From hands-on workshops and deep-dive masterclasses to keynotes, networking, and the legendary party — here's what to expect each day.
Three days at a glance
Your three days, sketched out.
Here's the shape of each day so you can start planning travel and
which sessions to chase.
Day 0 — Wednesday
8 July 2026
Pre-check-in & badge pickup 10:00–19:00
Pick up your badge a day early and skip the queue on Thursday morning.
Workshops 11:00–18:00
Hands-on, small-group sessions led by industry experts.
Masterclasses 09:00–18:00
Full-day, expert-led deep dives and training sessions.
Satellite Events All day
Activities hosted by the community and our partners across the city.
Warm-up at CityCube 12:00–18:00
Drinks, mingling and a warm-up outdoor program before the main event days.
Tech Leaders Night 19:00
Invite-only evening for executives, policy makers and select guests.
Day 1 — Thursday
9 July 2026
Doors open 08:00
Doors open for check-in and badge pickup — get in early and pick your seat before the opening keynote.
Opening keynote 09:15
Welcome from the main stage to kick off the main event.
Main program All day
Keynotes and talks across all stages.
Tech Expo All day
Hundreds of companies, hands-on demos and expert conversations.
Workshops All day
Hands-on sessions running in parallel to the main program.
CODE100 Finals 19:00–20:00
Our signature live coding competition, fought out on the main stage.
Official Congress Party 20:00 → midnight
The biggest tech party of the year - everyone under one roof.
Day 2 — Friday
10 July 2026
Doors open 08:00
Head in early before the main program begins.
Main program From 09:00, all day
Keynotes and talks across all stages.
Tech Expo All day
Hundreds of companies, hands-on demos and expert conversations.
Workshops All day
Hands-on sessions running in parallel to the main program.
Closing keynote 17:30
A summary of what mattered most, plus an outlook on the months ahead.
Sessions sneak peek
A First Look At The Program.
A first look while we finalize the program. Tap a row for the
full description.
11 Principles for Evaluating AI Dev Tools
Nnenna Ndukwe · Principal Developer Advocate, Qodo AI
Benchmarks measure narrow capabilities. Demos show best-case scenarios. Neither tells you whether AI-generated code will survive production or whether that shiny new tool deserves a place in your stack.
This talk presents a unified framework of 11 principles for evaluating AI-generated code and the tools that manage it. Because code quality and tool quality are inseparable: bad tools generate bad code, and bad code evaluation processes never catch it.
We'll reframe AI use with responsibility boundaries where the core questions shift from "is it fast?" to "can this be understood under pressure, safely changed, and defended to a stakeholder?"
Through real-world patterns from teams adopting AI across their SDLC, we'll apply these principles to distinguish tools that surface risk from tools that hide it.
Attendees will leave with a practical rubric to decide which AI tools to trust, which to constrain, and how to keep human judgment at the center of fast-moving, AI-augmented engineering.
200 OK: Payment settled, resource delivered
Brian Whippo · Senior Director, Algorand
AI agents are making machine-to-machine payments on the open web in the rapidly growing field of agentic commerce. We’ll explore next-generation payment protocols, open web standards, and blockchain solutions that enable digital payments in the burgeoning agentic economy. Learn about recent developments, technical challenges, and emerging standards that are shaping how agents exchange value at internet scale.
3x Performance: A Humbling Journey
Luca Trușcă · Software Engineer, Adobe
When I was asked to fix a core component's performance on mobile, the numbers were bad—load times were hitting 4 seconds. Looking at the traces, it seemed like a chain of slow API calls. As a Frontend Engineer, I initially assumed the problem was on the backend and out of my hands.
I was wrong.
This talk covers the four-month investigation that followed. I’ll share how we debugged a complex performance bottleneck in a large-scale Adobe application. It turned out the solution wasn't just about code, but about understanding the infrastructure between the client and the server.
We will look at how tweaking "boring" mechanics like CORS headers and connection handshakes resulted in massive speed gains, and how we caught our analytics data hiding failures in specific regions. We eventually made the feature 3x faster, but the real takeaway is on how to debug across the entire stack, not just the browser.
5 things I wish I hadn’t done building my AI agent
Shachar Azriel · VP Product, Baz
Most talks about AI agents focus on success stories and best-case outcomes. This talk is about what can actually go wrong when you ship an scale-up AI agent in a start-up.
Over the past 18 months, our team in Baz built and scaled an AI-powered Code Review Agent used daily by thousands of across the world.
To move fast in this crazy market, we made several architectural, product, and UX decisions that seemed reasonable at the time, but later turned into expensive mistakes. Some cost us users, and some hit our precious revenue.
In this session, I’ll share five concrete pitfalls we encountered while building a real AI coding agent, why they happened, how we detected them, and the pivots that ultimately worked.
This is not a theoretical talk: every example comes from a production system, and will include real system diagrams, usage data, and how the fixes changed behavior in production.(alongside a lot of self humor :)
1. We built a “smarter” agent, and it got "dumber"
Why adding more context, tools, and responsibilities reduced accuracy instead of improving it
2. We let users choose the model, and lost control of the results
How exposing LLM choice destroyed consistency and meaningful feedback
3. We optimized for an AI app, not for developer behavior
Why real adoption only starts when the agent lives where decisions were already being made (GH, GL or the IDE)
4. Our guardrails worked, until the providers changed the models
How silent model updates broke engineering assumptions and eroded user trust
5. Our metrics looked great, but users were still churning
Why industry-standard AI metrics (like accepted suggestions and time-to-merge) missed the signal that actually won (or lost) customers
5 Years in Cloud Native: The Good, the Bad, and the Bill
Simone Desantis · CTO, Openapi
What happens when your data center literally catches fire? Five years ago, a literal disaster was the catalyst for our total migration to Cloud Native. But moving from on-prem microservices to a fully scalable cloud architecture was a journey filled with scars, paranoia, and expensive lessons.
In this session, I will share my perspective as a CTO who led a team through a deep cultural transformation: the metamorphosis from traditional system administration to a DevOps mindset, where Infrastructure as Code (IaC) became our most valuable asset. We will dive into "scalability paranoia"—how we optimized container orchestration to beat the competition without losing our sanity (or the entire budget).
We will break down the financial reality of elasticity: while on-prem environments force you to distribute workloads over time to avoid saturating fixed hardware, Cloud Native demands a complete mental reboot. I’ll share how we shifted from 'squeezing every cycle' out of static servers to an event-driven model designed to scale to zero. We'll discuss the danger of misconfigured scaling—the 'blank check' risk—and how we learned to orchestrate resources so they only exist when there is actual work to do, finally aligning our infrastructure costs with real business value. This isn't a polished success story; it’s an honest breakdown of complex solutions to simple problems, and how this journey finally allowed us to sleep at night.
7 Ways to Fail at Building a Platform
Michael Coté · Senior Member of Technical Staff, Tanzu
Building your own internal developer platform can seem attractive, but it's a risky proposition. In a platform as a product approach, when you build it, you own it, and now you're in the business of developing a product instead of your actual business. In this talk, drawing from 10 years of platform engineering case studies of large organizations, Coté will go over seven risks of building your own platform: expansive scopes, underestimating cost, project mindsets, death by customization, skills, security and compliance, resume-driven development. You can learn from the many people who've suffered these risks already and, hopefully, avoid them yourself.
A Dystopian Future for Software Engineering
George Hantzaras · Director Engineering, MongoDB
In 2030, we don’t "write" code anymore, we orchestrate it.
The massive adoption of agentic AI has transformed the SDLC into a high-fidelity assembly line. We have "Architect Agents" drafting design docs, "Reviewer Agents" enforcing linting and security, and "Coder Agents" generating 99% of production PRs. In this "dystopian" (or utopian?) future, the role of the Software Engineer has evolved into a conductor. To get these agents to work perfectly, together the human must possess a god-tier level of experience, knowing exactly when to demand an interface over a class, how to prevent leaky abstractions in generated code, and how to debug logic they didn't technically type. But there is a catch: if the machines do all the typing in the world of proprietary software, where does the next generation of senior conductors come from?
In this session, we will explore:
- The Agentic SDLC: A technical deep dive into a multi-agent world, where specialized agents handle specific lifecycle stages.
- The "Expert Paradox": Why AI-driven development actually raises the bar for seniority and architectural knowledge, making "Junior" a disappearing job title in proprietary software.
- Open Source as the training ground: Why FOSS is becoming the only place where humans still "hand-craft" code, not out of necessity, but for mastery and passion, and how this makes Open Source the ultimate training ground for future engineers.
Accelerating AI Inference at Scale: A Deep Dive Into NVIDIA Dynamo on Kubernetes
As foundation models move toward deeper test-time computation, inference becomes the dominant scaling constraint. Latency, throughput, and cost are governed by a small set of forces: autoregressive decoding, KV-cache growth, memory bandwidth, and scheduling under contention. This workshop frames large-scale inference through these emerging laws of inference, starting from first principles and building toward real systems. Learners deploy NVIDIA Dynamo on Kubernetes to operate aggregated and disaggregated inference architectures using built-in KV-aware routing and scheduling. The outcome is a principled understanding of where inference time and money go — and how architectural choices bend those curves in production. Participants will deploy both aggregated and disaggregated inference on a 4xA100 node and compare the performance of the two.
Advanced AI Systems With MCP, Memory & Human-In-The-Loop
Roelant Dieben · Cloud and AI Architect, Sopra Steria, Stuart van der Lee · DevOps Engineer, Sopra Steria
Building real-world AI systems in 2026 means moving far beyond simple prompts and chatbots. The future belongs to agentic applications that are context-aware, stateful, and governed - systems that not only generate text, but understand, reason, act, and learn over time. In this full-day masterclass, Christian and Sebastian guide you through the foundational pillars for designing and implementing advanced LLM-powered systems that orchestrate tools, manage memory, and integrate human oversight:
- Context Engineering for shaping relevant, dynamic model input
- Memory for evolving, persistent, and personalized intelligence
- Model Context Protocol (MCP) for structured, and testable integration
- Human-in-the-Loop (HITL) for oversight, escalation, and compliance
Throughout the day, you’ll design and implement modular AI components that coordinate tools, manage memory, and respond intelligently — using structured context, RAG pipelines, and MCP-based orchestration.
Let’s build AI systems that respect the real world.
AI Agents Face-Off: Same App, Multiple Frameworks
Elaine Dias Batista · Senior Staff Engineer, SFEIR
The mobile development landscape has long been divided by framework wars: Native vs React Native vs Flutter vs Progressive Web Apps. While traditional comparisons often rely on synthetic benchmarks or oversimplified examples, this talk presents a unique approach: leveraging multiple AI coding agents to build identical, real-world applications across different mobile frameworks, then evaluating the results through objective metrics.
This session will demonstrate how various AI agents tackle the same mobile app requirements using Kotlin/Swift (Native), React Native, Flutter, and modern web frameworks. We'll dive deep into the challenges each agent encountered, the quality of code produced, and provide a multi-dimensional evaluation framework that goes beyond surface-level comparisons.
AI in Recruiting: What Works, What Fails - Real Lessons from Office & Volume Hiring
Speakers TBA
AI has huge potential in recruiting - but implementations vary widely. This talk breaks down what worked, what didn’t, and why, across both office (professional) and volume (high-velocity) hiring environments.
