Agenda

• 

  11 Principles for Evaluating AI Dev Tools

  Nnenna Ndukwe · Principal Developer Advocate, Qodo AI

  Benchmarks measure narrow capabilities. Demos show best-case scenarios. Neither tells you whether AI-generated code will survive production or whether that shiny new tool deserves a place in your stack. This talk presents a unified framework of 11 principles for evaluating AI-generated code and the tools that manage it. Because code quality and tool quality are inseparable: bad tools generate bad code, and bad code evaluation processes never catch it. We'll reframe AI use with responsibility boundaries where the core questions shift from "is it fast?" to "can this be understood under pressure, safely changed, and defended to a stakeholder?" Through real-world patterns from teams adopting AI across their SDLC, we'll apply these principles to distinguish tools that surface risk from tools that hide it. Attendees will leave with a practical rubric to decide which AI tools to trust, which to constrain, and how to keep human judgment at the center of fast-moving, AI-augmented engineering.

• 20 billion requests a week: Upgrading Twilio's API gateway at scale

  Speakers TBA

  Twilio's API Gateway is the front door for over 20 billion requests a week, regularly sustaining peaks of 60,000+ requests per second. Over the past four years, Twilio has migrated from a legacy system built on a decade of rapid growth to a modern, hardened ingress stack. In this session, we'll go under the hood of how we modernized our gateway by unifying behind a common core, requiring explicit, contract-first development, and utilizing cellularized and redundant infrastructure principles. Join us to learn how we successfully untangled ten years of technical debt, crossed the river, and built for the future to simplify Twilio’s enterprise ingress, all with zero major disruptions to customer traffic.
• 

  200 OK: Payment settled, resource delivered

  Brian Whippo · Senior Director, Algorand

  AI agents are making machine-to-machine payments on the open web in the rapidly growing field of agentic commerce. We’ll explore next-generation payment protocols, open web standards, and blockchain solutions that enable digital payments in the burgeoning agentic economy. Learn about recent developments, technical challenges, and emerging standards that are shaping how agents exchange value at internet scale.
• 

  3x Performance: A Humbling Journey

  Luca Trușcă · Software Engineer, Adobe

  When I was asked to fix a core component's performance on mobile, the numbers were bad—load times were hitting 4 seconds. Looking at the traces, it seemed like a chain of slow API calls. As a Frontend Engineer, I initially assumed the problem was on the backend and out of my hands. I was wrong. This talk covers the four-month investigation that followed. I’ll share how we debugged a complex performance bottleneck in a large-scale Adobe application. It turned out the solution wasn't just about code, but about understanding the infrastructure between the client and the server. We will look at how tweaking "boring" mechanics like CORS headers and connection handshakes resulted in massive speed gains, and how we caught our analytics data hiding failures in specific regions. We eventually made the feature 3x faster, but the real takeaway is on how to debug across the entire stack, not just the browser.
• 

  5 things I wish I hadn’t done building my AI agent

  Shachar Azriel · VP Product, Baz

  Most talks about AI agents focus on success stories and best-case outcomes. This talk is about what can actually go wrong when you ship an scale-up AI agent in a start-up. Over the past 18 months, our team in Baz built and scaled an AI-powered Code Review Agent used daily by thousands of across the world. To move fast in this crazy market, we made several architectural, product, and UX decisions that seemed reasonable at the time, but later turned into expensive mistakes. Some cost us users, and some hit our precious revenue. In this session, I’ll share five concrete pitfalls we encountered while building a real AI coding agent, why they happened, how we detected them, and the pivots that ultimately worked. This is not a theoretical talk: every example comes from a production system, and will include real system diagrams, usage data, and how the fixes changed behavior in production.(alongside a lot of self humor :) 1. We built a “smarter” agent, and it got "dumber" Why adding more context, tools, and responsibilities reduced accuracy instead of improving it 2. We let users choose the model, and lost control of the results How exposing LLM choice destroyed consistency and meaningful feedback 3. We optimized for an AI app, not for developer behavior Why real adoption only starts when the agent lives where decisions were already being made (GH, GL or the IDE) 4. Our guardrails worked, until the providers changed the models How silent model updates broke engineering assumptions and eroded user trust 5. Our metrics looked great, but users were still churning Why industry-standard AI metrics (like accepted suggestions and time-to-merge) missed the signal that actually won (or lost) customers
• 

  5 Years in Cloud Native: The Good, the Bad, and the Bill

  Simone Desantis · CTO, Openapi

  What happens when your data center literally catches fire? Five years ago, a literal disaster was the catalyst for our total migration to Cloud Native. But moving from on-prem microservices to a fully scalable cloud architecture was a journey filled with scars, paranoia, and expensive lessons. In this session, I will share my perspective as a CTO who led a team through a deep cultural transformation: the metamorphosis from traditional system administration to a DevOps mindset, where Infrastructure as Code (IaC) became our most valuable asset. We will dive into "scalability paranoia"—how we optimized container orchestration to beat the competition without losing our sanity (or the entire budget). We will break down the financial reality of elasticity: while on-prem environments force you to distribute workloads over time to avoid saturating fixed hardware, Cloud Native demands a complete mental reboot. I’ll share how we shifted from 'squeezing every cycle' out of static servers to an event-driven model designed to scale to zero. We'll discuss the danger of misconfigured scaling—the 'blank check' risk—and how we learned to orchestrate resources so they only exist when there is actual work to do, finally aligning our infrastructure costs with real business value. This isn't a polished success story; it’s an honest breakdown of complex solutions to simple problems, and how this journey finally allowed us to sleep at night.
• 

  7 Ways to Fail at Building a Platform

  Michael Coté · Senior Member of Technical Staff, Tanzu

  Building your own internal developer platform can seem attractive, but it's a risky proposition. In a platform as a product approach, when you build it, you own it, and now you're in the business of developing a product instead of your actual business. In this talk, drawing from 10 years of platform engineering case studies of large organizations, Coté will go over seven risks of building your own platform: expansive scopes, underestimating cost, project mindsets, death by customization, skills, security and compliance, resume-driven development. You can learn from the many people who've suffered these risks already and, hopefully, avoid them yourself.
• 

  A Dystopian Future for Software Engineering

  George Hantzaras · Director Engineering, MongoDB

  In 2030, we don’t "write" code anymore, we orchestrate it. The massive adoption of agentic AI has transformed the SDLC into a high-fidelity assembly line. We have "Architect Agents" drafting design docs, "Reviewer Agents" enforcing linting and security, and "Coder Agents" generating 99% of production PRs. In this "dystopian" (or utopian?) future, the role of the Software Engineer has evolved into a conductor. To get these agents to work perfectly, together the human must possess a god-tier level of experience, knowing exactly when to demand an interface over a class, how to prevent leaky abstractions in generated code, and how to debug logic they didn't technically type. But there is a catch: if the machines do all the typing in the world of proprietary software, where does the next generation of senior conductors come from? In this session, we will explore: - The Agentic SDLC: A technical deep dive into a multi-agent world, where specialized agents handle specific lifecycle stages. - The "Expert Paradox": Why AI-driven development actually raises the bar for seniority and architectural knowledge, making "Junior" a disappearing job title in proprietary software. - Open Source as the training ground: Why FOSS is becoming the only place where humans still "hand-craft" code, not out of necessity, but for mastery and passion, and how this makes Open Source the ultimate training ground for future engineers.
• 

  A tech lead’s delegation journey

  Anemari Fiser · Founder, AF - Level up in tech

  Delegation is a journey tech leads have to grow into. After training and coaching more than 400 tech leads, one pattern appears again and again: many start out unsure what to delegate, afraid of losing control, and spread across everything to make sure nothing goes wrong. It often feels quicker and safer to do the work themselves, even as the role becomes overwhelming. In this lightning talk, Anemari Fiser shares a tech lead’s delegation journey grounded in real coaching and training examples. The talk follows the shift from holding on too tightly, to taking small, intentional steps toward delegation, building trust in people, and learning how to delegate ownership instead of just tasks. The journey ends with what delegation looks like when it works: a more autonomous team, clearer ownership, and a tech lead who can focus on the few responsibilities that truly need their attention. This session offers a concise, honest look at how delegation evolves - and how tech leads can move forward without losing control, quality, or credibility.
• 

  Accelerating AI Inference at Scale: A Deep Dive Into NVIDIA Dynamo on Kubernetes

  Anshul Jindal · Senior Solution Architect, NVIDIA, Mohak Chadha · Solution Architect, NVIDIA

  As foundation models move toward deeper test-time computation, inference becomes the dominant scaling constraint. Latency, throughput, and cost are governed by a small set of forces: autoregressive decoding, KV-cache growth, memory bandwidth, and scheduling under contention. This workshop frames large-scale inference through these emerging laws of inference, starting from first principles and building toward real systems. Learners deploy NVIDIA Dynamo on Kubernetes to operate aggregated and disaggregated inference architectures using built-in KV-aware routing and scheduling. The outcome is a principled understanding of where inference time and money go — and how architectural choices bend those curves in production. Participants will deploy both aggregated and disaggregated inference on a 4xA100 node and compare the performance of the two.
• 

  Advanced AI Systems With MCP, Memory & Human-In-The-Loop

  Stuart van der Lee · DevOps Engineer, Sopra Steria, Roelant Dieben · Cloud and AI Architect, Sopra Steria

  Building real-world AI systems in 2026 means moving far beyond simple prompts and chatbots. The future belongs to agentic applications that are context-aware, stateful, and governed - systems that not only generate text, but understand, reason, act, and learn over time. In this full-day masterclass, we will guide you through the foundational pillars for designing and implementing advanced LLM-powered systems that orchestrate tools, manage memory, and integrate human oversight: - Context Engineering for shaping relevant, dynamic model input - Memory for evolving, persistent, and personalized intelligence - Model Context Protocol (MCP) for structured, and testable integration - Human-in-the-Loop (HITL) for oversight, escalation, and compliance Throughout the day, you’ll design and implement modular AI components that coordinate tools, manage memory, and respond intelligently — using structured context, RAG pipelines, and MCP-based orchestration. Let’s build AI systems that respect the real world.
• 

  Agent Smith Gets Hardware: Autonomous IoT Hacking From Debug Port to Cloud API

  Marc Plogas · Cloud & IoT Engineer, RoboTwin

  Last year, Agent Smith turned rogue in software. This year, he got physical access. In this session, we take a cheap off-the-shelf IoT device and let AI agents loose on it. No manual hacking, no memorized commands, no command cheat sheets. Using MCP-driven tool orchestration, the agents autonomously probe the device's hardware debug interface, extract firmware secrets, and intercept its cloud traffic through a rogue WiFi access point. Multiple attack vectors, one device, zero human intervention. This is not a theoretical exercise. Every demo runs on a Raspberry Pi with open-source tools, and the agents make their own decisions about what to probe, what to extract, and what to flag. We will see what they finds, what they miss, and what happens when a device is properly protected. Whether you build IoT products, secure enterprise networks, or just want to know what your smart devices are doing behind your back: this session will make you uncomfortable. Good.
• 

  Agentic AI in Go

  Marc Arndt · VP Engineering and Architecture, Evana AG

  Write fast, small, efficient and scalable AI solutions in Go. From Beginning to end, from ingesting data to providing the user with meaningful information, we take a look at how we build an Agentic AI has access to the users documents, can perform OCR, can answer users questions based on their documents, can be compiled in less than 60 seconds, take 20mb of memory, take 20mb of disk space and scale to the moon.
• 

  Agentic employees in world's most downloaded FinTech app

  Sasa Fajkovic · AI and DevEx Lead, Trade Republic

  Imagine 20 engineering teams, each with their own AI engineering teammate—reviewing PRs, triaging incidents, automating repetitive tasks 24/7, answering on daily support tickets, investigating reports, creating action points and improving based on the provided feedback. We scaled AI-powered automation from a single proof-of-concept to autonomous agents across our organization, each acting as a virtual engineer for their team. Unlike centralized chatbots that provide generic answers, each team's AI has deep domain expertise: it knows their codebase, their Jira workflows, their on-call runbooks. These bots don't just suggest solutions—they execute them. Collectively, they handle 300+ hours of work per week, automating 55-65% of routine platform engineering tasks. But scaling AI automation isn't just multiplying one bot by 20. We faced brutal challenges: How do you prevent credential leakage when teams can trigger bot actions? How do you govern security across 20 independent agents? How do you share learnings across teams without creating a bloated one-size-fits-all monster? This talk reveals the architecture, economics, and organizational dynamics of running AI teammates at scale. You'll learn why we chose physical laptops over VMs, how we built a security framework that catches attacks the LLM misses, and the surprising patterns that work across teams (PR reviews, incident triage) versus those that need deep customization (team-specific deployments, domain knowledge). We'll share real metrics: 300+ hours/week saved, sub-1% security false positive rate, 60% ticket automation rate, and the feedback loop that improves all 20 bots simultaneously. You'll see the mental shifts teams went through from "the bot is a toy" to "the bot is on-call," and why treating AI as an employee (not a service) changed everything.

• Agents of Football: Build AI Agents That Compete in Live Football Matches

  Speakers TBA

  Meet your hackathon organizers and technical influencer judges, then dive into the Football for Good theme that will drive 3 days of building. The hands-on portion is anything but ordinary! Participants build AI agents using Strands Agents and Amazon Bedrock, then pit them against each other in live agent-on-agent football matches. It's competitive, collaborative, and the perfect warm-up for the hackathon ahead.
• 

  AI Agents Face-Off: Same App, Multiple Frameworks

  Elaine Dias Batista · Senior Staff Engineer, SFEIR

  The mobile development landscape has long been divided by framework wars: Native vs React Native vs Flutter vs Progressive Web Apps. While traditional comparisons often rely on synthetic benchmarks or oversimplified examples, this talk presents a unique approach: leveraging multiple AI coding agents to build identical, real-world applications across different mobile frameworks, then evaluating the results through objective metrics. This session will demonstrate how various AI agents tackle the same mobile app requirements using Kotlin/Swift (Native), React Native, Flutter, and modern web frameworks. We'll dive deep into the challenges each agent encountered, the quality of code produced, and provide a multi-dimensional evaluation framework that goes beyond surface-level comparisons.
• 

  AI Driven Development

  David Tielke · Consultant, Coach and Trainer, www.David-Tielke.de

  In software development, AI has evolved from a better stack overflow to a powerful co-pilot that is already making things possible today that we could only dream of five years ago. After more than 50 customer projects involving AI, David Tielke will show in this session which tools really add value, how they can be used profitably for everyone in development, and where the limits currently lie.
• 

  AI in Recruiting: What Works, What Fails - Real Lessons from Office & Volume Hiring

  Barbara Kryslak · Associate Director, Redcare Pharmacy

  AI has huge potential in recruiting - but implementations vary widely. This talk breaks down what worked, what didn’t, and why, across both office (professional) and volume (high-velocity) hiring environments. In this practical session, you’ll hear real, data-backed lessons from multiple AI introductions we led at Redcare Pharmacy and evaluated in both office hiring and volume recruiting. I’ll cover: - Successful patterns - where AI improved work of the recruiters / candidate experience. - Unsuccessful rollouts - where tools underperformed and what were the reasons. - Human + machine workflows - what roles remain human-centric, and where AI delivers the most leverage. - Ethics and bias safeguards - real examples of how bias surfaced, and practical guardrails to address it. - Metrics that matter - what to measure when you deploy AI so you know you’re improving, not guessing.
• 

  AI in Your Browser: Exploring Chrome's Built-In LLM

  Daniel Ostrovsky · UI/UX Architect, Payoneer

  Let's see how Chrome’s built-in AI is changing the future of web development. In this talk we will try on-device and hybrid AI capabilities, including APIs for tasks like translation, summarization, and general chat-based interactions. We’ll look at real-world use cases, practical examples, and how these tools can enhance user experiences and make applications even better. Learn how to integrate these features into your projects and stay ahead in the new world of AI-driven web development.
• 

  AI Sandboxes: Running Coding Agents Safely in Production-Grade Environments

  Shivay Lamba · Senior Software Engineer, Couchbase, Kristiyan Velkov · Principal Frontend Developer, Jakala

  The number of cyber attacks and security risks related to Coding Agents has sky rocketed. AI coding agents like Claude Code, Codex CLI, and Gemini CLI don’t behave like your typical developer tools. They install system packages, modify configurations, delete files, run services, and even spin up Docker containers, often requiring constant permission prompts or risky access to your host machine. This talk explores Docker Sandboxes as a new execution model for autonomous coding agents. Built on microVM-based isolation, Docker Sandboxes provide disposable, agent-safe environments where coding agents can run unattended while remaining fully isolated from the host system. We’ll walk through why traditional approaches like OS sandboxing, containers, and full virtual machines, break down for agent workflows, and how Docker Sandboxes combine the developer experience of containers with the hard security boundaries of VMs. Using live examples, we’ll show how agents can safely run Docker-in-Docker, install dependencies, access only the project workspace, and be reset instantly. By the end of this session, you’ll have a clear mental model for when and how to use Docker Sandboxes to unlock higher levels of agent autonomy without compromising safety, security, or developer experience.
• 

  AI Search Insights from OtterlyAI: What We Tested, What Failed, and What Actually Works

  Klaus-M. Schremser · CRO and Co-Founder, OtterlyAI

  The world of search is changing and AI searches (+LLMs) are helping businesses and people to find new products and services. ChatGPT, Claude and others are answering questions about which products to purchase. Businesses have to start monitoring their visibility in AI search and find new ways to optimize how they are shown against competitors. We are sharing our experiments and learnings in this market - what works, what failed and what we anticipate will happen in the future.
• 

  AI That Acts: Orchestrating Agents in Modern Developer Workflows (securely)

  Evgenij Renke · Solutions Engineer, GitHub

  AI agents are no longer a concept — they're writing code, opening PRs, and running pipelines. But with great autonomy comes great risk. In this hands-on workshop, you'll learn how to orchestrate multi-agent workflows using GitHub Copilot while keeping security, context control, and auditability at the center of your stack.
• 

  AI Won't Fix Your Engineering Culture

  Julia Kordick · Senior Software Global Black Belt, Microsoft

  AI doesn't fix broken systems. It amplifies them. And right now, most organizations are learning that the hard way. This talk reframes the conversation: engineering culture is the real constraint, not tooling. DevEx is the signal. Platform Engineering is the lever. You need both before humans and agents can operate effectively. Agentic workflows don't wait for you to get your house in order. They expose weak foundations at speed and scale. Strong DevEx and platform capabilities become a multiplier. Everything else just gets louder.
• 

  AI-Powered UI: Building Intelligent, Real-Time Interfaces with React & WebGPU

  Suchitra Swain · Senior Frontend Engineer, Delivery Hero

  As AI moves closer to the client, the next generation of web applications will need to run intelligent, real-time experiences directly in the browser. Thanks to WebGPU, developers can now run high-performance, GPU-accelerated machine learning workloads on the client side — enabling personalization, AI-assisted interactions, and visual computation without relying on a backend model server. This talk explores how React developers can leverage WebGPU and modern ML runtimes to build responsive, privacy-preserving AI user interfaces capable of running real-time inference in the browser. Through practical examples, we’ll look at how to integrate on-device embeddings, text and vision models, gesture recognition, and dynamic AI-driven UI behaviors into modern React applications. We’ll walk through how WebGPU differs from WebGL, what optimizations it unlocks, and how frameworks like TensorFlow.js, ONNX Runtime Web, and WebGPU-native pipelines can be combined with React for highly interactive experiences. Attendees will also learn best practices for orchestrating GPU workloads without blocking the UI thread, managing streaming inference, and structuring React components to handle continuous, high-frequency data updates. By the end of this session, developers will understand how to build AI-powered interfaces that feel fast, fluid, and deeply interactive — without expensive servers, latency issues, or privacy trade-offs. This talk is ideal for React developers, frontend engineers, and product teams exploring how AI can elevate the user experience in modern web applications.
• 

  An Opinionated Guide to Bulletproof APIs

  Rustam Mehmandarov · Principal Engineer and Cloud Lead, MILES

  Writing a "Hello World" endpoint is easy. But building an API that is secure, observable, and capable of evolving without breaking every client? That’s where the real engineering happens. We often pollute our business logic with validation, security checks, and boilerplate, creating a maintenance nightmare. It’s time to clean up our act. In this session, we’ll move beyond basic CRUD to explore 5 essential patterns for building production-grade APIs. The code examples will be in Java and we will combine standard Jakarta EE/MicroProfile features with powerful custom implementations to tackle the cross-cutting concerns that matter most. However, the concepts can be applied to other programming languages as well.
• 

  Analytics in the Age of Agentic AI: A tour of ClickHouse and Langfuse

  Hellmar Becker · Solution Architect, ClickHouse

  Agentic AI is not just a new use case for data - it penetrates and transforms all use cases. In my talk I will discuss what this means for the foundation layers of our data architecture, and I will live demo a few use cases that show how ClickHouse is adapted to AI use cases.
• 

  Architecture 3.0: From 90% to 99.999% Reliability in Building AI Systems

  Ingo Eichhorst · Engineering Trainer, IONOS

  We’re entering Software 3.0: not just AI inside products, but AI agents that design, implement, and evolve large parts of the system and increasingly build other agents. The hard question isn’t whether this works at ~90% “looks correct,” but how we engineer a bridge to 99.999% reliability when the workforce is probabilistic. This talk presents an Architecture 3.0 blueprint for AI-native systems and agentic engineering pipelines: how to structure systems where agents generate code, configs, tests, docs, and even agent behaviors, while keeping control. You’ll see why the architect role shifts from diagram drawing to designing the control surface: specs that are testable, benchmarkable, and “reinforcement-compatible,” plus the thin layer of humanity focused on what creates long-term value. DEMO (live): we let agents build a small agent-powered service and an internal “helper agent” (tooling/prompt + eval suite). CI gates intentionally fail on safety/reliability; we iterate on the spec + evals until the system passes with predictable behavior.
• 

  Are Classical Automation Frameworks Dead? How AI Agents Are Transforming QA

  Andrei Nutas · Technical Test Architect, Atos

  For two decades, QA engineers have written brittle selectors that shatter the moment a frontend developer renames a button class. We've accepted flaky tests, selector maintenance, and the endless cat-and-mouse game with dynamic IDs as the unavoidable cost of automation. AI browser agents like Skyvern and Browser-Use are challenging that assumption, navigating websites using vision and reasoning instead of XPaths, adapting when layouts change, and then compiling successful runs into Playwright scripts that execute without keeping an LLM in the loop. In this session, I'll demonstrate live how Skyvern automates a real workflow that would traditionally require careful selector engineering. You'll see the agent reason through the interface, handle unexpected states, and generate executable code. We'll examine that generated code together, what's surprisingly clean, what's brittle in new ways, and what happens when the AI encounters edge cases that would trip up a human automator too. But this isn't an obituary for Selenium or Playwright. It's a thesis about architectural evolution. Classical frameworks aren't dying; they're becoming the invisible execution layer beneath AI agents the same way assembly didn't disappear when we got high-level languages. The question isn't whether to abandon your existing test suites, but how to position them in a world where AI handles the fragile parts. You'll leave with a clear mental model for when AI-native automation wins, when traditional scripts remain superior, and how to position yourself as QA engineering transforms from selector maintenance to agent orchestration.
• 

  Automate or Stagnate: Keep Your Dependencies up to date with Renovate

  Susanne Bach Ladefoged Hou · Software Engineer, Danske Commodities

  Maintaining software dependencies and updating external packages and dependencies is something that nobody really wants to do, and it is often forgotten and neglegted. We would all much rather spend our time actually developing new, exiting stuff. But leaving you dependencies unmanaged can leave you with security issues, and prevent you from using some of the nice, new features that might make your code even better than it is today. In this talk, we'll dive into why managing external dependencies is a critical part of software development—even if it’s not always the most exciting thing to do. We'll explore the risks of ignoring them and, most importantly, show you how automation can transform this chore into a seamless, time-saving process using Renovate. Whether you're working on large-scale business applications or side projects in your free time, you'll leave with strategies to keep dependencies in check without sacrificing the fun parts of coding.
• 

  Back to the Roots: Testing in the Age of AI

  Jakub Janczyk · Senior Engineer/Tech Lead, Help Scout

  AI is generating more and more code, and it’s getting better every day. Still, it’s far from perfect, and uncontrolled AI-generated code can quickly lead to bugs, frustration, and fragile systems. While tools and workflows are evolving rapidly, one thing remains unchanged: high-quality automated tests are the foundation of great software. AI coding agents thrive on fast feedback loops, and tests provide exactly that. However, not all tests are equally valuable, and poor tests can be just as harmful as having none. In this talk, we’ll go back to the roots of testing: what makes a test truly useful, how to design tests that guide both humans and AI, and how to leverage them to get the most out of AI-assisted development.
• 

  Beyond authentication: an open-source trust model for the agentic web

  Sabrina Engling · AI Lead, Trusted Shops SE, Alexander Günsche · Senior Solutions Architect, AWS

  Authenticating an agent tells you who it is, but not whether to let it transact, access data, or act on a user's behalf. As autonomous agents begin crossing organisational boundaries, the systems they reach face a binary choice: block all agent traffic or accept it without verification - neither of which scales as agent traffic grows. TSAI (Trust Signals for Agentic Interactions) is an open source protocol that fills this gap. Built on W3C Verifiable Credentials and Decentralised Identifiers (DIDs), it carries trust signals beyond identity - reputation, economic stake, authorization, and endorsements - in cryptographically signed credentials that any system can verify offline. Independent Trust Authorities issue them and agents present them when accessing a service, while receiving systems make their own access decisions based on the signals. Credentials describe the agent, not the user, which preserves user privacy and keeps existing user authentication unchanged. In this talk, we walk through the architecture - the four-tier trust model that scales from offline verification at low risk to real-time checks at high stakes, the credential format and lifecycle, and how TSAI composes with agent protocols like MCP and A2A. TSAI is developed by AWS and Trusted Shops, combining agent infrastructure expertise with decades of online trust certification.
• 

  Beyond Chat: AI Workflows That Actually Investigate Alerts (So You Don't Have To Know Everything)

  Nune Isabekyan · CTO, OpsWorker, Aram Hakobyan · Head of Platform Engineering, zooplus

  "You build it, you run it" sounds great until you're on-call for a Kafka consumer lag spike at 3 AM—and you spent the last six months building the React frontend, not the event pipeline. Modern teams own their services end-to-end, but no one can be an expert in everything. And the AI chatbots we've been promised? They just add another window to alt-tab through while the pager screams. This talk argues that chat-based AI is fundamentally wrong for incident investigation. I'll break down why the chat paradigm fails: it expects you to provide context you don't have at 3 AM, assumes you know where to look, burns time with back-and-forth, and interrogates instead of investigates. Then I'll show what actually works: AI workflows that investigate like a teammate who knows the system—automatically discovering affected resources, correlating metrics with deployments, querying the right logs without being asked, and delivering hypotheses with evidence. We'll cover real engineering challenges: orchestrating tools across Kubernetes, logs, and metrics; solving the "where do I even start?" problem; building outputs that explain unfamiliar systems; and what breaks when you let AI loose on production. Live Demo: A simulated 3 AM alert comparing the chatbot experience ("Can you tell me more about your cluster configuration?") versus a workflow that delivers: "Your deployment rolled out 47 minutes ago with a memory limit reduction. Three pods are OOMKilling. Here's the diff and the kubectl command to rollback."
• 

  Beyond LLM Agents: A World Model for Visual Software Testing

  Manuel Weichselbaum · CTO, anyconcept

  What if a model could learn software the way humans do, through pixels, mouse, and keyboard alone? This talk introduces the Vision Action Model, a foundation model that understands UI concepts, not coordinates, and executes them deterministically. Purpose-built for software testing. Trained purely on interaction data.
• 

  Beyond Resilience: Architecting Antifragile Systems

  Jan de Vries · DevOps Advocate, Naboek

  Most of us build systems to be robust or resilient. We want them to resist failure or to recover from failure. But in today's turbulent world chaos is inevitable. What if your system didn’t just survive a spike in latency or a server crash, but actually got better because of it? The concept of Antifragility, coined by Nassim Nicholas Taleb, is the hidden engine behind modern engineering triumphs like chaos engineering, continuous deployment, canary releases and microservices. While a resilient system recovers from shocks and stays the same, an antifragile system thrives on disorder, using failures as a catalyst for growth. In this session, we’ll move beyond the theory and look at the hidden force shaping our industry. We will explore how to transition from fragile architectures (where one error causes a cascade) to systems that leverage randomness to improve. Don’t just build systems that don’t break. Build systems that get stronger when they do.
• 

  Beyond SBOMs: The Future of Container Supply Chain Security

  Mohammad-Ali A'râbi · Senior Software Engineer, JobRad

  When a single phished NPM maintainer led to 18 compromised libraries—including Chalk and Debug, downloaded billions of times weekly—it proved one thing: SBOMs alone aren't enough. In this talk, Docker Captain Mohammad-Ali A'râbi explores how modern supply-chain attacks unfold and how the next generation of tools—attestations, provenance, and signing—can prevent a repeat of the September 2025 NPM breach. You'll learn how to build verifiable, trusted pipelines using Docker Scout, Syft, Cosign, and Rekor, and how to extend SBOMs with build-phase attestations. The session combines deep technical demos with hard-won lessons from the largest NPM attack ever—and insights from Mohammad-Ali's book "Docker and Kubernetes Security"—turning supply-chain horror stories into actionable DevSecOps practices. What you'll learn: - 🧠 Understand how the 2025 NPM supply-chain attack happened—and why traditional SBOMs couldn't stop it. - 📦 Pin & lock dependencies to prevent malicious updates from sneaking in. - 🧱 Generate, sign, and verify attestations using Docker Scout + Cosign + Rekor. - 🔒 Adopt zero-trust build pipelines with SLSA levels + OCI 1.1 referrers. - 🧰 Defend proactively with seven practical strategies: block lifecycle scripts, use hardware keys, and continuously scan with Snyk / Trivy / Scout. - 🚀 Turn compliance into confidence by making your entire container lifecycle verifiable.
• 

  Beyond SQL Generation: How to Teach Agents What Your Database Actually Means

  Celeste Horgan · Senior Developer Advocate, Snowflake

  Coding agents like Claude struggle to get meaningful information from databases. Even though they're good at writing correct SQL, they fall short where it matters - fetching the right answers. When asked a complex question, they consistently fumble their way through the schema catalogs and table descriptions, and then make best-guesses about how to join them, hoping to find some data that looks reasonable. The reason for this is simple - they don't know your domain. It's like hiring an expert in database syntax and expecting them to know how your company works. The solution is equally simple - teach the agent what the data means. Give them a guide to how your database is laid out, how its joined, what column names mean and what kind of queries make sense. All the folk knowledge that that expert hire would eventually acquire in their first 6 months. The technique for teaching agents the meaning of a schema is called a semantic model, there's an open standard that's easy to stick to, and the results are pretty terrific. A single file can take an agent from burning tokens to hallucinate an answer, to one-shotting the correct results. In this talk we'll go through the details of semantic models and the standard, why it's worth using the standard rather than rolling your own, and techniques for creating effective semantic models quickly. All in the service of a simple outcome - making a scalable database analyst that's effective from day one.
• 

  Beyond the Thor’s Hammer: Pragmatic Agentic AI with Caching, Reuse, and Cost Guardrails

  Satej Sahu · Principal Data Engineer, Zalando

  Agentic AI has become the default “big hammer”: throw more agents at the workflow, add more tools, loop until it works. It feels magical—until the cost bell rings: token spend explodes, latency creeps up, and teams realize they’re repeatedly paying for the same reasoning across users, departments, and weeks. This session is about bringing pragmatism without losing ambition. We’ll explore how to balance productivity and timely results by treating agent systems like any other production platform: measurable SLAs, predictable cost, and deliberate architecture. The centerpiece is a topic many teams overlook in the rush to “agentify” everything: cacheability. We’ll break down what’s actually being transmitted between agents and users—prompts, retrieved context, tool results, intermediate plans, and final answers—and identify what’s repeated (often a lot) across org units. Then we’ll introduce practical caching patterns for agentic systems: RAG and retrieval caching (query → top-k chunks, embeddings, rerank results) tool-result caching (APIs/DB queries with TTL, idempotency keys, provenance) response + reasoning artifact caching (answer reuse with “freshness” guards) workflow memoization (agent step outputs keyed by inputs, policies, and versions) organization-level knowledge reuse (shared “answer primitives” for FAQs, policies, and ideation) But caching isn’t free: it creates complexity around staleness, governance, personalization, and security boundaries. We’ll cover how to design caches that are safe and evolvable: TTL + invalidation strategies, semantic cache keys, redaction/PII handling, per-tenant isolation, and observability for hit rate vs. correctness. You’ll leave with a set of architectural principles and an incremental roadmap to scale agentic AI sustainably—so the hammer stays useful even when costs matter.
• 

  Beyond Webhooks: The Future of Scalable API Event Delivery

  Phil Leggetter · Head of Developer Experience, Hookdeck

  Since Jeff Lindsay introduced webhooks in 2007, they’ve become the default mechanism for delivering API platform events to consuming applications. But as adoption has surged and event-driven systems have evolved, the cracks in the webhook model have started to show—scalability challenges, reliability concerns, and operational overhead are just the tip of the iceberg. In this talk, I’ll challenge the status quo and explore why webhooks may no longer be the best fit for modern API platform event delivery. More importantly, I’ll introduce Event Destinations—a Stripe-inspired next-generation approach designed to handle event distribution at scale, offering greater flexibility, resilience, and control. If you’re building APIs or event-driven platforms, this session will equip you with the insights to rethink your event delivery strategy.
• 

  Blameless Postmortems That Change Nothing: Cultural Anti-Patterns in Incident Learning

  Daniel Schley · Head of Data Engineering, Riverty

  Blameless postmortems are meant to help teams learn from incidents. In reality, many of them result in well-written documents and no meaningful change. Drawing from personal experience responding to production incidents, as well as patterns observed across multiple teams and organizations, this talk examines incident reviews as a window into real engineering culture. Not the culture described in values decks, but the one revealed by how teams explain failures, assign responsibility, and decide what not to fix. Across incidents ranging from minor outages to multi-hour production failures, we will explore recurring cultural anti-patterns that surface during postmortems. These include reviews that avoid uncomfortable truths, blamelessness used to shut down hard conversations, action items that quietly die in backlogs, and learning that stops at technical fixes while systemic and organizational causes remain untouched. The talk also looks at why these patterns become more dangerous as teams adopt AI-assisted development. Faster feedback loops and accelerated code changes amplify cultural weaknesses that postmortems were supposed to correct. Attendees will leave with concrete signals to look for in their own incident reviews, a small set of diagnostic questions that expose stalled learning, and practical techniques to turn postmortems into drivers of real improvement. Each anti-pattern is paired with a real incident example and a concrete alternative practice that has led to measurable improvement, rather than just better documentation.
• 

