They could be taken to court and found guilty (I doubt they'd have the time to build up a fake clone with an entirely different codebase that produces the same results). It would become quite apparent to the contractor they're using their software. The contractors terms could include them paying for money lost in the whole process AND lawyer fees covered.
The AGPL covers using code in servers. They would have to provide code for any server side changes.