Rather read this post in Claude? Click here.
All of a sudden how we work has dramatically changed. More and more knowledge work happens inside AI tools. The transformation is real and fast. I'd bet you're building agentic workflows that automate work right now. It's happening everywhere including Customer Trust workflows in GRC teams.
We've been staying close to this at Conveyor and we've seen a clear trend. Our customers want to be able to access and operate Conveyor from their AI tools, and when they do, their Customer Trust program improves. The combination is very powerful for teams.
Trying to build a version of Conveyor inside AI tools usually fails, especially at the scale of the enterprise (more on that here). But only using the Conveyor interface to process security questions and manage your knowledge can slow you down. Companies that combine the two are able to scale the impact of Conveyor and move faster.
To date it's been hard to do this. Conveyor and OpenAI or Claude just didn't play that nicely together. However, we're in the middle of a massive investment to solve this. In practice that means a live MCP server (check), a more capable API (check), and Conveyor as a custom connector inside ChatGPT, Claude.ai, and Claude Desktop (also check, as of this week).
I wouldn't say we've lost our heads over the shift to AI, but I would say Conveyor is becoming a much more capable headless tool (sorry, I couldn't help it).
TLDR: Conveyor now lives inside Claude, ChatGPT, Cursor, OpenAI's playground, and anywhere else you can run an MCP client or hit an API. And it's getting more powerful inside these tools.
To set it up, paste https://mcp.conveyor.com/mcp into your AI client's "Add custom connector" flow, log in, and authorize. More details below.
Here's the latest on Conveyor everywhere, and everything else we launched in May.
Conveyor, wherever you work
A whole stack of updates this month went into making Conveyor operable from outside Conveyor. The pattern is the same across all of them: pick the tool you actually work in, and Conveyor shows up there.
Add Conveyor to ChatGPT, Claude.ai, or Claude Desktop in 30 seconds
Conveyor's MCP server is live, but it now supports OAuth 2.1 alongside API keys, which means it works with the AI clients that wouldn't accept Bearer tokens.
Translation: ChatGPT, Claude.ai, and Claude Desktop can now talk to Conveyor as a custom connector. No API key to generate, no scopes to juggle.
To set it up, paste https://mcp.conveyor.com/mcp into your AI client's "Add custom connector" flow, log in, and authorize. That's the whole setup.
One note for enterprise accounts (ChatGPT Business, Claude Enterprise): an admin needs to add the Conveyor MCP server as a custom connector once for the org. After that, every user has access without doing anything else.
This is what we mean when we say Conveyor lives wherever you work. Every other API and MCP capability we shipped this month, Knowledge Library curation, questionnaire updates, subprocessor management, analytics, all of it flows through this same connector. Add it once and your whole team gets the keys.
Curate your Knowledge Library from inside Claude, OpenAI, or Cursor
Your knowledge base lives or dies by how current it is. One little change, like a renamed product, a deprecated cert, or a new sub-processor, can break big chunks of your library. Until now, fixing it meant clicking into Conveyor and editing each Q&A, or retiring past answers, by hand.
Now you can do it from any AI tool you already use. Open Claude, OpenAI's playground, or Cursor, point it at your Knowledge Library through Conveyor's MCP server, and ask in plain English: "Unverify every answer that mentions TLS v1.1." Your AI does the cleanup. You review and approve.
For the API-first crowd, we also added POST /api/v2/knowledge_base/questions so you can create Q&A pairs programmatically, plus PATCH /api/v2/knowledge_base/questions/:id (shipped earlier in May) to update their content or mark answers verified or unverified. In addition, we just added PATCH /api/v2/questionnaires/questions to allow retiring past answers (mark them as non-reusable). Build an agent that cross-checks your Knowledge Library against a separate source of truth and flags drift automatically.
The MCP server scopes to whatever your API key allows, so you decide exactly what an AI agent can see and touch.
Knowledge Base API docs → | MCP setup guide →
Pull Conveyor data into your analytics stack, or ask your AI about it
We shipped three new GET endpoints earlier in May that unlock the data your analytics team has been asking for:
/api/v2/questionnaires/questionsreturns every questionnaire question with ConveyorAI answers, final answers, grading, status, last editor, and cited sources./api/v2/oneoff_questionsreturns every question asked through the API, Slack, browser extension, web app, and Trust Center Agent, with answers, confidence levels, sources, and who asked./api/v2/trust_center/conversationsreturns full Trust Center Agent conversations with nested messages, visitor emails, and referenced documents.