In this practical session, you’ll hear real, data-backed lessons from multiple AI introductions we led at Redcare Pharmacy and evaluated in both office hiring and volume recruiting.
I’ll cover:
- Successful patterns - where AI improved work of the recruiters / candidate experience.
- Unsuccessful rollouts - where tools underperformed and what were the reasons.
- Human + machine workflows - what roles remain human-centric, and where AI delivers the most leverage.
- Ethics and bias safeguards - real examples of how bias surfaced, and practical guardrails to address it.
- Metrics that matter - what to measure when you deploy AI so you know you’re improving, not guessing.
AI in Your Browser: Exploring Chrome's Built-In LLM
Daniel Ostrovsky · UI/UX Architect, Payoneer
Let's see how Chrome’s built-in AI is changing the future of web development. In this talk we will try on-device and hybrid AI capabilities, including APIs for tasks like translation, summarization, and general chat-based interactions. We’ll look at real-world use cases, practical examples, and how these tools can enhance user experiences and make applications even better. Learn how to integrate these features into your projects and stay ahead in the new world of AI-driven web development.
AI Sandboxes: Running Coding Agents Safely in Production-Grade Environments
Shivay Lamba · Senior Software Engineer, Couchbase, Kristiyan Velkov · Tech Lead and Front-end Advocate, Docker
The number of cyber attacks and security risks related to Coding Agents has sky rocketed. AI coding agents like Claude Code, Codex CLI, and Gemini CLI don’t behave like your typical developer tools. They install system packages, modify configurations, delete files, run services, and even spin up Docker containers, often requiring constant permission prompts or risky access to your host machine.
This talk explores Docker Sandboxes as a new execution model for autonomous coding agents. Built on microVM-based isolation, Docker Sandboxes provide disposable, agent-safe environments where coding agents can run unattended while remaining fully isolated from the host system.
We’ll walk through why traditional approaches like OS sandboxing, containers, and full virtual machines, break down for agent workflows, and how Docker Sandboxes combine the developer experience of containers with the hard security boundaries of VMs. Using live examples, we’ll show how agents can safely run Docker-in-Docker, install dependencies, access only the project workspace, and be reset instantly.
By the end of this session, you’ll have a clear mental model for when and how to use Docker Sandboxes to unlock higher levels of agent autonomy without compromising safety, security, or developer experience.
AI-Powered UI: Building Intelligent, Real-Time Interfaces with React & WebGPU
As AI moves closer to the client, the next generation of web applications will need to run intelligent, real-time experiences directly in the browser. Thanks to WebGPU, developers can now run high-performance, GPU-accelerated machine learning workloads on the client side — enabling personalization, AI-assisted interactions, and visual computation without relying on a backend model server.
This talk explores how React developers can leverage WebGPU and modern ML runtimes to build responsive, privacy-preserving AI user interfaces capable of running real-time inference in the browser. Through practical examples, we’ll look at how to integrate on-device embeddings, text and vision models, gesture recognition, and dynamic AI-driven UI behaviors into modern React applications.
We’ll walk through how WebGPU differs from WebGL, what optimizations it unlocks, and how frameworks like TensorFlow.js, ONNX Runtime Web, and WebGPU-native pipelines can be combined with React for highly interactive experiences. Attendees will also learn best practices for orchestrating GPU workloads without blocking the UI thread, managing streaming inference, and structuring React components to handle continuous, high-frequency data updates.
By the end of this session, developers will understand how to build AI-powered interfaces that feel fast, fluid, and deeply interactive — without expensive servers, latency issues, or privacy trade-offs. This talk is ideal for React developers, frontend engineers, and product teams exploring how AI can elevate the user experience in modern web applications.
An Opinionated Guide to Bulletproof APIs
Rustam Mehmandarov · Principal Engineer and Cloud Lead, MILES
Writing a "Hello World" endpoint is easy. But building an API that is secure, observable, and capable of evolving without breaking every client? That’s where the real engineering happens. We often pollute our business logic with validation, security checks, and boilerplate, creating a maintenance nightmare.
It’s time to clean up our act. In this session, we’ll move beyond basic CRUD to explore 5 essential patterns for building production-grade APIs.
The code examples will be in Java and we will combine standard Jakarta EE/MicroProfile features with powerful custom implementations to tackle the cross-cutting concerns that matter most. However, the concepts can be applied to other programming languages as well.
Analytics in the Age of Agentic AI: A tour of ClickHouse and Langfuse
Speakers TBA
Agentic AI is not just a new use case for data - it penetrates and transforms all use cases. In my talk I will discuss what this means for the foundation layers of our data architecture, and I will live demo a few use cases that show how ClickHouse is adapted to AI use cases.
Architecture 3.0: From 90% to 99.999% Reliability in Building AI Systems
Ingo Eichhorst · Engineering Trainer, IONOS
We’re entering Software 3.0: not just AI inside products, but AI agents that design, implement, and evolve large parts of the system and increasingly build other agents. The hard question isn’t whether this works at ~90% “looks correct,” but how we engineer a bridge to 99.999% reliability when the workforce is probabilistic.
This talk presents an Architecture 3.0 blueprint for AI-native systems and agentic engineering pipelines: how to structure systems where agents generate code, configs, tests, docs, and even agent behaviors, while keeping control. You’ll see why the architect role shifts from diagram drawing to designing the control surface: specs that are testable, benchmarkable, and “reinforcement-compatible,” plus the thin layer of humanity focused on what creates long-term value.
DEMO (live): we let agents build a small agent-powered service and an internal “helper agent” (tooling/prompt + eval suite). CI gates intentionally fail on safety/reliability; we iterate on the spec + evals until the system passes with predictable behavior.
Back to the Roots: Testing in the Age of AI
Jakub Janczyk · Senior Engineer/Tech Lead, Help Scout
AI is generating more and more code, and it’s getting better every day. Still, it’s far from perfect, and uncontrolled AI-generated code can quickly lead to bugs, frustration, and fragile systems.
While tools and workflows are evolving rapidly, one thing remains unchanged: high-quality automated tests are the foundation of great software. AI coding agents thrive on fast feedback loops, and tests provide exactly that. However, not all tests are equally valuable, and poor tests can be just as harmful as having none.
In this talk, we’ll go back to the roots of testing: what makes a test truly useful, how to design tests that guide both humans and AI, and how to leverage them to get the most out of AI-assisted development.
Beyond authentication: an open-source trust model for the agentic web
Speakers TBA
Authenticating an agent tells you who it is, but not whether to let it transact, access data, or act on a user's behalf. As autonomous agents begin crossing organisational boundaries, the systems they reach face a binary choice: block all agent traffic or accept it without verification - neither of which scales as agent traffic grows.
TSAI (Trust Signals for Agentic Interactions) is an open source protocol that fills this gap. Built on W3C Verifiable Credentials and Decentralised Identifiers (DIDs), it carries trust signals beyond identity - reputation, economic stake, authorization, and endorsements - in cryptographically signed credentials that any system can verify offline. Independent Trust Authorities issue them and agents present them when accessing a service, while receiving systems make their own access decisions based on the signals. Credentials describe the agent, not the user, which preserves user privacy and keeps existing user authentication unchanged.
In this talk, we walk through the architecture - the four-tier trust model that scales from offline verification at low risk to real-time checks at high stakes, the credential format and lifecycle, and how TSAI composes with agent protocols like MCP and A2A. TSAI is developed by AWS and Trusted Shops, combining agent infrastructure expertise with decades of online trust certification.
Beyond Chat: AI Workflows That Actually Investigate Alerts (So You Don't Have To Know Everything)
Nune Isabekyan · CTO, OpsWorker, Aram Hakobyan · Head of Platform Engineering, zooplus
"You build it, you run it" sounds great until you're on-call for a Kafka consumer lag spike at 3 AM—and you spent the last six months building the React frontend, not the event pipeline. Modern teams own their services end-to-end, but no one can be an expert in everything. And the AI chatbots we've been promised? They just add another window to alt-tab through while the pager screams.
This talk argues that chat-based AI is fundamentally wrong for incident investigation. I'll break down why the chat paradigm fails: it expects you to provide context you don't have at 3 AM, assumes you know where to look, burns time with back-and-forth, and interrogates instead of investigates.
Then I'll show what actually works: AI workflows that investigate like a teammate who knows the system—automatically discovering affected resources, correlating metrics with deployments, querying the right logs without being asked, and delivering hypotheses with evidence.
We'll cover real engineering challenges: orchestrating tools across Kubernetes, logs, and metrics; solving the "where do I even start?" problem; building outputs that explain unfamiliar systems; and what breaks when you let AI loose on production.
Live Demo: A simulated 3 AM alert comparing the chatbot experience ("Can you tell me more about your cluster configuration?") versus a workflow that delivers: "Your deployment rolled out 47 minutes ago with a memory limit reduction. Three pods are OOMKilling. Here's the diff and the kubectl command to rollback."
Beyond Resilience: Architecting Antifragile Systems
Jan de Vries · DevOps Advocate, Naboek
Most of us build systems to be robust or resilient. We want them to resist failure or to recover from failure. But in today's turbulent world chaos is inevitable. What if your system didn’t just survive a spike in latency or a server crash, but actually got better because of it?
The concept of Antifragility, coined by Nassim Nicholas Taleb, is the hidden engine behind modern engineering triumphs like chaos engineering, continuous deployment, canary releases and microservices. While a resilient system recovers from shocks and stays the same, an antifragile system thrives on disorder, using failures as a catalyst for growth.
In this session, we’ll move beyond the theory and look at the hidden force shaping our industry. We will explore how to transition from fragile architectures (where one error causes a cascade) to systems that leverage randomness to improve.
Don’t just build systems that don’t break. Build systems that get stronger when they do.
Beyond SBOMs: The Future of Container Supply Chain Security
When a single phished NPM maintainer led to 18 compromised libraries—including Chalk and Debug, downloaded billions of times weekly—it proved one thing: SBOMs alone aren't enough.
In this talk, Docker Captain Mohammad-Ali A'râbi explores how modern supply-chain attacks unfold and how the next generation of tools—attestations, provenance, and signing—can prevent a repeat of the September 2025 NPM breach.
You'll learn how to build verifiable, trusted pipelines using Docker Scout, Syft, Cosign, and Rekor, and how to extend SBOMs with build-phase attestations.
The session combines deep technical demos with hard-won lessons from the largest NPM attack ever—and insights from Mohammad-Ali's book "Docker and Kubernetes Security"—turning supply-chain horror stories into actionable DevSecOps practices.
What you'll learn:
- 🧠 Understand how the 2025 NPM supply-chain attack happened—and why traditional SBOMs couldn't stop it.
- 📦 Pin & lock dependencies to prevent malicious updates from sneaking in.
- 🧱 Generate, sign, and verify attestations using Docker Scout + Cosign + Rekor.
- 🔒 Adopt zero-trust build pipelines with SLSA levels + OCI 1.1 referrers.
- 🧰 Defend proactively with seven practical strategies: block lifecycle scripts, use hardware keys, and continuously scan with Snyk / Trivy / Scout.
- 🚀 Turn compliance into confidence by making your entire container lifecycle verifiable.
Beyond SQL Generation: How to Teach Agents What Your Database Actually Means
Coding agents like Claude struggle to get meaningful information from databases. Even though they're good at writing correct SQL, they fall short where it matters - fetching the right answers. When asked a complex question, they consistently fumble their way through the schema catalogs and table descriptions, and then make best-guesses about how to join them, hoping to find some data that looks reasonable.