  Bridging LLMs and Systems: Practical Automation with MCP Tools and Function Calls

  Mehdi Mohseni · Tech Lead and Lead Cloud Engineer, Halocline

  In this session, we’ll look at how a .NET-based solution enables Large Language Models (LLMs) to act as automation engines inside a VR application. The system uses the Model Context Protocol (MCP) to give the LLM controlled access to real system data and APIs. When a user submits a request — for example, “make the workspace more ergonomic” — the LLM interprets the intent, fetches relevant user and environment data via MCP, and responds by invoking an API or function with precise parameters. We’ll walk through how this automation pipeline is built: from the LLM prompt orchestration and MCP data interfaces, to function calling, execution in .NET, and real-time feedback in VR. The talk will also include real scenarios such as automatically identifying unused areas in a VR layout, adjusting ergonomics, or optimizing object placement — all triggered by natural-language input.
• 

  Build a Multi-Channel AI Agent

  Anni Chen · Developer Evangelist, Twilio

  Building production AI agents means solving infrastructure problems before writing agent logic. Channel integration requires webhook handlers, WebSocket servers for voice, session management, and memory persistence. Multi-channel support multiplies this work across web, voice, and SMS, plus synchronisation to preserve conversation context. Middleware can eliminate this complexity by providing a unified interface to communication channels with built-in conversation memory. Developers implement agent logic while the middleware manages webhooks, connections, and state across channels. In this workshop, you'll build and deploy a multi-channel agent using Twilio Agent Connect (TAC) with OpenAI (bring your own API key). The agent will handle voice, SMS, and web interactions with shared context. You'll gain hands-on experience with middleware patterns, understand architectural tradeoffs, and learn when these solutions reduce development overhead versus building custom integrations.
• 

  Build a Production-Ready AI Agent in 90 Minutes

  Tamas Piros · AI Consultant

  AI agent demos are everywhere. Production-ready agents are not. The gap between a working prototype and a system you'd trust to run unsupervised at 3AM is enormous and it's mostly about infrastructure, not intelligence. In this hands-on workshop, you'll build a multi-step AI agent from scratch in TypeScript and take it all the way to production-grade. We'll start with a naive implementation that works on your machine, then systematically break it and fix it. By the end, your agent will handle LLM failures gracefully, recover from crashes mid-workflow, manage concurrency, and give you full observability into every step. No slides (okay, maybe a few). No theory blocks (only a bit). Just code, patterns, and a deployed agent you can take home (but not literally!).
• 

  Build Agents That Can Pay with x402: From Your Laptop to a Live Network

  Hendrik Ebbers · CEO, Open Elements

  AI agents are starting to act on their own, but an agent that can't pay for anything is stuck asking a human for a credit card. In this hands-on workshop you'll build an AI agent that pays its own way, using x402, the open standard that lets software settle payments over HTTP. Along the way, you'll do something most developers never have: spin up your own distributed ledger on your laptop, build and test the entire payment flow, and then run the same code on the Hedera public test network for validation. The reason that portability works is open source. Hedera runs on Hiero, an open-source project under the Linux Foundation Decentralized Trust, so the network on your machine and the global public network speak the same protocol. We'll keep that part conceptual and the rest hands-on: by the end, you'll have an agent that requests a paid resource, receives an HTTP 402, settles the payment on-ledger, and gets what it asked for. You'll leave with a working reference for agentic commerce and a clear mental model for taking it from a laptop to a public network, and eventually to production.
• 

  Building a Better Tomorrow: Tips and Tricks for Docker Builds

  Daniel Bodky · Senior Developer Advocate, NETWAYS

  Container are a fundamental building block of DevOps operations, yet building them efficiently and securely can be a burden: Often developers don’t know about the platforms’ security constraints, baseline configuration, and expected behavior, while DevOps teams lack domain knowledge regarding the frameworks and languages in use. The result: insecure or bloated containers! In this hands-on, 2h workshop, we will take a look at common scenarios for containerized applications, and improve them bit by bit, taking a good look at tools available to us in the cloud-native container world. Participants can expect to get a good understanding of easily applicable actions to trim and secure container images, gain insights throughout the building process, and learn how to get their applications from their machines to production.
• 

  Building a Cloud Platform Where Everything is Just Another Kubernetes Resource

  Patrick Koss · Tech Lead, STACKIT

  At STACKIT, we took the Kubernetes API and turned it into our entire platform control plane. Not just for running containers. For everything. S3 buckets, databases, DNS records, IAM credentials, even entire child Kubernetes clusters. All defined as YAML manifests. All managed via GitOps. All continuously reconciled by controllers. We started with Terraform like everyone else. It worked fine until our infrastructure got complex. Monolithic state files that locked the whole team. Slow applies that recalculated everything when we only needed to change one thing. Drift that only surfaced when someone remembered to run a plan. So we rebuilt the platform on Crossplane and ArgoCD. One management cluster provisions and orchestrates cloud infrastructure per environment. Developers get self-service APIs by applying Kubernetes resources. Ops teams enforce policies through admission webhooks. Everything reconciles in real-time. No external state to manage. No waiting for tickets to get unblocked. This is the production architecture. How it works, why we designed it this way, what went wrong during the migration, and what we'd change if we started over today.
• 

  Building a Cross-Platform BLE Client with Kotlin Multiplatform and Kable

  Georg Dresler · Principal Software Architect, Ray Sono

  Building Bluetooth Low Energy features has long been challenging since every platform behaves differently and the code quickly fragments. Kotlin Multiplatform changes that story by letting you build reliable Bluetooth functionality once, so even if you’re new to BLE, you can start with confidence instead of chaos. With Kotlin Multiplatform (KMP) and the Kable library, you can create a single BLE layer that runs across Android, iOS, and macOS, with experimental Web support. Kable abstracts platform quirks through coroutines and Flow, delivering predictable async behavior across targets. We'll briefly cover BLE fundamentals such as clients, peripherals, services, and characteristics to lay the groundwork. In a live demo, we'll control a Bluetooth-enabled light from a shared KMP CLI app. You’ll see how coroutines make reads and writes feel sequential, while Flows stream live updates like connection state, battery level, or sensor data. Structured concurrency keeps the client stable and predictable, even when devices disconnect or data changes rapidly. Key takeaways: - Build a cross-platform BLE client - Use coroutines and Flow for reliable, idiomatic async BLE operations - Apply structured concurrency for robust connection management and cleanup
• 

  Building a Multi-Agent Orchestration Engine That Actually Follows the Rules

  Hussein Jundi · AI Engineering Lead, E.ON Digital, Torsten Stiller · Head of Automation Factory, E.ON Digital

  At E.ON Digital Technology, we're building an AI-powered platform that spans the entire software development lifecycle—from ideation, requirements in Jira, through code generation and GitLab integration, to automated testing, infrastructure deployment, and production monitoring. Enterprise environments don't tolerate agents going off script. We need them to follow our SDLC guardrails, and not to improvise. While the workflow itself enforces standards, the graph controls transitions, embeds approval gates, and ensures compliance. Users just chat; the system handles the rest. We'll walk through the architecture and share real examples: legacy application modernization, cloud-native migrations, and gains in developer productivity. The Problem AI coding assistants are powerful, but they're designed for autonomy. In an enterprise like E.ON, that's a problem. We have governance requirements, approval workflows, and integration points across the entire SDLC—Jira for planning, GitLab for code, our automation platform for deployments, our monitoring stack for observability. Letting an agent "figure it out" isn't an option. What We Built We created a multi-agent platform based on LangGraph where: -Specialized agents handle distinct phases: requirements analysis, code generation, test creation, infrastructure provisioning, log analysis -The workflow graph enforces our SDLC—agents don't decide when to ask for approval or which phase comes next; the graph does -Graph disaggregation: the workflow breaks down complex tasks into manageable steps, improving task completion rates and reducing hallucinations -Enterprise integrations connect each phase to our actual toolchain (Jira, GitLab, deployment automation, monitoring) -Workflows are pluggable—different use cases get different flows with appropriate checkpoints The result: developers interact through a conversational interface, but the underlying system enforces similar standards we'd expect from manual processes.
• 

  Building AI apps with the Google ecosystem

  Marina Coelho · Developer Relations Engineer, Google, Rosário Pereira Fernandes · Senior Developer Relations Engineer, Google

  The way we build software has changed. Today, the most successful developers aren't just writing code, they are orchestrating AI tools and agents to build better and faster. This hands-on session is a deep dive into this modern "Builder Stack”, where you will learn how to build with a variety of tools in the Google ecosystem. Come to this session if you want to spend less time configuring and more time creating. We’ll guide you through a complete development lifecycle, from prototyping an idea, to generating a beautiful UI, building AI features, and integrating a secure, scalable backend.
• 

  Building APIs for Agents vs Systems. Is MCP the answer?

  Adam Bird · CEO and Co-founder, Cronofy

  When your API consumer can reason, everything you thought you knew about the contract between provider and caller gets tested. I’ve spent the last 24 years of building and commercialising web APIs, including Cronofy’s MCP server and Agentic products. I've learned that the instinct to reach for new abstractions before honestly asking why the existing ones failed is as strong as ever. This talk covers the real differences between designing for developers and designing for agents, where MCP earns its place and where it's inefficient. Why granularity choices that work for systems fail for agents. The tension between agent flexibility and keeping your platform predictable, secure, and auditable. Where the responsibility for behaviour should fall. Practical learnings from really doing it. What I will share - How the contract between API provider and consumer shifts when the consumer is non-deterministic — retry logic, error handling, and authentication all need rethinking. - The practical differences between designing for developer experience (DX) versus agent experience (AX) — documentation, discoverability, and affordances. - Where MCP fits in the stack: what it actually solves (tool discovery, context passing, standardised transport) and what your tool should claim. - Lessons from shipping an MCP server commercially — the gap between the spec and production reality. - Why "just wrap your REST API" is a trap — granularity, composability, and the temptation to expose too many tools versus too few. - The tension between giving agents flexibility and maintaining predictable, billable, auditable behaviour for your business. - What stays the same: rate limiting, versioning, backward compatibility, and the fundamentals that 24 years of API design and delivery have already taught me.
• 

  Building Moduliths That Last: Patterns for Sustainable Module Integration

  Christoph Kober · Lead Software Engineer, SQUER

  A system does not need to be distributed to have clean architectural boundaries. Moduliths (modular monoliths) have emerged as a popular alternative to microservices - But doesn't that mean we're going back to where we started from? Won't today's moduliths end up as Big Balls of Mud again in a few years? The key to a sustainable modulith is clean integration between modules. The shared runtime offers more integration options but also creates the temptation to take shortcuts and create a hot mess. This talk compares different approaches to integrating modules in a modulith. We will explore how different domains suit specific patterns better than others, and distill that knowledge into practical heuristics. We will also examine tactics for establishing these patterns in existing codebases. As a developer or architect, you will leave with a toolkit of modulith integration patterns and antipatterns, guidelines for choosing the right ones, and the knowledge to establish them in legacy applications.
• 

  Building Multi-Agent AI Systems with MAF: From Copilot to Orchestrated Agents

  Isha Salania · AI Solution Engineer, Microsoft, Kiran Panchal · AI Solution Engineer, Microsoft, Ricardo Niepel · Senior Solution Engineer, Microsoft

  This hands-on workshop focuses on building multi-agent AI systems using Microsoft's Multi-Agent Framework (MAF). Instead of relying on single prompts, participants will learn how to design and orchestrate multiple specialized agents that collaborate to solve complex tasks. Through practical exercises, attendees will work directly with MAF to implement agent coordination, task decomposition, tool integration, and memory patterns. The session will showcase how to move from basic copilots to structured, production-ready multi-agent workflows for real-world scenarios.
• 

  Building Physical AI: Fine-Tuning VLA Models and Composing Multi-Modal Systems

  Alison Cossette · CEO and Founder, ClariTrace

  Physical AI requires a different stack than chatbots. You're fine-tuning vision-language-action models for specific skills, then composing them with perception and voice systems that work in real-time. The integration is where the magic happens—and where most projects fail. This talk shares the architecture behind an award-winning book-reading robot: a system that opens books, turns pages, sees content, and reads aloud with expressive voices. We fine-tuned VLA models using Action Chunking with Transformers to learn fluid manipulation from human demonstrations, then integrated Claude Vision for page understanding and Eleven Labs for streaming speech synthesis. I'll walk through the technical stack: how we collected demonstration data and fine-tuned for page-turning skills, why ACT policies outperform discrete skill primitives for manipulation, and how we achieved zero-latency speech through a three-threaded streaming pipeline. Physical AI means designing for graceful failure—because in the real world, errors tear pages. You'll leave with concrete patterns for fine-tuning VLA models, composing multi-modal physical AI systems, and understanding where the hard problems actually live. Learning Objectives * Fine-tune vision-language-action models for specific manipulation skills *Apply Action Chunking with Transformers for fluid robotic behavior *Design multi-modal physical AI systems that integrate manipulation, vision, and voice *Build zero-latency streaming pipelines for real-time human-robot interaction * Identify failure modes unique to physical AI and design recovery strategies Level Intermediate Tags Physical AI, VLA Models, Robotics, Fine-Tuning, Vision-Language-Action, Real-time Systems
• 

  Building Sovereign AI: Lessons from Deploying Secure RAG Systems using Confidential Computing

  Isha Salania · AI Solution Engineer, Microsoft

  This session explores how real-world government organizations are building and deploying secure AI systems using Retrieval-Augmented Generation (RAG) on sensitive data. Based on hands-on project experience across public sector customers, we will walk through how teams move from early AI prototypes to production-ready systems under strict requirements around privacy, compliance, and data residency. The session will cover: How developers design RAG pipelines for sensitive and regulated data, key architectural decisions (data ingestion, indexing, retrieval, grounding, and model orchestration), security and identity patterns required for sovereign AI scenarios, common pitfalls encountered when scaling beyond demos, and practical lessons learned from real deployments.
• 

  Building the next generation of AI developer tools

  Krzysztof Cieślak · Staff Research Engineer, GitHub Next

  AI has already changed software development. Tools like GitHub Copilot have become ubiquitous part of the workflow of millions of developers. Like other well-known editor features, AI-in-editor increases productivity, reduces required context switching, and lets developers stay in the flow while focusing on important parts of their job. However, this was just a first step - with the rapid developments of large language models (LLMs), which have become more powerful and knowledgeable with every release and have excellent reasoning capabilities, we can do more. Nowadays, we see AI agents such as Claude Code able to solve complex, repository-wide tasks or even generate whole applications. In the talk, I will discuss how AI developer tools has changed over the years, describe emerging usage patterns of AI agents and how they change whole software development process, and peek into the future of developer tools. All that while trying to answer the most important question - how to design applications using AI with humans in mind.
• 

  Bulletproof Web Applications: The 2025 OWASP Top Ten

  Christian Wenz · CEO, Actition

  Since 2003, the Open Web Application Security Project curates a list of the top ten security risks for web applications. The brand new 2025 edition of the OWASP Top Ten is on the horizon; time to take a look at it! What's new, what has changed, and what is mandatory knowledge for any developer using a modern web stack? Attend this must-see session to get an up-to-date refresh on how to create secure web applications and prevent the top ten issues from happening. Many code samples will demonstrate those risks, and countermeasures, to keep your applications secure.
• 

  Can SVG be fast? Rendering a scatter chart with over 10k points

  Bernardo Belchior · Software Engineer, MUI

  In this talk, we’ll explore the performance limits of SVG when rendering scatter charts with thousands of data points, based on our experience at MUI X Charts. You’ll learn how to identify bottlenecks, performance measuring tricks, and the techniques we use to optimize rendering.
• 

  Carbon-Aware Kubernetes: Building Sustainable Cloud-Native Platforms

  Alessandro Stefouli-Vozza · Solution Engineer, Microsoft

  The cloud-native ecosystem consumes massive amounts of energy, but what if your Kubernetes clusters could automatically optimize for carbon footprint? This talk demonstrates how to build carbon-aware platform engineering solutions using real-time grid data, KEDA autoscaling, and multi-region workload shifting. Live demo includes deploying workloads that automatically migrate based on renewable energy availability.
• 

  Checkmate: 5 Real Incidents That Can End a Software Company

  Jasmin Azemović · Associate Professor, University Dzemal Bijedic Mostar

  Security failures rarely start with sophisticated zero-day exploits. In most cases, they begin with ordinary decisions: a rushed commit, a misconfigured cloud service, an overlooked alert, or a trust assumption that no longer holds. I’ve seen how real-world incidents unfold, not in theory, but in live production environments with customers, revenue, and reputations on the line. This talk breaks down five real incident scenarios that placed software companies in “checkmate” positions: moments where recovery options narrowed, time worked against the defenders, and business survival was genuinely at risk. Each incident is presented from the defender’s perspective, showing how technical failures, process gaps, and human factors intersect. We will examine how attacks moved through CI/CD pipelines, cloud platforms, identity systems, and third-party dependencies. This session is not about fear, compliance checklists, or abstract security theory. It is a practical, experience-driven look at how companies actually fail, and what developers, architects, and engineering leaders can do differently to avoid repeating the same mistakes. Attendees will leave with concrete lessons on design decisions, development practices, and security assumptions that silently determine whether an incident becomes a manageable disruption, or a company-ending checkmate.
• 

  Code Once, Use Everywhere: Building Shared Libraries for Multiple Projects

  Vadzim Prudnikau · Co-Owner and Architect, Trainitek and Apotek 1

  Developers who have worked on shared libraries know that maintaining them can quickly become a headache, often leading to bugs or bottlenecks across projects. * What should go into a shared library? * How do you keep it small and easy to maintain? * How do you update it without breaking everything? These and other questions arose when I built a shared Java library that supports integration with Spring Boot across multiple projects in my company. In this talk, I’ll show how I addressed these challenges and developed a solution that has worked successfully for over three years. I'll walk you through the structure and code so you can see exactly how it’s done and avoid common mistakes. By the end, you’ll have actionable insights to start building or improving your own shared libraries that support Spring Boot. Join my talk to discover practical solutions you can apply to your projects right away, whether you're just starting or looking to enhance an existing shared codebase. I look forward to seeing you at my talk!
• 

  Code Style in Practice: Balancing Preferences and Consistency

  Angelika Shvets · Senior Software Engineer, Global-e

  How often do we work with code where similar parts look different and are difficult to understand? The reasons are not always clear and are often related to personal preferences, missing standards, or historical decisions. In this talk, we will discuss: Is it better to follow an exciting coding style rather than introduce your own? When and how is it appropriate to improve or change code style? Can principles be used when formal standards do not exist? How do code style and consistency impact readability, maintainability, and overall code quality? This talk focuses on balancing personal preferences with shared team consistency and on making software projects easier and more enjoyable to work with.
• 

  Code that writes code - .NET Source generators

  Glenn F. Henriksen · CTO, Justify

  Tired of writing repetitive boilerplate code? Enter .NET Source Generators - your key to automating code generation at compile time. In this session, we'll explore and demystify this powerful feature that lets you inspect your codebase and generate new C# source files during compilation. You'll learn how to create source generators from the ground up, including working with the Roslyn compiler API to analyze syntax trees, semantic models, and symbols. Don't worry, it's actually easier than it sounds! We'll explore practical techniques for traversing your codebase, filtering syntax nodes, and generating precise, context-aware code that integrates seamlessly with your existing projects. Through hands-on examples, we'll implement source generators that solve real-world problems. We'll cover examples like creating strongly typed entity IDs to prevent primitive obsession, generating boilerplate code, auto-implementing interfaces, building compile-time helpers and more. This session is designed for intermediate to advanced .NET developers, team leads and architects looking to improve code maintainability, as well as anyone interested in meta-programming and code generation. After this session, attendees will gain a thorough understanding of source generator architecture and lifecycle, along with practical knowledge of working with the Roslyn API for code analysis. They'll learn essential techniques for debugging and testing source generators, good practices for implementing them in production projects, and acquire a toolkit of ready-to-use patterns for some common source generation scenarios.
• 

  Colorful quantum randomness

  Jakub Gaj · Cloud Solution Architect, Danske Bank

  Experience the power of quantum superposition through this visual hands-on demo to generate truly random colors using actual quantum computers. See how quantum randomness can supercharge real-world applications in cryptography, material science simulation, and optimization problems that classical computers struggle to solve efficiently. Showcase of quantum algorithm development using OpenQASM and Qiskit frameworks, running on IBM Quantum and Amazon Braket platforms. No prior quantum physics knowledge required, just bring your curiosity for emerging technologies!

• Completing the Feedback Loop

  Speakers TBA

  Coding via AI agents is a solved problem. We've come a long way from the "tab experience" Cursor has given us to approaches like "Ralph Wiggum". And almost every time - the AI comes up short, leaving you to implement the finishing touches (if not more). In this talk we will explore how we can give the agent the leg-up it needs to really complete the task.
• 

  Confessions of a Software Archaeologist: What I Did Wrong in 10 Years of Restructuring Software

  Hendrik Lösch · Management Consultant and Architect, ZEISS Digital Innovation

  While AI tools promise enormous efficiency gains, deploying them often reveals a hard truth: our legacy systems aren't ready. This pressure to modernize shines a harsh light on issues we have ignored for years. It turns out that refactoring code is actually the easy part. The real bottlenecks are hidden in a tangled mess of stakeholder management, ossified organizational structures, and the "human factor." These are non-technical problems that no AI can fix for us. With over 10 years of experience as a Lead Dev, Architect, and TPM, I’m looking at the big picture. Having navigated these exact traps in numerous restructuring projects, I will share actionable lessons to help you spot and overcome these barriers. We’ll look past the code to focus on building a project environment that allows modernization to succeed.
• 

  Context Graphs for Explainable, Decision-Aware AI Agents

  Zaid Zaim · Developer Advocate, at Neo4j

  AI agents can follow prompts and use tools, but often lack the institutional context needed to explain why a decision is made. That reasoning: policies, precedents, and past outcomes are usually scattered across systems and human memory. Context graphs capture this missing layer by modeling decision traces over time, including causality and context. By giving agents access to just enough historical and organizational knowledge, context graphs enable more explainable, consistent, and auditable decisions.
• 

  Context is all you need

  Samuel Agbede · Developer Advocate, Redis, Raphael De Lio · Software Engineer, Redis

  Context is all you need argues that the biggest challenge in modern AI is no longer model quality — it’s context quality. As LLMs become better at reasoning and tool use, the real differentiator is whether agents can access the right data, memory, and state in real time. In this session, we will show you why production AI agents fail when context is fragmented, stale, slow, or hard to navigate, and introduces the idea of a real-time context engine to solve that problem.
• 

  Continuous Accessibility

  Jörg Jakoby · Software Developer, Atos

  In this session, I will demonstrate how to move accessibility with low effort from an "afterthought" to a systematic verification process using fast unit checks (jasmine-axe, jest-axe, vitest-axe) and realistic E2E scans (Cypress, Playwright). Instead of manually checking accessibility shortly before release, we shift feedback to the left: components are validated in isolation during testing, and critical user flows are scanned in real browsers. This is not just about tools, but about robust routines: ensuring stable UI states before scanning, maintaining consistent WCAG tags/severity levels, generating actionable reporting in CI, and establishing clear gate rules ("build fails on serious/critical"). Furthermore, I will shed light on the practical side: how teams handle exceptions (with justification and expiration dates), how to choose the right scopes (e.g., scanning a dialog instead of the entire page), and why uniform guardrails across unit and E2E tests are crucial for making accessibility sustainable, scalable, and genuinely integrated into daily development.
• 

  Contract Testing with MCP: Building Self-Describing, Self-Testing APIs

  Moataz Nabil · Software Engineering Manager, AVIV Group

  Contract testing hasn’t evolved—but our systems have. Today’s APIs run in dynamic environments shaped by user context, feature flags, and increasingly, AI-driven behaviour. Yet most teams still rely on static OpenAPI specs, brittle consumer-driven contracts, and manually maintained test suites that quickly drift from reality. In this talk, you’ll discover how the Model Context Protocol (MCP) introduces a new approach: self-describing, self-testing APIs. By exposing runtime context—schemas, constraints, examples, and real usage scenarios—through MCP, services can automatically generate and maintain their own contract tests. This enables continuous compatibility between providers and consumers, reduces breaking changes, and transforms testing from a manual task into an automated, context-aware system. We’ll walk through a practical architecture showing how MCP fits into an API platform, and demonstrate a working example where an API generates its own contract tests and runs them in CI. If you build, test, or operate APIs, this session will change how you think about contracts, testing, and quality in distributed systems.
• 

  Craftsmanship in the Age of Agents

  Luis Bitencourt-Emilio · SVP Product, GitHub

  Four years ago, GitHub Copilot was demoed on this stage for the very first time, and the way we build software has never been the same. Today, developers are directing agents, reviewing AI-generated pull requests, and experimenting with new ways of working. But more AI output doesn't automatically mean better software, and the gap between generating code and shipping something you'd stake your name on is widening. We'll dig into what leading developers are actually doing differently: how they're rethinking the SDLC, where human judgment matters most, and why craftsmanship isn't a nostalgic idea — it's your competitive edge.
• 

  Create Your Own Role-Playing Game with Agentic AI using Strands Agents

  Arnaud Jean · Developer Advocate, AWS

  Come discover how to code a Game Master that will orchestrate multiple AI agents, each specialized in a particular task. We'll explore concepts like agent tools, the MCP (Model Context Protocol), A2A (Agent to Agent), and RAG (Retrieval-augmented generation) to create agents and/or MCP servers that roll dice, verify game rules, and generate the story as it unfolds. Whether you're a role-playing game fan or not, there will be things to learn during this workshop :)
• 

  Cryptographic agility for a post-quantum future: Falcon signatures in TypeScript

  Andrew Funk · Partner Lead, Algorand Foundation

  Recent advancements in quantum computing are changing estimations of how soon classical cryptographic algorithms may be at risk. In this talk, we’ll explore the Falcon post-quantum signature scheme, how to apply it through a simple TypeScript library, and how Falcon signatures can be used to secure data today against tomorrow’s quantum attacks.
• 

  CUDA Python: GPU programming for the modern developer

  Paul Graham · Senior Solutions Architect, NVIDIA

  Accessible introduction to GPU-accelerated programming using CUDA Python — no C++ required. Shows developers how to write parallel code for AI, data science, and simulation workloads using Python-native APIs.
• 

  Cutting LLM Costs Without Cutting Quality: How to Beat Proprietary LLMs with Fine-Tuned Open Source

  Viktoria Semaan · Principal AI Evangelist, databricks

  Let's cut through the hype: most AI agents never make it past the demo stage. The gap between a working prototype and a production-grade system comes down to one thing—evaluation. Without reliable metrics, you're guessing at what's working, what needs fixing, and whether your agents are actually improving. You'll learn how to: - Define custom metrics tailored to your use case - Calibrate LLM judges for cost-effective assessments - Track evaluation results over time to measure real progress Whether you're building LLM-powered apps or leading AI teams, you'll leave with actionable tools to move from proof-of-concept to production—with the transparency and reliability enterprises demand.
• 

  Dangerous Reactivity: Why AI Output Is the New XSS

  Ramona Schwering · Developer Advocate, Auth0

  Vue developers (amongst others, ofc) know one golden rule: never use v-html on user input. Yet, as we're integrating Large Language Models (LLMs) into our applications, we often make a fatal mistake. We're treating AI output as a trusted source. This is fine. Well, not automatically.... Let’s look at OWASP LLM05 and how "Improper Output Handling" affects web security. Therefore, let's discuss examples of how safe inputs can trick models, leading to vulnerabilities such as XSS and injection attacks. By the end, you’ll learn how to be "professionally pessimistic" for AI. You’ll see how to sanitize LLM data, safely render Markdown, and manage AI-generated content. Let's approach technology with caution, I look forward to exploring this with you! ❤️
• 

  Debugging Humans: How MBTI Helps Engineering Teams Communicate Better

  Hazel Wat · Analyst and Consultant, Schwarz IT

  Software teams spend enormous effort on codes - yet many of the biggest productivity issues are not technical at all. They come from miscommunication, mismatched expectations, and avoidable friction between equally capable engineers. In this talk, I will explore how MBTI - a 16 personality assessment - can be used as a practical communication framework for engineer teams - not as a personality label or hiring tool, but as a shared language to understand different working and communication preferences. I will share how small adjustments in communication can dramatically improve team effectiveness. This session focuses on actionable, engineer-friendly techniques to reduce friction, improve collaboration, and build high-performing teams.
• 

  Decode Your People: Using PCM to Build High-Performance Teams

  Chris Redmond · Founder, RedOwl Talent

  Only 23% of employees globally are engaged in their work. Burnout has hit 66%, and the average age for experiencing it is now just 32. On top of that, only 44% of managers have ever been trained in how to lead people, despite being directly responsible for 70% of team engagement outcomes. We don’t have a productivity crisis, we have a leadership crisis. In this 20-minute keynote, I share how the Process Communication Model (PCM), a behavioural tool originally developed for NASA, helps founders and managers lead people the way they’re actually wired. This is not a PCM training session. It’s a practical, story-led talk designed to shift how leaders think about performance: not as something to push for, but something to unlock through smarter communication, deeper understanding, and earlier stress recognition. Using PCM as a lens, I’ll walk the audience through: Why people disengage (and how to see it coming) Why one-size-fits-all motivation fails modern teams How to recognise when a communication style is misfiring Audience members will reflect on their own teams in real-time, explore the gap between how they lead and how people want to be led, and leave with a clear insight: you don’t manage performance, you manage people.
• 

  Defending the Modern Supply Chain: Hands-On Vulnerability Remediation

  Patrick Feige · Senior Solutions Architect, Veracode, Boy Baukema · Senior Principal Security Consultant, Veracode

  Software supply chains grow more complex every day, bringing new risks from open-source dependencies. Join us for a comprehensive workshop designed to help you defend your applications against these threats using secure coding practices and modern tools. The session kicks off with a live demonstration of a real-world application exploit. You will see firsthand how to block malicious packages using a package firewall and remediate vulnerabilities using Software Composition Analysis (SCA) techniques. After the demo, we will dive into a hands-on exercise. We provide a vulnerable application so you can practice identifying security flaws with SCA tools. We will apply the necessary fixes and re-scan the application to validate your remediation work. We will wrap up the workshop with an open Q&A session. Here, we will discuss best practices for securing your supply chain and share actionable tips for integrating security directly into your development workflows.
• 

  Design Patterns For AI Products in 2026

  Vitaly Friedman · UX Lead, Smashing Magazine

  As product teams rush in launching AI products, they quickly face a roadblock. Too often AI features have very low adoption and retention, they are painfully slow and unreliable, responses are walls of text and users have to ping-pong between prompts, over and over again. Let's fix that!
• 

  Design Systems for the Machines - How to Make AI Understand Your UI

  Jennifer Wjertzoch · Senior Frontend Engineer, DKB Code Factory

  Design systems were created to make interfaces predictable for humans, now we need to make them predictable for machines. In a world where AI agents analyse, navigate and document our UIs, a component is only as useful as it is machine-readable. This talk shows how to embed semantic metadata, accessibility signals and structural intent directly into your design-system components, so AI can correctly interpret their purpose, behaviour and constraints. Jennifer demonstrates how machine-readable components unlock automatic documentation, AI-assisted accessibility reviews, intelligent refactoring and design-to-code pipelines that actually understand your product. The session delivers a forward-looking, practical blueprint for design systems that aren't just beautiful and consistent, but self-descriptive, inspectable and fully compatible with the AI-driven workflows of the future.
• 

  Designing UX for SRE Agents in High-Stakes Incidents

  Osmar Matos · UX/UI Design and Frontend Lead, Hyground

  Incident analysis isn't a straight-line calculation, it's a maze. Every alert opens a fork: deploy regression, dependency flap, or the first step of something larger. Older LLMs stumbled at the first fork. Newer models navigate these branches and backtrack when a hypothesis doesn't hold. At Hyground, we don't hand our SRE agents exhaustive runbooks. We give them a foundation in operations work and pointers to metrics, logs, and wikis, then let them run. That forces us to rethink what UX means. When the trajectory isn't one you can wireframe in advance, what are you actually designing? Engineers want control, most of all at 3am with a pager going off. How do you surface an agent's reasoning without burying the operator in text? How do you give the human steering authority over a process whose next step doesn't exist yet? We will walk through the interface patterns we landed on in Hyground, the ones we discarded, and close with a question: when the thing on the other side of the screen is an intelligence of its own, is "user interface" still the right word?
• 

  Developers become Orchestrators: From Human-in-the-Loop to Spec-in-the-Loop

  Bastian Heilemann · Lead Cloud Native Solution Architect, Carl Zeiss, Stefan Bley · Software Architect, ZEISS Digital Innovation

  Development teams still struggle with a fundamental question: what can we safely delegate to AI, and what must remain human-owned? Despite rapid progress in AI tooling, most teams are stuck in “copilot mode” — gaining speed, but also increasing cognitive load, risk, and inconsistency. In this talk, we show why and how the role of the developer must evolve: from writing code and managing endless shift-left concerns, to designing intent, constraints, and guarantees — and orchestrating AI-driven execution. We introduce spec-driven development as a governance and execution model for AI-assisted software delivery. Instead of focusing on prompts or tools, we frame AI delegation as a risk- and criticality-aware decision: humans define what must be true (functional specs, architecture decisions, security, SRE, and compliance constraints), and AI is delegated everything else. To make this concrete, we present a realistic end-to-end experiment: a non-critical internal service built with maximum AI delegation. Humans provide: Functional specifications and ADRs, Non-functional requirements (security, reliability, coding standards) and Release and compliance constraints From there, AI generates implementation, tests, CI/CD pipelines, packaging, and deployment artifacts — fully automated. On stage, we demonstrate how changing a specification (for example an SLO or security requirement) triggers repeatable, auditable regeneration of code and infrastructure — without manual re-implementation. We deliberately push this approach to its limits to show where it works, where it breaks, and why it must never be applied blindly to critical systems. Attendees will leave with: A clear understanding of the guardrails required for safe AI delegation. A practical delegation matrix for AI-assisted development. A mental model for specifications as an execution boundary, not documentation. A realistic, experience-based view of fully automated delivery for low- and medium-critical systems.
• 

  Diagnostic Tooling: How to get insights from your .NET services hosted in Kubernetes containers?