Use them to find Knowledge Base gaps by pulling low-confidence or unanswered one-off questions. Audit Slack answer quality by source. Track Trust Center Agent conversations end to end. Analyze AI answer accuracy, people involved in questionnaire answering, volumes, supported customers and more. Build the dashboards you've wanted in Looker, Snowflake, or wherever your analytics live. All three are also exposed as MCP tools, so you can ask Claude "which questions had the lowest confidence last week?" and get a real answer.
Drive questionnaires through review from your AI tool
We added PATCH on the questionnaire endpoint. You can now update a questionnaire's status, due date, assignee, or notes from the API or from any MCP client. That means your analyst can sit inside Claude, say "mark the NVIDIA questionnaire complete and reassign the next one to Jen," and Claude makes it happen.
For teams building agent workflows, this is the missing piece. Your AI can now move a questionnaire from intake through approval, looping in a human only when judgment is needed. Less swivel-chair work, faster turnaround on inbound reviews.
Existing API tokens with questionnaire write access already have it. No new permissions to flip on.
Manage subprocessors from your procurement flow, or from your AI
When you sign a new vendor or sunset an old one, your Trust Center should reflect that the same day. Manually keeping that list current is the kind of work that always slips.
Now you can automate it. List, add, and remove subprocessors through the API or MCP. Wire it into your procurement flow, your vendor management tool, or an agent that watches for changes. We added fuzzy matching on vendor names, so if you typo "Amzon Web Services," Conveyor suggests the closest matches instead of failing silently.
This adds to the already existing APIs to add/delete documents to the Trust Center, for a richer automated Trust Center content management.
Enable the "Trust Center Designer" capability on your API key and you're set.
Fine-grained permissions for API keys
The more your team plugs AI agents and MCP clients into Conveyor, the more you need tight control over what those agents can actually do.
You can now scope a key to specific resources and specific actions. Issue a read-only key for a reporting workflow. Give your KB-cleaning agent access only to Knowledge Base writes. Reserve full-access keys for trusted automation. You can update permissions on existing keys at any time, so as your AI workflows evolve, your security model keeps up.
This is the foundation for safely letting agents do real work inside Conveyor. We'd recommend taking five minutes this week to audit your existing keys and lock down anything that's broader than it needs to be.
Trust Center polish
While we were busy making Conveyor work from outside Conveyor, the Trust Center itself got a real glow up.
Trust Center Glow Up: cleaner, more self-serve, finally mobile
Your Trust Center is usually the first thing a prospect's security team sees. If it's confusing or feels mediocre, your trust takes a hit before a single question gets asked. We rebuilt the landing experience to fix that.
The above-the-fold area now surfaces what matters most up top. Visitors land in a layout that guides them toward documents, Q&As, and the Trust Center Agent. And it works on mobile, properly, for the first time.
Live across every Trust Center as of May 11. No action needed on your end. Preview it from your admin panel.
Product line visibility on documents
If you sell multiple products under one Trust Center, visitors used to have to guess which products a given SOC 2 report or pen test applied to. Now every document in your Trust Center shows its associated product lines right in the viewer properties.
It lists each product line individually, or shows "all product lines" if the doc applies across your whole portfolio. Nothing to configure. It pulls from how each document is already tagged.
Refreshed NDA settings for translated Trust Centers
If you serve buyers in multiple languages, your NDA setup just got a lot easier to manage. The NDA and Access settings page now surfaces translation status, signing requirements, and per-language NDA controls at the top level. Edit a language inline, or jump straight to the Trust Center Designer for that language with one click.
No more digging into English settings just to figure out what's live elsewhere.
Empty Knowledge Base section now hides
Small but mighty. Plenty of customers use their Trust Center for document sharing only, no public Q&As. The old layout showed a "0" next to Knowledge Base, which looked off. Now if you have zero Q&As shared publicly, the section disappears and Documents expands to full width. Add a Q&A and it reappears.
Questionnaire workflow
Excel import: flexible response fields and question context
Excel questionnaires never come in a clean two-column format. Five answer columns, weird metadata, "Guidance Notes," "Priority," "Details & Instructions" scattered around. We taught Conveyor to handle the mess.
On import, we now detect multiple response fields and context columns automatically. Five answer columns? No problem. We also pull in those context columns so ConveyorAI uses them when drafting answers, and your reviewers see the same context the AI saw. Cleaner imports, sharper answers, less manual remapping.
On by default. Upload a questionnaire and check the mapping screen.
Flexible Response Fields docs →
What's next
We're not slowing down on Conveyor everywhere. There's more MCP and API work landing in June.
If you're building agent workflows on top of Conveyor, we want to hear what you'd want next. Reply to this post or ping us in your shared Slack.
For the full set of changes, including the small stuff that didn't make the cut here, check the full changelog.
Thanks for building with us.
.png)
.jpg)
.png)
.png)
.png)