The reason for this is simple - they don't know your domain. It's like hiring an expert in database syntax and expecting them to know how your company works. The solution is equally simple - teach the agent what the data means. Give them a guide to how your database is laid out, how its joined, what column names mean and what kind of queries make sense. All the folk knowledge that that expert hire would eventually acquire in their first 6 months.
The technique for teaching agents the meaning of a schema is called a semantic model, there's an open standard that's easy to stick to, and the results are pretty terrific. A single file can take an agent from burning tokens to hallucinate an answer, to one-shotting the correct results.
In this talk we'll go through the details of semantic models and the standard, why it's worth using the standard rather than rolling your own, and techniques for creating effective semantic models quickly. All in the service of a simple outcome - making a scalable database analyst that's effective from day one.
Beyond the Thor’s Hammer: Pragmatic Agentic AI with Caching, Reuse, and Cost Guardrails
Satej Sahu · Principal Data Engineer, Zalando
Agentic AI has become the default “big hammer”: throw more agents at the workflow, add more tools, loop until it works. It feels magical—until the cost bell rings: token spend explodes, latency creeps up, and teams realize they’re repeatedly paying for the same reasoning across users, departments, and weeks.
This session is about bringing pragmatism without losing ambition. We’ll explore how to balance productivity and timely results by treating agent systems like any other production platform: measurable SLAs, predictable cost, and deliberate architecture. The centerpiece is a topic many teams overlook in the rush to “agentify” everything: cacheability.
We’ll break down what’s actually being transmitted between agents and users—prompts, retrieved context, tool results, intermediate plans, and final answers—and identify what’s repeated (often a lot) across org units. Then we’ll introduce practical caching patterns for agentic systems:
RAG and retrieval caching (query → top-k chunks, embeddings, rerank results)
tool-result caching (APIs/DB queries with TTL, idempotency keys, provenance)
response + reasoning artifact caching (answer reuse with “freshness” guards)
workflow memoization (agent step outputs keyed by inputs, policies, and versions)
organization-level knowledge reuse (shared “answer primitives” for FAQs, policies, and ideation)
But caching isn’t free: it creates complexity around staleness, governance, personalization, and security boundaries. We’ll cover how to design caches that are safe and evolvable: TTL + invalidation strategies, semantic cache keys, redaction/PII handling, per-tenant isolation, and observability for hit rate vs. correctness. You’ll leave with a set of architectural principles and an incremental roadmap to scale agentic AI sustainably—so the hammer stays useful even when costs matter.
Beyond Webhooks: The Future of Scalable API Event Delivery
Phil Leggetter · Head of Developer Experience, Hookdeck
Since Jeff Lindsay introduced webhooks in 2007, they’ve become the default mechanism for delivering API platform events to consuming applications. But as adoption has surged and event-driven systems have evolved, the cracks in the webhook model have started to show—scalability challenges, reliability concerns, and operational overhead are just the tip of the iceberg.
In this talk, I’ll challenge the status quo and explore why webhooks may no longer be the best fit for modern API platform event delivery. More importantly, I’ll introduce Event Destinations—a Stripe-inspired next-generation approach designed to handle event distribution at scale, offering greater flexibility, resilience, and control. If you’re building APIs or event-driven platforms, this session will equip you with the insights to rethink your event delivery strategy.
Blameless Postmortems That Change Nothing: Cultural Anti-Patterns in Incident Learning
Daniel Schley · Head of Data Engineering, Riverty
Blameless postmortems are meant to help teams learn from incidents. In reality, many of them result in well-written documents and no meaningful change.
Drawing from personal experience responding to production incidents, as well as patterns observed across multiple teams and organizations, this talk examines incident reviews as a window into real engineering culture. Not the culture described in values decks, but the one revealed by how teams explain failures, assign responsibility, and decide what not to fix.
Across incidents ranging from minor outages to multi-hour production failures, we will explore recurring cultural anti-patterns that surface during postmortems. These include reviews that avoid uncomfortable truths, blamelessness used to shut down hard conversations, action items that quietly die in backlogs, and learning that stops at technical fixes while systemic and organizational causes remain untouched.
The talk also looks at why these patterns become more dangerous as teams adopt AI-assisted development. Faster feedback loops and accelerated code changes amplify cultural weaknesses that postmortems were supposed to correct.
Attendees will leave with concrete signals to look for in their own incident reviews, a small set of diagnostic questions that expose stalled learning, and practical techniques to turn postmortems into drivers of real improvement. Each anti-pattern is paired with a real incident example and a concrete alternative practice that has led to measurable improvement, rather than just better documentation.
Bridging LLMs and Systems: Practical Automation with MCP Tools and Function Calls
Mehdi Mohseni · Tech Lead and Lead Cloud Engineer, Halocline
In this session, we’ll look at how a .NET-based solution enables Large Language Models (LLMs) to act as automation engines inside a VR application.
The system uses the Model Context Protocol (MCP) to give the LLM controlled access to real system data and APIs. When a user submits a request — for example, “make the workspace more ergonomic” — the LLM interprets the intent, fetches relevant user and environment data via MCP, and responds by invoking an API or function with precise parameters.
We’ll walk through how this automation pipeline is built: from the LLM prompt orchestration and MCP data interfaces, to function calling, execution in .NET, and real-time feedback in VR.
The talk will also include real scenarios such as automatically identifying unused areas in a VR layout, adjusting ergonomics, or optimizing object placement — all triggered by natural-language input.
Build a Production-Ready AI Agent in 90 Minutes
Tamas Piros · AI Consultant
AI agent demos are everywhere. Production-ready agents are not. The gap between a working prototype and a system you'd trust to run unsupervised at 3AM is enormous and it's mostly about infrastructure, not intelligence.
In this hands-on workshop, you'll build a multi-step AI agent from scratch in TypeScript and take it all the way to production-grade.
We'll start with a naive implementation that works on your machine, then systematically break it and fix it.
By the end, your agent will handle LLM failures gracefully, recover from crashes mid-workflow, manage concurrency, and give you full observability into every step.
No slides (okay, maybe a few). No theory blocks (only a bit). Just code, patterns, and a deployed agent you can take home (but not literally!).
Build Fast, Deploy Faster: Cross Platform AI development in 2026
Charlie Cheever · CEO & Co-founder, Expo
Quality is a function of iteration.
Expo has become the standard for cross platform application development because it accelerates the process of building, distributing, and deploying your applications.
And we just made that iteration cycle exponentially faster.
With the introduction of Echo, you can now use your preferred coding assistant to prompt beautiful, cutting edge apps into existence from the palm of your hand.
In this talk I'll explain what the modern application development experience can look like and why there will be more, better apps because of it.
Building a Better Tomorrow: Tips and Tricks for Docker Builds
Daniel Bodky · Senior Developer Advocate, NETWAYS
Container are a fundamental building block of DevOps operations, yet building them efficiently and securely can be a burden: Often developers don’t know about the platforms’ security constraints, baseline configuration, and expected behavior, while DevOps teams lack domain knowledge regarding the frameworks and languages in use. The result: insecure or bloated containers!
In this hands-on, 2h workshop, we will take a look at common scenarios for containerized applications, and improve them bit by bit, taking a good look at tools available to us in the cloud-native container world.
Participants can expect to get a good understanding of easily applicable actions to trim and secure container images, gain insights throughout the building process, and learn how to get their applications from their machines to production.
Building a Cloud Platform Where Everything is Just Another Kubernetes Resource
Patrick Koss · Tech Lead, STACKIT
At STACKIT, we took the Kubernetes API and turned it into our entire platform control plane. Not just for running containers. For everything. S3 buckets, databases, DNS records, IAM credentials, even entire child Kubernetes clusters. All defined as YAML manifests. All managed via GitOps. All continuously reconciled by controllers.
We started with Terraform like everyone else. It worked fine until our infrastructure got complex. Monolithic state files that locked the whole team. Slow applies that recalculated everything when we only needed to change one thing. Drift that only surfaced when someone remembered to run a plan.
So we rebuilt the platform on Crossplane and ArgoCD. One management cluster provisions and orchestrates cloud infrastructure per environment. Developers get self-service APIs by applying Kubernetes resources. Ops teams enforce policies through admission webhooks. Everything reconciles in real-time. No external state to manage. No waiting for tickets to get unblocked.
This is the production architecture. How it works, why we designed it this way, what went wrong during the migration, and what we'd change if we started over today.
Building a Multi-Agent Orchestration Engine That Actually Follows the Rules
Hussein Jundi · AI Engineering Lead, E.ON Digital, Torsten Stiller · Head of Automation Factory, E.ON Digital
At E.ON Digital Technology, we're building an AI-powered platform that spans the entire software development lifecycle—from ideation, requirements in Jira, through code generation and GitLab integration, to automated testing, infrastructure deployment, and production monitoring.
Enterprise environments don't tolerate agents going off script. We need them to follow our SDLC guardrails, and not to improvise.
While the workflow itself enforces standards, the graph controls transitions, embeds approval gates, and ensures compliance. Users just chat; the system handles the rest.
We'll walk through the architecture and share real examples: legacy application modernization, cloud-native migrations, and gains in developer productivity.
The Problem
AI coding assistants are powerful, but they're designed for autonomy. In an enterprise like E.ON, that's a problem. We have governance requirements, approval workflows, and integration points across the entire SDLC—Jira for planning, GitLab for code, our automation platform for deployments, our monitoring stack for observability. Letting an agent "figure it out" isn't an option.
What We Built
We created a multi-agent platform based on LangGraph where:
-Specialized agents handle distinct phases: requirements analysis, code generation, test creation, infrastructure provisioning, log analysis
-The workflow graph enforces our SDLC—agents don't decide when to ask for approval or which phase comes next; the graph does
-Graph disaggregation: the workflow breaks down complex tasks into manageable steps, improving task completion rates and reducing hallucinations
-Enterprise integrations connect each phase to our actual toolchain (Jira, GitLab, deployment automation, monitoring)
-Workflows are pluggable—different use cases get different flows with appropriate checkpoints
The result: developers interact through a conversational interface, but the underlying system enforces similar standards we'd expect from manual processes.
Building APIs for Agents vs Systems. Is MCP the answer?
Adam Bird · CEO and Co-founder, Cronofy
When your API consumer can reason, everything you thought you knew about the contract between provider and caller gets tested. I’ve spent the last 24 years of building and commercialising web APIs, including Cronofy’s MCP server and Agentic products. I've learned that the instinct to reach for new abstractions before honestly asking why the existing ones failed is as strong as ever.
This talk covers the real differences between designing for developers and designing for agents, where MCP earns its place and where it's inefficient. Why granularity choices that work for systems fail for agents. The tension between agent flexibility and keeping your platform predictable, secure, and auditable. Where the responsibility for behaviour should fall. Practical learnings from really doing it.
What I will share
- How the contract between API provider and consumer shifts when the consumer is non-deterministic — retry logic, error handling, and authentication all need rethinking.
- The practical differences between designing for developer experience (DX) versus agent experience (AX) — documentation, discoverability, and affordances.
- Where MCP fits in the stack: what it actually solves (tool discovery, context passing, standardised transport) and what your tool should claim.