  Tom Crecelius · Technology Evangelist, CID

  Cloud-native development is the talk of the town. Kubernetes, private cloud, and on-prem hosting are the hottest things around. However, running your services in containers on Kubernetes brings new challenges, especially if they are set up to be particularly secure in a production environment. Bugs exist in every software, but how can you obtain the data required for diagnostic purposes from services running in such containers? How can you obtain the data to analyze memory or performance patterns and do optimizations? In this talk, I will answer questions of this kind when dealing with .NET services hosted in a Kubernetes environment. I will explain concepts of .NET and reason about existing tools for getting memory dumps, heap information, CPU traces, etc., and what that means for your container setup. Key Takeaways: - Tooling and Integration: The available tools and their practical applications for .NET services running in Kubernetes. - Sidecar Configuration: Step-by-step guidance on setting up a diagnostic sidecar container in your Kubernetes environment. - Deployment Readiness: Recommendations for preparing your Kubernetes deployment manifests. - Debugging and Diagnostics: How to extract traces, dumps, heap data, and other diagnostics from .NET services in containers and export them for analysis. - .NET concepts: How to fetch diagnostic data from .NET services?
• 

  Docker build without Docker

  Oliver Seitz · Associate Manager, Accenture

  Ever wondered what a Docker image really is? How do layers work? Why are images content-addressed? And how does Docker turn a sequence of filesystem changes into something a container runtime can execute? Let’s continue the "Docker * without Docker" series and take a deep dive into Docker image builds - without relying on Docker itself. We use docker build every day, but what actually happens under the hood? We’ll explore the Linux and OS concepts that make builds possible: root filesystems, filesystem diffs, OverlayFS, tar archives, hashes, and image metadata. Step by step, we’ll reconstruct the core ideas behind docker build directly from the terminal, to see how much of Docker is clever orchestration rather than magic. Join me for a hands-on exploration of what Docker images truly are - and why understanding the build process changes how you think about performance, image size, caching, and container behavior.
• 

  Dockerize Java Securely: SBOMs + Attestations + Bake

  Mohammad-Ali A'râbi · Senior Software Engineer, JobRad

  Containerizing Java applications is easy. Containerizing them securely is not. In this session, we'll explore how to strengthen your Java Docker builds with Software Bill of Materials (SBOMs) and registry attestations. Instead of generating a single SBOM at the end, you'll see how to extract SBOMs at every stage of a multi-stage build, catching vulnerabilities that would otherwise slip through. We'll cover: - Why SBOMs are critical for modern Java applications - How to integrate SBOM generation directly into Docker builds - Use Docker Bake to make it delicious - How to decrease the number of CVEs using Docker Hardened Images - Pushing SBOMs as attestations to your registry for supply-chain visibility - Asking Johnny Cage to sign the images and their SBOM attestations Live demo: Containerizing a Spring Boot app with security built in
• 

  Don’t Build Agents. Build Agent Skills for the Web

  Ohans Emmanuel · Software Engineer, HelloFresh

  Over the past year, model intelligence has skyrocketed, and agent tooling has improved significantly. However, there's still a gap: most AI agents don't have the procedural, domain-specific expertise needed to do real work inside real products, especially in web apps, where a small behaviour change turns into user-facing regressions. In this talk, I'll show how leveraging Agent Skills changes how you build AI features on the web: from prompt tweaking to shipping packaged guides, resources and scripts that turn a general-purpose agent into a product-specific one via the Agent Skills protocol (adopted by OpenAI, Anthropic and Cursor). I'll also show a practical way to do this in web apps without changing your current frameworks or LLM, with evals and versioning in place to prevent regressions. ## Outline 1. Title 2. The regressions that break Web AI apps 3. Mega-prompt anti-pattern and why MCPs and tools won’t save you 4. What “Agent Skills” are 5. Architecture (Web ↔ server ↔ agent ↔ VM access) NB: Even though this will be abstracted, I want the audience to understand why it's important. So, I’ll show the abstraction but not shy away from a quick look into its innards 6. Demo: baseline feature a) I’ll start with a simple web app and show why 90% of your users will never be power prompters and how to still have your Agent respond reliably 7. Demo: break it 8. Skill #1: Packaged SOPs a) Show a sample package SOP in an Agent Skill - scripts, validation, etc., all progressively loaded 9. Skill #2: Self learning AI agents with Skills 10. Versioning + tiny evals 1. The current status quo for Evals doesn’t work with Skills. Here, I’ll show how Web engineers can evaluate their AI Agent Skills 11. Checklist - Production checklist for using Agent Skills in a Web Application - regardless of tooling (Vercel AI SDK, langchain) and LLM (works across all LLMs) 12. Closing thesis
• 

  Dynamic Entities in .NET: Building Low-Code Systems on Top of Entity Framework Core

  Halil İbrahim Kalkan · Co-Founder, Volosoft

  Designing a truly dynamic data model is one of the most challenging tasks in modern application development. Many teams fall back to traditional approaches like Entity-Attribute-Value (EAV) or overly generic schemas, only to struggle later with complexity, performance bottlenecks, and maintainability issues. In this talk, we will explore the landscape of dynamic entity systems, compare alternative patterns, and highlight their strengths and tradeoffs, before zooming in on how Entity Framework Core can be leveraged to build something both flexible and efficient. Drawing on real-world experience from building the low-code capabilities in ABP Framework, I will share the key architectural decisions, pitfalls, and solutions that made our dynamic entity system robust and performant. You’ll see how EF Core’s extensibility can be pushed to its limits, how to handle querying and schema evolution at runtime, and how to avoid common traps while maintaining developer productivity. By the end of this session, you will have practical insights and patterns you can apply in your own projects when facing the challenge of designing dynamic yet reliable data models.
• 

  Edge AI on iOS: Beyond the Cloud, Designing the Next Generation of Intelligent On-Device Apps

  Precious Osaro · Senior Software Engineer, Justeat

  AI on mobile is shifting from cloud-dependent models to fast, private, on-device intelligence. In this session, we’ll explore how iOS developers can build intelligent features using Apple’s on-device AI stack: Core ML, Vision, Natural Language, Speech, and MLX. How to design and implement real production-ready AI edge feature. We’ll close with a forward-looking vision of how mobile apps can expose read-only data to a user’s on-device AI, enabling a future where apps collaborate through private agentic intelligence without compromising privacy or control. Attendees will walk away with concrete code patterns, architectural models, and demos they can apply immediately.
• 

  Engineering AI Sovereignty: You Code. aion.xyz Runs the Infrastructure.

  Jayden Watson · CEO and Founder, aion.xyz

  aion founder & CEO Jayden Watson will show how modern AI teams can move from endless infrastructure decisions, escape the hyperscaler trap, and gain immediate production value using aion’s full-stack AI platform. aion unifies software, hardware, and optimisation into one developer-first system: from training and inference to data, orchestration, and owned GPU infrastructure. Developers write code. aion handles everything else. The session combines real production architectures, performance benchmarks, and deployment patterns used by Fortune 500 enterprises and AI-native startups to build AI systems in weeks instead of months, without cloud lock-in, GPU waitlists, or hidden complexity. Attendees will leave with a practical understanding of how to ship AI faster, cheaper, and with far less operational overhead.
• 

  Engineering Customer Journey Analytics at Scale: Lessons from Germany's Largest Banking Platform

  Sophie-Theresa Kleinke · Data Engineer, Finanz Informatik, Eduard Dücker · Software Engineer, Finanz Informatik, Jannis Eickenroth · Head of Analytics and Customer Insight, Finanz Informatik

  Customer experience is only as good as your ability to understand what happens across complex digital processes. But what if those processes all look different? At the Sparkassen Finance Group, more than 50 million customers interact with over 120 digital banking journeys from consent management and account opening to savings plans and financial products. While these journeys pursue similar goals, their structures, events, and outcomes vary significantly, making consistent analytics a major engineering challenge. In this session, we share how we built a scalable customer journey analytics platform capable of analyzing process data across hundreds of heterogeneous workflows. We explain the architectural decisions behind transforming journey analytics from isolated reports into a reusable analytics service, including our move toward a lakehouse-based architecture to handle growing data volumes and increasingly semi-structured event data. We dive into the technical challenges of aggregating process data across multiple clusters, designing reusable journey models, optimizing query performance, and delivering analytics back to individual institutions at scale. Along the way, we show how process funnels and journey analytics reveal unexpected success patterns, identify friction points, and uncover optimization opportunities that directly improve both software products and customer experience. Attendees will gain practical insights into building scalable analytics platforms, handling complex event-driven process data, and turning customer journey analytics into a reusable engineering capability rather than a collection of dashboards.
• 

  Engineering Manager Pendulum: Generating compound interest on your career

  Marcin Olichwirowicz · Engineering Manager, Netflix

  Most career advice tells you to climb the ladder linearly. I’m going to tell you why I jumped off it - and how that "demotion" generated the highest returns of my career. I was a Startup IC who jumped into a large organization management, only to realize I lacked the technical "scale" to lead effectively. I will walk you through my decision to swing the "Manager Pendulum" back to an IC role, and how each swing compounded my skills: The Investment: I swung back to IC to learn "Operational Reality." Because of my management background, my impact compounded - I knew exactly which battles to pick and which to ignore, navigating large company politics better than my peers. The Cost: It wasn't free. I faced the "Mentorship Vacuum," the "High-Performance Trap," and a job market that viewed my non-linear path with suspicion, making offers harder to get. The Dividend: When I swung back to Big Tech management, I wasn't starting from scratch. I was starting with Compound Interest -armed with technical confidence and high-fidelity empathy that only a recent IC possesses. I will show you why the pendulum isn't a back-and-forth motion - it's an exponential curve upwards.
• 

  Event-Driven AI Agents: Orchestrating Long-Context Legal Processing at Scale

  Luca Bianchi · CTIO, MESA

  Building AI agents that process legal documents with 10,000+ pages requires more than throwing context at an LLM. This talk dissects our production event-driven architecture. You'll learn: - Why synchronous LLM calls fail at legal document scale - the cold start and a timeout problem - Event-driven orchestration patterns for multi-step agent workflows (planning, dynamic loading, context assembly) - Long-context chunking strategies that preserve legal reasoning chains - Cost optimization: how we reduced per-request costs 73% through intelligent caching and selective context loading - Production failure modes: what breaks when agents plan incorrectly Concrete architecture, real metrics, battle-tested patterns. No theoretical frameworks - this is what actually runs in production, processing legal contracts for 10M+ users.
• 

  Event-Driven Microservices: Patterns and Practices for Production-Ready Systems

  Lutz Huehnken · Fractional CTO, Interim Manager and Architect

  Event-driven architecture has become a key pattern for building scalable, resilient, and loosely coupled systems, especially in microservices environments. However, designing and implementing such architectures effectively in real-world scenarios remains a challenge. This full-day, hands-on workshop provides a practical deep dive into designing microservices that communicate through events. Participants will learn how to architect services using asynchronous, event-based patterns to improve system modularity and flexibility. The workshop is technology-agnostic, focusing on concepts and patterns that can be applied across platforms, using message brokers such as Apache Kafka. Through presentations, exercises, and collaborative system design, attendees will explore core topics including event choreography vs orchestration, message design, delivery guarantees, idempotency, observability, and failure handling. Realistic scenarios and challenges will help solidify understanding of how to apply these patterns effectively. The workshop also addresses practical concerns such as schema evolution, monitoring message flows, using dead-letter queues, and ensuring reliability in distributed systems. Participants will walk away with a clear understanding of both the advantages and tradeoffs of event-driven communication in microservices. This workshop is aimed at software engineers and architects with prior experience in building distributed systems or microservices. No specific programming language knowledge is required; examples and labs are designed to focus on architecture and system behavior rather than language syntax. By the end of the day, participants will be equipped with a set of actionable techniques, best practices, and mental models for designing robust event-driven systems that are ready for production.
• 

  Exploring Server Side Rendering

  Krasimir Tsonev · Senior Engineer, Antidote.me

  Server-side rendering (SSR) is back in the spotlight—and React is evolving fast. In this workshop, we’ll go deep into the mechanics, performance trade-offs, and modern techniques of SSR with React.js. You'll start by building an SSR app from scratch — no frameworks, just raw renderToString and hydrateRoot—to truly understand how React renders on the server and hydrates on the client. From there, we'll upgrade to React 18’s streaming capabilities using renderToPipeableStream, implement selective hydration using Suspense, and integrate data fetching directly into the server render cycle. We’ll look at React Server Components (RSC), showing how they complement SSR. We'll also cover hydration strategies, how to prevent mismatches, and how to cache or stream HTML effectively for real-world performance. Finally, we’ll bridge our manual SSR work into production frameworks like Next.js.

• Extreme Rules Lawyering with the ECMAScript Specifications

  Speakers TBA

  Nerds all over the galaxy agree: TECHNICALLY correct is the best kind of correct! So why not mine the ECMAScript specifications for some technically valid JavaScript programs that “work”, but only by exploiting a wide variety of obscure semantic loopholes on the way? This talk goes far beyond mere syntactical obfuscation and explores the absolute fringes of JavaScript—for fun and for very, very little profit. Let us summon forbidden objects, unearth unholy functions that are not meant to be developer-accessible, and abuse features that TC39 would REALLY like to sweep under the rug. Anybody can follow “best practices” and write “readable code”, so how about learning something actually new and unique? This session will instantly turn you into a living and breathing JavaScript infohazard, uniquely able to conjure up valid JavaScript programs that even ChatGPT could not hallucinate.
• 

  Fast Agents Produce Bad Results Faster

  Mardu Swanepoel · Head of AI Engineering, Flinn.ai

  A lot of effort goes into improving agent output speed - streaming, caching, "thinking" indicators. Yet, none of it matters if the agent's output is not actually useful. This talk examines why capable agents consistently fail to deliver on their promise: and it's not because they lack capability, but because we've optimised for the wrong thing. The core problem is a speed paradox: agents are designed to optimise for speed to output rather than speed to understanding. Speed isn't what makes an agent valuable—useful, trustworthy results are. The talk is structured around three lessons learned the hard way building production agents at Flinn. Each lesson is grounded in a real system: the trust paradox was illustrated by our multi-channel medical device complaints handler, the failure of typical trust mechanisms (legibility, boundaries, reversibility) through our autonomous regulatory monitoring agent, and the question of whether chat is the right interface for agentic systems is explored through our clinical writing co-pilot. Across all three systems, the pattern was the same: we had to slow the agent down to make it useful. Participants leave with a framework for evaluating agents through the lens of trust architecture rather than technical capability, specific strategies for building understanding before execution, and concrete examples of what breaks in production and what works instead.
• 

  Fast, Confident, and Wrong: When AI Fails at Accessibility

  Radostina (Ina) Tsvetkova · Senior Advisor, NAV

  You ask your AI assistant to fix an accessibility issue. It gives you code that looks perfect, runs without errors, and even cites WCAG success criteria. And you trust it. Why wouldn't you? It sounds so certain. You ship it. Then your QA team reports that keyboard users are now trapped in your navigation menu. This lightning talk exposes the three most dangerous ways AI fails at accessibility work and shows developers how to build verification workflows that catch these failures before they reach production. Attendees will learn why AI confidently invents WCAG success criteria that don't exist, how seemingly correct fixes can break assistive technology, and why verification is not optional when AI touches accessibility code. AI is a productivity multiplier for developers who already understand accessibility fundamentals, it is not a replacement for learning them. AI will help you move fast, but only verification keeps you from breaking accessibility. Trust, but verify! And know exactly what to verify.
• 

  Finding the Vibe: My journey back to coding

  Michal Cyprian · Engineering Manager, Kiwi.com

  If you're an Engineering Manager, you probably miss it—that productive feeling of shipping code. I know I did. It felt like I'd traded my keyboard for a calendar, and I was terrified of becoming a bottleneck if I ever tried to jump back into the code myself. My technical skills were gathering dust. Then I found a way back. I realized that the skills I use every day as a manager—defining requirements, pointing my engineers to the right resources, and giving feedback on their work—were exactly what I needed to direct a new kind of developer: an AI agent. I'll share my playbook for leveraging agentic AI to transition from idea to shipped code in just a few hours a week. You'll learn how to find your way back to coding, all without getting in your team's way. It's been a game-changer for me, and it’s the most fun I’ve had in years.
• 

  Fine-Tuning Small Language Models for Agentic AI

  Björn Buchhold · Technology Evangelist, CID

  Agentic AI promises significant business value, yet many proof-of-concepts fail in production: Large foundation models are expensive, slow, and vulnerable to prompt injection, a risk that escalates when agents interact with untrusted data sources like emails, websites, or documents. Specialized, fine-tuned Small Language Models (SLMs) with just a few billion parameters can address these challenges. They offer enforceable control through domain constraints and structured outputs, dramatically reduced costs and latency, and inherent security through limited complexity. This talk explores two approaches to creating specialized agents: Distillation via Synthetic Data (using large models as "teachers" to train smaller "student" models) and Reinforcement Learning from Verifiable Rewards (RLVR). The core of this presentation focuses on practical evaluation: We present original experiments applying these techniques to real-world agentic applications. If you have a successful agentic AI application, this approach can help make it more efficient without loss of quality, but it doesn't always work. We evaluate when specialized SLMs can replace or even outperform large models, and when they fall short. Attendees will leave with concrete guidance on where this technique delivers value and where it doesn't.
• 

  Five Ways to Break Silos in Your Engineering Organization

  Daniel Schniepp · Senior Staff Engineer, Mercedes-Benz

  Large or fast-growing engineering organizations often foster silos, separating teams, hindering collaboration, and reducing the impact of collective knowledge and opportunities for technology sharing. But you don’t need a management mandate or a big budget to start breaking them down. I’ll share five approaches I’ve successfully used that can be used by individual contributors and managers to bridge gaps between different parts of your organization. From fostering intrinsically driven grassroots communities of practice and running internal tech conferences or hackathons to encouraging cross-team code contributions and rotating engineers between products, each approach is designed to be flexible, scalable, and low-cost. I’ll also share personal experiences and the impact these approaches had on the organization. Whether you're an experienced individual contributor or a manager, this talk will offer practical ideas and inspiration to drive change and encourage you to not give up, even when you experience setbacks.

• Football for Good: Hackathon Finals - Live Pitches & Awards

  Speakers TBA

  The top hackathon teams take the stage to pitch their Football for Good AI agent prototypes to a panel of technical influencer judges. Each finalist delivers a 5-minute live pitch covering their problem statement, working demo, agentic architecture, and real-world social impact. Judges deliberate and winners are announced live on stage. Come watch the best agent-powered solutions built over 3 days compete for the prize pool.

• From Agents to Teams: Complete Your Build & Form Your Hackathon Squad

  Speakers TBA

  Continue building and refining your AI agent from the Agentic Football Cup, deepening your hands-on experience with Strands Agents and Amazon Bedrock. Then shift gears! it's time to form hackathon teams. Solo registrants match up with teammates based on skills and interests, teams select their Football 4 Good challenge category, and coaches are assigned. You'll leave this session with a working agent under your belt, a team at your side, and a clear challenge to solve over the next two days.
• 

  From AI Assistance to Agentic Systems: Scaling Sovereign AI in Banking

  Julia Koch · Executive Director, CTO and CCO, FInanz Informatik, Markus Hacker · Senior Regional Director Enterprise DACH, NVIDIA

  AI is no longer defined by experimentation, it is defined by expectations. Customers expect intelligent guidance, employees expect real relief in their daily work, and regulators expect transparency, control, and accountability. In this joint keynote, Julia Koch (Finanz Informatik) and Markus Hacker (NVIDIA) share how AI transformation evolves when it’s built for everyday impact, sovereign operation, and agentic capabilities at scale. Building one of the largest AI implementations worldwide in the financial sector, Julia shares insights from the transition from AI assistants to agentic AI systems that proactively support complex processes across highly regulated, large-scale ecosystems. The session focuses on three decisive factors of effective AI transformation: • Use-case-driven value creation, ensuring AI delivers measurable benefits for customers and employees • agentic architectures, enabling AI systems to reason, orchestrate, and act within clearly defined boundaries • and sovereignty, providing full control over data, models, and infrastructure as a prerequisite for trust, compliance, and scalability. Attendees will gain insights into how Finanz Informatik builds and operates a fully sovereign and 100% on-prem AI platform for the Savings Banks Finance Group, scaling AI assistance and agentic capabilities across 341 institutions, 200,000 employees and 50 million customers. NVIDIA complements this perspective by showing how accelerated computing and modern AI architectures enable sovereign AI factories to run reliably, efficiently, and sustainably at enterprise scale. This session shows how AI becomes a growth engine when organizations move from pilots to platforms, from tools to systems, and from innovation promises to everyday impact.
• 

  From APIs to MCP: Enterprise Governance, Registry, and Controls

  Stefan Mesquita · Platform Experience Lead, Deutsche Bank

  APIs remain the foundation of enterprise integration, but AI agents are changing how capabilities are discovered and consumed. MCP standardizes tool discovery and invocation, enabling agents to interact with enterprise systems through reusable tools. The challenge is not enabling MCP. The challenge is governing it at scale. In this talk, we will discuss how to operationalize MCP in an enterprise by leveraging existing API Management capabilities instead of creating a parallel governance stack. We will cover how to build a shared registry for APIs and MCP servers that acts as the discovery layer for modern agents, and we will walk through the governance controls that matter in practice. Attendees will leave with a practical blueprint for implementing MCP safely and repeatably at enterprise scale, making MCP adoption scalable, observable, and compliant.
• 

  From Build to Breach: Hacking Kubernetes Through the Supply Chain

  Ali Alp · Distinguished Software Architect, Brainlab

  The next generation of Kubernetes breaches won’t start in your cluster — they’ll start in your build pipeline. In this session, we’ll follow a realistic attack chain that begins with a compromised dependency and ends with a live DNS-based exfiltration inside a Kubernetes cluster. Step by step, through live demos, we’ll see how a single poisoned package can slip through CI/CD, sneak into an image registry, and quietly abuse CoreDNS to leak secrets. Then we’ll flip the script and show how to stop it using open-source, CNCF-hosted tools like Kyverno, Sigstore, and Falco. You’ll leave with a clear mental model of how supply-chain weaknesses evolve into cluster compromises — and a practical checklist of defenses you can apply today.
• 

  From Bytes to Execution: Writing a WebAssembly Runtime in Rust

  Gaurav Gahlot · Staff Software Engineer, IONOS Cloud

  WebAssembly runtimes power everything from serverless platforms to container sandboxes — but their internals often feel opaque. In this talk, I demystify those internals by presenting Whisk, a minimal WebAssembly runtime I built entirely in Rust. Rather than focusing on a production-grade engine, Whisk intentionally strips the runtime down to its essential components: module parsing, validation, memory handling, and instruction execution. Walking through these pieces makes the architecture of a WASM runtime clear and approachable, while also showing how Rust’s enums, traits, and safety guarantees naturally support VM design. We’ll explore how an interpreter is built step-by-step, what trade-offs arise in a minimal design, and how Whisk differs from larger runtimes like Wasmtime or Wasmer. I’ll also demo Whisk running real WebAssembly modules (non-WASI), illustrating where the boundaries of a tiny runtime lie. Attendees will learn: - How a WebAssembly runtime works from the inside out - How to design a small interpreter in Rust - Why Rust is well-suited for building VMs and sandboxes - The trade-offs between minimal and production-grade runtimes - How lightweight engines fit into today’s WASM and cloud-native ecosystem This talk offers a practical and accessible deep dive into WebAssembly internals — with Rust as the guide.
• 

  From Cloud Racks to Control Cabinets: Operating Kubernetes on Edge Devices

  Thomas Weinschenk · Software Developer, Endress+Hauser

  Cloud‑native is routine in the cloud—but how do you run that routine inside control cabinets on edge devices? This talk focuses on operating Kubernetes on edge devices in a vendor‑neutral way. We’ll map an edge‑grade reference path from code to fleet‑level rollout and observability—using open standards and open source rather than tool‑specific implementations. You’ll see how to package and ship modular workloads (e.g., PLC/HMI/DCS as examples) onto heterogeneous cabinet hardware, and how to run them with staged deployments, rollback patterns, and uniform telemetry. We’ll also show how the Open Industry 4.0 Alliance – Software Defined Automation (SDA) initiative frames the journey from PoC to scale, and how Margo (Linux Foundation) clarifies device roles, application packaging and a desired‑state model that unlocks interoperable edge fleets. The outcome is a practical checklist and set of guardrails for constrained devices, intermittent networks, and autonomous operation—so teams can move beyond lab demos and run real workloads at the edge with Kubernetes, without vendor lock‑in.
• 

  From COBOL to Java: How Developers Transition 60 Years of Legacy into Modern Java Services

  Kritika Murugan · Software Engineer, Finanz Informatik, Jannis Eickenroth · Head of Analytics and Customer Insight, Finanz Informatik

  COBOL systems written decades ago still power some of the most critical parts of modern banking. At the same time, developers today expect modular architectures, automated pipelines, and fast feedback loops. In this session, we take a deep dive into our COBOL-to-Java journey within the German Sparkasse Finance Group, where mission-critical mainframe systems serve over 50 million customers every day. We’ll show how we approached the transformation of large, poorly documented COBOL codebases into modern Java services. Not as a naïve 1:1 rewrite, but as a deliberate redesign focused on modularity, shared services, and long-term maintainability. You’ll learn how AI helped us understand legacy code, identify business logic, and reduce the cognitive load for developers. We’ll also talk openly about what didn’t work, where the mainframe still makes sense, and how developer empowerment became a key success factor for sustainable modernization. This talk is for developers and architects who are facing legacy systems not as a burden but as a foundation to build on.
• 

  From Code Monkeys to Brain Athletes: Why Your Brain Is Your Most Critical Dev Tool in the AI Age

  Elisa Schön · Senior HR Business Partner, Tagesspiegel

  Session Abstract Nearly three-quarters of IT professionals in Europe report burnout or work-related stress, with similar patterns emerging globally, but here's the uncomfortable truth: While we're automating code, we're atrophying our brains. This talk bridges neuroscience and software engineering to reveal a paradox threatening every developer's career: Chronic stress doesn't just make you tired, it physically shrinks your hippocampus, reduces neuroplasticity, and destroys the cognitive flexibility that makes you valuable in an AI-saturated job market. Drawing from cutting-edge 2025-2026 research in neuroplasticity and my work at the intersection of psychology and organizational systems, I'll demonstrate: - The Cognitive Flexibility Crisis: How elevated cortisol from chronic stress impairs working memory and cognitive flexibility; exactly the skills AI can't replace - The "Use It or Lose It" Reality: When chronic stress disrupts neuroplasticity, it leads to cognitive inflexibility, emotional dysregulation, and poor decision-making; passive AI dependency accelerates this decline - The Brain Training Protocol: Concrete, science-backed interventions that reverse stress-induced brain damage and build cognitive resilience Participants will walk away with: - A Neuroplasticity Audit: Self-assessment tools to measure your cognitive load and brain health risk factors - The 3R Recovery Framework: Results → Responses → Responsibility for active AI collaboration that strengthens neural pathways - Practical Brain Hacks: From strategic deep work blocks to meditation techniques that develop more gray matter in the hippocampus and reduce it in the amygdala This isn't wellness theater, it's career survival. In 2026, the most successful developers won't be those who write the most code. They'll be those who've trained their brains like elite athletes, building the cognitive endurance to thrive alongside AI, not be displaced by it.
• 

  From Compliance to Code: the Cyber Resilience Act (CRA), SBOMs, DevTeams and YOU!

  Marcus Ross · CCoE Lead, Hamburg Port Authority, Bjarne Valentin Rentz · SRE, Hamburg Port Authority

  The EU Cyber Resilience Act (CRA) is reshaping how manufacturers and developers must secure their products—but what does it mean for your Developer platforms, DevOps pipelines, and DevTeams? In this session, we’ll share a real-world implementation of the Technical Guideline TR-03183 from the Federal Office of Information Security (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03183/BSI-TR-03183-2_v2_1_0.pdf?__blob=publicationFile&v=5). We demonstrate how to technically address CRA mandates without drowning in compliance overhead. We’ll start by answering: "Why should Developer teams care about the CRA?" Then we’ll dive into our stack with cdxgen, DependencyTrack, and Central Cyclone to show how we automated SBOM generation, vulnerability tracking, and compliance reporting - all with a real application from the port of Hamburg. We dive into: - Why should your DEV-teams care about CRA? - How DevOps/SRE teams can shield developers from compliance friction with automation - Where the pain points lie, spoiler: team emotions and tooling gaps matter as much as tech - A technical blueprint you can adapt - A checklist for team readiness (because compliance isn’t just about tools—it’s about people) You will leave with ✅ Understand the CRA’s impact on your Kubernetes/Dev platform (and why ignoring it isn’t an option). ✅ See a production-ready workflow for SBOMs, vulnerability management, and compliance automation. ✅ actionable insights on integrating CRA requirements with SBOM handling into your CI/CD pipelines. ✅ A clear "why this matters" for your org, and lessons from the trenches of securing critical infrastructure with Kubernetes. ✅ Get a checklist for team adoption—because compliance is a cultural challenge, not just a technical one.
• 

  From conversational job search to AI agents, must we reinvent recruitment?

  Robindro Ullah · CEO, Trendence Institut

  The recruitment market is changing dramatically — again — and those of us in HR are barely noticing. Rather than addressing and adapting to these significant changes, we are ignoring them completely. The shift to conversational job searching alone is turning our recruitment process on its head. With the addition of AI agents, we must rethink our processes and our technological setup. In this lecture, I would like to draw attention to the underestimated changes and highlight the dramatic nature of the situation, so that no one is caught unawares.
• 

  From CPUs to QPUs: A Software Engineer’s Guide to Quantum Computing

  André Alves · Software Engineer, eleQtron

  Quantum computing is attracting enormous interest lately, but for most software engineers, it remains abstract, physics-heavy, and difficult to connect to everyday development work. This talk takes a different approach. Instead of repeating familiar sound bites about what qubits are and what superposition means, we will map quantum computing concepts onto the abstraction layers we already understand from classical systems. We will compare the state of quantum computing today to the early development of classical computing during the twentieth century. We will also examine what a QPU actually is, how it is fundamentally different from a CPU, and why quantum computers are not simply faster versions of the machines we already use. Finally, we will look at the classes of problems where quantum computing has genuine theoretical or practical promise. Attendees will leave with a clear mental framework for reasoning about quantum computing from the perspective of software engineers: understanding what it is, what it is not, and how it may eventually integrate into real-world systems.
• 

  From Hallucination to Justification: Hands-On Explainability for LLMs

  Lucía Conde-Moreno · Software Engineer, Info Support, Tessel Haagen · Consultant Data AI, Info Support

  Human beings are biased and often wrong. Artificial intelligence learns from human-created data. Therefore, artificial intelligence is biased and often wrong. This has been a critical problem across machine learning applications in the last years. To break open the black box of AI models, and understand how they make decisions, the concept of explainability was introduced. Then, LLMs entered the chat. They answer our questions confidently and with a beautiful prose, even when they are making up data. Explainability then becomes essential to trust -or not- their output. But when the existing explainable AI methods cannot be directly applied to these models, what do we do? In this workshop, we will delve into the topic of explainable AI, and its importance in the current context of LLMs and agents. Starting from traditional machine learning to then focus on LLMs, we will cover the different methods that can be implemented, from well-known ones to novel proposals stemming from our internal research. We will also introduce research-proven prompting strategies, tips, and tricks to integrate explanations on third-party LLM services that are not natively explainable. Through guided exercises, you will get to peek under the hood of AI models, LLMs' behavior, and agents reasoning, by trying out these different techniques, and seeing their benefits and limitations first-hand. You will experience the risks and challenges that generative AI and agentic AI bring when implementing explainability, and learn practical ways to tackle them. By the end of the workshop, you will leave with a mental toolkit you can apply immediately to know: - When to trust (or distrust) LLMs - Which explainability capabilities to implement (and how) on your RAG systems and LLM-based workflows (or which ones to look for when choosing a third-party service), and - How to make LLMs' behavior more predictable, transparent, and ultimately safe
• 

  From messy addresses to production-ready data: Build a location enrichment pipeline on AWS with HERE

  Alberts Jekabsons · Senior Developer Evangelist, HERE

  Location data often works in development and quietly fails in production. Test addresses are clean. Real user inputs are incomplete, inconsistent, ambiguous, duplicated, misspelled, or missing the context downstream systems need. In this hands-on workshop, developers will build an AWS-based location enrichment pattern that turns messy real-world addresses and location inputs into structured data using HERE Geocoding. Through guided live coding, attendees will learn how to normalize inputs, enrich them with coordinates and location metadata, handle ambiguity, and prepare the resulting data for one concrete downstream workflow. Focus areas include service-area validation, delivery readiness, or customer operations analytics (or: prepare the resulting data for service-area validation and operational reporting). The session also shows how HERE Location Services enrich AWS-based architectures and be procured through AWS Marketplace, giving teams a cleaner path from prototype to production. This workshop is for developers, cloud engineers, solution architects, and SaaS builders who need real-world location data to work reliably once actual users, customers, assets, deliveries, or operational records are involved.
• 

  From Messy Querries to Scalable Systems - How Data Engineering actually works

  Sandhya Menon · Lead Data Engineer, E.ON Energy Deutschland

  I started my tenure at E.ON Energy Deutschland as a Business Analyst in a small BI team and currently am a lead Data engineer in the Data Engineering team. In my talk I would like to showcase the importance of Data Engineering and explore how ad hoc analytics at E.ON evolved into reliable data systems. I would like to uncover how good Data engineering paractises turn ad hoch analytic querries into scalable data platforms and improve not just perfrmance and cost but also collaboration, trust and developer experience.
• 

  From Perception to Autonomy: Building Agentic Edge AI Robots with ROS 2

  Moe Sani · Solutions Architect, Edge Impulse

  AI in robotics is moving fast — from cloud-dependent pipelines to fully autonomous, on-device systems that perceive, reason, and act without connectivity. But for most developers, the gap between "cool demo" and "working robot" is still wide. This talk bridges that gap. I'll walk you through the evolution of Physical Edge AI — what it actually means in practice, not just in keynotes — and show you how to build a real autonomous system using ROS 2, Edge Impulse, and Qualcomm edge hardware. The centrepiece is a live architecture walkthrough of an autonomous inspection robot I built and demoed at Embedded World 2026. It runs two AI models on-device: a fast object detector to decide where to look, and a close-up anomaly scorer to decide is this a problem? — all orchestrated as ROS 2 nodes on a Qualcomm QCS6490 (RubikPi 3), with zero cloud dependency. From there, I'll zoom out to what's coming next: agentic edge AI — robots that don't just detect and classify, but plan, decide, and adapt using lightweight LLMs/VLMs running locally on edge hardware. I'll cover the practical building blocks available today (TensorRT Edge-LLM, quantised VLMs on Jetson, vision-language-action models), the ROS 2 integration patterns that make this work, and the honest gaps that still need solving. What you'll take away: A reusable architecture pattern for multi-model edge AI robotics (detect → inspect → decide) How to integrate Edge Impulse ML models as native ROS 2 nodes What "agentic" actually means at the edge — and what's real vs. hype in 2026 Practical guidance on edge hardware selection (Jetson, Qualcomm, NPUs) and when to go hybrid edge-cloud Where the open-source ecosystem (ROS 2, Edge Impulse, NVIDIA Isaac) is headed for developers who want to build physical AI systems
• 

