that sees everything passing through and can block what should not leave. Per repo, per developer, per model. With an audit trail that lets you answer 'what actually happened' when someone asks.

Some clients & partners

SKBVictoriahemOne MoreInseraJunglemapAlice LabsPublic PartnerOMIFAWS PartnerMicrosoft

AI coding tools are a blind spot in your security model.

Three things you cannot see today but absolutely should.

See how AI Hub closes the gap

Source code goes to third parties uncontrolled

When a developer asks Claude Code to refactor a function, the whole context goes along. For teams working with customer data, financial algorithms or patient data, this is not trivial.

Secrets in prompts

It only takes a .env file open in the editor. The AI tool can pick it up, forward it, and the response can reference it. The secret is no longer yours.

Hallucinated dependencies

Models invent package names that do not exist. Attackers have started publishing packages under exactly those names and waiting for developers to install them. It is called slopsquatting and it is a real problem.

Per-repo sandboxing, deps scanning and real-time blocking.

Security built into the gateway, not on the developer's laptop.

AI Hub knows which repo a request comes from, which developer triggered it and which model responded. That means you can set policy per repo: some repos are sandboxed and only allow approved models, some are blocked entirely, some are logged extra carefully. Deps.dev scanning runs on packages the model recommends, so slopsquatted packages get flagged before the developer can install them.

Repo sandbox and deps.dev scanning in AI Hub
Security capabilities

Four security layers running at once

Sandbox, scanning, redaction and oversight. Activated per tier, controlled at the gateway level.

Per-repo sandbox

Per-repo sandbox

  • Whitelist approved repos per tier
  • Blocked repos list for sensitive codebases
  • Sandbox traffic is flagged and presented separately
  • Share of sandbox traffic measured as a compliance metric
Deps.dev security scanning

Deps.dev security scanning

  • Scan packages the model recommends
  • Flag hallucinated or unknown packages
  • Vulnerability level (CVSS) per package
  • Workers run asynchronously, no added latency
Secrets detection

Secrets detection

  • Pattern matching against known secret formats (API keys, JWT)
  • Redaction before the request leaves the gateway
  • SOC notification on repeated leaks
  • Audit log over all redactions
Human oversight where it counts

Human oversight where it counts

  • Off-hours usage flagged automatically
  • High spend per developer triggers review
  • Unusual model usage (junior with senior model) marked
  • Policy changes require approval from two admins
How the security layer is built

Security policy running on the right side of the network

Not agents on the developer's machine. Decisions are made where the traffic passes.

Policy at the APIM layer

Repo and model blocking happens at APIM before the request goes to the LLM provider. It cannot be bypassed by disabling a developer-side agent.

Workers for deps scanning

A separate worker tier scans packages. It runs in parallel with the response so the developer gets both the answer and the security signal without waiting.

Audit on everything

Every policy hit is logged. On intrusion or suspicion you can go back and see exactly which request triggered what.

Why this matters now

AI tools do not become safer on their own

The security landscape changes faster than policies can keep up.

Slopsquatting is no longer theoretical

In 2025 packages appeared on npm with the exact names GPT models had incorrectly recommended. Developers installed them at face value. With deps scanning this gets caught before installation.

Security leaders want evidence

When the CISO asks 'how are we securing AI coding?', 'we told developers to be careful' is not enough. With AI Hub you have measurable policy compliance to show.

Insurers and customers are starting to ask

Cyber insurance is starting to exclude AI-related incidents if you do not have policy and logging. Customer contracts demand it. It quickly becomes a business question.

Developers do not feel the friction

Security that costs productivity gets rolled back. AI Hub runs transparently in the background. Developers only notice when something actually should be stopped.

Security dashboard for AI coding
Implementation

Security in the teams in four weeks

We start with your most sensitive teams and roll outward.

1

Identify sensitive repos

Together with your CISO we list the repos and codebases that need extra protection. The sandbox list comes out of that.

Week 1
2

Policy design

Which models are approved per tier? Which secrets patterns should be redacted? Which deps.dev CVSS levels are flagged?

Week 2
3

Pilot team

The security team goes first. Then a developer team with high AI usage. We monitor and tune policies.

Week 3
4

Full production

The remaining teams roll out. The CISO gets a dashboard with sandbox compliance, off-hours and deps signals.

Week 4

AI Hub. The gateway between your developers and the AI models.

Get control over cost, security and policy for Claude Code, Codex and every AI tool your teams already use.

Read more

Frequently asked questions about safe AI coding

No, if the policy is sensible. The default is to block sensitive repos from unknown model usage and redact secrets. Ordinary code assistance keeps working as before. It is when someone tries to use a sensitive codebase with a non-approved model that you get a notification, not a stop.

AWS, Azure and GCP credentials, GitHub PAT, Slack tokens, generic API key patterns, JWTs, private SSH keys. We maintain the list and you can add your own patterns (for example your own license key formats).

When the model recommends a package, we look it up in deps.dev. We check that it exists, what its vulnerability level is and which transitive dependencies it pulls in. We warn on hallucinated packages and known vulnerabilities.

We can stop what passes through the gateway. A developer who copy-pastes source code into a web-based ChatGPT instance without going through the gateway we cannot see. That is why client configuration (every AI tool pointing at your gateway) is part of onboarding.

Because AI Hub is where the API key lives and the tier policy is enforced, a developer trying to go directly to the vendor finds their key no longer works. It is not optional, it is part of access.

Depending on your policy: report-only (log, warn but let through), block (return 403), or require-approval (notify admin and pause). Most teams choose report-only at first and block for the most critical repos.