- Lessons from shipping an MCP server commercially — the gap between the spec and production reality.
- Why "just wrap your REST API" is a trap — granularity, composability, and the temptation to expose too many tools versus too few.
- The tension between giving agents flexibility and maintaining predictable, billable, auditable behaviour for your business.
- What stays the same: rate limiting, versioning, backward compatibility, and the fundamentals that 24 years of API design and delivery have already taught me.
Building Moduliths That Last: Patterns for Sustainable Module Integration
Christoph Kober · Lead Software Engineer, SQUER
A system does not need to be distributed to have clean architectural boundaries. Moduliths (modular monoliths) have emerged as a popular alternative to microservices - But doesn't that mean we're going back to where we started from? Won't today's moduliths end up as Big Balls of Mud again in a few years?
The key to a sustainable modulith is clean integration between modules. The shared runtime offers more integration options but also creates the temptation to take shortcuts and create a hot mess. This talk compares different approaches to integrating modules in a modulith. We will explore how different domains suit specific patterns better than others, and distill that knowledge into practical heuristics. We will also examine tactics for establishing these patterns in existing codebases.
As a developer or architect, you will leave with a toolkit of modulith integration patterns and antipatterns, guidelines for choosing the right ones, and the knowledge to establish them in legacy applications.
Building Physical AI: Fine-Tuning VLA Models and Composing Multi-Modal Systems
Alison Cossette · CEO and Founder, ClariTrace
Physical AI requires a different stack than chatbots. You're fine-tuning vision-language-action models for specific skills, then composing them with perception and voice systems that work in real-time. The integration is where the magic happens—and where most projects fail.
This talk shares the architecture behind an award-winning book-reading robot: a system that opens books, turns pages, sees content, and reads aloud with expressive voices. We fine-tuned VLA models using Action Chunking with Transformers to learn fluid manipulation from human demonstrations, then integrated Claude Vision for page understanding and Eleven Labs for streaming speech synthesis.
I'll walk through the technical stack: how we collected demonstration data and fine-tuned for page-turning skills, why ACT policies outperform discrete skill primitives for manipulation, and how we achieved zero-latency speech through a three-threaded streaming pipeline. Physical AI means designing for graceful failure—because in the real world, errors tear pages.
You'll leave with concrete patterns for fine-tuning VLA models, composing multi-modal physical AI systems, and understanding where the hard problems actually live.
Learning Objectives
* Fine-tune vision-language-action models for specific manipulation skills
*Apply Action Chunking with Transformers for fluid robotic behavior
*Design multi-modal physical AI systems that integrate manipulation, vision, and voice
*Build zero-latency streaming pipelines for real-time human-robot interaction
* Identify failure modes unique to physical AI and design recovery strategies
Level
Intermediate
Tags
Physical AI, VLA Models, Robotics, Fine-Tuning, Vision-Language-Action, Real-time Systems
Building the next generation of AI developer tools
Krzysztof Cieślak · Staff Research Engineer, GitHub Next
AI has already changed software development. Tools like GitHub Copilot have become ubiquitous part of the workflow of millions of developers. Like other well-known editor features, AI-in-editor increases productivity, reduces required context switching, and lets developers stay in the flow while focusing on important parts of their job.
However, this was just a first step - with the rapid developments of large language models (LLMs), which have become more powerful and knowledgeable with every release and have excellent reasoning capabilities, we can do more. Nowadays, we see AI agents such as Claude Code able to solve complex, repository-wide tasks or even generate whole applications.
In the talk, I will discuss how AI developer tools has changed over the years, describe emerging usage patterns of AI agents and how they change whole software development process, and peek into the future of developer tools. All that while trying to answer the most important question - how to design applications using AI with humans in mind.
Bulletproof Web Applications: The 2025 OWASP Top Ten
Christian Wenz · CEO, Actition
Since 2003, the Open Web Application Security Project curates a list of the top ten security risks for web applications. The brand new 2025 edition of the OWASP Top Ten is on the horizon; time to take a look at it! What's new, what has changed, and what is mandatory knowledge for any developer using a modern web stack? Attend this must-see session to get an up-to-date refresh on how to create secure web applications and prevent the top ten issues from happening. Many code samples will demonstrate those risks, and countermeasures, to keep your applications secure.
Can SVG be fast? Rendering a scatter chart with over 10k points
Bernardo Belchior · Software Engineer, MUI
In this talk, we’ll explore the performance limits of SVG when rendering scatter charts with thousands of data points, based on our experience at MUI X Charts.
You’ll learn how to identify bottlenecks, performance measuring tricks, and the techniques we use to optimize rendering.
Carbon-Aware Kubernetes: Building Sustainable Cloud-Native Platforms
Speakers TBA
The cloud-native ecosystem consumes massive amounts of energy, but what if your Kubernetes clusters could automatically optimize for carbon footprint? This talk demonstrates how to build carbon-aware platform engineering solutions using real-time grid data, KEDA autoscaling, and multi-region workload shifting. Live demo includes deploying workloads that automatically migrate based on renewable energy availability.
Checkmate: 5 Real Incidents That Can End a Software Company
Speakers TBA
Security failures rarely start with sophisticated zero-day exploits. In most cases, they begin with ordinary decisions: a rushed commit, a misconfigured cloud service, an overlooked alert, or a trust assumption that no longer holds.
I’ve seen how real-world incidents unfold, not in theory, but in live production environments with customers, revenue, and reputations on the line. This talk breaks down five real incident scenarios that placed software companies in “checkmate” positions: moments where recovery options narrowed, time worked against the defenders, and business survival was genuinely at risk.
Each incident is presented from the defender’s perspective, showing how technical failures, process gaps, and human factors intersect. We will examine how attacks moved through CI/CD pipelines, cloud platforms, identity systems, and third-party dependencies.
This session is not about fear, compliance checklists, or abstract security theory. It is a practical, experience-driven look at how companies actually fail, and what developers, architects, and engineering leaders can do differently to avoid repeating the same mistakes.
Attendees will leave with concrete lessons on design decisions, development practices, and security assumptions that silently determine whether an incident becomes a manageable disruption, or a company-ending checkmate.
Code Once, Use Everywhere: Building Shared Libraries for Multiple Projects
Vadzim Prudnikau · Co-Owner and Architect, Trainitek and Apotek 1
Developers who have worked on shared libraries know that maintaining them can quickly become a headache, often leading to bugs or bottlenecks across projects.
* What should go into a shared library?
* How do you keep it small and easy to maintain?
* How do you update it without breaking everything?
These and other questions arose when I built a shared Java library that supports integration with Spring Boot across multiple projects in my company.
In this talk, I’ll show how I addressed these challenges and developed a solution that has worked successfully for over three years. I'll walk you through the structure and code so you can see exactly how it’s done and avoid common mistakes.
By the end, you’ll have actionable insights to start building or improving your own shared libraries that support Spring Boot.
Join my talk to discover practical solutions you can apply to your projects right away, whether you're just starting or looking to enhance an existing shared codebase.
I look forward to seeing you at my talk!
Code Style in Practice: Balancing Preferences and Consistency
How often do we work with code where similar parts look different and are difficult to understand? The reasons are not always clear and are often related to personal preferences, missing standards, or historical decisions.
In this talk, we will discuss:
Is it better to follow an exciting coding style rather than introduce your own?
When and how is it appropriate to improve or change code style?
Can principles be used when formal standards do not exist?
How do code style and consistency impact readability, maintainability, and overall code quality?
This talk focuses on balancing personal preferences with shared team consistency and on making software projects easier and more enjoyable to work with.
Code that writes code - .NET Source generators
Glenn F. Henriksen · CTO, Justify
Tired of writing repetitive boilerplate code? Enter .NET Source Generators - your key to automating code generation at compile time. In this session, we'll explore and demystify this powerful feature that lets you inspect your codebase and generate new C# source files during compilation.
You'll learn how to create source generators from the ground up, including working with the Roslyn compiler API to analyze syntax trees, semantic models, and symbols. Don't worry, it's actually easier than it sounds! We'll explore practical techniques for traversing your codebase, filtering syntax nodes, and generating precise, context-aware code that integrates seamlessly with your existing projects.
Through hands-on examples, we'll implement source generators that solve real-world problems. We'll cover examples like creating strongly typed entity IDs to prevent primitive obsession, generating boilerplate code, auto-implementing interfaces, building compile-time helpers and more.
This session is designed for intermediate to advanced .NET developers, team leads and architects looking to improve code maintainability, as well as anyone interested in meta-programming and code generation.
After this session, attendees will gain a thorough understanding of source generator architecture and lifecycle, along with practical knowledge of working with the Roslyn API for code analysis. They'll learn essential techniques for debugging and testing source generators, good practices for implementing them in production projects, and acquire a toolkit of ready-to-use patterns for some common source generation scenarios.
Colorful quantum randomness
Jakub Gaj · Cloud Solution Architect, Danske Bank
Experience the power of quantum superposition through this visual hands-on demo to generate truly random colors using actual quantum computers.
See how quantum randomness can supercharge real-world applications in cryptography, material science simulation, and optimization problems that classical computers struggle to solve efficiently.
Showcase of quantum algorithm development using OpenQASM and Qiskit frameworks, running on IBM Quantum and Amazon Braket platforms. No prior quantum physics knowledge required, just bring your curiosity for emerging technologies!
Confessions of a Software Archaeologist: What I Did Wrong in 10 Years of Restructuring Software
Hendrik Lösch · Management Consultant and Architect, ZEISS Digital Innovation
While AI tools promise enormous efficiency gains, deploying them often reveals a hard truth: our legacy systems aren't ready. This pressure to modernize shines a harsh light on issues we have ignored for years.
It turns out that refactoring code is actually the easy part. The real bottlenecks are hidden in a tangled mess of stakeholder management, ossified organizational structures, and the "human factor." These are non-technical problems that no AI can fix for us.
With over 10 years of experience as a Lead Dev, Architect, and TPM, I’m looking at the big picture. Having navigated these exact traps in numerous restructuring projects, I will share actionable lessons to help you spot and overcome these barriers. We’ll look past the code to focus on building a project environment that allows modernization to succeed.
Context Graphs for Explainable, Decision-Aware AI Agents
Zaid Zaim · Developer Advocate, at Neo4j
AI agents can follow prompts and use tools, but often lack the institutional context needed to explain why a decision is made. That reasoning: policies, precedents, and past outcomes are usually scattered across systems and human memory.
Context graphs capture this missing layer by modeling decision traces over time, including causality and context. By giving agents access to just enough historical and organizational knowledge, context graphs enable more explainable, consistent, and auditable decisions.
Continuous Accessibility
Jörg Jakoby · Software Developer, Atos
In this session, I will demonstrate how to move accessibility with low effort from an "afterthought" to a systematic verification process using fast unit checks (jasmine-axe, jest-axe, vitest-axe) and realistic E2E scans (Cypress, Playwright). Instead of manually checking accessibility shortly before release, we shift feedback to the left: components are validated in isolation during testing, and critical user flows are scanned in real browsers. This is not just about tools, but about robust routines: ensuring stable UI states before scanning, maintaining consistent WCAG tags/severity levels, generating actionable reporting in CI, and establishing clear gate rules ("build fails on serious/critical").