  From Scheduler to Events: Rethinking Alerts in a Modular System

  Cristina Musceleanu · IT Application Development Expert, European Central Bank

  Many enterprise systems rely on a central scheduler to run alerts and notifications - until that scheduler becomes a bottleneck for change, reliability, and scalability. In this talk, I’ll share our ongoing journey of replacing a traditional scheduler-based approach with event-driven processing in a large, modular system. Instead of rewriting everything or introducing heavy infrastructure, we focused on changing the architecture step by step: decoupling alert logic, isolating failures per module, and moving from time-based execution to meaningful triggers. I’ll walk through the design decisions we made, the trade-offs we faced, and the mistakes we learned from while transforming how alerts are generated and processed. This session is not about a perfect end state, but about the real work of evolving a legacy system under real constraints and how small architectural shifts can lead to big improvements in resilience, clarity, and team ownership.
• 

  From Space to Software: Reliability Lessons 40 Years After Challenger

  Robert Barron · SRE Architect, IBM

  The Space Shuttle Challenger disaster is often explained as a technical failure, but the engineers knew something was wrong before launch. What failed was not their expertise - it was the system of decisions, incentives, and escalation paths that surrounded them. This talk reframes Challenger as a leadership and management case study, highly relevant to today’s engineering managers. Modern software organizations operate systems that are fast-moving, distributed, and business‑critical, under constant pressure to deliver. In those conditions, reliability rarely fails because of a missing alert or a bad design - it fails because risk becomes normalized, concerns stop escalating, and “acceptable” tradeoffs quietly stack up. By drawing deliberate parallels between NASA’s launch decisions and contemporary software organizations, this session examines how management structures, delivery metrics, and cultural signals shape technical outcomes. Attendees will explore how well‑intentioned decisions (schedule pressure, ownership ambiguity, optimistic reporting) create environments where teams do the “right thing” locally while producing system‑level failure. The core argument is simple: reliability is not owned by operations or enforced by tooling. It is a leadership responsibility, expressed through priorities, incentives, and how managers act when tradeoffs appear. Note - this session could be presented in the DevOps category too.
• 

  From Static Rules to Reasoning Platforms: Scaling Intelligent Canary Delivery in 2026

  Daniel Oh · Senior Principal Developer Advocate, IBM

  As organizations scale their Kubernetes footprint, the "Day 2" reality of GitOps becomes clear: static thresholds are brittle. Standard Canary rollouts rely on fixed Prometheus queries (e.g., Error Rate < 1%), but these rules lack the context to distinguish between a minor transient blip and a systemic failure. For Platform Engineers, this results in "Alert Fatigue" and manual "promotion" gates that slow down the delivery pipeline. In 2026, we are moving from Static Automation to Reasoning Platforms. This session explores how to evolve your delivery infrastructure into an intelligent system that doesn't just follow rules, but reasons through data. We will demonstrate how to wrap ArgoCD Rollouts with an Agentic Reasoning Layer capable of cross-referencing metrics, logs, and distributed traces to make autonomous "Go/No-Go" decisions. We will trigger a Canary deployment that passes basic health checks but introduces a "silent failure" (e.g., a cache hit-rate drop causing downstream latency). You will see the Reasoning Platform detect the anomaly, pause the rollout, "investigate" the root cause, and present a natural-language justification for the automated rollback.
• 

  From Vague Ideas to Precise Specifications – AI as Process Catalyst

  Patrick Schnell · Managing Director, schnell.digital

  We've all been there: clients know what they want but struggle to articulate it. Teams interpret requirements differently. Half the specs are missing. This talk explores how language models help transform this chaos into structured user stories. Through live demos, I'll share practical prompting strategies that actually work. Spoiler alert: AI isn't a miracle cure, it's an intelligent sparring partner. Developers remain essential – because only they truly understand the context. Let's dive into how AI amplifies your requirements process without replacing your expertise.
• 

  From Vector Search to Better Understanding: How Hybrid RAG Improves Answers, Not Just Matches

  David vonThenen · Senior AI/ML Engineer, NetApp

  Retrieval-Augmented Generation is everywhere, and most teams start with vector search when building out these agents. It works well when the goal is finding relevant text. It struggles when the task shifts to understanding, summarizing, or reasoning across multiple documents. Developers often discover this the hard way when their system retrieves "relevant" chunks but still produces shallow, inconsistent, or even contradictory answers. This session introduces Hybrid RAG as a practical alternative. We'll walk through how combining vector retrieval with symbolic and keyword-based approaches changes what the model can actually do. You'll see why Hybrid RAG performs better for synthesis-heavy tasks, how it reduces failure modes common in embedding-only pipelines, and how to implement it in practice. The talk includes multiple live demos that show the differences side by side, using open-source code you can adapt to your own solutions.
• 

  From Vibe Coding to Viable Code with Spec-Driven Development

  Julian Wood · Developer Advocate, AWS

  Vibe coding is fun, until it isn’t. Already using AI coding tools but want more reliable results? Spec-driven development bridges the gap between fast prototyping and code that actually ships. Discover how specs give your AI the context it needs to produce consistent, repeatable code without losing the creative freedom that makes vibe coding useful. As AI agents become more capable, specs are also evolving to become the way developers express intent to agents, turning your requirements into their instructions. Learn how to write specs that actually work and leave with a set of ideas and approaches you can start applying immediately.
• 

  Future of Mobile AI. What On-Device Intelligence Means for App Developers

  Sasha Denisov · Chief Software Engineer, EPAM

  Two years ago, adding AI to your app meant one thing: cloud APIs. You sent data to a server, waited for a response, paid per request, and hoped your users had good internet. Privacy? A terms-of-service checkbox. That world is ending. Today, you can run a large language model directly on a phone. No internet required. No per-request costs. Data never leaves the device. This isn't a research demo — it's production-ready technology that changes what's possible for app developers. I built flutter_gemma, an open-source plugin that lets developers run AI models like Gemma locally on iOS, Android, and Web. Through this work, I've learned what on-device AI actually means in practice — not the marketing version, but the real tradeoffs, limitations, and opportunities. In this talk, I'll share what I've discovered: What's now possible — Running models like Gemma 3 on a smartphone. The hardware (NPU, Neural Engine) that makes it work. The formats (.task, .litertlm) that matter. What changes for developers — New architectural patterns: offline-first AI, hybrid cloud/edge approaches. New decisions: which model size, which format, where to store gigabytes of weights. New skills: fine-tuning, conversion, optimization. The honest tradeoffs — Not every phone can run every model. Smaller models are faster but less capable. Some support separate LoRA weights for easy updates, others require full model replacement. I'll explain what works where. Where we're heading — Multimodal models (text + images) on device. Function calling — AI that controls your app. Personalization through on-device fine-tuning. Models designed specifically for edge, like Gemma 3n. The future of mobile AI isn't about replacing cloud — it's about giving developers a new option. One that's private, fast, and works anywhere.
• 

  GenAI in Testing: Using GitHub Copilot to Accelerate Quality Without Losing Trust

  Moataz Nabil · Software Engineering Manager, AVIV Group

  Generative AI is rapidly changing how developers write code—but its impact on testing and quality engineering is often misunderstood. While tools like GitHub Copilot can dramatically speed up test creation, they can also introduce flaky tests, false confidence, and security risks if used without clear guardrails. In this hands-on workshop, we’ll explore how to use GitHub Copilot effectively and responsibly for testing. Drawing from real-world experience rolling out AI-assisted developer tooling in platform and CI/CD environments, this session focuses on accelerating quality without sacrificing trust. Participants will learn where GenAI adds real value in testing workflows—and where human judgment is still essential. We’ll work through practical examples of using Copilot to generate and refactor unit, API, and integration tests, create test data and mocks, and improve test readability and maintainability. Just as importantly, we’ll cover how to review, validate, and govern AI-generated tests so they meet production-quality standards. The workshop also touches on how AI-assisted testing fits into modern CI/CD pipelines, including quality gates, security considerations, and best practices for team-wide adoption. Attendees will leave with concrete techniques and guardrails they can apply immediately in their own projects.
• 

  GenAI Is a Junior Dev With Root Access

  Julian Totzek-Hallhuber · Lead Solutions Architect, XBOW

  Generative AI has become the fastest coder on the team. It never sleeps, never complains — and it ships code at a speed we’ve never seen before. But there’s a catch: GenAI writes code the way a junior developer would… with root access and no security instincts. In this talk, we’ll break down real data from the 2025 GenAI Code Security Report, which evaluated over 100 large language models across 80 security-critical coding tasks in Java, JavaScript, C#, and Python. The results are eye-opening: 45% of AI-generated code introduced a known security vulnerability, and that number hasn’t meaningfully improved — even as models get larger and “smarter.” We’ll explore: • Why AI-generated code often looks correct but quietly fails security fundamentals • Which vulnerabilities GenAI struggles with the most (and why XSS and log injection are especially bad) • Why bigger models don’t mean safer code • Why GenAI can’t reliably reason about data flow, trust boundaries, or user-controlled input • A real-world cautionary tale: “Vibe coding” introduced complex business logic flaws that led to miscalculations and workflow errors, showing how AI can unintentionally amplify mistakes Most importantly, we’ll discuss what this means for real-world development teams using AI copilots today — and how to safely integrate GenAI into your workflow without letting it ship tomorrow’s security incidents. If you’re using AI to write code, this talk will help you understand when to trust it, when to verify it, and why “it compiled” is no longer good enough.
• 

  Generative UIs and AI Assistants for Your Angular Applications

  Manfred Steyer · Google Developer Expert, ANGULARarchitects.io

  Copilot-style AI assistants are making their way into modern frontends: they guide users through processes, dramatically reduce task completion time, and answer questions through dynamically generated UIs. In this session, you will learn how to integrate these capabilities into Angular applications. We show how the open-source solution Hashbrown connects LLMs with state management, the router, and forms to enable context-aware interactions. You will learn how client-side tool calling and generative UIs work—and what happens under the hood between your application and the LLM. This also highlights the strengths and weaknesses of the two libraries used. By the end of the session, you will know how to extend your Angular applications with powerful AI assistants purposefully.
• 

  Getting started with Hexagonal Architecture

  Dagmar de Haan · Software Developer and IT Architect, Tom Asel · Software Architect, tangible concepts

  You’ve probably heard of hexagonal architecture — an approach that promises to clearly separate business logic from technical concerns, improve testability, and allow for flexible technology choices. But implementing it in real-world systems is rarely straightforward. From seemingly simple decisions like package structure to strategic questions such as defining module boundaries, the challenges are manifold. In this workshop, we’ll explore design decisions on architectural, module, and code level — always with a focus on practical relevance. Together, we’ll dive into the core principle of dependency inversion and apply it in hands-on, platform-agnostic exercises that are applicable across different technology stacks. You’ll leave with a practical foundation for both adopting and transitioning to hexagonal architectures in your own projects.
• 

  Go with the Flow: Stop the Leaks Before Your Memory's a Waterfall!

  Manfred Bjørlin · Principal Cloud Native Architect, Sopra Steria

  You thought you didn't have tio think about memory management and memory leaks when you were done with C? Think again! Join me starting the dive by looking at how golang allocates and deallocates memory, and the workings of the garbage collector. Learn how the stack and heap works. And why does my substring allocate so much memory? We'll dip our toes into some pitfalls we all are guilty of, and some that are real edge cases. We're looking at quite a lot of code examples, and coding patterns. What can cause your application, website or k8s operator to consume increasingly amounts of memory? And how to avoid it without crashing out in a OOM (Out of memory) error? And can I actually answer all of my own questions? Maybe more? Will you even know without joining in?
• 

  Go's Concurrency and Parallelism Inside Containers

  Rick Rackow · Senior Professional Engineer, Schwarz Digits

  A common assumption is that if a program is concurrent, it will also run in parallel, and that containers simply get a number of CPU cores to work with. In practice, neither of these assumptions holds. In this talk we explore how concurrency and parallelism behave inside containers, and why the same program can show very different performance characteristics when run on the host versus inside a container with CPU limits applied. Using a small Go program as an example, we start with a simple sequential implementation, introduce concurrency to structure the work, and then add parallelism to scale CPU bound processing. We observe how the program behaves under different container CPU configurations, and where expectations break down.
• 

  Goodbye Microservices, Hello Self-Contained Systems

  Simon Martinelli · Programming Architect, Martinelli

  Microservices are a popular approach to building modern software, offering scalability and flexibility. But many teams face challenges such as increased complexity, difficult debugging, and managing too many small services. In this talk, I'll introduce an alternative: Self-Contained Systems (SCS). Unlike microservices, SCS allows each part of your application to operate independently with its UI, logic, and database, simplifying both development and deployment. You'll learn why SCS can be a better fit for many projects, how it reduces the complexity of distributed systems, and when it makes sense to use this approach over microservices. Based on my current customer project, I'll show you how to build self-contained systems with pure Java. If you're ready to rethink your architecture and say goodbye to microservice headaches, this talk will show you the way!
• 

  GPU is not Monolithic : Packing LLMs with MIGs on Kubernetes

  Hajed Khlifi · AI/HPC Architect, Quantori

  Most of the LLM workloads now are deployed on Kubernetes clusters with GPU nodes and let's be honest this is the most expensive resource in the cluster. Currently, using GPUs in passthrough mode locks a single model to an entire GPU, leading to severe underutilization (~30%). In this talk I will explain how to manage GPU resources in an efficient way and attendees will understand how GPU cards are configured in a Kubernetes cluster, what is the difference between the three main Nvidia GPU installation modes: Passthrough, vGPU and MIG and how everything works behind the scene. I will demonstrate how Multi instance GPUs are the best solution for packing LLMs on Kubernetes and how it should be used in an advanced case scenario like packing multiple LLMs in the same cluster sharing the same GPUs without causing the noisy neighbor problem.
• 

  Hack Me, Bro: An Antifragile AI Battle Arena

  Andrew Demczuk · Chief Revenue Officer, angel-serve.com

  I run an AI Battle Arena at arena.angel-serv.com. You plug your CLI in (Claude Code, Codex, Gemini, openclaw) and fight 16 bots on a world leaderboard. We want you to try to break the server. When someone does, a nightly automated review picks the exploit apart and ships a fix. The fix usually isn't local. In March a prompt-injection chain pushed us to refactor the whole validator suite toward capability-based sandboxing. Attack surface dropped against later zero-days the attacker never saw. That's the bit that earns Taleb's word. The arena is also the substrate of a 12-month longitudinal study with JKU LIT AI Lab, TU Wien, and the Austrian Institute of Technology on adversarial behaviour in multi-agent systems, prepared for AI Factory Austria. Five pre-registered hypotheses on Open Science Framework. 434 registered bots, 500+ completed rounds. On stage: a live arena round, a volunteer plugs their CLI in, the security loop trips, you watch the diff land on main. Plus three exploit case studies and the commits the system shipped in response. Honest failure analysis, not a demo reel. Try to break it at https://arena.angel-serv.com/ before you decide whether to accept this talk.
• 

  Hacking AI at the Edge of the Indian Ocean

  Anastasiia Stefanska · Solutions Architect, TUI, James Cha-Earley · Senior Developer Advocate, Snowflake

  What happens when you have terabytes of 8K video, a team of marine biologists, and zero bars of internet? You build a "far-edge" data center in the middle of a research vessel. In this session, we recount the high-stakes engineering of a deep-sea hackathon aboard the OceanXplorer. We’ll strip away the gloss and dive into the architecture required to run VLLMs (Large Language Models) and Streamlit app locally in a metal hull surrounded by salt water. We will explore: The Offline Stack: Running local inference on massive video files when the nearest cloud region is 3,000 miles and a satellite link away. The Transition to Scale: How we moved from local "survival mode" to the cloud, utilizing Claude and Cortex AI to enable automation of biodiversity tagging that previously took human scientists weeks. The "Contextual" Search: Using AI agents to bridge the gap between raw sensor data (salinity, depth) and unstructured media, creating a conversational interface for the ocean floor. See It In Action: A live demo of asking questions in natural language and getting answers from expedition data.
• 

  Hacking MSSQL on Cloud. All of them. How I became sysadmin on Azure, AWS, GCP and Alibaba.

  Fabiano Amorim · Principal Consultant, Pythian

  It started as a simple security research project on a local SQL Server instance. A single vulnerability led me down a rabbit hole — from compromising Azure SQL Database to successfully escalating privileges on GCP CloudSQL for SQL Server, Amazon RDS, and Alibaba ApsaraDB. In this session, I’ll walk you through the techniques I used to escalate from a limited user to sysadmin on managed SQL Server platforms offered by the four biggest cloud providers. I’ll also demonstrate post-exploitation techniques, including how I retrieved plaintext [sa] passwords from internal logs and accessed highly sensitive internal metadata. More importantly, I’ll share lessons on how these vulnerabilities were possible in the first place — and what you, as a developer, DBA, or security professional, can do to secure your applications against similar attack vectors. Finally, I’ll share how each cloud provider responded to the vulnerabilities I disclosed, the remediation timelines, and the broader lessons this experience teaches us about cloud security.
• 

  Hands-on AMQP with LavinMQ: Decoupling Services with Message Queues

  Erica Weistrand · Developer Lead, CloudAMQP

  Most services still talk to each other over HTTP, blocking on each call and tightly coupling availability, deployment, and scaling. Message queueing offers a different model: services publish events, brokers route them, and consumers process at their own pace. In this hands-on workshop, you'll learn AMQP, one of the most widely deployed messaging protocols, by building real publishers and consumers against LavinMQ, an open-source message broker. We'll start with the fundamentals (connections, channels, queues) and work our way through the AMQP exchange types: direct, fanout, topic, and headers. Along the way, we'll cover routing patterns, message TTLs, queue arguments, and policies.
• 

  Hard Problems Hide in Boring Places: Turning Accounting Workflows into AI Products

  Oleksandr Korotkykh · CTO, Pliant, Tolga Sümer · Senior Software Engineer, Pliant

  Accounting and B2B payments are often seen as boring, solved problems — until you try to apply AI to them. The moment a system can misread an invoice, suggest the wrong action, or leak sensitive financial data, “cool AI demos” turn into serious engineering challenges. In this talk, I’ll share how we at Pliant build AI features in one of the most constrained domains possible, where correctness, trust, auditability, and permissions are non-negotiable. Instead of treating LLMs as smart oracles, we design them as untrusted components that propose actions, operate on structured data, and are constrained by strict policies and approval flows. We’ll walk through concrete patterns for turning existing accounting workflows into real AI products: grounding models in financial data, using schemas instead of free text, enforcing authorization at the system level, and designing human-in-the-loop interactions that users actually trust. Along the way, I’ll share failure modes we hit in production and how we fixed them. This talk is about where innovation really happens: not in flashy demos, but in making AI work reliably in the places where mistakes are expensive.
• 

  Hiring AI Native Talents

  Zahhar Kirillov · Delivery Manager, EPAM Systems

  Many companies and startups are looking to hire AI Native talent, but only few are experienced how to interview them. If you struggle to define approach and your interview starts with “Have you used Github Copilot?” question – welcome to my talk, where I will share experince I earned in 2025 after interviewing over 100 team members globally for enterprise IT projects. You will learn real-world lessons on how GenAI has reshaped the hiring criteria for developers, QAs, architects and managers, and what are the best practices (including questions and practical tasks) to distinguish vibe-coders from AI-Native software engineers.
• 

  Hiring Technical Leaders: Promote from Within or Go External?

  Barbara Wilk · Global Head of TA and People Analytics, Appfire

  Alternative title - Hiring Technical Leaders: Build or Buy? When it comes to (technical) people leaders, should we nurture and promote from within the organization or hire from the outside? What is the not-so-hidden cost of both of those approaches (fresh ideas, different approaches to people and technical leadership, leadership maturity vs organization maturity); technical leadership - building credibility within a team; leading at different sizes and different maturity of organization - the role of a leader in a start-up vs scale-up vs large organization.
• 

  How building with AI can double the throughput of your engineering team

  Brian Scanlan · Senior Principal Engineer, Intercom

  In 2025, Intercom took on an ambitious goal to double the throughput of their engineering team by going beyond building fancy demos, and instead taking advantage of AI tooling to get real features and large existing SaaS codebase into the hands of paying customers. While this transformation is still a work in progress, Intercom's pace of innovation has always been a competitive strength. In this talk Brian will share his lessons and learnings when building with AI agents – what has and hasn't worked when faced with scaling towards 2x productivity.
• 

  How does a Java agent work? Building a Java agent from scratch.

  Marco Sussitz · Senior Software Developer, Dynatrace

  Java agents let you modify application behavior at runtime without changing source code. In this hands‑on workshop, you’ll build a small Java agent from scratch using the Instrumentation API and Byte Buddy. We’ll cover premain vs. attach, class transformers, method interception, and safe argument/return value capture. You’ll see how compiled classes look in bytecode (via javap) and how to reason about performance and classloader/module quirks in modern JDKs. By the end, you’ll have a working agent that times and logs specific methods in a sample app, plus a mental model to understand how tools like OpenTelemetry auto‑instrumentation plug into your services. Many developers have used a Java agent before, be it in your mocking frameworks, to find a memory leak, or maybe you have some sort of tracing on your backend via OpenTelemetry. But what is a Java Agent, and how does it function? Would you like to know how to manipulate run-time code and achieve things that are impossible otherwise? In my day-to-day job, I mainly work with Java agents, and in this workshop, I will show you what an agent can do, how they work, and how you can write one yourself. You’ll build a small Java agent from scratch using the Instrumentation API and Byte Buddy. We’ll cover how to attach your agent, the class transformers, method interception, and argument and return value capture. In the end, you will know how tools like OTEL work and have a better understanding of observability.

• How Global Capability Centers (GCCs) Are Evolving in the Age of AI

  Speakers TBA

  Hareesha Narayana Shirankallu will share a leadership perspective on how Global Capability Centers are evolving in the age of AI. The session will explore how GCCs are moving beyond cost efficiency, scale, and delivery to become strategic engines of innovation, AI adoption, and enterprise value. It will examine what changes when GCCs are designed not just to execute work, but to shape operating models, accelerate decisions, and strengthen business resilience. The discussion will also highlight the importance of connecting distributed talent, domain expertise, and technology across markets to build future-ready capabilities. As AI reshapes how organizations operate, the session will offer a clear view on what it takes for GCCs to stay relevant, create competitive advantage, and drive measurable impact at scale.
• 

  How I built my own intelligent Robot Arm from Scratch

  Iulia Feroli · Content Creator, Back to Engineering

  Are you tired of the same old AI, LLM, buzzword sessions and wondering if there is still anything new and cool out there we can do with AI? Do you crave an exciting, slightly ridiculous project that's just a lot of fun - while also learning about a whole new field with lots of promise? Don't miss this session! Physical AI is about bringing together all the amazing breakthroughs (yes, like large language models) into the fields of robotics and embedded systems. We can make autonomous robots and systems that can generate their own movement instructions and evolve, without having to painstakingly define all the complex code or even tiny physics-engine implementations to get going. But first - we need to build actual robots! As someone coming from the data science field - this may sound like a bit of a leap. However, with a "I'm sure it can't be that hard" attitude, a bunch of electronics components, and an uncontainable enthusiasm - I set out to do just that. I will share the story of building my own Robot Arm from 0 to an incrementally more complex prototype, and how I started giving it some "AI superpowers", and what's next in this exciting field!

• How One Developer Built the Back Office for 10 Million Companies

  Speakers TBA

  EU just made time tracking legally mandatory for every employer in Europe. Nobody loves it, and most small businesses are stuck choosing between enterprise HR software they can't afford and free tools that fall apart the moment compliance is on the line. This talk is about building Pistacio, a full operations platform for companies under 200 people, as a solo engineer. I'll walk through the architecture decisions that let one person ship six production modules, how a shared foundation makes compliance structural rather than bolted on, and what it actually looks like to use AI as a force multiplier without letting the codebase turn into a mess.
• 

  How to Attract & Retain in a fast moving environment

  Kent Frederiksen · Vice President Reward, The LEGO Group

  In this session we will dive into some of the global demographical changes and how it could impact ability to attract & retain talent. The session will then explore how the LEGO Group is navigating these changes and what other companies could be focusing on to mitigate.
• 

  How to mess up JWT's - a practitioner's guide

  Wekoslav Stefanovski · Head Of Development, Sourcico

  JSON Web Tokens are everywhere - you are using a bunch of them right now. It's such a common technology, yet, it's very easy to get them wrong. In this session, we get to the nitty gritty of JWT's - what they are, how they work, and how to make sure that we haven't made an app that just waits to be hacked.
• 

  How to Pitch Innovation to Your CEO

  Linda Stauffenberg · Co-Founder, Experience One AG, Markus Stauffenberg · Co-Founder, Experience One

  Many innovations never make it to implementation. Storytelling skills and the right pitch can change that. Successful changemakers know this. As soon as they take responsibility for an innovation or transformation, creating a pitch is one of the first tasks they tackle. CEOs no longer just expect good execution of strategy. They are looking for convincing pitches with powerful stories and well-founded arguments. Whether it's for technology, CX, organizational or culture initiatives, successful pitches are based on the same principles and building blocks used by top changemakers in corporations, startups and politics alike. This universal framework for “How to Pitch Innovation like a Changemaker” can be learned in this workshop. As a proven approach, it has enabled numerous future makers to master communicative challenges. Through real-life examples, Linda and Markus will give insights into tech storytelling, and compelling pitches to CEOs.
• 

  How to read code (properly)

  Anja Kunkel · Principal Software Engineer, Enpal

  Why are we always complaining about old code? Why are we rarely happy when digging into old stuff, especially old code by other people? It is very tempting to believe that you can easily do it better than that. And that you can improve the situation by rewriting code. By making stuff simpler. In the first park of this talk, I will dive into why we believe this. Expect some insights into psychology and into how our brains work :) Second part: Why we are wrong, most of the times. Again, this will be about psychology and biases, about code reading and about the IT as a business.
• 

  HTTP 402: Teaching the Web to Pay Agents

  Thinzar Lin · Head of Developer Relations, Hashgraph

  For thirty years, one HTTP status code has sat unused in the spec: 402, "Payment Required." As AI agents become real economic actors that browse, decide, and transact on our behalf, that gap suddenly matters. Agents can't hold a credit card, pass a captcha, or click through a checkout, so the payment rails we built for humans break down. This talk looks at x402, an open and chain-agnostic standard that finally activates HTTP 402 for machine-native payments, and walks through how it actually works: the request, 402, pay, and retry loop, the facilitator pattern, and what it takes to charge an agent a fraction of a cent for an API call, data, or similar. From there, we get to the hard part: what a settlement layer for autonomous agents must guarantee, including predictable sub-cent fees, fast deterministic finality, neutral open infrastructure, and a tamper-evident record of every payment. We'll make that concrete on Hedera, using its fixed low fees and fast finality for the payments themselves, its native token service for stablecoin transfers, and its consensus service as a verifiable audit log of agent activity. You'll leave with a clear architecture for agentic commerce and an open standard you can start designing against today.

• Ideate & Strategize: Defining Your Football for Good Prototype

  Speakers TBA

  Now that you've built AI agents hands-on and formed your team, it's time to decide what you'll create. This session is dedicated ideation time. Teams will brainstorm, strategize, and define the specifics of their hackathon prototype. With all the technologies fresh in your hands (Strands Agents, Amazon Bedrock, AgentCore, Kiro), you'll map your chosen Football for Good challenge to a buildable solution. Support staff and coaches are on the floor to answer questions, pressure-test ideas, and help teams refine their architecture before the open build day begins.
• 

  In-depth .NET Azure Functions: Isolated mode, performance and durable AI agents

  Stas Lebedenko · Cloud Architect, Eficode

  Azure functions are fun and still evolving fast, so this talk will bring you an in-depth review of the latest updates, including the performance of functions in Isolated mode, along with native integration with Microsft Agent Framework. Key-topics - Isolated mode performance analysis with different compute configs and load testing results of .NET functions - Isolated process nuances and challenges at scale - .NET and platform optimizations for .NET Functions and AoT compilation - Durable functions as orchestration backbone for Microsoft Agent Framework Join this talk to learn about the nitty-gritty details of building advanced Azure Functions apps, see a lot of code, and encounter possible issues.
• 

  Inside Look: AI & Developer Productivity Programs in a 1,500+ Engineering Team

  Ellen Jones · Customer Success Leader, DX

  As AI transforms software development, engineering leaders are facing new questions: How should developer productivity teams support AI adoption? What standards and guardrails are needed? And how do you measure impact beyond simple usage metrics? In this fireside-style conversation, Ellen Jones, Customer Success Leader at DX, sits down with a leader from a large-scale engineering organization to explore how their developer productivity program operates and evolves in the age of AI. Drawing on lessons from a 1,500+ engineer environment, we’ll discuss how the team partners across engineering, approaches standardization and enablement, evaluates emerging AI tools, and thinks about measuring outcomes. The discussion will cover practical considerations around platform engineering, developer experience, AI adoption, productivity measurement, and organizational alignment—along with lessons learned, challenges encountered, and what may be next for developer productivity teams. Whether you’re building a developer productivity function, leading platform engineering initiatives, or navigating AI adoption at scale, you’ll leave with insights from the front lines of a modern engineering organization.
• 

  Instant KAI Sandboxes with vCluster: Multi-Tenant, Multi-Scheduler GPU Sharing

  Piotr Zaniewski · Head of Engineering Enablement, vCluster Labs

  Kubernetes offers many ways to share GPUs, but a single, cluster-wide scheduler often forces trade-offs between utilization, stability, and team autonomy. This talk shows how vCluster makes the NVIDIA Kubernetes AI Scheduler (KAI) run as an opt-in service for each tenant—so platform teams can raise GPU density while keeping operations predictable. What We’ll Cover Problem statement – why mixed workloads leave GPUs under-used and complicate on-call. vCluster fundamentals – lightweight control planes that isolate scheduling logic, not hardware. KAI at a glance – fractional GPU allocation, gang queues, topology awareness. Live demonstration – two vClusters on one host Key Takeaways A reproducible pattern for running different schedulers side-by-side. Practical steps to increase GPU utilisation without adding more clusters. An isolation model that lets teams experiment safely.
• 

  Introducing JSON Structure

  Clemens Vasters · Principal Architect, Microsoft

  JSON Structure, an IETF Internet Draft, is a strictly typed data definition language for code generation and database mapping. Unlike JSON Schema, it enforces strict types and determinism. It adds extended primitives (e.g., int32) and compound types to ensure precise data modeling for modern polyglot applications. It's a better JSON schema than JSON Schema while retaining the familiar structure. In this session by the primary author of the specs, you will learn about the JSON Structure core and extension specs and the SDK tools that come with it.