Furthermore, I will shed light on the practical side: how teams handle exceptions (with justification and expiration dates), how to choose the right scopes (e.g., scanning a dialog instead of the entire page), and why uniform guardrails across unit and E2E tests are crucial for making accessibility sustainable, scalable, and genuinely integrated into daily development.
Contract Testing with MCP: Building Self-Describing, Self-Testing APIs
Moataz Nabil · Software Engineering Manager, AVIV Group
Contract testing hasn’t evolved—but our systems have.
Today’s APIs run in dynamic environments shaped by user context, feature flags, and increasingly, AI-driven behaviour. Yet most teams still rely on static OpenAPI specs, brittle consumer-driven contracts, and manually maintained test suites that quickly drift from reality.
In this talk, you’ll discover how the Model Context Protocol (MCP) introduces a new approach: self-describing, self-testing APIs.
By exposing runtime context—schemas, constraints, examples, and real usage scenarios—through MCP, services can automatically generate and maintain their own contract tests. This enables continuous compatibility between providers and consumers, reduces breaking changes, and transforms testing from a manual task into an automated, context-aware system.
We’ll walk through a practical architecture showing how MCP fits into an API platform, and demonstrate a working example where an API generates its own contract tests and runs them in CI.
If you build, test, or operate APIs, this session will change how you think about contracts, testing, and quality in distributed systems.
Cryptographic agility for a post-quantum future: Falcon signatures in TypeScript
Andrew Funk · Partner Lead, Algorand Foundation
Recent advancements in quantum computing are changing estimations of how soon classical cryptographic algorithms may be at risk. In this talk, we’ll explore the Falcon post-quantum signature scheme, how to apply it through a simple TypeScript library, and how Falcon signatures can be used to secure data today against tomorrow’s quantum attacks.
Cutting LLM Costs Without Cutting Quality: How to Beat Proprietary LLMs with Fine-Tuned Open Source
Viktoria Semaan · Principal AI Evangelist, databricks
Let's cut through the hype: most AI agents never make it past the demo stage. The gap between a working prototype and a production-grade system comes down to one thing—evaluation.
Without reliable metrics, you're guessing at what's working, what needs fixing, and whether your agents are actually improving. You'll learn how to:
- Define custom metrics tailored to your use case
- Calibrate LLM judges for cost-effective assessments
- Track evaluation results over time to measure real progress
Whether you're building LLM-powered apps or leading AI teams, you'll leave with actionable tools to move from proof-of-concept to production—with the transparency and reliability enterprises demand.
Dangerous Reactivity: Why AI Output Is the New XSS
Ramona Schwering · Developer Advocate, Auth0
Vue developers (amongst others, ofc) know one golden rule: never use v-html on user input. Yet, as we're integrating Large Language Models (LLMs) into our applications, we often make a fatal mistake. We're treating AI output as a trusted source. This is fine. Well, not automatically....
Let’s look at OWASP LLM05 and how "Improper Output Handling" affects web security. Therefore, let's discuss examples of how safe inputs can trick models, leading to vulnerabilities such as XSS and injection attacks. By the end, you’ll learn how to be "professionally pessimistic" for AI. You’ll see how to sanitize LLM data, safely render Markdown, and manage AI-generated content. Let's approach technology with caution,
I look forward to exploring this with you! ❤️
Debugging Humans: How MBTI Helps Engineering Teams Communicate Better
Hazel Wat · Analyst and Consultant, Schwarz IT
Software teams spend enormous effort on codes - yet many of the biggest productivity issues are not technical at all. They come from miscommunication, mismatched expectations, and avoidable friction between equally capable engineers.
In this talk, I will explore how MBTI - a 16 personality assessment - can be used as a practical communication framework for engineer teams - not as a personality label or hiring tool, but as a shared language to understand different working and communication preferences.
I will share how small adjustments in communication can dramatically improve team effectiveness.
This session focuses on actionable, engineer-friendly techniques to reduce friction, improve collaboration, and build high-performing teams.
Decode Your People: Using PCM to Build High-Performance Teams
Chris Redmond · Founder, RedOwl Talent
Only 23% of employees globally are engaged in their work. Burnout has hit 66%, and the average age for experiencing it is now just 32. On top of that, only 44% of managers have ever been trained in how to lead people, despite being directly responsible for 70% of team engagement outcomes.
We don’t have a productivity crisis, we have a leadership crisis.
In this 20-minute keynote, I share how the Process Communication Model (PCM), a behavioural tool originally developed for NASA, helps founders and managers lead people the way they’re actually wired.
This is not a PCM training session. It’s a practical, story-led talk designed to shift how leaders think about performance: not as something to push for, but something to unlock through smarter communication, deeper understanding, and earlier stress recognition.
Using PCM as a lens, I’ll walk the audience through:
Why people disengage (and how to see it coming)
Why one-size-fits-all motivation fails modern teams
How to recognise when a communication style is misfiring
Audience members will reflect on their own teams in real-time, explore the gap between how they lead and how people want to be led, and leave with a clear insight: you don’t manage performance, you manage people.
Defending the Modern Supply Chain: Hands-On Vulnerability Remediation
Boy Baukema · Senior Principal Security Consultant, Veracode
Software supply chains grow more complex every day, bringing new risks from open-source dependencies. Join us for a comprehensive workshop designed to help you defend your applications against these threats using secure coding practices and modern tools.
The session kicks off with a live demonstration of a real-world application exploit. You will see firsthand how to block malicious packages using a package firewall and remediate vulnerabilities using Software Composition Analysis (SCA) techniques.
After the demo, we will dive into a hands-on exercise. We provide a vulnerable application so you can practice identifying security flaws with SCA tools. We will apply the necessary fixes and re-scan the application to validate your remediation work. We will wrap up the workshop with an open Q&A session. Here, we will discuss best practices for securing your supply chain and share actionable tips for integrating security directly into your development workflows.
Design Patterns For AI Products in 2026
Vitaly Friedman · UX Lead, Smashing Magazine
As product teams rush in launching AI products, they quickly face a roadblock. Too often AI features have very low adoption and retention, they are painfully slow and unreliable, responses are walls of text and users have to ping-pong between prompts, over and over again. Let's fix that!
Design Systems for the Machines - How to Make AI Understand Your UI
Jennifer Wjertzoch · Senior Frontend Engineer, DKB Code Factory
Design systems were created to make interfaces predictable for humans, now we need to make them predictable for machines.
In a world where AI agents analyse, navigate and document our UIs, a component is only as useful as it is machine-readable.
This talk shows how to embed semantic metadata, accessibility signals and structural intent directly into your design-system components, so AI can correctly interpret their purpose, behaviour and constraints.
Jennifer demonstrates how machine-readable components unlock automatic documentation, AI-assisted accessibility reviews, intelligent refactoring and design-to-code pipelines that actually understand your product.
The session delivers a forward-looking, practical blueprint for design systems that aren't just beautiful and consistent, but self-descriptive, inspectable and fully compatible with the AI-driven workflows of the future.
Designing UX for SRE Agents in High-Stakes Incidents
Osmar Matos · UX/UI Design and Frontend Lead, Hyground
Incident analysis isn't a straight-line calculation, it's a maze. Every alert opens a fork: deploy regression, dependency flap, or the first step of something larger. Older LLMs stumbled at the first fork. Newer models navigate these branches and backtrack when a hypothesis doesn't hold. At Hyground, we don't hand our SRE agents exhaustive runbooks. We give them a foundation in operations work and pointers to metrics, logs, and wikis, then let them run.
That forces us to rethink what UX means. When the trajectory isn't one you can wireframe in advance, what are you actually designing? Engineers want control, most of all at 3am with a pager going off. How do you surface an agent's reasoning without burying the operator in text? How do you give the human steering authority over a process whose next step doesn't exist yet? We will walk through the interface patterns we landed on in Hyground, the ones we discarded, and close with a question: when the thing on the other side of the screen is an intelligence of its own, is "user interface" still the right word?
Developers become Orchestrators: From Human-in-the-Loop to Spec-in-the-Loop
Bastian Heilemann · Lead Cloud Native Solution Architect, Carl Zeiss, Stefan Bley · Software Architect, ZEISS Digital Innovation
Development teams still struggle with a fundamental question: what can we safely delegate to AI, and what must remain human-owned?
Despite rapid progress in AI tooling, most teams are stuck in “copilot mode” — gaining speed, but also increasing cognitive load, risk, and inconsistency.
In this talk, we show why and how the role of the developer must evolve: from writing code and managing endless shift-left concerns, to designing intent, constraints, and guarantees — and orchestrating AI-driven execution.
We introduce spec-driven development as a governance and execution model for AI-assisted software delivery. Instead of focusing on prompts or tools, we frame AI delegation as a risk- and criticality-aware decision: humans define what must be true (functional specs, architecture decisions, security, SRE, and compliance constraints), and AI is delegated everything else.
To make this concrete, we present a realistic end-to-end experiment:
a non-critical internal service built with maximum AI delegation. Humans provide: Functional specifications and ADRs, Non-functional requirements (security, reliability, coding standards) and Release and compliance constraints
From there, AI generates implementation, tests, CI/CD pipelines, packaging, and deployment artifacts — fully automated.
On stage, we demonstrate how changing a specification (for example an SLO or security requirement) triggers repeatable, auditable regeneration of code and infrastructure — without manual re-implementation. We deliberately push this approach to its limits to show where it works, where it breaks, and why it must never be applied blindly to critical systems.
Attendees will leave with:
A clear understanding of the guardrails required for safe AI delegation.
A practical delegation matrix for AI-assisted development.
A mental model for specifications as an execution boundary, not documentation.
A realistic, experience-based view of fully automated delivery for low- and medium-critical systems.
Diagnostic Tooling: How to get insights from your .NET services hosted in Kubernetes containers?
Tom Crecelius · Technology Evangelist, CID
Cloud-native development is the talk of the town. Kubernetes, private cloud, and on-prem hosting are the hottest things around. However, running your services in containers on Kubernetes brings new challenges, especially if they are set up to be particularly secure in a production environment. Bugs exist in every software, but how can you obtain the data required for diagnostic purposes from services running in such containers? How can you obtain the data to analyze memory or performance patterns and do optimizations? In this talk, I will answer questions of this kind when dealing with .NET services hosted in a Kubernetes environment. I will explain concepts of .NET and reason about existing tools for getting memory dumps, heap information, CPU traces, etc., and what that means for your container setup.
Key Takeaways:
- Tooling and Integration: The available tools and their practical applications for .NET services running in Kubernetes.
- Sidecar Configuration: Step-by-step guidance on setting up a diagnostic sidecar container in your Kubernetes environment.
- Deployment Readiness: Recommendations for preparing your Kubernetes deployment manifests.
- Debugging and Diagnostics: How to extract traces, dumps, heap data, and other diagnostics from .NET services in containers and export them for analysis.
- .NET concepts: How to fetch diagnostic data from .NET services?
Containerizing Java applications is easy. Containerizing them securely is not.
In this session, we'll explore how to strengthen your Java Docker builds with Software Bill of Materials (SBOMs) and registry attestations. Instead of generating a single SBOM at the end, you'll see how to extract SBOMs at every stage of a multi-stage build, catching vulnerabilities that would otherwise slip through.
We'll cover:
- Why SBOMs are critical for modern Java applications
- How to integrate SBOM generation directly into Docker builds
- Use Docker Bake to make it delicious
- How to decrease the number of CVEs using Docker Hardened Images
- Pushing SBOMs as attestations to your registry for supply-chain visibility
- Asking Johnny Cage to sign the images and their SBOM attestations
Live demo: Containerizing a Spring Boot app with security built in
Don’t Build Agents. Build Agent Skills for the Web
Ohans Emmanuel · Software Engineer, HelloFresh
Over the past year, model intelligence has skyrocketed, and agent tooling has improved significantly. However, there's still a gap: most AI agents don't have the procedural, domain-specific expertise needed to do real work inside real products, especially in web apps, where a small behaviour change turns into user-facing regressions.
In this talk, I'll show how leveraging Agent Skills changes how you build AI features on the web: from prompt tweaking to shipping packaged guides, resources and scripts that turn a general-purpose agent into a product-specific one via the Agent Skills protocol (adopted by OpenAI, Anthropic and Cursor). I'll also show a practical way to do this in web apps without changing your current frameworks or LLM, with evals and versioning in place to prevent regressions.
## Outline
1. Title
2. The regressions that break Web AI apps
3. Mega-prompt anti-pattern and why MCPs and tools won’t save you
4. What “Agent Skills” are
5. Architecture (Web ↔ server ↔ agent ↔ VM access)
NB: Even though this will be abstracted, I want the audience to understand why it's important. So, I’ll show the abstraction but not shy away from a quick look into its innards
6. Demo: baseline feature
a) I’ll start with a simple web app and show why 90% of your users will never be power prompters and how to still have your Agent respond reliably
7. Demo: break it
8. Skill #1: Packaged SOPs
a) Show a sample package SOP in an Agent Skill - scripts, validation, etc., all progressively loaded
9. Skill #2: Self learning AI agents with Skills
10. Versioning + tiny evals
1. The current status quo for Evals doesn’t work with Skills. Here, I’ll show how Web engineers can evaluate their AI Agent Skills
11. Checklist
- Production checklist for using Agent Skills in a Web Application - regardless of tooling (Vercel AI SDK, langchain) and LLM (works across all LLMs)
12. Closing thesis
Dynamic Entities in .NET: Building Low-Code Systems on Top of Entity Framework Core
Halil İbrahim Kalkan · Co-Founder, Volosoft
Designing a truly dynamic data model is one of the most challenging tasks in modern application development. Many teams fall back to traditional approaches like Entity-Attribute-Value (EAV) or overly generic schemas, only to struggle later with complexity, performance bottlenecks, and maintainability issues. In this talk, we will explore the landscape of dynamic entity systems, compare alternative patterns, and highlight their strengths and tradeoffs, before zooming in on how Entity Framework Core can be leveraged to build something both flexible and efficient.
Drawing on real-world experience from building the low-code capabilities in ABP Framework, I will share the key architectural decisions, pitfalls, and solutions that made our dynamic entity system robust and performant. You’ll see how EF Core’s extensibility can be pushed to its limits, how to handle querying and schema evolution at runtime, and how to avoid common traps while maintaining developer productivity. By the end of this session, you will have practical insights and patterns you can apply in your own projects when facing the challenge of designing dynamic yet reliable data models.
Edge AI on iOS: Beyond the Cloud, Designing the Next Generation of Intelligent On-Device Apps
AI on mobile is shifting from cloud-dependent models to fast, private, on-device intelligence. In this session, we’ll explore how iOS developers can build intelligent features using Apple’s on-device AI stack: Core ML, Vision, Natural Language, Speech, and MLX. How to design and implement real production-ready AI edge feature.
We’ll close with a forward-looking vision of how mobile apps can expose read-only data to a user’s on-device AI, enabling a future where apps collaborate through private agentic intelligence without compromising privacy or control.
Attendees will walk away with concrete code patterns, architectural models, and demos they can apply immediately.
Engineering AI Sovereignty: You Code. aion.xyz Runs the Infrastructure.
Jayden Watson · CEO and Founder, aion.xyz
aion founder & CEO Jayden Watson will show how modern AI teams can move from endless infrastructure decisions, escape the hyperscaler trap, and gain immediate production value using aion’s full-stack AI platform. aion unifies software, hardware, and optimisation into one developer-first system: from training and inference to data, orchestration, and owned GPU infrastructure.
Developers write code. aion handles everything else.
The session combines real production architectures, performance benchmarks, and deployment patterns used by Fortune 500 enterprises and AI-native startups to build AI systems in weeks instead of months, without cloud lock-in, GPU waitlists, or hidden complexity.
Attendees will leave with a practical understanding of how to ship AI faster, cheaper, and with far less operational overhead.
Engineering Manager Pendulum: Generating compound interest on your career
Marcin Olichwirowicz · Engineering Manager, Netflix
Most career advice tells you to climb the ladder linearly. I’m going to tell you why I jumped off it - and how that "demotion" generated the highest returns of my career.
I was a Startup IC who jumped into a large organization management, only to realize I lacked the technical "scale" to lead effectively. I will walk you through my decision to swing the "Manager Pendulum" back to an IC role, and how each swing compounded my skills:
The Investment: I swung back to IC to learn "Operational Reality." Because of my management background, my impact compounded - I knew exactly which battles to pick and which to ignore, navigating large company politics better than my peers.
The Cost: It wasn't free. I faced the "Mentorship Vacuum," the "High-Performance Trap," and a job market that viewed my non-linear path with suspicion, making offers harder to get.
The Dividend: When I swung back to Big Tech management, I wasn't starting from scratch. I was starting with Compound Interest -armed with technical confidence and high-fidelity empathy that only a recent IC possesses.
I will show you why the pendulum isn't a back-and-forth motion - it's an exponential curve upwards.
Event-Driven AI Agents: Orchestrating Long-Context Legal Processing at Scale
Luca Bianchi · CTIO, MESA
Building AI agents that process legal documents with 10,000+ pages requires more than throwing context at an LLM. This talk dissects our production event-driven architecture.
You'll learn:
- Why synchronous LLM calls fail at legal document scale - the cold start and a timeout problem
- Event-driven orchestration patterns for multi-step agent workflows (planning, dynamic loading, context assembly)
- Long-context chunking strategies that preserve legal reasoning chains
- Cost optimization: how we reduced per-request costs 73% through intelligent caching and selective context loading
- Production failure modes: what breaks when agents plan incorrectly
Concrete architecture, real metrics, battle-tested patterns. No theoretical frameworks - this is what actually runs in production, processing legal contracts for 10M+ users.
Event-Driven Microservices: Patterns and Practices for Production-Ready Systems
Lutz Huehnken · Fractional CTO, Interim Manager and Architect
Event-driven architecture has become a key pattern for building scalable, resilient, and loosely coupled systems, especially in microservices environments. However, designing and implementing such architectures effectively in real-world scenarios remains a challenge.
This full-day, hands-on workshop provides a practical deep dive into designing microservices that communicate through events. Participants will learn how to architect services using asynchronous, event-based patterns to improve system modularity and flexibility. The workshop is technology-agnostic, focusing on concepts and patterns that can be applied across platforms, using message brokers such as Apache Kafka.
Through presentations, exercises, and collaborative system design, attendees will explore core topics including event choreography vs orchestration, message design, delivery guarantees, idempotency, observability, and failure handling. Realistic scenarios and challenges will help solidify understanding of how to apply these patterns effectively.
The workshop also addresses practical concerns such as schema evolution, monitoring message flows, using dead-letter queues, and ensuring reliability in distributed systems. Participants will walk away with a clear understanding of both the advantages and tradeoffs of event-driven communication in microservices.
This workshop is aimed at software engineers and architects with prior experience in building distributed systems or microservices. No specific programming language knowledge is required; examples and labs are designed to focus on architecture and system behavior rather than language syntax.
By the end of the day, participants will be equipped with a set of actionable techniques, best practices, and mental models for designing robust event-driven systems that are ready for production.
Fast Agents Produce Bad Results Faster
Mardu Swanepoel · Head of AI Engineering, Flinn.ai
A lot of effort goes into improving agent output speed - streaming, caching, "thinking" indicators. Yet, none of it matters if the agent's output is not actually useful.
This talk examines why capable agents consistently fail to deliver on their promise: and it's not because they lack capability, but because we've optimised for the wrong thing. The core problem is a speed paradox: agents are designed to optimise for speed to output rather than speed to understanding. Speed isn't what makes an agent valuable—useful, trustworthy results are.
The talk is structured around three lessons learned the hard way building production agents at Flinn. Each lesson is grounded in a real system: the trust paradox was illustrated by our multi-channel medical device complaints handler, the failure of typical trust mechanisms (legibility, boundaries, reversibility) through our autonomous regulatory monitoring agent, and the question of whether chat is the right interface for agentic systems is explored through our clinical writing co-pilot.
Across all three systems, the pattern was the same: we had to slow the agent down to make it useful. Participants leave with a framework for evaluating agents through the lens of trust architecture rather than technical capability, specific strategies for building understanding before execution, and concrete examples of what breaks in production and what works instead.
Fast, Confident, and Wrong: When AI Fails at Accessibility
Radostina (Ina) Tsvetkova · Senior Advisor, NAV
You ask your AI assistant to fix an accessibility issue. It gives you code that looks perfect, runs without errors, and even cites WCAG success criteria. And you trust it. Why wouldn't you? It sounds so certain. You ship it. Then your QA team reports that keyboard users are now trapped in your navigation menu.
This lightning talk exposes the three most dangerous ways AI fails at accessibility work and shows developers how to build verification workflows that catch these failures before they reach production.
Attendees will learn why AI confidently invents WCAG success criteria that don't exist, how seemingly correct fixes can break assistive technology, and why verification is not optional when AI touches accessibility code.
AI is a productivity multiplier for developers who already understand accessibility fundamentals, it is not a replacement for learning them.
AI will help you move fast, but only verification keeps you from breaking accessibility. Trust, but verify!
And know exactly what to verify.
Finding the Vibe: My journey back to coding
Michal Cyprian · Engineering Manager, Kiwi.com
If you're an Engineering Manager, you probably miss it—that productive feeling of shipping code. I know I did. It felt like I'd traded my keyboard for a calendar, and I was terrified of becoming a bottleneck if I ever tried to jump back into the code myself. My technical skills were gathering dust.
Then I found a way back. I realized that the skills I use every day as a manager—defining requirements, pointing my engineers to the right resources, and giving feedback on their work—were exactly what I needed to direct a new kind of developer: an AI agent.
I'll share my playbook for leveraging agentic AI to transition from idea to shipped code in just a few hours a week. You'll learn how to find your way back to coding, all without getting in your team's way. It's been a game-changer for me, and it’s the most fun I’ve had in years.
Fine-Tuning Small Language Models for Agentic AI
Björn Buchhold · Technology Evangelist, CID
Agentic AI promises significant business value, yet many proof-of-concepts fail in production: Large foundation models are expensive, slow, and vulnerable to prompt injection, a risk that escalates when agents interact with untrusted data sources like emails, websites, or documents.
Specialized, fine-tuned Small Language Models (SLMs) with just a few billion parameters can address these challenges. They offer enforceable control through domain constraints and structured outputs, dramatically reduced costs and latency, and inherent security through limited complexity.
This talk explores two approaches to creating specialized agents: Distillation via Synthetic Data (using large models as "teachers" to train smaller "student" models) and Reinforcement Learning from Verifiable Rewards (RLVR).