• Is it still C#? Practical systems programming with .NET (war stories included)

  Speakers TBA

  We built a database in .NET and pushed the runtime to its absolute limits. In this talk, we'll dissect the engineering decisions we made, extracting hard-won lessons you can use to build truly high-performance software. Expect battle-tested techniques you can apply to any demanding .NET service. Even if it's not a database. Join us to learn how to survive the sharp edges of systems programming. We'll explore: 1. JSON and Beyond 2. The Memory Game 3. Taming the State Machine 4. Beyond the Cache Line 5. Vectorize Everything! 6. Surviving the Ecosystem

• It's a Great Time to be a Builder: Leveraging AI for Good

  Speakers TBA

  Expo Chief Developer Evangelist, current Executive Director at the React Foundation, and former head of React at Meta, Seth Webster explores how AI is reshaping software development and dramatically lowering the barriers to building mobile apps. This talk focuses on the new era of “idea-to-app” creation, where individuals can move from idea and possibility to production faster than ever before using modern tools like Expo and AI-assisted development. It’s a practical and optimistic look at why there has never been a better moment to build.
• 

  It's Dangerous to Code Alone! Take This: Developer's AI Survival Guide

  Salih Gueler · Senior Developer Advocate, AWS

  Right now, your feed is flooded with developers claiming they casually "vibe coded" an entire application before breakfast. It is incredibly easy to feel like you are missing out or falling behind the curve as the rest of the industry races ahead. But here is the truth nobody is sharing: the industry is caught in a massive "wow demo" trap. While it looks like magic when an AI generates an app in minutes, that raw speed is creating a hidden crisis. We are seeing a massive surge in unmaintainable technical debt and a crippling "verification bottleneck" where developers are spending more time untangling AI hallucinations than writing actual logic. With these tools, you will not only feel confident building modern applications but also make the most out of your AI assistants without being buried by the debt they create.
• 

  It's Not Vibe Coding If You Know What You're Doing

  Jeff Blankenburg · Principal Developer Advocate, Dynatrace

  We've all heard stories about how people are using AI to create entire software projects, and in every case, I had nothing but skepticism and doubt. Until I tried it. Let me show you how I build collectyourcards.com, from the ground up, in less than two weeks, without writing a single line of code. We will talk about effective prompting, toolsets, and the do's and don'ts of coding with AI.
• 

  Java Sucks (So C# Didn't Have To)

  Adele Carpenter · Software Engineer, Trifork Amsterdam

  Using Java as an everyday language can be absolutely infuriating. It's verbose and clunky, with all roads seemingly pointing to null. These are faults that users of other languages (especially of C#) love to point out. At the same time, Java is mature, stable, backwards compatible, and runs just about anywhere. The community is pretty cool too! This talk takes a light-hearted, warts-and-all look at some of the more frustrating aspects of Java, how the language has evolved over time and where it's headed next. A discussion on the consequences of language design decisions that can be enjoyed by programmers of all languages, but especially by C# users. Expect to laugh, and yes maybe even cry, as we try to make sense of the beast that puts food on the table for millions of developers worldwide We will cover: - Pivotal early design decisions such as checked exceptions and generics and how we still pay for those decisions today (that is, why do lambdas suck so bad?) - How Java has influenced the development of other programming languages, and vice versa - Most controversial language design decisions of late and the associated fallouts Java developers will leave this session feeling validated and with a renewed love for the language that keeps a large chunk of the world running. C# developers will leave this session with a renewed level of smugness.
• 

  JSX to Live Activity: The Story of Voltra

  Szymon Chmal · React Native Expert, Callstack

  What if you could ship native iOS Live Activities and Dynamic Island experiences without writing a single line of Swift? This talk tells the story of Voltra, a library born from a viral tweet and a collaboration between Saul Sharma and Callstack to bridge the gap between React and native iOS extensions. We'll go behind the scenes of building a custom React renderer from scratch to translate JSX into SwiftUI primitives, bypassing the traditional "Swift wall." You will learn how we tackled the extreme technical constraints of the platform: from the tiny 4KB data limit to server-side driven UI that doesn't require a pre-shipped implementation. Join us for a deep dive into Voltra's architecture and learn how you can start shipping React to a brand-new platform today.
• 

  Keeping applications secure by evolving OAuth 2.0 and OpenID Connect

  Alexander Schwartz · Principal Software Engineer, IBM

  OAuth 2.0 and OpenID Connect have been around for years to secure web and mobile applications alike with growing popularity. To keep your applications and their data secure, these standards are evolving to align with security best practices. Join this talk to see how the FAPI 2.0 Security Profile and the upcoming OAuth 2.1 standard promotes and enforces best practices, how to adapt your applications, and how Keycloak as an Open Source IAM can help you. Expect a demo and examples for some of the enhancements.
• 

  Keeping Your AI Software Supply Chains Sovereign in the Age of Commercial Open Source

  Franz Kiraly · Director, German Center for Open Source AI

  With the AI revolution at full speed, and increasingly fragmented geopolitics, organizations face a growing pressure to maintain control of their AI software supply chain. This talk explores what “sovereignty” means in the context of modern AI usage - where dependencies are mostly open source, can span hundreds if not thousands of upstream projects or services, frequently governed by US based, venture-backed companies, often covertly, and with and end game to lock in and then exploit their unsuspecting customers. Risk patterns will be discussed, including prototypical examples, illustrated by recent case studies: hyperscaler takeovers of open source such as of RedHat Linux (now an IBM subsidiary); radical license shifts, such as for MinIO, the S3 library; service license risks such as the “auto-accept” terms and conditions of Anaconda Inc services; and common pitfalls arising from multiple applicable licenses when using large language model packages. We will also discuss common misconceptions – and concomitant pitfalls – In the AI space: for instance, to consider only the “model” supply chain - pipeline data-weights-inference – and not the supply chain of software packages or services; or, looking only at licenses of a supply chain element and not its governance or ownership – the key risk factor for a change of license, or of usage conditions. The presentation will be complemented by advice for decoding (and countering) common lobbyist or vendor speak, which is often intentionally pushing misconceptions and common confusions to decision makers. Attendees will leave with new insights about, and an actionable framework for, evaluating trustworthiness and sovereignty of their AI software supply chains, to ensure their software remains secure, auditable, under their control, and/or Europe based.
• 

  Leading with Reliability: Applying SRE Principles to Build Stronger Engineering Organizations

  Maxim Schepelin · Engineering Manager, Booking.com

  Service Reliability Engineering (SRE) has long been the discipline responsible for keeping complex systems healthy, resilient, and predictable under pressure. But the real power of SRE lies not just in the tools, dashboards, or operational frameworks—it lies in its philosophy: focusing on what matters most, measuring the right things, and making intentional trade-offs. As engineering leaders, we can apply these principles far beyond production environments. This talk explores how core SRE concepts can become high-leverage leadership tools for shaping team culture, guiding prioritization, and driving meaningful business outcomes. We begin with service criticality, expanding the traditional technical lens to view the entire end-to-end customer journey. Instead of assessing components in isolation, we’ll explore how to map dependencies across teams and systems to surface the true bottlenecks and organizational weak points that impact users. We’ll look at Service-Level Indicators (SLIs) and reinterpret them at the business level. What does “reliability” mean when framed through customer expectations rather than CPU metrics? We will see how engineering leaders define measurable signals that reflect whether the product is delivering on its intended value. Next, we’ll dig into Service-Level Objectives (SLOs)—not as uptime percentages, but as promises to customers. We'll discuss how leaders can craft SLOs that articulate what “good enough” looks like for the business, and how these objectives guide healthier conversations around trade-offs, investment, and risk. Finally, we’ll explore error budgets as a strategic leadership mechanism. Error budgets offer a structured way to balance innovation and stability, negotiate between delivery teams and product, and make aligned decisions about when to push forward and when to fix foundational issues.
• 

  Lessons learned after 6.7T events through PostgreSQL queues

  Aris Tzoumas · Staff Software Engineer, RudderStack

  Many organizations reach for specialized streaming systems like Apache Kafka for high-throughput event processing. But is it always the best choice? What if you choose PostgreSQL instead. This talk chronicles six years of battle-tested lessons learned while scaling PostgreSQL from a simple queue to a system processing 100,000 events per second, and delivering total 6.7T events. Learn about the specific configuration values, query patterns, and architectural decisions that enabled PostgreSQL to compete with and often outperform dedicated messaging systems, while providing the operational simplicity and transactional guarantees that only PostgreSQL can offer.
• 

  Let’s Talk Quality!

  Lilia Gargouri · Board Member and Head of QA, German Testing Board

  Quality in software development is a team effort—and it starts with how we communicate and understand each other. This talk highlights why effective collaboration depends on mastering several different “languages” within a project: the language of the business domain, the technical language of tools and frameworks, the shared terminology of quality, requirements, and architecture, and the interpersonal skills that enable clear thinking and clear communication. We will examine why teams can only assure and test the quality they have explicitly defined, and why focusing solely on functional tests overlooks the broader quality characteristics described in ISO 25010. The talk also provides practical guidance for common developer questions such as How do we scale testing? and When is testing good enough? By strengthening our shared vocabulary and deepening our collective understanding, every team member—developers, DevOps, team leads, and project managers—can contribute meaningfully to the quality of the final product.
• 

  Life Cycle Impact Assessment in TypeScript

  Corinna John · Principal Software Engineer, adesso SE

  Life cycle assessment of hardware products is becoming more important, as sustainability is a thing. The common tool "OpenLCA" is designed for expert use - but there is a TypeScript API. It allows you to write a simple UI and automate calculations of life cycle assessments. In this live session I present a simplified LCA study first in OpenLCA, then write a React frontend with the "olca-ipc" TypeScript library and perform the same calculation in a web browser.
• 

  Linux (Pseudo)Filesystems: The Hidden Backbone of Cloud Native

  Daniel Drack · Senior DevOps Engineer, FullStackS

  Ever wondered what’s really going on under the hood of your containers or nodes? Linux (pseudo)filesystems like procfs (/proc), sysfs (/sys), cgroupfs etc. quietly power the entire cloud-native world. In this talk, we’ll explore what these filesystems actually do.. how overlayfs enables container layers, how tmpfs keeps things fast, and why securityfs and efivarfs matter. I'll give a brief intro in filesystems overall, then provide some deep dive info for selected pseudo-FS, their purpose and show how they make modern cloud systems tick.

• LLMs in the wild: Building an AI agent that survives production

  Speakers TBA

  Search works well when users know exactly what they're looking for. But travel discovery is rarely that simple. People express goals, preferences, budgets, and constraints in natural language. At GetYourGuide, we set out to build a natural-language discovery experience that helps travelers find the right experiences from open-ended requests like "sunset tours in Barcelona for a couple under €50." Turning that vision into a production system required far more than adding an LLM on top of search. In this talk, we'll share the journey from prototype to production and the key lessons we learned along the way. We'll discuss how AI systems can combine reasoning, retrieval, and personalization to better understand user intent, and what it takes to make those systems reliable at scale.

• Making Documentation AI-Ready: Preparing Your Docs for the LLM Era

  Speakers TBA

  Your technical documentation has a new audience, and it doesn't read like humans do. Every day, developers engage with your docs through AI tools. They ask ChatGPT to explain your API. They use Copilot to turn your examples into code. What started as human-to-human communication has evolved into a three-way conversation: human → documentation → AI → human. This shift creates both opportunity and risk. Clear, well-structured docs help AI deliver accurate answers. Messy docs spread misinformation at scale. In this talk, you'll learn Contextual Density Mapping: the content writing practice of giving AI enough context to understand concept relationships while keeping content readable for humans. We'll cover practical techniques including the Context Sandwich (layering information for different audiences), Explicit Relationship Mapping (making connections crystal clear), Progressive Context Disclosure (from general to specific), and Contextual Anchoring (connecting new concepts to established ones).
• 

  Managing Sovereign AI Infrastructure: MLOps and LLMOps in Highly Regulated Banking IT

  Matthias Kordt · Team Lead LLM Ops Data & AI Platform, Finanz Informatik, Daniel Evenschor · MLOps Engineer, Finanz Informatik

  AI only becomes strategically relevant when it can be operated reliably, securely, and sustainably. In highly regulated environments such as the financial industry, this creates specific challenges around infrastructure, automation, and governance. This workshop provides practical insights into the design and operation of a sovereign AI platform and how MLOps and LLMOps are implemented in this context. We show how open-source LLMs are operated on-premises, how models are versioned, monitored, and automatically deployed and what challenges arise during inference operations. Using a production use case supporting around 200,000 workplaces, we demonstrate how AI assistant systems and AI agents can be built and operated under strict compliance and regulatory requirements. This session is a hands-on experience report for organizations that do not want to consume AI as a cloud API, but instead aim to operate AI as a controllable, sovereign infrastructure.
• 

  Marketing x Product: How We Stopped Gaslighting Each Other and Built AI Products That Actually Work

  Ariel Shulman · Chief Product Officer, Bright Data, Yanay Sela · Chief Marketing Officer, Bright Data

  This is not another kumbaya keynote. This is a raw, hilarious, high-speed collision between the two teams that are either building the future of AI - or quietly sabotaging each other with Slack messages and passive-aggressive Notion comments. Join Yanay (CMO) and Ariel (CPO) from Bright Data - the company quietly powering half the AI internet with the largest web data infrastructure on the planet - for an unfiltered, tag-team keynote about what *really* happens when product and marketing are forced to co-parent AI products at scale. What makes this talk different (and way more fun): - Two execs on stage, roasting each other in real-time as they unpack what it takes to ship AI + data products that actually scale, make money, and do not burn your engineering team to the ground. - Live reenactments of our biggest launch fails (including “The Feature That Marketing Launched Before It Existed” and “The Dashboard That Needed a Decoder Ring”). - The secret playbook we built out of desperation, including rituals, documents, and inside jokes that now hold our GTM motion together like duct tape. - Audience interactive bits: real-time polls, “who messed up here” scenarios, and “which team said this?” call-outs. - Actual actionable takeaways: from alignment frameworks that do not suck, to how we de-risk GTM for technical AI products, to how we turn product telemetry into marketing gold (and vice versa). Who it is for: PMs and engineers who are done pretending this relationship is easy - and want to steal hard-earned lessons from a team that already fought the war and lived to meme about it. Tone: Imagine if HBO made a series about B2B product launches. It is fast, funny, painful, and very real. Also, we promise to swear *only when necessary* and keep all graphs meme-friendly.
• 

  Mastering Software Architecture

  David Tielke · Consultant, Coach and Trainer, www.David-Tielke.de

  In this full-day masterclass, expert David Tielke will guide you through the foundations, tools, and real-world strategies for designing, implementing, and maintaining modern, scalable software architectures.
• 

  MCP doesn’t suck — your agent does

  Jan Curn · Founder and CEO, Apify

  Most AI agents misuse MCP and treat tools as prompt-time function calls: tool definitions and results are repeatedly injected into the context, tokens are wasted, and context rots. The result? Slower, less reliable agents, and the misleading conclusion that “MCP sucks, CLIs are better.” To challenge this narrative and show how agents can get the best of both MCP and CLI, we’ve built mcpc, an open-source universal CLI client for MCP. It maps MCP operations to intuitive CLI commands, which agents quickly pick up through --help without external skills. It turns out, CLI is the perfect local interface for agents to interact with MCP, giving them access to full protocol capabilities, including modern features like code mode or progressive tool discovery through a single Bash() tool call, while leveraging MCP’s standard remote interface for server discovery, authentication, payments, and access control. To once and for all kill the MCP vs. CLI debate and show those two technologies are not exclusive but complementary, we’ll present evals comparing the performance of agents using naive MCP, modern MCP, native CLIs, other MCP CLIs, and mcpc, in various real-world scenarios.
• 

  MCP is all you need to make an AI-agent consume your RESTful API

  Nikos Delis · Founder and CEO, Aristevin

  Turn any existing REST API into an AI-native backend—no frontend required. This hands-on session demonstrates how to transform a traditional API into one that works seamlessly with AI agents like GitHub Copilot using Model Context Protocol (MCP). Starting with a completely AI-unaware REST API, we'll walk through each step of the integration process. You'll see how MCP bridges the gap between your existing backend services and LLM-powered agents, enabling direct AI-to-API communication without building traditional user interfaces.
• 

  Measuring the Wrong Things Faster Than Ever

  Laura Tacho · Principal Technologist, AWS

  Tokenmaxxing. Bloated PRs. Endless tiny commits. We already know how easily developer productivity metrics can be gamed. So why are token spend and AI-generated lines of code becoming the default way to measure the impact of agentic coding tools? As AI become part of everyday work for most developers, engineering leaders are under pressure to prove impact. Many organizations are falling back on familiar, easy-to-measure metrics, even when those metrics miss the real value AI creates. At the same time, AI is shifting from automation to augmentation: not just helping developers code faster, but changing how teams think, collaborate, and make decisions. That means the old models for measuring productivity and ROI may no longer apply. Join Laura Tacho for a research-backed look at how AI is reshaping developer productivity.
• 

  MFA? Game over! Watch your protection collapse – live

  Christoph Menzel · Head of Security Excellence, Inovex

  In a digital world where passwords and multi-factor authentication are considered impenetrable defenses, reality looks quite different. Every month, millions of attacks bypass these very security mechanisms. Yet, many still believe that MFA guarantees complete security. In this talk, I will demonstrate live how effortlessly passwords can be stolen and MFA mechanisms bypassed. And the best part? It’s free, can be set up and executed in just a few minutes, and becomes even easier with the use of AI. I will show that the biggest weakness is often not the technology itself, but the trust we place in it. However, there are solutions. When technological advancements and human vigilance work together effectively, the attack surface for hackers shrinks significantly.
• 

  Microfrontends: Lessons Learned from Growing a Design System and Shared Libraries Across 20+ teams

  Erasmo Hernandez · Senior Web UI Developer and Tech Lead, Globant

  Scaling a microfrontends architecture across 20+ teams is challenging not just technically, but organizationally. In this talk, I’ll share the practical lessons learned from leading the growth of a large Design System and multiple shared libraries in a highly distributed environment. We’ll explore how to keep teams autonomous while maintaining consistency, how to evolve UI components and SDKs without breaking dozens of codebases, and which governance models actually work when hundreds of developers are contributing in parallel. You’ll see real strategies for handling semantic versioning, coordinated releases, backward compatibility, and cross-team collaboration, as well as the pitfalls we encountered and the solutions that helped us move faster. Whether your organization is adopting microfrontends or already feeling the pain of scaling shared infrastructure, this session will give you actionable guidance to avoid bottlenecks, reduce friction, and build a healthier ecosystem. This is a talk built from real experience, real failures, and real wins designed to help you scale with confidence.
• 

  Modern Angular Architectures: SignalStore, Signal Forms, and Agentic UI

  Manfred Steyer · Google Developer Expert, ANGULARarchitects.io

  This interactive workshop updates your Angular skills for 2026. We build a modern, reactive architecture based on Signals and Resources, and use the new NgRx Signal Store for lean, consistent state management. After that, we integrate the brand-new Signal Forms and develop an AI assistant that guides users through the application in a context-aware way — generating answers and dynamically providing relevant UI components. The goal is a clear, future-proof architecture that combines Angular’s latest features in a practical and meaningful way.
• 

  MultiCloudJ - An open source cloud agnostic java SDK for multicloud development

  Sandeep Pal · Principal Member of Technical Staff, Salesforce

  As organizations adopt multi-cloud strategies, developers are often forced to navigate a fragmented ecosystem of vendor-specific SDKs, APIs, slowing down innovation and increasing operational complexity. This session introduces MultiCloudJ, an open-source Java SDK that unifies development across AWS, Google Cloud, Alibaba and other cloud providers through a portable, driver-based architecture. Salesforce have a huge success with widespread adoption of MultiCloudJ as it spans it's infrastructure across AWS, GCP and Alibaba and now it's available as open-source it for the community benefit. Dzone article for MultiCloudJ: https://dzone.com/articles/multicloudj-cloud-agnostic-applications-java
• 

  Multiple Apps, Millions of Users: Scaling React Native in Production

  Milica Aleksic · Senior Software Engineer, Novium

  What happens when a React Native app becomes multiple apps serving millions of users? You learn a lot, sometimes the hard way. It started with a single mobile app. Today, multiple high-traffic products serve millions of users across Europe, all built with React Native. This talk shares the real lessons from that evolution: the architectural decisions that paid off, the performance challenges along the way, and the upgrade nightmares that had to be survived. Expect to hear what worked, what didn't, and what should have been done differently.
• 

  My Lawyer Merged My PR: Automating OSS Compliance at Scale

  Uwe Korn · CTO, QuantCo

  Everyone agrees that OSS license compliance is critical, yet nobody enjoys the process. It usually involves spreadsheets, long email chains, and "shipping anxiety." We decided to treat (legal) license compliance not as a distinct administrative phase, but as a standard CI/CD failure state. In this talk, I will demonstrate how we built a fully automated license defence line. We utilised package manager metadata to build a centralised "allow-list" enforced by CI checks across all repositories. But the real innovation is the exception handling: - **Get Blocked:** When a developer introduces a new license, the build fails with a direct link to our central license repository. - **Review:** The developer opens a PR to add the new license to the allow list. - **And Approved!** Our lawyer, whom we onboarded to GitHub, reviews the legal implications and merges the PR. - **Instant Enablement:** The check turns green, and the code ships. I will share the technical setup, how we cleaned up our metadata, and how integrating Legal into the Pull Request workflow eliminated "showstopper" risks and gave our engineers instant feedback. Additionally, I will also share how we handle the exceptional cases where we cannot add something to a global list.
• 

  MySQL Protocol Features You Should Be Aware Of

  Daniël van Eeden · Technical Support Engineer, PingCAP

  This talk goes over some less used protocol features like Connection Attributes, Query Attributes, Session Tracking and zstd compression. These features can help you to create better integrations and applications. Connection Attributes are somewhat more known, but many people don't know that applications can (and should) add their own information. And where Connection Attributes are connection based, Query attributes are query based. These are useful today, but they also have the potential to help with future improvements. And Session Tracking can really help in cases where you write to a primary and then read from a replica. This can give you the GTID from the commit so you can wait for that when reading from the replica. This could replace cases where you would now directly read from the primary to get the read-after-write behavior that you need. And compression has been in the protocol for a long time, but this was always based on zlib. Now zstandard has entered the picture.
• 

  Native Speed, Java Comfort: Calling Rust from the JVM with Project Panama

  Gonzalo Ortiz Jaureguizar · Performance Engineer, Startree

  The JVM is one of the most impressive pieces of software engineering, making Java incredibly fast for most workloads. But sometimes, "fast" isn't enough. For domains like scientific computing, AI, or processing massive volumes of text, we need to call highly-optimized native libraries written in C++ or Rust to gain a critical performance edge or access functionality not available on the JVM. For decades, this meant using the Java Native Interface (JNI)—a powerful but notoriously complex and unsafe bridge to the native world. Enter Project Panama. With the Foreign Function & Memory (FFM) API, Java finally has a safe, supported, and elegant way to call native code, eliminating the need for brittle glue code and manual memory management. This talk puts it to the test with a classic Java challenge: the regular expression engine. Join me for a practical, hands-on session where we will replace Java's capable but often-outperformed regex engine with Rust's highly optimized regex crate. We will walk through two implementations side-by-side: the "old way" with JNI and the "new way" with Project Panama. You will see firsthand how Panama simplifies interfacing with native code and improves safety. We'll cap it off with live benchmarks to compare the performance of both approaches against standard Java regex, helping you understand not just how to call native code, but also when it's truly worth the effort.

• Nemotron: NVIDIA's open model strategy for developers

  Speakers TBA

  In this session, we take a focused, developer-first look at the NVIDIA Nemotron model family. We'll walk through the architecture behind Nemotron, how these models are pre-trained at scale, and the end-to-end fine-tuning workflow using NVIDIA NeMo. From customizing models with your own data to deploying them efficiently in production, this talk covers the practical steps developers need to get started with Nemotron today. Whether you're building enterprise copilots, retrieval-augmented generation pipelines, or domain-specific language applications, you'll leave with a clear understanding of how to leverage these open models in your own stack.
• 

  Never say refactoring is impossible

  Andreas Kleinbichler · Engineering Manager, Admiral Technologies

  In this talk I want to show possibilities for refactoring a CRUD based distributed system into an event driven architecture. I selected two scenarios that are refactored within interactive live coding sessions. First an implementation of distributed consensus, typically realized by a SAGA pattern with direct calls between the services, is transformed into an event based choreography approach. A CRUD service build on top of a relational database is evolved to an event store solution. The demonstrated development method consists of TDD and trunk based development, so that during each change the system remains fully operational and a new version is deployed with zero downtime. AI support in IDE will be used for efficient working with the technology stack C#, Java, Angular, PostgreSQL and Docker. This will be demonstrated by a locally hosted system with simulated traffic where the changes are deployed immediately.
• 

  No Keys for the Robot: GitOps as the Control Plane for Autonomous Agents

  Jaroslaw Gajewski · Lead Technical Cloud Architect, Atos

  As CloudOps evolves from automated scripts to autonomous AI agents, the fear of "runaway automation" often blocks adoption. How can we trust an AI to manage production? The answer lies in the safety net of GitOps. This session proposes a "Zero Trust" Enterprise architecture where Agents are restricted to Read-Only access of the live infrastructure, forcing all operational changes through git. We will explore how this constraint transforms the AI from a potential liability into a manageable asset. By channeling agent decisions through GitOps pipelines, we inherit "Time Machine" capabilities: granular change tracking for every AI decision, instant rollbacks if an optimization fails, and a permanent audit trail. We will demonstrate how control plane standardizes the infrastructure API, allowing agents to monitor and react to system needs, while GitOps ensures that human teams retain total control with a simple git revert
• 

  OLAP for AI Applications and why you should care

  Andrey Abramov · CTO, SereneDB

  RAG applications don't just need to find documents - they need to analyze them. To make this tangible, consider asking an AI real estate assistant: “Show me family-friendly houses under $800K in good school districts.”. What is expected on the output is property listings alongside market insights like price trends, days on market, neighborhood medians and school rating distributions – enabling the LLM to reason better and not just retrieve. For meaningful results, a clever combination of semantic search and analytical processing is needed. In this talk we introduce a new concept of Search-OLAP: an approach where information retrieval becomes a native analytical primitive. It is the architecture where BM25, vector similarity and SQL aggregations coexist as peers in a vectorized execution engine. Join us if you're building RAG systems, managing dual search-analytics stacks or designing applications requiring both semantic retrieval and statistical reasoning and want to learn from our mistakes and successes.
• 

  One Color to Rule Them All: Relative CSS Colors in Practice

  Mert Akca · Software Engineer, SAP

  Choosing separate colors for text, borders, hover states, active states, and backgrounds is one of the most repetitive—and unnecessary—parts of frontend work. Every new component means another round of “What should the hover color be?” or “Can design give us a darker shade?” Modern CSS gives us a better way. In this talk, we’ll explore how relative CSS colors let you generate an entire color system from a single base value. Using color-mix(), OKLCH, and custom properties, you can derive hover, active, border, and subtle background colors automatically. I'll walk through a live‑coding demo where we build a fully interactive button using just one color token, then generate all its states directly in CSS. You’ll see how this approach improves consistency, simplifies theming, and dramatically speeds up collaboration between design and engineering. You’ll leave with practical patterns you can drop into your design system today—and a new way of thinking about color on the web.
• 

  One year of the CO2-challenge – insights and lessons learned

  Aydin Mir Mohammadi · Software Architect and CTO, bluehands

  The CO2 Challenge was launched in Karlsruhe over a year ago under the umbrella of the CyberForum. IT and software companies from the region have committed to reducing their software's emissions by 40%. A lighthouse project. Rather than being a competition, the whole thing is a challenge, with mentoring and support provided through the network. The idea is that companies will be empowered to develop and operate climate-friendly, resource-conserving software with the support of volunteer mentors. All measures and their effects are documented, resulting in a substantial repository of best practices. Participants include large, well-known companies such as TeamViewer, Seeburger, Telemaxx and EnBW, as well as smaller product companies such as ScriptRunner and Raumobil, and service providers such as Andrena, bluehands and Navigate. Currently, more than 20 companies are participating, with new ones joining all the time. In this talk, Aydin (initiator and co-organiser) will present the various measures being taken by individual companies and the options available for different business areas, such as products, services and infrastructure. The session will review the campaign so far: what challenges are companies facing? What specific problems arise in practice, and how can they be solved? Who are the drivers and who are the sceptics? How can you get started, and how do you maintain momentum?
• 

  Open Source Is Not Just Code: Designing Communities That Actually Scale

  Sinduri Guntupalli · Program Manager, Dynatrace

  Open source projects rarely fail because of bad code. They fail because the social system around the code does not scale. Contribution paths are unclear, expectations are implicit, and a small group of maintainers quietly absorbs all the pressure until burnout hits. This talk reframes open source as a socio-technical system, where community design decisions are as important as technical ones. Drawing from real-world examples, we’ll look at how governance, contributor experience, and local communities influence long-term sustainability. Instead of abstract ideals, this session focuses on practical trade-offs: what to optimize for early, what to delay, and which “best practices” often backfire at scale. The goal is to give developers and community builders a clearer mental model for why some projects thrive while others slowly decay, and what they can realistically influence without becoming full-time maintainers.
• 

  Open Source Software Licenses - A short Guide for Software Developers

  Björn Stahl · Software Architect, Bechtle / AVS

  Open-source software has long been an integral part of everyday development. Unfortunately, the issue of complying with licensing terms is often dismissed too quickly or not addressed at all, as it is ‘just free software/library from the internet.’ This attitude can quickly become fatal for a company if a non-compliant usage is being detected and the company is being sued. However, dealing with licensing compliance is usually less complex than one might think. In this session, there will be a brief introduction to the topic of open source, the different types of licenses, and why developers should occasionally engage with this topic. Finally, we will have a look at some typical pitfalls in the daily work of a software developer.
• 

  Out-of-Order Streaming — The Future of Web Development

  Julian Burr · Senior Developer, Sonar

  As the pendulum of web development swings back towards the server, streaming has become increasingly popular. Specifically, out-of-order streaming through features like Suspense, one of the magical powers behind React Server Components. Let's build our very own simplified version to explore how it works, what problems we are trying to solve, and what this future of web development looks like.
• 

  Outclassing Frontier LLMs at Extracting Information

  Etienne Bernard · CEO and Co-founder, NuMind

  Accurately extracting information from documents has been a decades-old dream. Important workflows — from automated back-office processing to enterprise RAG — depend on it. LLMs promise to fulfill this dream but currently fall short: they hallucinate information, struggle with long documents, and break down on complex layouts. The solution: LLMs specialized in information extraction. In this talk, I will present: - **NuExtract** — the first LLM specialized in extracting structured information (JSON output) - **NuMarkdown** — the first reasoning OCR LLM (RAG-ready Markdown output). **These low-hallucination [open-source] models outclass frontier LLMs like GPT-5 and Gemini 2.5 while being orders of magnitude smaller**, enabling private usage. I will demonstrate the abilities of these LLMs, show how to use them at scale, and discuss what’s coming next in information extraction.
• 

  Pair Programming with Generative Agents: Refactoring Legacy Android at Speed

  Ahmed Tikiwa · Senior Software Engineer, Disney

  We've all heard the promise of AI affecting how we code, but what does it look like in the trenches of a real-world refactor? In this talk, I walk through the transformation of "Upnext," an established Android codebase, achieved through deep collaboration with an advanced AI agent ("Antigravity"). We didn't just generate boilerplate. We tackled complex architectural shifts: migrating to Type-Safe Navigation 3, implementing Adaptive layouts with ListDetailPaneScaffold, and modernizing a broken CI/CD pipeline. I will demonstrate how agentic AI can act as a true pair programmer—debugging obscure Hilt/KSP conflicts, writing robust Fastlane scripts, and essentially "un-breaking" the build. Come see the future of workflow, where the developer directs the symphony and the AI handles the heavy lifting of modernization.
• 

  Parquet, Delta, Iceberg & Ducklake - An introduction for developers

  Matthias Niehoff · Head of Data, codecentric

  CSVs are inefficient. Everyone knows that. And yet they are probably the most widely used file formats, also for data scientists. At the same time, data engineers talk about Parquet, Iceberg, and Ducklake—and roll their eyes when someone actually still uses CSV or JSON. As a software engineer, there's often nothing left to do but close your eyes and go for it. Even if you don't really understand it. You read CSV, you write Delta or Iceberg. The main thing is that the data guys don't complain. But what are the differences? Why do we store data in files in the first place? What is all this metadata? And what do I really need and what not? And why can't just look onto storage but also have to take the compute into account. It's high time to dive in.
• 

  Passkeys: Truly Phishing-Resistant? Implementation and Pitfalls

  Martina Kraus · Application Security Engineer, Kraus IT Consulting

  Passkeys have established themselves as the standard for passwordless authentication, promising to eliminate phishing once and for all. But how secure are they really – and what do developers need to consider during implementation to keep that promise? This talk goes beyond the basics and demonstrates through live coding how to integrate Passkeys with Keycloak. We'll uncover common pitfalls and explain which configurations are critical to ensure true phishing resistance. Practical examples and concrete code demos will help you integrate Passkeys securely and user-friendly into your own applications.
• 

  Photonic Computing: Programming a New Class of AI Accelerators (incl. Live Coding)

  Utz Bacher · Vice President Software, Q.ANT, Christoph Lohrmann · Senior Software Engineer, Q.ANT

  Photonic computing is an emerging compute paradigm benefitting AI workloads that are increasingly constrained by the physical limits of classical digital hardware. By performing basic mathematical operations natively with light, photonic accelerators offer new approaches to efficiency and scalability for AI and high-performance computing. This deep dive session provides a practical introduction to photonic computing from a developer’s perspective. We start by explaining the core principles behind photonic computation and how they differ from classical digital computing. The session then focuses on the architecture of Q.ANT’s photonic co-processor and its integration in standard x86 systems. Beyond theory, the talk explores how developers program such hardware. We will walk through the Q.ANT software stack, explain how workloads are mapped to photonic accelerators and demonstrate a concrete programming example in a live coding session. The goal of this talk is to give developers an understanding of photonic computing, show what is already possible today and outline how they can start experimenting with this technology themselves.

• Placeholder - AI Security Panel - Main Stage

  Speakers TBA

• 

  Playing Pong on a shoulder press machine

  Daniel Meilak · Senior Software Engineer, EGYM

  What happens when you give a group of engineers a motor-controlled, high-tech strength machine and 24 hours of "Hack Day" freedom? You get a 300kg game of Pong. In this session, we take you behind the scenes of EGYM’s ecosystem to show how we connect serious sports science and arcade nostalgia. We’ll walk you through the hardware and software stack of our Smart Strength machines, proving that with the right firmware and a bit of C++, any gym floor can become a playground. What We’ll Cover: - The anatomy of an EGYM Strength machine: a short introduction of our hardware, what makes a machine "smart" and how it differs from normal gym equipment - Building the Frontend: using C++ and Qt to build a functional game UI - The hardware part: we’ll explain how we utilize firmware-controlled motors to map lever positions to paddle movement, and how we use variable torque to create a customised feel - Networking the gyms: a look at how our machines communicate with each other and our core backend to enable real-time, head-to-head multiplayer - How to deploy: from a "buggy" demo to a polished release. showing our CI/CD pipeline, demonstrating how we push updates to machines in the field and swap GUIs on the fly (live coding/demo effect there) - Beyond the hackdays: our journey to production, using Pong as an example, including the vital roles of testing, sports science validation, and fleet monitoring A live (or simulated - if we cannot get an EGYM machine on the floor) head-to-head Pong battle. We’ll demonstrate real-time updates of a machine by "patching" the game mid-talk to show how agile development works when the receiving end of a build is a heavy-duty fitness machine.
• 

  Playing with types: An experimental structural type system for Kotlin

  Merlin Pahic · Staff Software Engineer, EIDU

  Kotlin's powerful static type system is based on nominal typing – let's explore how we might implement structural typing by leveraging Kotlin and the Gradle build system. When comparing type systems in different languages, one of the fundamental distinctions is between nominal and structural typing. - In nominal typing, types are considered equal when they have the same (qualified) name – Kotlin's type system is based on nominal typing. - In structural typing, types are considered equal when they have the same structure – TypeScript is a prominent example of structural typing. It is worth noting that some statically typed languages, like Elm, support both. Structural typing provides some extra flexibility, as types can be deemed compatible without explicitly implementing a common interface. That way, types of the same shape defined in different, unrelated codebases can be compatible without introducing a dependency. Also, functionality that depends on the shape of a type may accept any type matching that shape, facilitating code reuse. In this talk, we'll explore an implementation of structural typing in Kotlin – as an experiment, based on existing language features. We'll start by considering the differences between nominal and structural typing, their pros and cons and some use cases. Then we'll look at some type theory, specifically algebraic data types (ADTs) and how they are implemented through nominal/structural typing respectively. We'll also look at how this relates to Kotlin's `typealias` feature and the implications for type safety. Finally, I will take you through an implementation of structural typing, leveraging features of the Kotlin programming language and the Gradle build system.
• 

  POC Prison: Why agentic systems never escape the lab and how to fix that in 90 days

  Luise Freese · Architect, m365princess

  Most organizations experimenting with agentic AI aren’t blocked by models, frameworks, or orchestration. They’re blocked by something far more basic: the everyday realities of how enterprises actually work. Agents look brilliant in controlled demos, but the moment you try to plug them into real systems (legacy data, governance, identity, compliance, and unclear ownership) they collapse into the same pile of abandoned POCs as everything else. My talk cuts through the hype and gets straight to the uncomfortable truth: - why agentic systems end up as flashy prototypes instead of production tools, - how Excel-based “data estates” quietly choke autonomy before it even starts, - why most so-called “AI use cases” are still rule-based automation wearing an AI sticker, and - how to build the minimal delivery backbone needed for any intelligent agent to run safely in a real enterprise. This isn’t yet another vision talk, but the reality check most teams never get: the engineering and organizational work required to move agents from the lab into the world where the constraints are real and the stakes are even higher. Care about getting agentic systems running rather than demoing? This session gives you the hard truths and the practical steps to finally make that possible.
• 

  Post-Quantum Cryptography: Preparing for Q-Day

  Tim Schade · Software Architect, GFT Technologies

  Quantum computers pose a real threat to many cryptographic systems today. Algorithms such as RSA and ECC may eventually be broken within a short amount of time — a scenario often referred to as “Q-Day.” However, there is no need for panic. With post-quantum cryptography (PQC), standardized and quantum-resistant algorithms are already emerging. In particular, algorithms like CRYSTALS-Kyber, which are part of the latest NIST standards, are increasingly being adopted in browsers, servers, and modern protocols such as TLS and QUIC. In this talk, I provide an accessible introduction to the foundations of quantum mechanics relevant to cryptography and explain why quantum computers threaten classical cryptographic algorithms. We take a deeper look at what Q-Day actually means in practice and how organizations can start preparing today. Beyond the fundamentals, the talk offers a deeper technical insight into lattice-based cryptography, including the mathematical principles behind CRYSTALS-Kyber and other modern post-quantum algorithms. Using hands-on examples with OpenSSL, NGINX, and hybrid TLS configurations, I demonstrate how existing web applications can be gradually adapted for the post-quantum era.
• 

  Practical tips for keeping your C# code base clean

  Dennis Doomen · Principal Consultant, Aviva Solutions

  As soon as a codebase grows to a certain point, almost every team struggles to keep that codebase under control. Coding conventions are no longer followed, code reviews become superficial, refactoring doesn't happen as often as it should, and developers lose sight of the original architecture. Fortunately our toolbox contains quite some tools to help you with this, and next to that there are plenty of practices and learnings to help structure your code in more functional manner. As my day job is to help development teams get their existing architecture, code bases, deployment pipelines and quality to a higher level, I've accumulated tons of practical tips and tricks to gradually improve all of the above. So join my talk and hear all my secrets first-hand.
• 

  Product Innovation through Partnerships - Search and Local Services

  Lindsey Kelt Zikry · Business Development Lead, TikTok

  Join TikTok as they discuss how the platform’s features are enhancing the user experience and improving discoverability across a multitude of content categories. From search integrations to new travel tools, explore how these TikTok product features are helping users and creators reach new audiences, find relevant content, and form meaningful connections with their fans.
• 

  Production AI Is a Systems Problem: How ML Breaks at Scale and How to Prevent It

  Anaëlle Sikich · ML / AI Engineer, Microsoft Gaming

  Machine learning systems rarely fail because of bad models. They fail because they are treated as isolated components instead of what they really are: distributed systems. In this talk, we’ll look at production AI through a systems engineering lens. We’ll explore the failure modes that only appear once ML systems are deployed at scale—partial outages, data inconsistencies, version skew, silent performance regressions, and feedback loops that break assumptions over time. Drawing on real-world production patterns (presented in a generalized and anonymized way), I’ll show how applying classic distributed systems principles—such as graceful degradation, backpressure, observability, and clear contracts—can dramatically improve the reliability and maintainability of AI systems. This session focuses less on model architecture and more on how ML systems interact with data pipelines, APIs, infrastructure, and downstream services. Attendees will leave with a practical mental model for designing, operating, and scaling AI systems that survive real-world conditions, not just demos.
• 

  Programming with Contracts in C++26

  Peter Bindels · Staff Software Engineer, TomTom

  C++26 adds contracts, a construct known from Design-by-Contract. In this session we will take a practical look at what they are, how to use them, what they can do now, and what lies in its near and far future.
• 

  Prompt Engineering Hands-on

  Harald Nezbeda · Python Technical Lead, Anexia

  This hands-on workshop teaches prompt engineering by working directly with Large Language Models. You'll learn how LLMs function under the hood and master practical techniques to get better results from them. We'll use Google Colab for interactive coding and Groq's API for fast inference with open models—both free to use. You'll work hands-on with real LLMs, learning to craft effective prompts and apply advanced reasoning techniques you can immediately use in your own projects.
• 

  Prompt Engineering Your Career: AI Agents for Tech Interview Prep

  Ekaterina Kapranova · Backend Engineer, SoundCloud

  Preparing for technical interviews has become increasingly complex: fast-changing tech stacks, competitive job markets, and limited time to prepare. In this talk, I’ll show how AI agents can act as a personalized career coach, helping developers prepare strategically for interviews and increase their chances of landing a dream job. We’ll walk through a step-by-step, agent-driven process: 1. Engineer the right query – defining the target role, required skills, and interview expectations 2. Analyze the job market – identifying in-demand skills and aligning preparation with current hiring trends 3. Set a realistic timeline – creating a structured preparation plan based on experience and goals 4. Curate learning resources – using AI agents to gather, prioritize, and adapt resources for coding, system design, and behavioral interviews
• 

  Quantum Computing - How Does It Work, How Will it Affect Us and When?