The core of this presentation focuses on practical evaluation: We present original experiments applying these techniques to real-world agentic applications. If you have a successful agentic AI application, this approach can help make it more efficient without loss of quality, but it doesn't always work. We evaluate when specialized SLMs can replace or even outperform large models, and when they fall short. Attendees will leave with concrete guidance on where this technique delivers value and where it doesn't.
Five Ways to Break Silos in Your Engineering Organization
Daniel Schniepp · Senior Staff Engineer, Mercedes-Benz
Large or fast-growing engineering organizations often foster silos, separating teams, hindering collaboration, and reducing the impact of collective knowledge and opportunities for technology sharing. But you don’t need a management mandate or a big budget to start breaking them down.
I’ll share five approaches I’ve successfully used that can be used by individual contributors and managers to bridge gaps between different parts of your organization. From fostering intrinsically driven grassroots communities of practice and running internal tech conferences or hackathons to encouraging cross-team code contributions and rotating engineers between products, each approach is designed to be flexible, scalable, and low-cost. I’ll also share personal experiences and the impact these approaches had on the organization.
Whether you're an experienced individual contributor or a manager, this talk will offer practical ideas and inspiration to drive change and encourage you to not give up, even when you experience setbacks.
From AI Assistance to Agentic Systems: Scaling Sovereign AI in Banking
Julia Koch · Executive Director, CTO and CCO, FInanz Informatik, Markus Hacker · Senior Regional Director Enterprise DACH, NVIDIA
AI is no longer defined by experimentation, it is defined by expectations.
Customers expect intelligent guidance, employees expect real relief in their daily work, and regulators expect transparency, control, and accountability.
In this joint keynote, Julia Koch (Finanz Informatik) and Markus Hacker (NVIDIA) share how AI transformation evolves when it’s built for everyday impact, sovereign operation, and agentic capabilities at scale. Building one of the largest AI implementations worldwide in the financial sector, Julia shares insights from the transition from AI assistants to agentic AI systems that proactively support complex processes across highly regulated, large-scale ecosystems.
The session focuses on three decisive factors of effective AI transformation:
• Use-case-driven value creation, ensuring AI delivers measurable benefits for customers and employees
• agentic architectures, enabling AI systems to reason, orchestrate, and act within clearly defined boundaries
• and sovereignty, providing full control over data, models, and infrastructure as a prerequisite for trust, compliance, and scalability.
Attendees will gain insights into how Finanz Informatik builds and operates a fully sovereign and 100% on-prem AI platform for the Savings Banks Finance Group, scaling AI assistance and agentic capabilities across 341 institutions, 200,000 employees and 50 million customers. NVIDIA complements this perspective by showing how accelerated computing and modern AI architectures enable sovereign AI factories to run reliably, efficiently, and sustainably at enterprise scale.
This session shows how AI becomes a growth engine when organizations move from pilots to platforms, from tools to systems, and from innovation promises to everyday impact.
From APIs to MCP: Enterprise Governance, Registry, and Controls
Stefan Mesquita · Platform Experience Lead, Deutsche Bank
APIs remain the foundation of enterprise integration, but AI agents are changing how capabilities are discovered and consumed. MCP standardizes tool discovery and invocation, enabling agents to interact with enterprise systems through reusable tools. The challenge is not enabling MCP. The challenge is governing it at scale.
In this talk, we will discuss how to operationalize MCP in an enterprise by leveraging existing API Management capabilities instead of creating a parallel governance stack. We will cover how to build a shared registry for APIs and MCP servers that acts as the discovery layer for modern agents, and we will walk through the governance controls that matter in practice.
Attendees will leave with a practical blueprint for implementing MCP safely and repeatably at enterprise scale, making MCP adoption scalable, observable, and compliant.
From Build to Breach: Hacking Kubernetes Through the Supply Chain
Ali Alp · Software Architect, Brainlab
The next generation of Kubernetes breaches won’t start in your cluster — they’ll start in your build pipeline. In this session, we’ll follow a realistic attack chain that begins with a compromised dependency and ends with a live DNS-based exfiltration inside a Kubernetes cluster. Step by step, through live demos, we’ll see how a single poisoned package can slip through CI/CD, sneak into an image registry, and quietly abuse CoreDNS to leak secrets. Then we’ll flip the script and show how to stop it using open-source, CNCF-hosted tools like Kyverno, Sigstore, and Falco. You’ll leave with a clear mental model of how supply-chain weaknesses evolve into cluster compromises — and a practical checklist of defenses you can apply today.
From Bytes to Execution: Writing a WebAssembly Runtime in Rust
WebAssembly runtimes power everything from serverless platforms to container sandboxes — but their internals often feel opaque. In this talk, I demystify those internals by presenting Whisk, a minimal WebAssembly runtime I built entirely in Rust.
Rather than focusing on a production-grade engine, Whisk intentionally strips the runtime down to its essential components: module parsing, validation, memory handling, and instruction execution. Walking through these pieces makes the architecture of a WASM runtime clear and approachable, while also showing how Rust’s enums, traits, and safety guarantees naturally support VM design.
We’ll explore how an interpreter is built step-by-step, what trade-offs arise in a minimal design, and how Whisk differs from larger runtimes like Wasmtime or Wasmer. I’ll also demo Whisk running real WebAssembly modules (non-WASI), illustrating where the boundaries of a tiny runtime lie.
Attendees will learn:
- How a WebAssembly runtime works from the inside out
- How to design a small interpreter in Rust
- Why Rust is well-suited for building VMs and sandboxes
- The trade-offs between minimal and production-grade runtimes
- How lightweight engines fit into today’s WASM and cloud-native ecosystem
This talk offers a practical and accessible deep dive into WebAssembly internals — with Rust as the guide.
From Cloud Racks to Control Cabinets: Operating Kubernetes on Edge Devices
Thomas Weinschenk · Software Developer, Endress+Hauser
Cloud‑native is routine in the cloud—but how do you run that routine inside control cabinets on edge devices? This talk focuses on operating Kubernetes on edge devices in a vendor‑neutral way. We’ll map an edge‑grade reference path from code to fleet‑level rollout and observability—using open standards and open source rather than tool‑specific implementations.
You’ll see how to package and ship modular workloads (e.g., PLC/HMI/DCS as examples) onto heterogeneous cabinet hardware, and how to run them with staged deployments, rollback patterns, and uniform telemetry. We’ll also show how the Open Industry 4.0 Alliance – Software Defined Automation (SDA) initiative frames the journey from PoC to scale, and how Margo (Linux Foundation) clarifies device roles, application packaging and a desired‑state model that unlocks interoperable edge fleets.
The outcome is a practical checklist and set of guardrails for constrained devices, intermittent networks, and autonomous operation—so teams can move beyond lab demos and run real workloads at the edge with Kubernetes, without vendor lock‑in.
From COBOL to Java: How Developers Transition 60 Years of Legacy into Modern Java Services
Kritika Murugan · Software Engineer, Finanz Informatik, Jannis Eickenroth · Head of Analytics and Customer Insight, Finanz Informatik
COBOL systems written decades ago still power some of the most critical parts of modern banking. At the same time, developers today expect modular architectures, automated pipelines, and fast feedback loops.
In this session, we take a deep dive into our COBOL-to-Java journey within the German Sparkasse Finance Group, where mission-critical mainframe systems serve over 50 million customers every day.
We’ll show how we approached the transformation of large, poorly documented COBOL codebases into modern Java services. Not as a naïve 1:1 rewrite, but as a deliberate redesign focused on modularity, shared services, and long-term maintainability.
You’ll learn how AI helped us understand legacy code, identify business logic, and reduce the cognitive load for developers. We’ll also talk openly about what didn’t work, where the mainframe still makes sense, and how developer empowerment became a key success factor for sustainable modernization.
This talk is for developers and architects who are facing legacy systems not as a burden but as a foundation to build on.
From Compliance to Code: the Cyber Resilience Act (CRA), SBOMs, DevTeams and YOU!
Marcus Ross · CCoE Lead, Hamburg Port Authority, Bjarne Valentin Rentz · SRE, Hamburg Port Authority
The EU Cyber Resilience Act (CRA) is reshaping how manufacturers and developers must secure their products—but what does it mean for your Developer platforms, DevOps pipelines, and DevTeams? In this session, we’ll share a real-world implementation of the Technical Guideline TR-03183 from the Federal Office of Information Security (https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/TechGuidelines/TR03183/BSI-TR-03183-2_v2_1_0.pdf?__blob=publicationFile&v=5). We demonstrate how to technically address CRA mandates without drowning in compliance overhead.
We’ll start by answering: "Why should Developer teams care about the CRA?" Then we’ll dive into our stack with cdxgen, DependencyTrack, and Central Cyclone to show how we automated SBOM generation, vulnerability tracking, and compliance reporting - all with a real application from the port of Hamburg.
We dive into:
- Why should your DEV-teams care about CRA?
- How DevOps/SRE teams can shield developers from compliance friction with automation
- Where the pain points lie, spoiler: team emotions and tooling gaps matter as much as tech
- A technical blueprint you can adapt
- A checklist for team readiness (because compliance isn’t just about tools—it’s about people)
You will leave with
✅ Understand the CRA’s impact on your Kubernetes/Dev platform (and why ignoring it isn’t an option).
✅ See a production-ready workflow for SBOMs, vulnerability management, and compliance automation.
✅ actionable insights on integrating CRA requirements with SBOM handling into your CI/CD pipelines.
✅ A clear "why this matters" for your org, and lessons from the trenches of securing critical infrastructure with Kubernetes.
✅ Get a checklist for team adoption—because compliance is a cultural challenge, not just a technical one.
From conversational job search to AI agents, must we reinvent recruitment?
Robindro Ullah · CEO, Trendence Institut
The recruitment market is changing dramatically — again — and those of us in HR are barely noticing. Rather than addressing and adapting to these significant changes, we are ignoring them completely. The shift to conversational job searching alone is turning our recruitment process on its head. With the addition of AI agents, we must rethink our processes and our technological setup.
In this lecture, I would like to draw attention to the underestimated changes and highlight the dramatic nature of the situation, so that no one is caught unawares.
From CPUs to QPUs: A Software Engineer’s Guide to Quantum Computing
André Alves · Software Engineer, eleQtron
Quantum computing is attracting enormous interest lately, but for most software engineers, it remains abstract, physics-heavy, and difficult to connect to everyday development work. This talk takes a different approach. Instead of repeating familiar sound bites about what qubits are and what superposition means, we will map quantum computing concepts onto the abstraction layers we already understand from classical systems.
We will compare the state of quantum computing today to the early development of classical computing during the twentieth century. We will also examine what a QPU actually is, how it is fundamentally different from a CPU, and why quantum computers are not simply faster versions of the machines we already use. Finally, we will look at the classes of problems where quantum computing has genuine theoretical or practical promise.
Attendees will leave with a clear mental framework for reasoning about quantum computing from the perspective of software engineers: understanding what it is, what it is not, and how it may eventually integrate into real-world systems.
From Hallucination to Justification: Hands-On Explainability for LLMs
Lucía Conde-Moreno · Software Engineer, Info Support, Tessel Haagen · Consultant Data AI, Info Support
Human beings are biased and often wrong. Artificial intelligence learns from human-created data. Therefore, artificial intelligence is biased and often wrong. This has been a critical problem across machine learning applications in the last years. To break open the black box of AI models, and understand how they make decisions, the concept of explainability was introduced.