  John Fletcher · Staff Engineer, codecentric AG, Lorenzo Petricone · Fullstack Developer, codecentric AG

  Quantum Computing is rapidly moving from theoretical possibility to reality, and is likely to soon majorly affect software development and society. Ignoring it is no longer a sensible option. In this talk, we’ll explain the basics of quantum mechanics, and how its core principles - superposition, entanglement, and quantum gates - are leveraged by quantum computers. We’ll see which complex problems (like simulation, optimization, and potentially disrupting cybersecurity) they are uniquely suited to solve, because they aren't a magic bullet for every task. How are big tech players and startups investing in the space? What real-world applications already exist, when will it hit the mainstream, and does China really do quantum encryption in space? Lastly, how can we prepare for a quantum-enabled future?
• 

  Quantum DevOps - Enabling Industrial Engineering

  Ilie-Daniel Gheorghe-Pop · Researcher, Fraunhofer FOKUS

  An overview of the latest technological developments in Quantum Computing and with it the new possibilities for introducing quantum computing in the industrial automation field. This session outlines the key technological developments of the last year that bring forth the real possibilities of using quantum computing in industrial production processes. Furthermore it highlights the key areas where quantum computing may be successfully used in this field and what are the key technical aspects to be taken into consideration. Finally, it showcases a currently pursued practical use-case of developing quantum optimization algorithms for industrial chemical production using the Qrisp - powered by Eclipse high-level programming language.
• 

  Rate-limiting using eBPF: How to protect your SaaS customers from themselves

  Jan Mensch · Software Developer, ClickHouse

  Do you offer a SaaS product? Is your entire infrastructure protected behind a couple of reverse proxies, which got overloaded because one customer decided to "stress test your service" by opening tens of thousands of connections per second? Then this talk is for you! This presentation covers rate limiting at ClickHouse Cloud, makers of the open source database of the same name. We'll discuss how to cut off connections at L3 using eBPF before they overwhelm your proxies, and how to monitor rate limiting in production. You'll learn how we guess which customer is the (accidental) bad actor even though our rate limiting never parses the TLS SNI header that would tell us which customer instance is being hit.
• 

  Rebase -AI

  Scott Chacon · CEO and Founder, GitButler

  As AI powered generative coding is becoming more popular with tools like Copilot agent, Claude Code and Cursor, there are increasingly interesting challenges to manage the code created in your Git repositories. This talk will show a few approaches to teaching these agents how to commit with good commit messages (why rather than what), amending, squashing and rebasing strategies and challenges, forge management and more. We will look at several of the git-related MCP servers available, show how I've developed tooling to help with my process and explore what can be done in both Git and MCP to improve the process even more.
• 

  Refactoring in the Age of AI

  Dominik Srednicki · Principal Architect, SAP, Elena Lucarelli · Principal AI DevX Lead, SAP

  AI coding assistants write impressive code. They also destroy carefully balanced codebases the moment you ask them to refactor. Ask Copilot to extract a method. Watch it miss three call sites. Ask Claude to rename a class. Watch it break imports across 12 files. Ask Cline to simplify a conditional. Watch your tests fail in ways you didn't know were possible. The problem isn't that AI is stupid. It's that refactoring requires something AI assistants don't have: state, sequences, and safety nets. Martin Fowler wrote the refactoring playbook 25 years ago. It assumed humans would execute it. What happens when machines try? This talk explores the collision between classical refactoring wisdom and modern AI capabilities. We'll dissect why AI assistants fail at refactoring, demonstrate patterns that actually work, and show how to build workflow layers that make AI-assisted refactoring safe and predictable.
• 

  Repository as Network: Visualizing Collaboration in git

  Dmitry Yanter · Director Technology, Data and Innovation, Deutsche Bank

  Your repo holds more than code—it evidences collaboration. Repositories can reveal patterns of ownership, and shared responsibility. Using data-driven methods, we’ll explore visualizations of developer networks, highlighting where collaboration thrives and breaks down. After this session, you will be introduced to artifact-based method of quantifing collaboration, identifying issue and strategies to address them.
• 

  Rest API Antipatterns

  Wekoslav Stefanovski · Head Of Development, Sourcico

  Every API is a story of two developers, one who creates and one who consumes the API. There are API's that are very easy and intuitive for both of them. This talk is not about those API's. This is a talk about those other API's - where best intentions result with unusable and maintainable messes. We will take a look from both sides to analyze and hopefully avoid those pitfalls that await us.
• 

  REST In Peace: Why LLMs Can't CRUD

  Martin Sakowski · Principal Solutions Architect, Amazon Web Services

  The emergence of LLM-powered agents represents a fundamental shift in how software systems interact. Traditional REST APIs, designed for human-driven applications, create friction when AI agents attempt to orchestrate complex workflows across traditional downstream system. This sesssion explores the architectural evolution from resource-based to intent-based APIs, examining why current API paradigms fail at agent orchestration and what we must build instead. We'll dive deep into the technical challenges LLMs face when navigating CRUD operations, the cognitive overhead of translating high-level intent into dozens of low-level API calls, and the brittleness introduced by rigid resource schemas. You'll learn how intent-based APIs abstract away implementation details, enabling agents to express goals rather than methods. Discover how MCP (Model Context Protocol) servers can host these next-gen APIs, creating standardized agent-to-system and agent-to-agent interfaces.
• 

  REST, GraphQL, gRPC, and more: A comparison of modern API styles

  Florian Bader · CEO, Lunaris Digital Solutions

  The API landscape is diverse: REST, GraphQL, OData, gRPC, WebSockets, server-sent events, and more. This presentation will demonstrate live the advantages and disadvantages of each approach and when each style is appropriate. You will learn whether it makes sense to provide several in parallel and how common logic can be used across different interfaces. Practical examples with ASP.NET Core will show you the concepts in action. By the end, you will know which API strategy suits your project and how you can switch flexibly between the options.
• 

  Robots Among us: Advances in AI for Everyday Androids

  Thomas Endres · Managing Partner, TNG, Florian Gather · Associate Partner, TNG

  Robotics is transitioning from factory floors to our everyday lives, particularly through humanoid robots. This session features a live demonstration of our Unitree G1 android, exploring how advances in AI using Robotic Foundational Models, increasing data availability, and advanced hardware are transforming science fiction into reality. The session begins with an overview of robotics. Next, robot training is examined, demonstrating how integrated hardware and software bridge the gap between simulation and real-world deployment. Finally, Vision-Language-Action (VLA) models are explored for enabling meaningful human-robot interaction and future applications.

• RTX AI PC: developing local and edge AI applications

  Speakers TBA

  Introduction to developing AI applications that run locally on RTX-powered PCs — privacy-first, offline-capable, low-latency use cases. Covers NVIDIA NIM on-device, NemoClaw open agent stack, and developer workflow for local model deployment.
• 

  Rules, Heuristics, or LLMs? Lessons from Solving the Same Problem Twice

  Artur Naumenko · Senior Software Engineer, Softeta

  Not every problem needs an LLM. But at the same time some problems are asking for LLMs as the solution. So, when to choose which? I ran into this while working on a subjective text transformation problem. It’s hard to specify and hard to test. That made it into a brilliant grey zone. When the answer to the regular regular question "can it be done without LLM" is "yes, but...". To understand the trade-offs, I built two solutions to the same problem. Both of them produce similar result, they just work in a very different way. One is a "just code and math": rule-based stochastic system using Markov chains, edit-distance mutations and so on. The other is a LoRA fine tuned LLM trained on the examples. In this talk, I'll share what I learned, so that you could build just one system, instead of two: Where deterministic models offer better control Where LLMs produce more natural results How the results are different Maintenance cost As the problems sits in a grey zone and hard to properly measure, I will show a result of blind comparison between rule-based output and LLM output to determine whether LLM solution was necessary or overkill. This is not a tutorial or an AI demo. You’ll leave with a practical way to understand and decide when the problem is LLM-worthy and when to stick to the good old code and algorithms. It's a case study on how over-engineering once on purpose can save future effort and resources.
• 

  Rust in the Real World: Adoption, Migration, and Tradeoffs

  Vitaly Bragilevsky · Head of Rust Ecosystem, JetBrains

  An overview of how Rust is adopted in real engineering organizations, covering common adoption paths, migration strategies, and typical challenges teams face. The session examines the benefits Rust brings in production, the tradeoffs involved, and practical criteria for deciding where Rust is an appropriate choice and where it is not.
• 

  Rust Is Easy – Things I would have liked to know before I’d started learning Rust

  Goetz Markgraf · Senior Consultant, codecentric

  Rust isn’t difficult, it's just different. Stop fearing the language everyone loves. For nearly a decade, Rust has been the most admired language on the Stack Overflow Developer Survey, but many developers still see its learning curve as a brick wall. This talk argues that Rust isn’t difficult—it's just a unique language that replaces runtime complexity with compile-time discipline. We'll demystify the core concepts that make Rust a powerhouse, eliminating over 70% of security bugs that plague C/C++ projects due to memory mismanagement, and showing you how this shift to "conscious programming" results in smaller, safer, and faster applications. At the heart of Rust's philosophy is the concept of Ownership and Borrows, a unique form of automatic memory management handled entirely at compile time. Forget the performance drag of garbage collection or the peril of manual allocation; in Rust, data is treated like a physical object that can only have one owner. We’ll walk through the simple, yet profound, rules of moving, transferring, and referencing data. You'll learn how to work with, not against, the Borrow Checker to build high-performance code, paving the way for pain-free concurrent and asynchronous programming. But safety isn't just about memory—it's about never lying to the programmer. Rust's strict approach to Error Handling forces developers to acknowledge and manage every possible failure, eliminating the "billion-dollar mistake" of null references. By the end of this session, you will understand why the Rust community proudly claims: “If it compiles, it works.”
• 

  Rust on Robots: Hands-on Embedded Rust on STM32

  Robert Jeutter · Software Architect, CORPULS

  Rust is fast, modern, and great at catching typical embedded mistakes early—exactly what you want on real robots. In this hands-on workshop we’ll start with a short, practical Rust introduction and then move directly into exercises: writing Rust, solving small tasks, and finally flashing and testing code on an STM32. The focus is not “Rust theory”, but a smooth path from “I can program” to “I can build and run firmware in Rust”. We’ll cover the mental model you need for embedded Rust (ownership in practice, safe APIs, error handling), and how this translates into robust robot code. You’ll work in pairs or small groups, with guided steps, short challenges, and a working reference project you can take home. Ideal for RoboCup and robotics enthusiasts from education and industry who want to try Rust as a tool for reliable embedded development.
• 

  Same Tower, New Confusion — The Tower of Babel 2.0

  Ondřej Kukla · Product Manager, StellarBase

  Your devs ask Claude. HR asks ChatGPT. Sales asks Gemini. And it goes further than that. Notion has its own AI, ClickUp has its own AI, Copilot is baked into everything Microsoft. Every tool promises to solve your information problem, but each one only sees its own piece of the puzzle. None of them connect the full picture. So you end up with ten tools giving ten answers, each one confident, each one built on a completely different context. AI didn't break silos. It made them worse. We built StellarBase to be the place where your organization's knowledge comes together, where it's comprehended, connected, and actually accessible. One foundation instead of another tool on top of the pile. That's where scattered knowledge starts making sense as a whole.
• 

  Scaling GraphRAG: Efficient Knowledge Retrieval for AI

  Guy Korland · CEO, FalkorDB

  This talk focuses on GraphRAG, an advanced Retrieval-Augmented Generation method that represents knowledge as interconnected nodes. We'll get into its architecture, implementation challenges, and performance gains in multi-hop reasoning tasks. Learn how GraphRAG is transforming knowledge management for large language models, improving accuracy and coherence in complex inference scenarios. The talk is ideal for AI engineers, ML researchers, and developers working on knowledge-intensive NLP tasks, chatbots, question-answering systems, or any application requiring complex reasoning and factual accuracy from LLMs.
• 

  Self-service Quality: QA Without QA

  Ondřej Gróf · Senior QA Engineer, Canva

  As of tomorrow, teams will not need QA engineers. Sounds crazy? That is precisely what we are building at Canva. AI changed the game overnight. Development teams were shipping faster than ever, and QA needed to adapt. We flipped the script. Instead of teams waiting for us, we empowered them to completely own quality through our self-service approach. To achieve this, we built AI tools that support key parts of the QA process: test plans, test generation, a test parties assistant, and more. Teams gained what they needed without the wait, while quality signals and indicators ensure they remain relentless about quality standards. But what about QAs? They no longer test. We shifted our focus to exploring new frontiers and enabling quality across the organization, thereby significantly increasing the impact of our work given the rapid pace of change. I will walk you through our transformation journey: the practical tooling approaches we adopted, how we adapted our QA processes to facilitate this change, the key breakthrough moments that made it work, and why this shift is critical now.
• 

  Serverless: Hype vs. Reality - Debunking the Most Common Myths

  Emiliano Della Casa · Software Architect, Independent

  Nowadays Serverless is everywhere, and it's often pitched as a silver bullet: lower costs, no infrastructure to manage, infinite scalability. But how much of that holds up? In this talk, I’ll try to cut through the noise and debunk some of the most common myths around serverless—like the idea of zero operational overhead, unavoidable vendor lock-in, performance limitations, and unpredictable costs. No buzzwords, just real-world experience, concrete pros and cons, and some honest advice on when a serverless architecture makes sense—and when it doesn’t. The goal? To help you navigate this fast-moving space with a practical and down-to-earth perspective
• 

  Shall we play a Game? LLM Security in Practice

  Joseph Katsioloudes · Senior Developer Advocate, GitHub

  Artificial Intelligence (AI) is no longer a futuristic concept. It's embedded in the systems we use daily. At the core of these innovations are Large Language Models (LLMs). These LLMs can unlock new capabilities but can also introduce novel security challenges due to their non-deterministic behavior and autonomous outputs, causing issues like data leakage and unintended model behavior from attacks such as prompt injection. This workshop equips participants with the skills they need to build secure LLM-based applications through interactive, challenge-based exercises that gamify core security concepts. Prepare to level up your understanding of LLM security in a practical and fun way.
• 

  Simple, Clean, Intuitive, and Qrisp: Quantum Linear Algebra for Developers

  Matic Petrič · Quantum Computing Researcher, Fraunhofer FOKUS

  Quantum computers are slowly getting there. But building algorithms gate-by-gate is the "Assembly language" of quantum that simply doesn't scale for industrial applications. To build real-world software, we need high-level abstractions! In this session, we explore how Eclipse Qrisp has evolved into a high-performance framework that lets developers move beyond circuit-level noise and focus on algorithmic logic using constructs like QuantumVariables and QuantumFloats. The star of the show is the new BlockEncoding class in the 0.8 update. Think of it as the "quantum Numpy", or at least Numpy's cousin. We will demonstrate live on stage how to perform complex quantum linear algebra with a clean, pythonic interface: - From Arrays to block encodings: Construct block encodings directly from standard arrays with ``.from_array(A)``, form operators with ``.from_operator(O)``, or construct your custom block encoding with ``from_lcu(unitaries, coeffs)``. Combine them effortlessly using standard matrix arithmetic (``+``, ``-``, ``*``, ``.kron()``, ...). - Solving linear systems: We will tackle matrix inversion (solving $Ax = b$) using ``.inv(epsilon, kappa)``. This is a gateway to speedups in machine learning, fluid dynamics, and optimization. - Hamiltonian simulation & Polynomials: Perform Hamiltonian simulation with ``.sim()`` and arbitrary polynomial transformation/filtering with ``.poly()``. - Hardware-Ready Workflow: Move from theory to execution. We’ll show how to compile for simulators or hardware using ``.apply()`` or deterministic "Repeat-Until-Success" protocols with ``.apply_rus``. - Quantum Resource Estimation: Track gate counts, circuit depth, and qubit usage on the fly simply by calling ``.resources``. Whether you’re a software engineer entering the quantum domain or a researcher streamlining your workflow, this talk provides a practical roadmap for building scalable quantum applications today. The future of Quantum Linear Algebra is here, and it's Qrisp.

• SMART Test Automation - the experience of legacy transformation

  Speakers TBA

  How to start test automation from scratch - the legacy system example. How to make test automation matter - esp. when everything is always not enough - developer experience, SSDLC experience. The importance of test pyramid, and why sometimes unittests are useless, and sometimes they are not. Basic truths why are we still forgetting about them - the context of 20yo product and replatforming and technology debt How much is enough - the core banking system - 3k, 4k, 5k or more? We really did magic - it can be yours.
• 

  Sociotechnical Architecture Reviews: Understanding Teams, Not Just Artefacts

  Eberhard Wolff · Head of Architecture, SWAGLab

  At first glance, software architecture appears to be a purely technical artefact. So it should be possible to review it solely as such—or should it? In reality, an architecture is the outcome of a team’s work and a response to stakeholder requirements. It therefore makes much more sense to review architecture as the product of a sociotechnical system. This perspective shifts the emphasis from technical artefacts to the people behind them, their goals, and their interactions. Experience has shown that this approach provides a more efficient and effective way to understand architectures than many traditional review methods. Attendees will see how sociotechnical reviews work in practice and leave with practical techniques to improve the effectiveness of their own reviews.
• 

  Software Engineering for Muggles

  Theresa Heine · Software Engineer, ING

  Have you ever tried to explain software engineering to someone who’s never written a line of code? It’s surprisingly hard, because unlike building a house, software projects rarely go according to plan. They end up more like… the Weasley house from Harry Potter. What starts as a simple, sturdy home becomes an ever-expanding, slightly chaotic structure of extensions, workarounds, last-minute rooms, and “temporary” solutions that somehow end up permanent. Software engineering isn't about a single big construction project, it's an ongoing journey of planning, building, testing, and fixing. Using the Weasley house as a metaphor, I’ll explain why we’re always “renovating” (maintenance), why swapping out doors (libraries) means checking the versions of the hinges and door frames, and how, in software, we can simply “copy the whole house” to test new windows — without anyone catching a cold. After this session you will never struggle again explaining software engineering concepts to your mum, your non technical friend, or your nephew again. Give it a try!
• 

  Solving Architectural Entropy With Runnable Diagrams

  Mourjo Sen · Senior Software Engineer, Booking.com

  "Software architecture does not age gracefully. Software architecture degrades in direct proportion to the number of changes made to the software" - Architecture of Open Source Applications, Berkley DB. This observation is painfully familiar to anyone building domain-driven systems at scale. We often begin with carefully designed microservices and a shared understanding of the domain, but as new requirements arrive, teams optimize for delivery speed and as a result, architectural shortcuts creep in. Over time, the original design intent fades and it becomes increasingly difficult to understand how it all works. In a typical engineering discussion, complex ideas are explained using diagrams and visual cues. Architectural diagrams are a central component in today's engineers' arsenal because of this universal appeal -- whether it be a new joiner or the veteran, diagrams provide instant clarity that code alone cannot. Unfortunately, most diagrams fall out of date as the system changes. But what if diagrams were not a documentation of a past version of the system, but were the definition of it? Instead of merely describing interactions between microservices, Business Process Model and Notation (BPMN) uses a visual language for defining how microservices interact with one another to solve business requirements. The same diagram is understood by humans and executed by machines, creating a powerful synergy between architecture, implementation, and business intent. By introducing an explicit orchestration layer, BPMN brings proven composition patterns. Instead of bespoke in-house implementations, a unified orchestration layer prevents domain driven services from drifting from their original design intent. With executable diagrams, we can finally tame the problem of architectural entropy that slowly creeps in, even in well intended design. It makes the system easier to understand and faster to evolve, while bringing different factions of the organization closer.
• 

  Spec First Development: Building and Modernizing Apps with Agentic AI

  Julia Kordick · Senior Software Global Black Belt, Microsoft

  Agentic AI is moving fast from hype to hands on reality. But most teams still struggle with the same questions: - How do I prompt agents effectively? - How do I control context and tools? - And how do I use agentic AI in real brownfield and greenfield projects without creating chaos? In this full day masterclass, we start by grounding participants in what they actually need to know about agentic AI. We cover practical prompting strategies, context engineering, and MCP, with a clear focus on what works in real projects. No buzzwords. No magic thinking. Bring your own project and your own agentic AI setup. Participants can work on their own ideas or systems, or follow along with provided examples. I will use examples with GitHub and Azure as this is my personally preferred tech stack, but the learnings and patterns apply everywhere. From there, we go fully hands on. Using spec kit, participants work through a choose your own adventure style journey. You decide whether you start from a greenfield idea or a brownfield application. Step by step, we turn specifications into working code and cloud ready artifacts using agentic workflows. This is not a slide heavy workshop. You will write specs, guide agents, debug outcomes, and learn where agentic AI shines and where it clearly does not. You will leave with concrete patterns and mental models you can apply immediately in your own projects. No prior experience with agentic AI is required. Basic software development experience is highly recommended.
• 

  Speed up your CI/CD pipelines by caching build & runtime artifacts

  Thijs Feryn · Technical Evangelist, Varnish Software

  Slow CI/CD pipelines delay code from reaching production and frustrate development teams. Beyond testing and compilation, a major bottleneck comes from repeatedly fetching dependencies from remote artifact repositories, a slowdown that also affects developers in their daily work. This presentation will show how to eliminate these delays by caching build and runtime artifacts such as Docker images, NPM packages, Go modules, and even Git clones and fetches. Since most artifact repositories deliver dependencies over HTTP, a reverse caching proxy like Varnish can dramatically accelerate artifact delivery at scale. We’ll break down the actual HTTP requests behind docker pull, git clone, go get, and npm install, and demonstrate how Varnish can be configured to cache these assets effectively, without compromising access control or security. We’ll also compare the power of an HTTP reverse caching proxy like Varnish to other optimization strategies such as disk caching & shallow fetches.
• 

  Spot, Squash, Secure: Fighting Security Bugs with GitHub Copilot

  Marie Theresa Brosig · Strategic Solutions Engineer, GitHub

  It's summer, and the bugs are biting — in your code and in your backyard. In this session, we'll take GitHub Copilot and GitHub Advanced Security for a spin to see how far AI-driven security has come, what it can actually catch, and where it still needs a swat. Come for the puns, stay for the demos.
• 

  SSR Migration Under High Load: Real-World Lessons in Building Ultra-Fast Platforms

  Iurii Marymonskyi · Head of Engineering, GR8_TECH

  High traffic turns frontend decisions into scaling decisions. In this session I’ll share a migration playbook we used to modernize a high-load legacy CSR web platform while keeping delivery moving: how to identify the true causes behind slow LCP/TTI, how to fine tune SSR to keep it under 2s and comparison of modern approaches. You’ll get concrete patterns (and anti-patterns) for caching, streaming, performance budgets, and web vitals — plus a decision framework for choosing between tuning your current stack vs adopting a new one.
• 

  Stop Parsing Strings: Treating LLMs Like Type-Safe Microservices

  André Behrens · Senior Solution Architect, Atos

  In 2026, "vibe coding" is a technical debt trap. Sending prompts into a black box and hoping for valid JSON is no longer an acceptable engineering standard. This session introduces a shift toward Deterministic AI Architecture, treating the LLM not as a chatbot, but as a strongly-typed microservice. We will demonstrate how to move from "prompt engineering" to "schema engineering" using PydanticAI. We’ll cover the mechanics of structured outputs, constrained decoding, and the "Self-Healing" pattern. Finally, we’ll pull back the curtain on the "Latency Tax" and the "Reasoning Lobotomy" to show when structure helps—and when it actually hinders—your model’s intelligence.
• 

  Stop Renaming Teams, Start Product Thinking: A PM's Guide to Platform-as-a-Product

  Dominik Schmidle · Group Product Manager, Giant Swarm

  Everyone's talking about treating platforms as products. But when your platform team is drowning in tickets, firefighting upgrades, and struggling to prove ROI, "just apply product thinking" sounds like advice from someone who's never run a platform. And let's be honest: slapping a "Product Owner" title on someone and renaming your ops team won't magically fix anything. So what does actually work? I've spent 5 years as a Platform Product Manager figuring that out. One example: transforming an internal monitoring platform from "universally avoided" to revenue-generating in 1.5 years—now serving 150+ Kubernetes clusters. The shift isn't magic. It starts with asking better questions about who your users really are, what value looks like, and how to prioritize when everything feels urgent. In this talk, I'll share a framework that helped me make that shift—moving from thinking about technical components to understanding your actual platform users. You'll learn how to visualize what your platform really is and derive value metrics that prove impact beyond "uptime" and "tickets closed." Whether you're a platform engineer curious about product thinking, or a team lead trying to escape the "internal service desk" trap, you'll leave with practical starting points to treat your platform as a product—for real.
• 

  Stop using Node.js like in 2020! What changed and what you can do today with Node.js

  Alfonso Graziano · AI Tech Lead, Nearform

  Remember Node.js in 2020? It worked, but you needed countless dependencies to get anything done. Fast forward to 2026 and Node has completely transformed. It’s faster, more capable, and packed with modern features that make it feel like a brand-new runtime. Imagine going through every changelog from the past six years and condensing it all into one talk. From the native test runner and permission model to built-in TypeScript support and beyond, we’ll explore everything you can now do out of the box. Stop writing Node.js like it’s 2020 and discover what the modern runtime can truly achieve today.
• 

  Strategies for Efficient Log Management in Large-Scale Kubernetes Clusters

  Aliaksandr Valialkin · CEO, VictoriaMetrics

  Large Kubernetes clusters can generate significant volumes of logs, especially when housing thousands of running pods. This may demand substantial CPU, RAM, disk IO, and disk space for storing and querying large log volumes. In this talk, we will look into different strategies of storing those logs in ElasticSearch, Grafana Loki and VictoriaLogs and examine how we can save 10x or more on infrastructure costs. This talk presents real-world examples of efficient log management in large-scale Kubernetes clusters. It includes setup demonstrations, numerical data, and graphical representations from reproducible benchmarks.
• 

  Structured Concurrency in Practice: CoroutineScope vs StructuredTaskScope

  Filip Egeric · Senior Software Engineer, Clue

  Structured concurrency is a familiar concept to Kotlin developers, and CoroutineScope has long been the go-to tool for managing lifecycles and structuring asynchronous code in a safe, predictable way. But now, the Java ecosystem is stepping up: Java’s new StructuredTaskScope API brings structured concurrency concepts natively to the platform, and it’s capturing a lot of attention with its promise of clarity and safety in concurrent programming. Since Kotlin and Java work very well together, we'll see how we can use this new API from Kotlin and how it's better or worse from the already known CoroutineScope API. We’ll explore real-world use cases that require structured concurrency, then take a deep dive into both CoroutineScope and StructuredTaskScope. We’ll compare their APIs, features, and design philosophies.
• 

  Super scaling for the Super Bowl: How to survive 30 million users hitting your backend in 30 minutes

  Irina Branovic · Tech Lead, adjoe

  The Super Bowl attracts millions of viewers, and an unprecedented surge in ad traffic. One of adjoe partners secured an advertising slot, requiring us to be prepared for 30M users hitting our backend in less than an hour. We relied on load testing, application optimizations, pre-scaling and increased cloud quotas to withstand extreme loads. Learn how we scaled an ultra-resilient Golang backend to successfully handle traffic spike at one of the biggest events in the world.
• 

  Supercharge your JVM performance with Project Leyden

  Ana Maria Mihalceanu · Senior Developer Advocate, Oracle

  Many modern applications and tools rely on Java. Yet, their startup time and time-to-peak performance remain challenging, especially for microservices and Kubernetes workloads that require fast scaling and responsiveness. Project Leyden, an ambitious OpenJDK initiative, aims to overcome these performance bottlenecks. In this session, Ana will show how you can take advantage of Leyden’s optimizations using Java 26 to transform the scalability and responsiveness of your application. Empower yourself with practical techniques you can apply today, along with a peek into the ongoing work inside Leyden and what that means for the performance of your Java application.
• 

  Swapping a Data Warehouse at Runtime: Zero-Downtime Migration Without Changing a Single Client

  Michael O'Toole · Data Staff Engineer, Trade Republic, Max Fischer · Director Engineering, Trade Republic

  Trade Republic serves 10 million with €150 billion under management. Our data warehouse handles 4 million queries daily across analytics, product features, and the ML fraud detection that protects our customers. It replicates 220 databases into a 620 TB lakehouse. It cannot go down. Moving to an open lakehouse architecture — Apache Iceberg & bring-your-own-compute — "schedule a maintenance window" was not an option. Neither was asking hundreds of consumers — BI tools, pipelines, ML models, product services — to rewrite their connections. The destination: decoupled storage-compute where teams choose the engine that fits their workload. Spark, Athena, DuckDB — all reading from the Iceberg. But the migration path matters as much as the destination. Our approach: "Engy" build a protocol-compatible proxy that presents the exact wire interface of our existing warehouse. Every client connects the same way it always has. Behind that stable interface, we're free to change everything: swap compute engines, cache, add features — all invisible to consumers. The key enabler is in-flight SQL transpilation. The proxy rewrites SQL, translates table references between catalogs, and normalises result, all in the request path. This gives us a multi-engine architecture with perfect interop. Teams onboard without changing a driver, a connection string, or a line of code. We ship new engines and features behind the interface while production traffic is flowing — building the plane as we fly it. The interface becomes a contract that decouples the pace of infrastructure evolution from the pace of consumer adoption. In this talk I'll walk through how we designed the Engy proxy interface for long-term stability that lets us migrate a 620 TB system query-by-query without downtime. True to Trade Republic's engineering philosophy, the entire stack is built on open-source foundations — no vendor tooling, no proprietary middleware.
• 

  Swapping Code, Losing Memory: A JVM Deep Dive

  Marco Sussitz · Senior Software Developer, Dynatrace

  You’ve probably seen the option to hot swap code while debugging in your IDE, but have you ever wondered how it actually works under the hood? And more importantly, what could go wrong? While stress testing an application that made heavy use of class reloading, I discovered a surprising issue: we were leaking memory and not just heap memory. This kicked off a deep dive into the internals of the JVM to understand what really happens when a class is reloaded. In this talk, I’ll explain how I investigated the problem, what I learned about class representation in the JVM, and how code hot swapping really works in OpenJDK. You’ll leave with practical insights into debugging class reloading issues and a better understanding of what’s happening behind the scenes when your code changes on the fly.
• 

  Swift, Server-side, Serverless

  Sebastien Stormacq · Developer Experience Engineer, AWS

  Full-stack developers lose precious time switching between languages, tools, and deployment models. What if you could use Swift—the language you already love for iOS and macOS—to build your backend APIs and cloud processing without ever touching a server? This demo-heavy talk reveals how to deploy Swift applications on AWS Lambda, unlocking true full-stack Swift development with serverless superpowers. You'll witness Swift code running in the cloud within the first five minutes, then dive deep into building REST APIs, handling cloud events, and processing data—all in Swift. You'll see real code solving real problems, with minimal slides and maximum hands-on demonstration. Whether you're a Swift developer curious about backend development, a full-stack developer seeking language consistency, or simply interested in pushing Swift beyond its traditional boundaries, you'll leave with practical knowledge to start building serverless Swift applications immediately. No virtual machines, no containers, no infrastructure headaches—just Swift code that scales automatically and charges only for actual usage. This is Swift unleashed from device constraints, running where the cloud meets creativity.
• 

  Synthetic Insiders: The New AI Risk to Your Org

  George Proorocu · IT OPS Manager Cybersecurity and Fraud, ING Bank

  What happens when the attacker isn’t malware, but a “colleague”? AI is enabling scammers to deploy synthetic identities that can pass interviews with stolen identities, integrate into teams, and access internal systems at scale. In this talk, we unpack how deepfakes, LLM agents, and automation are reshaping the threat landscape, using real cases, underground techniques, and a live demo to show why trust has become the most exploited layer in modern IT architectures.
• 

  Teaching agents to pay: what devs need to know

  Benjamin Smith · Senior Staff Developer Advocate, Stripe

  With a global daily user base in the hundreds of millions, AI agents are rapidly becoming a primary interface for how people discover, evaluate, and purchase products. Enabling those products to be listed and paid for directly through agents opens an entirely new—and enormous—commerce channel. The Agent Commerce Protocol (ACP) and Shared Payment Tokens provide a secure framework for agent-driven commerce within Stripe’s ecosystem—without exposing payment data or sacrificing user control. This session walks developers through the complete implementation: setting up Stripe integration, creating permission-based payment tokens, interacting with ACP endpoints, and designing trustworthy user experiences. You'll learn how to enable your agents to transact safely and predictably, handling everything from checkout flows to error scenarios and webhook events.
• 

  Teaching an LLM to review code… like a Senior Engineer!

  Kesha Mykhailov · Principal Engineer, Intercom

  There’s no doubt LLMs can generate plausible, working code – but can we trust them to review it?
Being a helpful assistant is deeply ingrained in an LLM’s nature, but when it comes to code reviews, this works against us.
What could have been a simple Pull Request approval turns into a lavish, flattering, one-page-long description of how great the code is, how extensive the test coverage is, and how brilliant the architectural choices are. No one has the time to read those reviews, and ultimately engineers stop paying attention. And even if the LLM does surface a real issue, chances are it’s going to be lost in the noise of dozens of good-to-haves and minor, irrelevant nitpicks.
This is a story of how we built an LLM code review bot that behaves as a senior engineer – surfacing important, actionable violations of human-curated guidance and maximising signal-to-noise ratio.
• 

  Teaching GitHub Copilot COBOL: A Practical Guide to Agentic AI Legacy Modernization

  Julia Kordick · Senior Software Global Black Belt, Microsoft

  Everyone talks about modernizing legacy systems. Few people actually open a COBOL codebase and do it. In this session, I will. Using real mainframe applications, I'll walk through how GitHub Copilot's agentic capabilities can help you understand, plan, and extend COBOL code you've never seen before. We'll start where every modernization project actually starts: figuring out what the code does. Using structured prompt workflows, we'll reverse engineer modules, discover data structures, trace transaction flows, and build a knowledge base that turns tribal knowledge into something an AI agent (and your team) can actually work with. Then we'll go further: planning and implementing a new feature, end to end, with Copilot doing the heavy lifting while we stay in the driver's seat. This isn't a "replace your mainframe overnight" talk. It's a grounded, hands-on look at what's possible right now when you combine spec-driven development with agentic AI. You'll leave with a repeatable approach to legacy discovery and modernization, and a realistic sense of where AI helps, where it struggles, and where you still need to know your stuff.
• 

  Teaching Kubernetes Security in your Cluster

  Thomas Fricke · Cloud Security Architect

  The workshop shows how to teach hands on Kubernetes trainings lessons in your own cluster environment with Jupyter notebooks Starting with the basics we extend the examples with easy scans for vulnerable configurations and network problems.
• 

  Tech as a Profit Center – Maximizing P&L Impact by Research Funding and Capitalization

  Henriette Brune · Chief of Staff to the CTO, FINN

  Tech organizations are often seen as cost centers: valuable, but rarely measured in terms of direct P&L contribution. Yet there is enormous untapped potential: many startups and scale-ups miss out on research funding and capitalization opportunities that could directly improve cash flow and profitability. In this session, Henriette Brune, Chief of Staff at FINN, shares how the company turned R&D from a cost driver into a profit lever by leveraging Germany’s "Forschungszulage" and capitalization strategies. Smaller companies in particular often underestimate the impact. Either because they don’t know these instruments exist or because they assume the overhead is too high. Henriette will demonstrate how FINN built a streamlined, largely automated process that keeps the effort for engineers and leaders minimal and non-disruptive, while still creating significant financial impact. Attendees will learn how to design lightweight processes that connect engineering work to financial reporting, how to automate compliance using tools like Personio, JIRA, Make, and OpenAI, and how to align tech and finance stakeholders around shared goals. The outcome: a playbook that allows tech leaders to keep their teams focused on innovation, while turning overlooked funding and capitalization opportunities into real contributions to the company’s bottom line.
• 

  Testing AI Agents: Automated Evaluation for Chatbots & RAG Systems

  Sebastian Messingfeld · Staff Engineer, Eurowings Digital

  AI Agents, chatbots, and RAG systems are easy to prototype — but difficult to test reliably. Small changes to prompts, models, retrieval sources, or system instructions can silently change behavior, and classic assertions (string matching, snapshots) often fail to capture what actually matters: correctness, relevance, grounded answers, and consistent multi-turn dialogue. In this talk, we’ll start with the common testing problems in real projects: “it worked yesterday”, hidden regressions, evaluation noise, and the challenge of aligning developers and stakeholders on what “good” means. Then we’ll explore practical testing possibilities with evaluation frameworks like DeepEval: how to validate responses beyond keyword matching, how to structure test cases for both chatbots and retrieval-based assistants, how to define pragmatic quality gates, and how to run these checks continuously in suggests, then? As a side topic, we’ll show how BDD/Gherkin can wrap these evaluations into human-readable scenarios (Given–When–Then), making expectations reviewable by non-developers while keeping the actual validation powered by automated evaluation metrics. You’ll leave with a reusable blueprint for introducing automated AI evaluation into your development workflow — from local runs to CI pipelines with actionable reports.
• 

  The 2026 Talent Pivot: Essential Trends for an Evolving Workforce

  Bastian Eichler · VP Product / Marketing, WorkMotion

  The world of work is shifting faster than most organisations can adapt. Rising costs, demographic change, AI disruption and evolving employee expectations are reshaping talent strategy. In this session, we explore why traditional, location-bound hiring models no longer work - and how leading companies are moving toward borderless, skills-first workforce strategies to stay competitive in 2026 and beyond.
• 

  The 8th Layer: Building the Open AI Stack Before It Builds You

  Raffi Krikorian · CTO, Mozilla

  We’ve spent decades perfecting the software stack — from LAMP to cloud-native to platform engineering. But AI is reshaping that stack in real time. The real risk isn’t just technical debt. It’s strategic dependency. In this lightning talk, Raffi Krikorian explores “the 8th layer” of the AI stack — the layer beyond infrastructure, models, and APIs — where incentives, governance, and control determine who actually benefits from AI. What would a true “LAMP Stack for AI” look like? One that is open, composable, inspectable, and community-governed. One where developers aren’t just API consumers but builders of durable systems. We’ll break down the emerging Open AI stack — from data to models to orchestration — and why openness at each layer matters for security, sovereignty, and long-term innovation. If you’re building with AI, you’re already choosing a stack. The question is: are you building it — or renting it?
• 

  The art and science behind evaluating AI Agents at scale

  Alfonso Graziano · AI Tech Lead, Nearform

  Evaluating AI Agent is a mix of science and art. Working with subject matter experts is more important than ever. New methods and best practices are emerging to evaluate these systems at scale. In this talk we will discuss a case study of a production agent used across an entire company. We will discuss live evals, how to build a golden dataset, how to collaborate with SMEs, what worked and what didn't over a 6 months project. We will share some of the best practices we found are working well in production contexts after investing hundreds of hours analyzing evals, building reports and iterating. This talk is not about just the theory, we will use a real case study and we will share all the info you need to really iterate fast and build evals that matter for your use case!
• 

  The best SDLC is the one you build yourself: Why orchestration changes everything

  Jovana Dunisijevic · Senior Technical Evangelist, Atlassian

  Industry research shows AI productivity gains have plateaued at 10–15% — because today's tools only optimize the 20% of a developer's day spent writing code. The real bottlenecks are left and right of code: planning, orchestration, review, and operations. We'll also explore the value of AI-powered code reviews - from establishing code standards that AI can seamlessly enforce, to triggering agentic pipelines that autonomously fix issues. Join Atlassian’s Jovana Dunisijevic for a hands-on deep dive into the AI-native SDLC. In this workshop, we’ll move past single-player copilots and show you how Atlassian is turning Jira into an AI-native orchestration layer for the entire software development lifecycle. You'll work with Jira AI Planner — an always-on AI technical architect that helps you rapidly vet ideas, generate estimates, and create work breakdowns — and the Jira Coding Agent, which tackles coding tasks directly from your board without ever switching to an IDE. Then we'll go further: you'll learn how to build custom automations that chain these capabilities together, transforming your Jira board into an agentic software factory where humans set intent and agents execute. You'll walk away with a working understanding of how to move from single-player copilots to multiplayer AI workflows — where the coordination layer, becomes the leverage point. Please bring your own laptop to this session. No pre-work is required for this workshop
• 

  The Bright Data Build-Off

  Rafael Levi · Developer Relations Lead, Bright Data

  AI writes the UI. Bright Data brings the data. Win on what you build with it. The UI is the easy part now; any AI tool ships one in minutes. The thing that makes an app worth anything is the data behind it. That is where Bright Data comes in. If it is on the public web, it is in range: pages that block bots, JavaScript-heavy apps, data spread across thousands of pages, data that changes by the minute, the same page seen from any country. Catalogs, reviews, listings, jobs, social, news, all clean and structured in minutes. The source is any public site on the web; what you make of it is yours. Win on what you build with it, not how it looks.
• 

  The Dark Corners of Kotlin Multiplatform

  Andrea Della Porta · Mobile Manager, Capgemini

  Kotlin Multiplatform is powerful, flexible, and full of promise—but it’s not all smooth sailing. Behind the glossy headlines and official documentation lie subtle bugs, platform quirks, and surprising limitations that can trip up even experienced developers. In this talk, we’ll take an honest look at the dark corners of Kotlin Multiplatform based on real-world usage. You’ll see concrete examples of things that break, don’t work as expected, or require strange workarounds—especially when working with Swift/Objective-C interop, background threading, dependency injection, or dealing with the iOS toolchain. You’ll learn: - What breaks and why in real apps using KMP - Debugging tips and stack trace decoding (especially on iOS) - Build issues, performance bottlenecks, and memory management caveats - Workarounds that are ugly, but necessary—for now This is not a “KMP is bad” talk. It’s a “here’s what to expect when you go beyond the tutorial” talk—ideal for anyone already using Kotlin Multiplatform or seriously considering it for production.
• 

  The day the chatbot asked for sudo

  Alex Olivier · Co-founder and CPO, Cerbos

  Early enterprise AI systems were mostly read-only. Chat over documents, search, and summarization. The blast radius was small. As soon as agents can take actions, issue refunds, change limits, modify data, or trigger workflows, the risk profile changes completely. At that point, prompts and guardrails are no longer enough. You are no longer evaluating whether an answer sounds reasonable. You are responsible for justifying why an action was allowed, under audit, during an incident, or in front of a regulator. This session introduces a practical way to secure agentic systems by drawing a hard boundary between probabilistic reasoning and deterministic execution. Instead of trusting the model to behave, every proposed action is treated as a structured intent, evaluated against explicit policy, and enforced at runtime close to the protected system. We will walk through a reference architecture for “shift down” security, where authorization decisions live below the AI layer. The focus is on preserving developer velocity and system performance while making agent behavior reviewable, explainable, and safe to operate in production. Attendees will leave with a clear framework for integrating AI agents into real systems without turning them into ungovernable sources of risk.
• 

  The Decisions Developers Make Without Noticing – And How to Make Them Better

  Stan Bühne · Managing Director, IREB

  Developers make critical decisions long before they write code — often without consciously noticing them. Decisions about scope, assumptions, constraints, quality expectations, and system boundaries shape architecture, testability, and long-term maintainability. When these decisions are unclear or implicit, even well-written code and modern tooling cannot prevent rework and costly late surprises. With AI tools increasingly supporting development, these effects are amplified rather than reduced. This hands-on workshop looks at software development from code backwards. Instead of focusing on implementation details, it explores the upstream decisions that influence technical outcomes and developer experience. Participants examine recurring patterns from large software projects to understand how requirements, architectural intent, and value assumptions directly affect development — even when developers are not formally responsible for them. Through guided exercises, discussion, and reflection, participants will learn to identify hidden decisions, challenge weak inputs, and make intent, constraints, and priorities explicit. The workshop focuses on what developers can realistically influence in cross-functional environments to improve decision quality, system design, and collaboration — without adding heavy processes or bureaucracy.
• 

  The Developer Workstation Blind Spot: Why Your Security Stack Can't See What Matters Most

  Marcus Wermuth · VP of R&D, Safety Cybersecurity

  Your security team has visibility into cloud infrastructure, endpoints, and network traffic. But what about your developers' laptops, where the code actually gets written? In this talk, I'll break down the emerging blind spot that most security programs miss: the developer workstation. With 60k+ VS Code extensions, 13k+ MCP servers, and AI coding tools that can access file systems and credentials, the attack surface on developer machines has exploded. Meanwhile, 35% of engineers use AI tools via personal accounts, and extension malware detections increased 4x year-over-year. I'll cover: - How AI-driven development created new attack vectors (prompt injection → tool invocation → IDE exploitation) - Real examples of malicious extensions and MCP server vulnerabilities - Why EDR and SCA aren't enough, and what's missing - Practical approaches to gaining visibility without slowing developers down This isn't about blocking tools or slowing adoption. It's about seeing what's actually running so you can make informed decisions. Attendees hopefully will leave with a clear understanding of the problem and actionable steps to assess their own exposure.
• 

  The End of Commit-Fail-Commit: Rethinking CI with AI Agents and GitHub Actions

  Ben De St Paer-Gotch · Director of Product, GitHub, Julia Kordick · Senior Software Global Black Belt, Microsoft

  Your pipelines automate the predictable. But what about triaging issues, reviewing PRs, responding to incidents, and coordinating across tools? See what's new in GitHub Actions and how it's becoming the execution layer for AI agents across your dev lifecycle. We'll cover agent-triggered workflows, MCP server integration, and automated handoffs that keep humans in the loop — plus how to finally break the 'commit - see CI fail - commit again' loop.
• 

  The Future of Knowledge Retention: AI-Driven HR Transformation

  Trecilla Logo · SVP People & Culture, Flip

  We show how AI and intelligent automation can be used as a digital mentor and efficiency driver to significantly relieve HR burdens while systematically preserving experiential knowledge within the company for the next generation. HR work is currently at a historic turning point. More than 50 percent of HR time is spent on administrative tasks, while a massive loss of knowledge looms by 2035 as a large share of operational specialists retire.
• 

  The Human API: Designing Organizations for Judgment, Not Just Execution

  Manjuri Sinha · VP HR, Miro

  Core idea: If AI handles execution, humans become the decision layer. HR’s & Leadership's role is to design for good judgment at scale. Human superpowers highlighted: Ethical discernment Decision quality Systems thinking Trust-building
• 

  The Internet is Dead, Long Live the Internet: Building Community in the Time of Bots

  Colleen Lake · Developer Advocate, GitLab

  On the internet in 2026 it's hard not to feel like all communities have been replaced with chatbots. Timelines full of AI-generated slop, comment sections that are pure spam, Discord servers with nothing but a welcome bot and tumbleweeds. The old community playbook of scale and automation isn't just ineffective anymore, it's actively working against anyone trying to build something real. But the death of the low-effort internet is actually good news for people willing to show up. High-trust communities aren't built by bots. They're built by humans who respond personally, remember repeat contributors, share weird side projects, and stick around even when there's no conversion funnel attached. This talk digs into dead internet theory and what it means for community teams, then gets practical: how to run forums that aren't ghost towns, how to show up consistently across spaces (even ones unrelated to your product), and where AI tools can help without killing the trust you're trying to build. Examples from building developer communities and hackathon organizations over the past decade. Communities can still be built, as long as you're willing to be human in public.
• 

  The LLM Evolution: From Sequence Imitation to Verifiable Reasoning

  Kamen Petroff · Software Developer, ATOS

  For the last decade, the recipe for Artificial Intelligence was simple: more data, bigger models. By feeding neural networks the entire internet, we taught them to imitate human language with startling accuracy. But as we exhaust the world's high-quality text data, a new question arises: How do we scale intelligence when there is nothing left to imitate? In this talk, we will trace the evolution of Language Modeling—from the early days of Word2Vec and the Transformer to the current paradigm shift led by reasoning models like OpenAI o1 and DeepSeek R1. We will debunk the "Data Wall" myth and explore how the industry is pivoting from System 1 (Imitation) to System 2 (Reasoning). Drawing parallels to the "AlphaGo Zero" moment, we will demonstrate why the future of software development belongs to Verifiable Reasoning. We will show how shifting compute from training to inference allows models to "think" before they speak, and why Verifier’s Law allows coding agents to continue improving without the need for more human data. This session is for any developer who wants to understand why the "AI Winter" is cancelled and how their role will evolve from writing syntax to architecting the feedback loops that guide AI reasoning.
• 

  The Migration Cookbook

  Robert Lehmann · Staff Engineer, Google

  Enterprise migrations are hard: The new platform is usually not quite ready yet, nobody fully knows what the old tool did, management wants everything to be done by yesterday, and your users don’t want their favorite toys taken away. That’s why there is an entire scientific field devoted to “change management.” In this talk, we will explore how its lessons apply to the real world: - Why are migrations so painful, and what are some common patterns? - What are some of the proven techniques to avoid (or at least: limit) tears during migrations? - Which technical approaches can power our wonderful migration plans? - What are some of the policies and governance models to streamline these processes? - How to not lose the fun while doing all of this? Robert draws on a decade of shepherding tens of thousands of internal users from a fragmented tool landscape, through multiple sunsets and deprecations, to a unified monitoring platform at Google SRE.
• 

  The Missing Layer Between Enterprise Data and AI Agents

  Jannis Eickenroth · Head of Analytics and Customer Insight, Finanz Informatik, Sebastian Klenke · Head of AI and Data Analytics, Finanz Informatik

  Building one of the largest AI implementations worldwide in the financial sector, Jannis and Sebastian share practical insights into the architectural design and operation of a sovereign Data & AI platform for the Sparkassen Group. They demonstrate how Agentic AI can be built at enterprise scale and operated under strict compliance and regulatory requirements, providing full control over data, models, and infrastructure as a prerequisite for trust, compliance, and scalability. While most discussions focus on models, frameworks, and orchestration, one of the biggest challenges lies in the layer between enterprise data and AI systems: Knowledge and Intelligence as a Service. AI agents are only as effective as the data, context, and operational controls behind them. For years, data debt was mostly a reporting problem. Agentic AI is the first technology that forces organizations to deal with it, bringing data quality issues directly into business processes and customer interactions. In this session, they explore the architectural foundation that enables trustworthy AI at scale: metadata, semantic models, governance, observability, and trusted business abstractions. We show how these components transform fragmented enterprise data into a reliable foundation for AI-powered services, conversational business intelligence, and agentic experiences. Drawing on real-world lessons from building and operating a sovereign Data & AI platform, we demonstrate how organizations can create trustworthy intelligence on top of enterprise data while maintaining full control over data, models, and infrastructure as a prerequisite for trust, compliance, and scalability. This is a practical story about the journey from analytics platforms to intelligent systems and why Agentic AI does not start with agents, but with data, semantics, trust, and knowledge as a service. Attendees will gain practical insights into building scalable AI architectures that balance innovation, compliance, and trust.
• 

  The New Shiny Syndrome: How to Avoid Tech Hype Traps

  Josip Stuhli · CTO, SofaScore

  Microservices! Kubernetes! Serverless! NoSQL! The tech industry loves its buzzwords, but blindly following trends can lead to unnecessary complexity and wasted effort. In this talk, Josip will dissect the biggest tech hype cycles of the past decade and discuss practical frameworks for evaluating when (and when not) to adopt new tools.
• 

  The OpenTelemetry mistakes I keep seeing (and how to stop making them)

  Juraci Paixão Kröhling · Software Engineer, OllyGarden

  OpenTelemetry is becoming the standard for application telemetry, but bad telemetry is a natural part of the learning curve. Most teams start by turning on auto-instrumentation and figuring out what works as they go. That is fine. The problem is when the same mistakes persist: personally identifiable information leaking into traces, spans wrapping every function, happy paths instrumented in detail while errors get a single log line, and teams reaching for traces when a simple counter would do. As a long-time OpenTelemetry maintainer and contributor, I have reviewed countless implementations where these four anti-patterns stuck around long after they should have been fixed. This talk walks through each one with real code examples, showing what goes wrong and why. Each pattern includes a before-and-after fix you can apply to your own codebase. You will walk away knowing how to spot these mistakes sooner, choose the right signal type for each use case, and build telemetry that actually helps you debug problems.
• 

  The Private AI Platform: Why Agentic Apps Need a Private Application Platform

  Oren Penso · Global field CTO Tanzu division, Broadcom

  As AI moves from chat demos to “do-things” software, the platform requirements change: identity, policy, network controls, data governance, audit, and safe tool execution become mandatory. This session explains why a private application platform on private cloud is the most reliable foundation for enterprise AI—especially for agentic workflows and development assistants that touch sensitive systems. We’ll map the core platform capabilities (runtime, workload identity, secrets, supply chain, service brokering, observability, guardrails) to real AI components: model endpoints, vector stores, tool APIs, MCP servers, and skills routing. You’ll leave with a reference architecture and a pragmatic checklist to evaluate whether your current platform can safely run “full-blown” AI experiences.
• 

  The R in RAG: Why retrieval is often the weakest link (and how to fix it)

  Tomek Porożyński · Staff ML Engineer, deepsense.ai

  RAG is one of the most popular ways to build LLM-powered applications - combining document retrieval with text generation. In demos and carefully prepared tests, these systems work great. In production, they often disappoint. Why? Because your documents are full of domain-specific terminology, internal jargon, and acronyms that off-the-shelf embedding models simply don't understand. If retrieval returns the wrong documents, even the best LLM can't save you. In this session, I'll show how to fine-tune an embedding model for your specific domain. We'll walk through preparing training data, running the training process, and evaluating results. You don't need thousands of examples or expensive infrastructure - in the case I'll present, 50+ training samples were enough to dramatically improve retrieval quality. You'll leave with a practical understanding of when and how to fine-tune embedding models, and what pitfalls to watch out for along the way.
• 

  The Retrieval Layer for Edge AI

  Evgeniya Sukhodolskaya · Developer Advocate, Qdrant

  Edge AI is almost there: on smart glasses, robots, phones, kiosks… The last push it needs is semantic search over local data that still works when connectivity is weak, and when latency and privacy are non-negotiable. On-device vector search unlocks “memory” and real-time assistance across devices: from “help me find my keys” on smart glasses, to robot task context, to anomaly logging in vertical farming, to offline support and personalization on phones and kiosks. In this talk, I’ll show how we made that possible with Qdrant Edge: an embedded vector search engine built for the constraints of edge devices. I’ll walk through the architecture and core engineering tradeoffs (storage layout, incremental updates, index lifecycle), and tie it together with a demo (smart glasses are mentioned here for a reason!).
• 

  The Signal Layer: What to Build When Anything Can Be Built

  Lena Hall · Senior Director Developers and AI, Akamai

  AI has made implementation faster, cheaper, and more widely available. That changes the real bottleneck in software. Every team can generate code and spin up agents. The advantage moves to a different layer: knowing what is worth building, who it is for, how people will discover it, and how the product should behave once they do. This keynote introduces the system of public signal, user intent, agent experience, distribution loops, and product judgment that helps builders decide what deserves to exist before they commit time, infrastructure, and trust to building it. We will look at how AI changes the software lifecycle from “can we build it?” to “should this exist? When anything can be built, the most valuable builders are the ones who can read signal early and shape the right experience.
• 

  The Software Engineer 2030: From Coder To AI Orchestrator?

  Patrick Schnell · Managing Director, schnell.digital

  In this full-day masterclass, Patrick Schnell guides you through the transformation from routine coder to AI-savvy software architect. Learn the critical human skills machines can’t replicate, from systems thinking and specification design to ethical decision-making and multi-agent orchestration.
• 

  The Sound of Privacy – What Your Spotify Data Reveals About You

  Dennis Schulz · Senior Consultant, TNG Technology Consulting, Thomas Hugle · Senior Consultant, TNG Technology Consulting

  It's just a music app – but how much can one actually learn about a person when granted access to their Spotify data? In this talk, we present what we learned about our colleagues through their Spotify user data. By leveraging the GDPR, we looked into various questions: How often do people lose or damage their phones? Where did they travel? And how regular are their sleep patterns? Alongside detailed insights into Spotify data, we provide a brief overview of the legal framework and examine how strictly other companies comply with the GDPR. While everyone in theory understands that data can hold immense power, this talk presents concrete examples – particularly given that we're dealing with what seems like just a music app.
• 

  The Sound of Your Secrets: Teaching Your Model to Spy, So You Can Learn to Defend

  David vonThenen · Senior AI/ML Engineer, NetApp

  Every keyboard has a sound signature. Every click and clack carries information. With deep learning and a decent microphone, that information can be weaponized. In this session, we'll explore how modern AI models can identify what you're typing just from the sound of your keyboard. Using a dataset of recorded keystrokes and an open source sound classification pipeline, we'll walk through building a model that can recover text with startling accuracy. You'll see firsthand how a few lines of Python and a trained network can turn your laptop into an acoustic fingerprint. But this talk isn't about enabling surveillance... it's about understanding it to fight back. We'll unpack why uniform keyboard layouts and consistent typing styles make these attacks so effective, then explore real countermeasures: signal masking, password entropy, and environmental noise defenses. You'll leave with a practical understanding of how these attacks work, how to reproduce them for research or awareness, and how to harden your systems (and yourself) against them.
• 

  The two trees of React

  Carl Assmann · Product Engineer, German Airforce

  React encourages thinking about your UI as a tree. But there are two different trees that matter for understanding re-renders, and confusing them leads to performance problems and wasted effort. This session introduces a mental model that helps you understand the performance impact of composition and busts the React Context performance myth.
• 

  The Velocity Tax: The Hidden Cost of Unintentional Feature Alignment

  Tushar Gupta · Engineering Lead, Schwarz IT

  In the race to scale, many organizations adopted micro-services as a "silver bullet" for speed. But by 2026, a hidden levy has emerged: The Velocity Tax. This tax is paid every time a "simple" change in one service triggers a cascade of meetings, synchronized pull requests, and multi-team deployment war rooms. When our architectures force unintentional feature alignment, the very independence we sought becomes our biggest bottleneck. This session pulls back the curtain on how micro-services—intended to decouple teams—often inadvertently foster tighter, more fragile coupling. We will explore the "Taxation Triggers" that turn agile development streams into a synchronized crawl, specifically focusing on how minor data schema changes can paralyze an entire release train. What We Will Cover: The Anatomy of a Bottleneck: A forensic deep-dive into a live architectural "deadlock" from our own environment. We’ll map how a single data field update evolved into a costly, cross-departmental coordination event. Calculating the Tax: How to identify the invisible signs of "Feature Alignment," from exploding "sync-up" calendars to brittle CI/CD pipelines that can’t ship in isolation. The 2026 Repeal Strategy: Concrete blueprints to reclaim your autonomy, including: Consumer-Driven Contract Testing: Moving the cost of failure from Production to the IDE. Defensive API Design: Implementing "Expansion and Contraction" patterns to allow services to evolve out-of-sync safely. Strategic Consolidation: Knowing when the most profitable move is to merge services back into a "Modular Monolith" to eliminate the network tax.
• 

  Theia AI Live Demo: Air Gapped AI for Developer Tools and IDEs

  Thomas Froment · Program Manager Development Tools, Eclipse Foundation

  AI is rapidly becoming a default capability in developer tools, but many teams still face the same constraints: vendor lock in, limited transparency, and the inability to run AI in restricted environments. In this session, you will see a live demo of Eclipse Theia and Theia AI, an open source platform and framework to build AI-enabled developer tools: IDEs, domain specific environments, code-centric workbenches, and cloud or desktop applications embedding editing, navigation, and automation workflows. Unlike closed solutions, Theia AI is designed to be extensible and provider-independent. You can integrate chat, completions, and agent-like workflows while keeping full control over how models are connected and what data is shared. The demo runs in a fully air gapped setup using local LLMs only, demonstrating AI-assisted coding and navigation without sending prompts or source code to external services. We will also show how Open VSX, the Eclipse Foundation’s open source extension registry, enables distribution and reuse of extensions, turning Theia from a framework into a practical foundation for products and internal tooling. You will leave with a clear architectural understanding of how to embed AI capabilities into developer tools that can fit both open innovation and enterprise constraints. Resources: https://theia-ide.org/theia-ai/ https://open-vsx.org/
• 

  There Is No Such Thing as a Fair DBaaS Benchmark

  Daniel Seybold · Co-Founder, benchANT

  If you’ve ever tried to benchmark a managed database, you know the frustration: same vCPU, same RAM, same PostgreSQL version — and completely different results. Designing a “fair” DBaaS benchmark today is not just about query workloads and metrics. It’s about understanding hidden IO limits, burst credits, storage backends, noisy neighbors, throttling behavior, and pricing tiers that influence performance in ways your dashboard doesn’t show. In this talk, we break down what “fair” actually means in practice. Should you compare systems at equal cost, equal resources, or equal performance targets? Each approach answers a different engineering question — and can lead to opposite conclusions. Using real-world examples from benchANT benchmarking projects, we’ll show where common benchmarking assumptions fail, how cloud abstractions distort performance expectations, and why reproducibility alone doesn’t guarantee comparability. You’ll leave with practical guidance on how to design benchmarks that reflect production reality — so you can evaluate DBaaS platforms based on engineering truth, not marketing claims.
• 

  Tour de Force: LLM Inference Optimization from Simple to Sophisticated

  Christin Pohl · Global Black Belt Solution Engineer AI Infrastructure, Microsoft

  Azure OpenAI and similar managed APIs are the right default for serving language models. But they don't cover every case. Maybe you need to deploy in a region where your model isn't available yet, you want to run a Qwen or Mistral variant that no provider hosts, or you've fine-tuned a model and there's simply no API to call. At that point, you're self-hosting on GPUs. Making your GPUs go brrr is complex. Efficient LLM inference requires navigating a maze of optimization techniques each with different trade-offs. This session provides a practical journey through inference optimizations, clearly categorized by implementation effort. We'll explore techniques across three levels: - Model choices (start here): Model selection, quantization, smart routing - Library-level improvements (using PyTorch-based frameworks like vLLM, SGLang, TensorRT-LLM): Continuous batching, KV-cache management - Custom implementations: Speculative decoding with custom draft heads, disaggregated inference, fine-tuning smaller models The session covers practical trade-offs and key metrics: time to first token, inter-token latency, and cost per token. Whether deploying your first model or optimizing at scale, this talk delivers actionable insights into which techniques to prioritize for deeper investigation.
• 

  Trust at scale

  Mike Fynes · Head of Engineering, Wolt / Doordash

  As engineers we talk a lot about scale. How do I scale this service? What is our scaling runway? Do we hire more people?? The last question is critical yet is often assumed to be the easiest path to scale. This could not be more wrong. In this session you will see, based on my experiences at Wolt and Doordash, the key elements to success in a hyper-scaling organisation. Understanding how to do this has become even more critical in recent years as remote work has become the norm following the pandemic. Join me as we explore the nature of trust, diving into what trust is, and why you should care about it. We will then figure out how you can help your teams succeed as they grow into successful trusting teams!
• 

  Trust Issues: Because Zero-Trust Isn’t Optional Anymore

  Jan Peer Stöcklmair · Senior Software Engineer, Sentry

  “Just ship it” doesn’t cut it anymore, everything in our stack is connected, exposed, and talking to things it probably shouldn’t. Modern applications don’t just benefit from Zero-Trust principles; they depend on them. And yet… our frontends trust too much, our backends trust too much, and our infrastructure trusts everything by default. With attacks like React2Shell emerging from seemingly harmless origins, we need to be prepared to minimize the impact of inevitable vulnerabilities. In this talk, I break down Zero-Trust in a practical, full stack way - from the browser all the way down to the infrastructure. The talk starts at the Frontend, where simple changes like strong CSPs, proper handling of CSRF tokens, secure cookies, and escaping strategies can prevent entire classes of attacks before they ever reach your server. Then we move into the Backend, exploring security patterns that make your services resilient even when assumptions fail, because they will. This includes approaches like mounting secrets via files instead of environment variables, enforcing permission-based API access, and more. Finally, we zoom out to the Infrastructure layer, where Zero-Trust becomes real: mTLS for identity, distroless and unprivileged containers to shrink the attack surface, network cuts and segmentation to isolate blast zones, and other future-proof operational patterns that keep your system secure even when (not if) something goes sideways. By the end of the talk, the audience walks away with a practical, full-stack security playbook everyone can apply immediately: from browser headers to Docker containers. Just the tools you need to build systems that don’t rely on trust, assumptions, or wishful thinking. Zero-Trust isn’t optional anymore. But with the right patterns, it also doesn’t have to be painful.
• 

  Truth, Lies, and Probabilities: Testing AI Hallucinations

  Anastasia Simou · Quality Engineering Specialist, Accenture

  Last year, while preparing a talk, I was looking for a research paper I had read in the past but couldn’t find anymore so I decided to ask AI for help. Instead of the right paper, it generated an impressive list of academic citations. They looked convincing, but when I checked, most of them didn’t exist. Although I knew already about hallucinations, the mathematician in me immediately wanted to understand why this happens so systematically, not just occasionally, leading me into an intensive investigation and research to deeply understand how these models operate. AI models like LLMs don’t “think” like humans, they generate outputs based on probabilities, producing the most statistically likely sequence of words. This means they can sound confident while being completely wrong. These moments, known as hallucinations, are inherent to how generative AI works and if left undetected, they can result in false information being delivered with absolute confidence. Unlike traditional software, where a defect is a deviation from expected results, hallucinations are an expected outcome of the model’s design. And that makes me think: How do we as testers detect, measure, and manage risks that are basically built into the system itself? In this session, we’ll explore hallucinations from an intuitive, mathematical perspective, without difficult or heavy formulas, so anyone can understand why they occur. Then, we’ll explore practical methods for evaluating AI outputs, since conventional testing approaches don´t apply here. You’ll understand how to test AI hallucinations, calculate the confidence and risk of AI outputs, and explain findings effectively. We’ll explore practical takeaways like testing on ground-truth data, using adversarial prompts, and verifying outputs through cross-validation with external sources. Although mathematically it's not possible to avoid hallucinations completely, these methods allow you to estimate the rate of occurrence and reduce their impact.
• 

  Turning Engineering-Led to Product-Led Growth: Lessons from Scaling Pipedrive to 100,000+ Customers

  Agur Jõgi · CTO, Pipedrive

  In today’s hyper-competitive SaaS landscape, sustainable growth is no longer driven by features or technology alone. While strong engineering foundations are essential, it’s product-led growth – grounded in customer value, data, and learning – that ultimately drives adoption, retention, and expansion. This session draws from Pipedrive’s transformation journey. Agur Jõgi, CTO of Pipedrive, shares behind-the-scenes lessons from scaling the company from a startup CRM into a global platform used by over 100,000 companies worldwide. While Pipedrive was initially product-led thanks to its founders’ deep sales expertise, the company later entered an engineering-led phase to build a strong technological foundation following its acquisition by Vista. Today, Pipedrive is transitioning into a new phase of product-led growth—powered by a mature platform, customer-oriented product development, and advanced AI capabilities. Agur will explore: – How product and engineering teams can move from output-driven development to outcome-driven growth by using data-driven experimentation, real-time product analytics, and workflow automation. – How Pipedrive organizes decision-making through mission-based team structures and prioritization frameworks, and how the company combines internally built AI features with OpenAI to streamline sales workflows and support users’ daily tasks. Attendees will gain actionable insights into how cross-functional collaboration between product, engineering, and marketing enables measurable improvements, drives adoption of key features, and supports continuous product evolution based on real-world customer behavior with concrete examples drawn directly from Pipedrive’s journey.
• 

  Type Systems You Might Not Know (But Will Love)

  Veit Heller · Technologist at Large

  Most devs, when confronted with types, only have to worry about "static vs dynamic". In this talk, we will demystify all those languages you’ve heard about for their weird type systems (Haskell, anyone?) as well as talk about type systems you might never have heard of, and discover why they’re awesome, useful, and solve real bugs! We’ll start with Rust’s affine ownership and Agda’s dependent types before touring a few out-there ideas. We’ll build a solid mental model for modern production type systems as well as build a foundation for you to dive deeper into more obscure type system research if you so desire. We’ll build tiny runnable models, explore implementations, and you’ll leave with frameworks, resources, and a roadmap to go deeper, without needing a PhD.
• 

  Understanding Kubernetes in a visual way

  Aurélie Vache · Developer Advocate, OVHcloud

  Kubernetes has become the de-facto standard to deploy and operate containerized applications. But understanding Kubernetes can be difficult or time-consuming. Several years ago I asked myself how I imagined the concepts of Kubernetes: a pod, a deployment, a service, a secret, a configmap, a cronjob… and then I created a new way of explaining Cloud technologies. In the first part of the talk, I will tell you a story, I will tell you my story. How, during more than two years, I worked every evening/nights/week-end to explain Kubernetes in sketchnotes, in blog posts, videos and finally published everything (and more) in an illustrated book of more than 270 pages (with all the concepts included Debugging / Troubleshooting and Tips) and why I continue to do it. And in the second part, I will explain Kubernetes concepts to you ... in a visual way :-).
• 

  Using LLM Agents to Automate Operational Tasks in Kubernetes

  Shramish Kafle · Senior Solutions Architect, KFW Bank

  Kubernetes platforms generate a continuous stream of operational tasks: log triage, event correlation, configuration drift detection, rollout validation, and failure remediation. These activities consume significant SRE and platform engineering time and require deep domain knowledge. This session shows how LLM driven agents can automate a substantial part of this workload by combining GitOps, policy evaluation, and cluster telemetry with language model reasoning. The talk presents a practical, production aligned architecture for integrating LLM agents directly into the Kubernetes control loop. It explains how agents interpret cluster states, evaluate anomalies, propose corrective actions, and submit changes into GitOps pipelines with auditability and guardrails. Real examples include misconfiguration detection, explaining failing rollouts, guiding developers with contextual feedback, and performing controlled rollback or fix generation. A live demo walks through a real failure scenario to illustrate how an agent analyzes signals, identifies the root cause, and produces a precise remediation plan. Emphasis is placed on reliability, validation stages, failure handling, observability hooks, and the boundaries of what should and should not be automated. Attendees leave with a repeatable blueprint for safely applying LLM automation to reduce toil while maintaining predictability and full change transparency.
• 

  Vendor Neutral by Design: Building Healthy Open Source Ecosystems with Diverse Stakeholders

  Hendrik Ebbers · CEO, Open Elements

  Open Source thrives when diverse stakeholders collaborate: Large enterprises, small and medium-sized companies, individual contributors, and independent maintainers all working together on a shared project. However, these groups often bring very different motivations, expectations, and constraints. Aligning these dynamics fairly and sustainably is a challenge for many projects. This talk explores practical strategies for creating and maintaining healthy, multi-stakeholder Open Source communities. We will explore how shared governance, transparent decision-making, and balanced contribution models can ensure that all participants benefit. This applies regardless of company size, geographic region, or available resources. Drawing on real-world experiences from the Eclipse Foundation, the Linux Foundation, and community-driven ecosystems, we will take a closer look at how vendor-neutral governance enables long-term sustainability and prevents single-vendor dominance. We will also highlight how inclusive community structures open the door for contributors from historically underrepresented regions, such as the Global South, and why this diversity is not only ethically essential but strategically crucial for innovation, resilience, and project longevity.
• 

  Vertical Slice Architecture: Micro Frontends Across Mobile, Backend & ML

  Vivek Kuppenhalli · Staff Engineer, Redcare Pharmacy, Jens Posingies · Engineering Manager, Redcare Pharmacy N.V., Robert Pazurek · Team Lead, Redcare Pharmacy N.V.

  Micro frontends are often discussed in the context of web applications. But what if we extend the idea beyond UI - into mobile, backend services, and machine learning? In this talk, I’ll present a vertical slice architecture where each feature team owns everything required to deliver business value: - Android UI - Kotlin Multiplatform shared domain logic - Kotlin backend service - Python-based ML model - API contracts Instead of organizing codebases by technical layers, we organize by business features. This reduces coordination overhead, increases deployment independence, and aligns teams with product outcomes.
• 

  Vibe Coding with Postgres: From Zero to Prod in Your IDE

  Miguel Toscano · Data and AI Specialist, Google, Cyrille Visser · Customer Engineer EMEA, Google

  Vibe coding has revolutionized the speed and way we develop frontends, but it often hits a wall when it reaches the database. In this workshop, we will explore how the Model Context Protocol (MCP) eliminates this friction, making working with PostgreSQL (or other database engines) as agile and conversational as designing a frontend, all while maintaining full control from your IDE. We will demonstrate how to go from a simple idea to a complete data model in seconds, treating your IDE as an experienced Data Engineer. We will cover key aspects such as production optimization and indexing, all without the need to open an external SQL client or manually consult technical documentation.
• 

  What 500+ Production Environments Taught Us About Shipping AI Agents

  Liran Hason · VP of AI, Coralogix

  Building an impressive AI agent demo has never been easier. Shipping it to hundreds of production environments is a completely different problem. This talk draws on the experience of building and deploying Olly, Coralogix's agentic observability system, across hundreds of organizations. If you're building AI agents - or planning to - you'll leave with a clearer picture of where the real challenges live, and where to focus your energy before your users find the gaps for you.
• 

  What do we need to deliver high quality products?

  Erhardt Wunderlich · Member, German Testing Board

  Quality assurance is an issue for every development step and for each individual team member. The tasks of checking are performed more effectively and efficiently if they are carried out by competent people and in structured processes. Important questions to ask yourself are for example: - What are the tasks involved in checking and how can they be effectively bundled? - What are the levers and methods in the development process to support these tasks efficiently? The aim of this workshop is to develop (based on your experience) a scheme for tasks and responsibilities as well as necessary and useful competencies, on the basis of which we are able to deliver the required quality.
• 

  What If We've Been Scaling Stream Processing Wrong All Along?

  Hartmut Armbruster · Software Architect, StoatFlow

  Your Kafka Streams application just rebalanced. Again. Your Flink checkpoint is timing out. Again. Here's an uncomfortable truth: most stream processing applications don't operate at Uber scale. They handle thousands of events per second—complex joins, stateful aggregations, valid use cases—but nowhere near the volumes that justify the operational complexity we've accepted as normal. Yet we pay the full distributed systems tax anyway. Repartition topics doubling network I/O. Repeated serialization burning CPU cycles. Standby replicas sitting idle. State migration or restoration during deployments. And the human cost: specialized expertise that takes years to develop, expert teams that are expensive to build and painful to lose. We've normalized extraordinary inefficiency in the name of horizontal scalability that many applications will never need. But rethinking stream processing in 2026 doesn't mean "just use Postgres." In this talk, I'll share an early-stage exploration of a different approach. A framework that preserves the Kafka Streams DSL, borrows Flink's approach to exactly-once semantics, leverages Project Loom for high concurrency—and challenges a fundamental assumption that both frameworks share. This isn't a production-ready announcement. It's an invitation to question conventional wisdom and explore what stream processing could look like when we stop distributing by default.

• What if your HR software adapted to you, not the other way around?

  Speakers TBA

  Payments did it. Commerce did it. Now HR is next. If you've ever felt like your HR software makes you fit its template rather than the other way around, this one's for you. Every mature technology category eventually separates its infrastructure from its interface and HR is reaching that inflection point. The ATS, the HRIS, the LMS, the payroll system: each a silo, each about to be disrupted by something more composable. In this session we'll explore what headless HR looks like in practice, why the assumptions HR software was built around no longer hold, and what becomes possible when AI sits directly on top of employment infrastructure.
• 

  What is Local-first Web Development?

  Alexander Opalic · Developer, Otto Payments

  Users expect apps that work everywhere, even without internet. In this session you learn how to build local first applications with Vue 3 and Dexie.js that store data on the device, work offline by default, and sync when connectivity returns. You walk through the architecture decisions that make local first possible, implement reactive IndexedDB queries, and handle the tricky parts like conflict resolution and data migrations. By the end you have a mental model for building apps that put users in control of their data and never show a loading spinner again.
• 

  What time is it? The mysterious clocks of sports and other things we do.

  Clemens Vasters · Principal Architect, Microsoft

  Most data analytics platforms and their temporal features make some assumptions about time and you might too. Time is what you see when you look at your watch and we use UTC timestamps. Not so in football. Everyone knows at what minute in the match their team scored the deciding goal in a legendary match. Nobody cares what UTC clock moment that was, to the extent that it's practically impossible to find out what UTC moment that was. Also, pretty much each football match has the 45th minute twice! And if you do analysis on the match, you probably want to ignore injury periods or other occasions when the ball was out of play. In motorsports and most other sports where it's a primary objective to "beat the clock", the clock is actually not a good x-axis for analytics since lap-to-lap times differ as a matter of principle and make data hard to compare. In this session, we'll look at the clocks in sports and some other fields and how to make sense of them in data analytics.
• 

  What’s New in Web? 2026 Edition

  Christian Liebel · Software Developer, Thinktecture

  Christian is a member of the World Wide Web’s architecture board, the Technical Architecture Group (TAG) of W3C. As such, he has insights into what’s going on in the web platform. In his session, you'll gain insights into the latest discussions among standards bodies, browser vendors, and web developers. And you have the opportunity to report your wishes back to the Web’s architecture board. Don't miss this opportunity to stay updated on the forefront of web technologies.
• 

  When Agents Meet Legacy: Never Change a Running System

  Michael Friedrich · Principal Developer Advocate, GitLab

  I've spent a decade debugging undocumented C code, hand-written C++ Makefiles, and grown Java monoliths, knowing exactly which files will break production. Left "allowed to fail" CI/CD pipelines because fixing root causes is harder than ignoring them. I was curious: Can AI Agents help with modernization, and where would they still fail? We'll live-code: untangling complex architectures in C and C++, and if Rust is the answer to everything, breaking Java monoliths to Kubernetes, where agents propose but humans validate, and fixing CI/CD burning budgets when culture resists tooling. The Tanuki IoT Platform environment presents more challenges when agents meet COBOL. What I've learned: agents can't replace judgment on "should we change this?" You'll leave knowing where they help triage, where they fail on business context and experience, and which human strategies, like debugging, you still need. Agents are powerful guides, but the messy decisions are still yours.
• 

  When human meets canary.

  Sonja Nesic · Staff Engineer, bol

  Automated canary deployments are the true power-tool in your CI/CD toolbox but with great power comes great responsibility! We truly believed that we had the ultimate sales pitch for our engineering community when we started promoting our latest and greatest addition to our CI/CD tool box - automated canary deployments! “You can spend more time on innovation and let this shiny tool bring it to your customers in a safe and reliable way. No more postponing deployments because you’re busy or it’s a risky change. No need to be staring at dashboards or scratching your head if a rollback is needed - the tool takes care of everything for you and in doing so saves you 3h per week.” Sounds like THE dream right? Turns out not. Even after a lot of promotion and showcasing the tool in action, the adoption was far from what we hoped for. I’ll share why the perfect sales pitch can still prove useless when human nature and organisational culture kicks in, what we did to turn this around and how our organisation slowly but surely started its shift to a canary-first mindset.
• 

  When Humans Stop Writing Code: Rethinking Languages, Compilers, and Responsibility

  Simon Auer · CEO, marqably

  Writing code is no longer the bottleneck in software development. Today, we can describe what we want in natural language and (mostly) receive entire applications in a few minutes. But while tools and demos move fast, a deeper topic largely stays behind: what happens to programming languages, compilers, and responsibility when humans stop writing the code themselves? We have all been promised, that everything will be done autonomously when AGI is here, but what about until then ... the next 3-5 years? Is your current stack/your current favorite programming language ready for real work relief professional environments? If software is increasingly generated from intent rather than authored line-by-line, then many assumptions baked into our current languages begin to crack. Syntax stops being the primary interface. Compilers are no longer just translators. Code reviews no longer guarantee understanding. And "the AI wrote it" becomes an unacceptable answer to questions of security, correctness, and long-term maintainability. We will explore how language design must evolve beyond syntax toward intent, constraints, and guarantees — and why this shift matters not just to developers, but especially to CTOs and tech leaders responsible for systems they may no longer fully read or write themselves. We’ll examine what responsibility means in a world of generated code, how engineering judgment changes when implementation becomes fluid, and why senior engineers become more critical—not less—in AI-native teams. Finally, we’ll look at which existing language ideas already point in the right direction, which ones quietly break under vibe-driven development, and what a future “vibe-aware” programming language would need to get right to be trustworthy in production. This session is an invitation to stop treating vibe coding as a novelty — and start treating it as a forcing function to rethink the core of software engineering itself.
• 

  When Should You Use an Agent? Architectural Trade-offs in Agentic Systems

  Matheus Guimaraes · Developer Advocate, AWS

  Agent-based architectures introduce new execution models that expand what backend systems can do. This session explores the trade-offs between APIs, workflows, and agents through a progressive demo that evolves a real application step by step, highlighting what changes and how to approach these new capabilities in practice.
• 

  Why (Senior) Engineers Struggle to Build AI Agents

  Philipp Schmid · Senior Engineer Dev Rel, Google DeepMind

  The better the engineer, the harder they fight the model. This session explores 5 ways our strongest engineering instincts—strict types, deterministic control flow, fail-fast exceptions—actively sabotage us when building AI agents. Through concrete before/after code patterns, you'll learn the mental model shifts required to go from fighting the model to shipping with it.
• 

  Why Developers Abandon Your Product in the First 10 Minutes (And How to Stop It)

  Marcos Placona · Founder, DevRel Bridge

  You're losing developers before they ever see what your product can do. Not because your tech is bad, but because your first 10 minutes are designed wrong. After auditing 50+ developer onboarding flows across DevTools, APIs, and platforms, I've found that most teams optimize for the wrong thing: completeness instead of activation. They build comprehensive docs when developers just want to know one thing: "Does this actually work?" This talk breaks down the psychology of developer drop-off and shares a battle-tested framework for building onboarding that converts. You'll learn: - The "5-minute rule" and why most onboarding fails it - How to run a friction log audit on your own product (with a template you can use immediately) - The three silent killers in developer signup flows - Real results: How one team cut time-to-first-success from 45 minutes to under 5, driving >75% higher conversions Whether you're a founder, product manager, or engineer, you'll leave with a prioritized checklist of fixes you can ship this month.
• 

  Why Distributed Teams Lose Momentum – Even When Everyone Means Well

  Franziska Höhne · Project Manager, ALDI SOUTH

  Distributed teams rarely lose momentum because of missing skills, bad tools, or lack of motivation. More often, momentum fades even when everyone is committed, competent, and genuinely trying to do the right thing. Based on nearly two decades of professional experience working with international and distributed teams, this session examines why collaboration slows down in real-world engineering and change environments. Drawing on concrete examples from large transformation initiatives and everyday leadership situations, the talk looks at how communication patterns shape alignment, responsibility, and follow-through in virtual settings. The focus is deliberately analytical and practical. Instead of introducing new frameworks or tools, the session explores recurring dynamics that repeatedly appear in distributed teams: unspoken assumptions, unclear signals, and language that creates activity without direction. Special attention is given to situations where decisions must be made under uncertainty and leadership happens without formal authority. By connecting observed patterns from real projects with a clear analytical lens, the session offers a grounded perspective on why distributed teams lose momentum and what typically goes wrong long before execution begins.
• 

  Why Git Still Matters

  PJ Hagerty · Co-Host, Community Pulse Podcast

  With more and more tools abstracting from a developers workflows, understanding how git visualization tools help - not simply using it - is more important than ever. In this article, we take a look at the history of git workflows, the basics of git, and the renaissance of understanding version control in a world gone mad for “vibe coding”.
• 

  Why optimizing for system comprehension is key to implementing AI for software development

  Peter Caron · CEO, 3T Software Labs

  How do you know if your company is optimising AI for the right things? For most companies, the biggest challenge with AI isn’t implementing AI tools or figuring out how to replace people, cut costs, or improve efficiency. It’s understanding how AI can be used to augment practices, speed up repetitive processes, and complement creative energy. Instead of competing with AI and asking how AI can complement your technical teams, many companies are asking how individual developers can complement AI. In software development, typing code is rarely the bottleneck, so AI solves a problem that, by itself, does not necessarily speed up development. Most developers, however, use it as a coding tool. As Kent Beck has clearly stated, the frontier of augmented development is maximising human learning, not code production. We can apply this lesson across many AI projects. AI only works when people understand it and know how to use it effectively. I will use the AI rollout at our company as a case study and a source of lessons learned.
• 

  Workshop. Adopting GitOps for microservices delivery via Argo CD

  Stas Lebedenko · Cloud Architect, Eficode

  This workshop is dedicated to GitOps principles adoption with Argo CD for deploying your microservices to Kubernetes. You will learn how to set up, configure, and control the desired state of your application and streamline delivery to Kubernetes. Key topics - Adopting GitOps principles for your delivery - Setup of Argo CD and observability - Implementation patterns App-of-Apps, Application Set and ordered deployment - Issues resolution, obstacles and reconciliation options - Selective sync and advanced deployment scenarios with multiple clusters and environments Join this short workshop to learn about GitOps and how it can help you with Kubernetes delivery on any cloud. You will get detailed workshop steps with code via the GitHub repository, so you can repeat any part of it at a relaxed pace afterward.
• 

  Xcode development redefAIned

  MIlan Todorović · Apple Certified Trainer, Crossover

  Xcode development redefAIned: The Impact of Generative AI on iOS Development The landscape of iOS engineering is undergoing a fundamental shift. With the integration of Generative AI directly into the developer workflow, the focus is moving from manual syntax construction to high-level architectural orchestration. This session explores how AI-driven tools are redefining the standards of productivity, code quality, and app performance within the Apple ecosystem. To demonstrate the practical power of these technologies, this session features a comprehensive live coding demonstration. We will build a complete, non-trivial iOS application from scratch, showcasing how Generative AI can be leveraged in real-time to handle complex logic, UI architecture, and data management. Key topics include: Live Application Synthesis: Building a functional, non-trivial app from a blank slate to a finished product using AI-assisted workflows. Accelerated Development Cycles: How AI reduces boilerplate code and streamlines SwiftUI implementation during the live build. Privacy-First AI: Navigating Apple’s unique approach to integrating intelligence while maintaining strict data security. The Evolving Role of the Developer: Moving from manual coding to validating and refining AI-generated logic in a high-pressure environment. Automated Testing: Utilizing generative tools to instantly produce robust unit tests for our newly created features. Attendees will witness firsthand how these tools are not just for simple automation, but catalysts for a new era of software craftsmanship. This session provides a roadmap and a real-world proof of concept for staying ahead in an increasingly AI-centric development environment.
• 

  YOLO Developer Workflows with a Coding Agent in a Box

  Manuel de la Peña · Staff Software Engineer, Docker

  As coding agents like Claude Code, OpenAI Codex and Gemini CLI become part of developers’ daily workflows, one problem looms large: we’re letting them run wild on our machines (or put ourselves into a Skinner box, playing an agent-approval slot machine game). The ideal workflow is “YOLO mode". where an agent can freely edit, build, and test code. But that freedom shouldn’t come at the cost of safety or control. In this talk, we’ll explore how Docker is building an opinionated developer experience for running coding agents safely inside sandboxes, combining the isolation benefits of containers with the seamless UX developers expect. We’ll discuss what we learned from Devcontainers (and why they never saw broad adoption), and how sandboxes evolve those ideas to make “safe by default” not just possible, but pleasant. You’ll leave with a new mental model for local coding agent based development: fast, flexible, and fearless, the YOLO workflow done right.
• 

  You Can't Automate Trust — The Future of Recruiting is Still Human

  Mahmoud Aly · TA Business Partner, Semrush

  AI is transforming talent acquisition at a speed no one predicted. And yet, candidate experience is declining, and recruiters' productivity is not 'supercharged' yet. Somewhere in the race to automate everything, we forgot about the person on the other end of the process, and we forgot about what talent leaders' true edge is. In this keynote, Mahmoud will make the case for the hardest thing in hiring, and the most overlooked. Trust takes time, intention, and a human being willing to show up. It can't be generated, scaled, or prompted. And in an era where everything else can be automated, it's the only thing that actually wins.
• 

  You don't need to write the code. You need to become a verification architect and prove it's correct

  Guillaume Moigneu · Field CTO, Upsun

  You spent years mastering clean code, proper abstractions, and meaningful tests. Now coding agents do in 5 minutes what used to take you an afternoon. Terrifying? Only if you think your value is in writing code. This talk reconsiders what "10x developer" means in the agent era. Not someone who writes 10x more code, but someone who defines, verifies, and ships 10x more scope. The secret: being risk-averse is now a speed multiplier, not a bottleneck. I'll present a new SDLC concept based on verification pillars. A hands-on framework for safely delegating to coding agents at scale. Each pillar (from testing to security to standards) expands how much you can hand off without increasing risk. Combined with spec-driven development, where tests and type definitions replace prompts as your primary output, you'll see how one architect plus a great verification infrastructure can now match the output of a small team without adding unknowns and issues to enterprise projects. Walk away with a self-assessment checklist, a concrete workflow for your first spec-driven feature, and a new way of thinking: from "I write the code" to "I define what correct looks like."
• 

  You shall (not) pass!? An Introduction to Testing authenftication

  Ramona Schwering · Developer Advocate, Auth0

  Like a door to a house or a shallow bridge from one cliff to the other: Some parts of your application are crucial and any damage or untrustworthy guide in those areas can have catastrophic consequences. One such area is the Login Page. However, when we discuss the Login Page, we're not just referring to the typical form with a username and password. There are other important features, such as Social Login, Passwordless options, and more, to consider. It's important to secure all these features by testing them. But the complexity of these features can often hinder the writing of tests for all use cases. I invite you to join me in exploring authentication testing strategies. Whether you're an experienced QA professional, a curious frontend developer, or someone passionate about testing, this is the perfect session to equip you with the skills and knowledge needed to elevate your login page testing story.
• 

  You Will Migrate Eventually: a developer approach to technology adoption

  Wouter Ligtenberg · Director of Engineering, ING

  Trying out new technologies is exciting, but keeping up with the fast moving tech landscape is never easy. At ING, we adopt new tools and frameworks to stay ahead, but every adoption comes with challenges. A proof of concept can quickly turn into a headache if you don’t think about scaling, migration, and decommissioning from the start. Technology adoption is rarely straightforward. We are expected to experiment, deliver working solutions, and keep things maintainable all at once. To manage this, we built a Tech Adoption Model inspired by Organizational Physics of Lex Sisney, which treats adoption as a process instead of a single decision. The model encourages teams to think in phases. Exploration is done safely, incubation focuses on real use, and scaling only happens once a technology is ready. We also make developers consider early on how to migrate away or decommission a tool before it reaches its end of life. Another important part is balancing the future with the present. The model helps teams adopt new tech without breaking what’s already working, making sure current projects stay flexible for what’s coming next. In this talk, I’ll share how thinking in adoption phases can reduce hype-driven decisions, make scaling easier, and turn migration and decommissioning into part of the design process instead of an afterthought.
• 

  Your Competitors Know Your Skills Better Than You Do

  Diana Gehrke · Strategic Talent Intelligence and Talent Sourcing, Stellantis

  Most companies track roles and headcount, while competitors target specific skills. This session shows how skill-based talent intelligence reveals capability risk before attrition happens, explains how competitors identify critical skill clusters, and introduces practical ways to turn external market signals into early warnings for workforce strategy.
• 

  Your Distributed System Just Got a Brain. Now What?

  Marcin Makowski · CEO, BeOne

  Distributed systems were designed around predictable behavior. Retries assume idempotency. State transitions assume determinism. Consistency models assume repeatable outcomes. Then we added AI. Now: - the same input may produce different outputs - retries may change decisions - context mutates state unpredictably - model upgrades alter behavior silently - deterministic workflows depend on probabilistic components Your distributed system just got a brain. And distributed systems don’t tolerate ambiguity. In this session, we explore what really changes when AI becomes part of a distributed architecture. We’ll cover: - how probabilistic inference breaks retry semantics - why idempotency assumptions fail with LLMs - separating state from inference - deterministic checkpoints in AI workflows - replayable execution paths - handling model version drift - designing hybrid architectures where AI proposes - but systems enforce AI doesn’t just add intelligence. It changes the fundamental assumptions of your system design. If you treat AI as just another microservice, your architecture will eventually collapse.
• 

  Your Docs Are Now AI Infrastructure (Treat Them Like It)

  Emil Sorensen · CEO and Co-founder, kapa.ai

  Your documentation has three audiences now. Customers reading the docs site. Support agents drafting replies. And AI tools, Cursor, Claude Code, Codex, answering questions about your product on behalf of developers who never visit your site at all. That last one changes everything. The same docs that used to be a static reference are now the grounding layer for every AI feature your developers touch, including ones you didn't build. If your docs are messy, outdated, or missing the answers users actually need, every agent querying them inherits the problem and your product takes the hit. In this lightning talk, we'll show how kapa.ai operates as the knowledge engine behind production AI deployments at companies like Sentry, Netlify, Monday.com, and n8n, processing millions of developer questions per month. We'll walk through real analytics revealing the "dark matter" of documentation like which topics generate the most uncertainty, which pages quietly underperform, and how unanswered questions cluster into a prioritized backlog for content and product teams. The takeaway: stop guessing what to document. Let your users, and the agents querying on their behalf, tell you. With concrete benchmarks: 20-40% support ticket deflection, hundreds of developer-days saved per year, and a path to treating docs as the grounded foundation every AI feature in your product needs.
• 

  Your Enterprise RAG Has No Legal Basis

  David Klemme · Co-Founder and CTO, Komplyzen, Tilman Mürle · Managing Director and Co-Founder, Komplyzen

  Your RAG system works beautifully. Under GDPR, it has no legal basis to exist. Clean architecture. Proper embeddings. Maybe even agentic tool calling. You followed best practices. But when the auditor asks "what's the legal basis for this processing?" there's no answer. General-purpose "ask anything" chatbots have no defined purpose. Without a defined purpose, no legal basis can exist under GDPR. The architecture itself is the violation. In this talk, I'll live-code a "best practices" enterprise knowledge bot, then ask the questions nobody asks: Where is purpose limitation enforced? Where is legal basis documented? I'll show why anonymization doesn't save you. 97% accuracy isn't "anonymous" under GDPR. It's still PII. Then I'll show you the fix: a purpose-scoped bot architecture where legal basis is a first-class configuration item. Each bot gets a defined purpose, scoped data access, configured tools, and documented legal basis. The architecture enforces the boundaries. The retrieval layer can only access documents within that bot's scope. Non-compliance becomes architecturally impossible. The good news? You didn't waste your investment. This is a 50k governance layer, not a rewrite. Takeaways: - Why your RAG has no legal basis and how to fix it - The purpose-scoped bot pattern: document, enforce, and audit compliance by design - A brownfield rescue roadmap for existing systems
• 

  Your Kubernetes Node Is Not a Server: Rethinking the OS Layer

  Natanael Copa · Software Engineer, Mirantis

  Kubernetes already treats nodes as disposable, but most platform stacks still run them as long-lived servers. This mismatch creates unnecessary complexity in upgrades, security, and operations, especially for edge, bare-metal, and high-churn environments. In this talk, I’ll present an alternative model: treating Kubernetes worker nodes as firmware, not operating systems. Using k0s, Linux Unified Kernel Images (UKI), and an initramfs-only OS, we build immutable workers that boot entirely from RAM, fetch configuration from metadata (cloud-init style), and optionally persist state using a single mounted /var directory.
• 

  Your People Are The Future Of Your Brand

  Ash Jones · Founder, Great Influence

  Trust in brand is declining, with 71% of people saying they trust them less than they did a year ago. In fact, while 90% of executives believe consumers trust their companies, only 30% of consumers actually do. So, who do people trust? People. It has never been more evident that your people are the future of your brand. This session explores how brands can leverage the rise of personal branding to promote the people working within them to drive brand and business growth.
• 

  Your Tests Are Lying to You: Let AI Expose What You Missed

  Maish Saidel-Keesing · Developer Advocate, AWS

  How many bugs in your last release were hiding in the tests you never wrote? Your specifications already describe the failures you’re missing — you’re just not turning them into tests. This session demonstrates how AI reads your requirements and generates the test cases your team overlooked. Real specs transformed into comprehensive test suites, how to evaluate whether AI-generated tests actually catch real defects, and where your judgment still beats the machine. A repeatable process that plugs directly into your existing workflow.
• 

  Zero to Binary: Building a Production-Ready AI Agent in Go

  Rabieh Fashwall · Technical Lead, Galeria

  Python is excellent for experimentation, but when it’s time to ship AI agents to production, you need the performance, concurrency, and type safety of Go. ​In this hands-on workshop, we will abandon the Python notebooks and build a robust, autonomous AI Agent from scratch using Go. We won’t just be making API calls; we will architect a system capable of reasoning, planning, and executing tools safely. ​What we will build: We will build a CLI-based DevOps Agent. By the end of the session, you will have a compiled binary that you can ask to perform tasks (e.g., "Check the disk usage, and if it's over 80%, compress the log folder"). ​The Workshop Flow: ​The Foundation: creating a clean interface to LLMs (OpenAI/Anthropic) decoupling the provider from the logic. ​The Brain: implementing the ReAct (Reason + Act) loop using a custom Go state machine. ​The Tools: using Go interfaces and struct tags to create strongly-typed tools that the Agent can invoke. ​Safety & Concurrency: adding context for timeouts and Goroutines for parallel processing. ​No magic frameworks. Just standard library Go and solid engineering principles.
• 

  ".Net is too slow" was not an option

  Tomasz Woznica · IT expert, mBank, Wojtek Kurzawiński · IT Senior Engineer, mBank

  There were two simple scenarios among dozen others that had to meet strict SLAs when we start migration mBank core banking system (Altamira) from mainframe to distributed platform. Processing input files, computation and persist results in database. Start driving cursor on sql, computation and produce output files. The story is about creating event-driven runtime in C# that is capable to accelerate this kind of jobs completely transparent for original COBOL source code making replatforming possible. We are able to spawn from 2 to N concurrent subtasks that from system point of view are single task. Goal for replatforming was to run core banking system on distributed platform using one line of code – COBOL. Parallelism for files : splitting to small chunks – couple strategies were implemented - all based annotations for build compound key that defines ranges for subtasks merging results where persist file on disk takes too long we have “magic” virtual split virtual merge Parallelism for sql cursors : splitting – provide information about identification of subtasks to sql without changing sql commands generated by application. Evaluating ranges based on compound keys merging – how to deal with “empty” ranges Performance to achieve was very challenging and combine multiple topics that was covered. We must stand side by side with mainframe – aka performance beast. Moving mainframe all operation from memory access to distributed world where network latency, IO operations and so on are not negligible pushed us for find not obvious solutions. These two topics are just tip of an iceberg in approach for legacy system migration. mBank system processing day by day couple of thousands jobs where most of steps using acceleration path. This approach allow finishing End of Day processing in SLA window to start another usual day for our customers. We would like to share and inspire developers with our findings in mBank success journey for replatforming.
• 

  "Looks Good to Me": A Practical Guide to Handling AI-Generated Code

  Roman Zhukov · Principal Architect, Red Hat

  AI coding assistants like GitHub Copilot, ChatGPT, and Cursor are reshaping how we build software—and open source is no exception. These tools can now generate code, submit pull requests, and even review and merge them automatically. But what’s the cost? Open source maintainers are increasingly overwhelmed by “almost correct” AI-generated PRs that introduce subtle bugs, security vulnerabilities, or fail to follow contributor guidelines. Meanwhile, the rise of AI-generated Bug Bounty reports (AI slops) risks overwhelming maintainers and undermining the spirit of responsible disclosure potentially pushing projects to abandon bug bounty programs. In this talk, we’ll explore a security-first and practical framework for using AI in software development and contribution workflows. I will cover guidelines from the well-respected communities like Linux Kernel, OpenSSF and OWASP and real-world (non-fictional) practices from the industry leaders. We will cover how to craft AI prompts with security and compliance in mind; governance templates for managing AI-generated contributions; Strategies for handling AI-generated vulnerability reports without shutting down your bug bounty program.

...and more.