Then, LLMs entered the chat. They answer our questions confidently and with a beautiful prose, even when they are making up data. Explainability then becomes essential to trust -or not- their output. But when the existing explainable AI methods cannot be directly applied to these models, what do we do?
In this workshop, we will delve into the topic of explainable AI, and its importance in the current context of LLMs and agents. Starting from traditional machine learning to then focus on LLMs, we will cover the different methods that can be implemented, from well-known ones to novel proposals stemming from our internal research. We will also introduce research-proven prompting strategies, tips, and tricks to integrate explanations on third-party LLM services that are not natively explainable.
Through guided exercises, you will get to peek under the hood of AI models, LLMs' behavior, and agents reasoning, by trying out these different techniques, and seeing their benefits and limitations first-hand. You will experience the risks and challenges that generative AI and agentic AI bring when implementing explainability, and learn practical ways to tackle them.
By the end of the workshop, you will leave with a mental toolkit you can apply immediately to know:
- When to trust (or distrust) LLMs
- Which explainability capabilities to implement (and how) on your RAG systems and LLM-based workflows (or which ones to look for when choosing a third-party service), and
- How to make LLMs' behavior more predictable, transparent, and ultimately safe
From Messy Querries to Scalable Systems - How Data Engineering actually works
Speakers TBA
I started my tenure at E.ON Energy Deutschland as a Business Analyst in a small BI team and currently am a lead Data engineer in the Data Engineering team. In my talk I would like to showcase the importance of Data Engineering and explore how ad hoc analytics at E.ON evolved into reliable data systems. I would like to uncover how good Data engineering paractises turn ad hoch analytic querries into scalable data platforms and improve not just perfrmance and cost but also collaboration, trust and developer experience.
From Space to Software: Reliability Lessons 40 Years After Challenger
Robert Barron · SRE Architect, IBM
The Space Shuttle Challenger disaster is often explained as a technical failure, but the engineers knew something was wrong before launch. What failed was not their expertise - it was the system of decisions, incentives, and escalation paths that surrounded them.
This talk reframes Challenger as a leadership and management case study, highly relevant to today’s engineering managers. Modern software organizations operate systems that are fast-moving, distributed, and business‑critical, under constant pressure to deliver. In those conditions, reliability rarely fails because of a missing alert or a bad design - it fails because risk becomes normalized, concerns stop escalating, and “acceptable” tradeoffs quietly stack up.
By drawing deliberate parallels between NASA’s launch decisions and contemporary software organizations, this session examines how management structures, delivery metrics, and cultural signals shape technical outcomes. Attendees will explore how well‑intentioned decisions (schedule pressure, ownership ambiguity, optimistic reporting) create environments where teams do the “right thing” locally while producing system‑level failure.
The core argument is simple: reliability is not owned by operations or enforced by tooling. It is a leadership responsibility, expressed through priorities, incentives, and how managers act when tradeoffs appear.
Note - this session could be presented in the DevOps category too.
From Static Rules to Reasoning Platforms: Scaling Intelligent Canary Delivery in 2026
Daniel Oh · Senior Principal Developer Advocate, Red Hat
As organizations scale their Kubernetes footprint, the "Day 2" reality of GitOps becomes clear: static thresholds are brittle. Standard Canary rollouts rely on fixed Prometheus queries (e.g., Error Rate < 1%), but these rules lack the context to distinguish between a minor transient blip and a systemic failure. For Platform Engineers, this results in "Alert Fatigue" and manual "promotion" gates that slow down the delivery pipeline.
In 2026, we are moving from Static Automation to Reasoning Platforms.
This session explores how to evolve your delivery infrastructure into an intelligent system that doesn't just follow rules, but reasons through data. We will demonstrate how to wrap ArgoCD Rollouts with an Agentic Reasoning Layer capable of cross-referencing metrics, logs, and distributed traces to make autonomous "Go/No-Go" decisions.
We will trigger a Canary deployment that passes basic health checks but introduces a "silent failure" (e.g., a cache hit-rate drop causing downstream latency). You will see the Reasoning Platform detect the anomaly, pause the rollout, "investigate" the root cause, and present a natural-language justification for the automated rollback.
From Vague Ideas to Precise Specifications – AI as Process Catalyst
Patrick Schnell · Managing Director, schnell.digital
We've all been there: clients know what they want but struggle to articulate it. Teams interpret requirements differently. Half the specs are missing. This talk explores how language models help transform this chaos into structured user stories. Through live demos, I'll share practical prompting strategies that actually work. Spoiler alert: AI isn't a miracle cure, it's an intelligent sparring partner. Developers remain essential – because only they truly understand the context. Let's dive into how AI amplifies your requirements process without replacing your expertise.
From Vector Search to Better Understanding: How Hybrid RAG Improves Answers, Not Just Matches
David vonThenen · Senior AI/ML Engineer, NetApp
Retrieval-Augmented Generation is everywhere, and most teams start with vector search when building out these agents. It works well when the goal is finding relevant text. It struggles when the task shifts to understanding, summarizing, or reasoning across multiple documents. Developers often discover this the hard way when their system retrieves "relevant" chunks but still produces shallow, inconsistent, or even contradictory answers.
This session introduces Hybrid RAG as a practical alternative. We'll walk through how combining vector retrieval with symbolic and keyword-based approaches changes what the model can actually do. You'll see why Hybrid RAG performs better for synthesis-heavy tasks, how it reduces failure modes common in embedding-only pipelines, and how to implement it in practice. The talk includes multiple live demos that show the differences side by side, using open-source code you can adapt to your own solutions.
Future of Mobile AI. What On-Device Intelligence Means for App Developers
Sasha Denisov · Chief Software Engineer, EPAM
Two years ago, adding AI to your app meant one thing: cloud APIs. You sent data to a server, waited for a response, paid per request, and hoped your users had good internet. Privacy? A terms-of-service checkbox.
That world is ending.
Today, you can run a large language model directly on a phone. No internet required. No per-request costs. Data never leaves the device. This isn't a research demo — it's production-ready technology that changes what's possible for app developers.
I built flutter_gemma, an open-source plugin that lets developers run AI models like Gemma locally on iOS, Android, and Web. Through this work, I've learned what on-device AI actually means in practice — not the marketing version, but the real tradeoffs, limitations, and opportunities.
In this talk, I'll share what I've discovered:
What's now possible — Running models like Gemma 3 on a smartphone. The hardware (NPU, Neural Engine) that makes it work. The formats (.task, .litertlm) that matter.
What changes for developers — New architectural patterns: offline-first AI, hybrid cloud/edge approaches. New decisions: which model size, which format, where to store gigabytes of weights. New skills: fine-tuning, conversion, optimization.
The honest tradeoffs — Not every phone can run every model. Smaller models are faster but less capable. Some support separate LoRA weights for easy updates, others require full model replacement. I'll explain what works where.
Where we're heading — Multimodal models (text + images) on device. Function calling — AI that controls your app. Personalization through on-device fine-tuning. Models designed specifically for edge, like Gemma 3n.
The future of mobile AI isn't about replacing cloud — it's about giving developers a new option. One that's private, fast, and works anywhere.
GenAI in Testing: Using GitHub Copilot to Accelerate Quality Without Losing Trust
Moataz Nabil · Software Engineering Manager, AVIV Group
Generative AI is rapidly changing how developers write code—but its impact on testing and quality engineering is often misunderstood. While tools like GitHub Copilot can dramatically speed up test creation, they can also introduce flaky tests, false confidence, and security risks if used without clear guardrails.
In this hands-on workshop, we’ll explore how to use GitHub Copilot effectively and responsibly for testing. Drawing from real-world experience rolling out AI-assisted developer tooling in platform and CI/CD environments, this session focuses on accelerating quality without sacrificing trust.
Participants will learn where GenAI adds real value in testing workflows—and where human judgment is still essential. We’ll work through practical examples of using Copilot to generate and refactor unit, API, and integration tests, create test data and mocks, and improve test readability and maintainability. Just as importantly, we’ll cover how to review, validate, and govern AI-generated tests so they meet production-quality standards.
The workshop also touches on how AI-assisted testing fits into modern CI/CD pipelines, including quality gates, security considerations, and best practices for team-wide adoption. Attendees will leave with concrete techniques and guardrails they can apply immediately in their own projects.
GenAI Is a Junior Dev With Root Access
Julian Totzek-Hallhuber · Lead Solutions Architect, XBOW
Generative AI has become the fastest coder on the team. It never sleeps, never complains — and it ships code at a speed we’ve never seen before. But there’s a catch: GenAI writes code the way a junior developer would… with root access and no security instincts.
In this talk, we’ll break down real data from the 2025 GenAI Code Security Report, which evaluated over 100 large language models across 80 security-critical coding tasks in Java, JavaScript, C#, and Python. The results are eye-opening: 45% of AI-generated code introduced a known security vulnerability, and that number hasn’t meaningfully improved — even as models get larger and “smarter.”
We’ll explore:
• Why AI-generated code often looks correct but quietly fails security fundamentals
• Which vulnerabilities GenAI struggles with the most (and why XSS and log injection are especially bad)
• Why bigger models don’t mean safer code
• Why GenAI can’t reliably reason about data flow, trust boundaries, or user-controlled input
• A real-world cautionary tale: “Vibe coding” introduced complex business logic flaws that led to miscalculations and workflow errors, showing how AI can unintentionally amplify mistakes
Most importantly, we’ll discuss what this means for real-world development teams using AI copilots today — and how to safely integrate GenAI into your workflow without letting it ship tomorrow’s security incidents.
If you’re using AI to write code, this talk will help you understand when to trust it, when to verify it, and why “it compiled” is no longer good enough.
Generative UIs and AI Assistants for Your Angular Applications
Manfred Steyer · Google Developer Expert, ANGULARarchitects.io
Copilot-style AI assistants are making their way into modern frontends: they guide users through processes, dramatically reduce task completion time, and answer questions through dynamically generated UIs.
In this session, you will learn how to integrate these capabilities into Angular applications. We show how the open-source solution Hashbrown connects LLMs with state management, the router, and forms to enable context-aware interactions. You will learn how client-side tool calling and generative UIs work—and what happens under the hood between your application and the LLM. This also highlights the strengths and weaknesses of the two libraries used.
By the end of the session, you will know how to extend your Angular applications with powerful AI assistants purposefully.
Getting started with Hexagonal Architecture
Dagmar de Haan · Software Developer and IT Architect, Tom Asel · Software Architect, tangible concepts
You’ve probably heard of hexagonal architecture — an approach that promises to clearly separate business logic from technical concerns, improve testability, and allow for flexible technology choices. But implementing it in real-world systems is rarely straightforward. From seemingly simple decisions like package structure to strategic questions such as defining module boundaries, the challenges are manifold.
In this workshop, we’ll explore design decisions on architectural, module, and code level — always with a focus on practical relevance. Together, we’ll dive into the core principle of dependency inversion and apply it in hands-on, platform-agnostic exercises that are applicable across different technology stacks.
You’ll leave with a practical foundation for both adopting and transitioning to hexagonal architectures in your own projects.
Go with the Flow: Stop the Leaks Before Your Memory's a Waterfall!
Manfred Bjørlin · Principal Cloud Native Architect, Sopra Steria
You thought you didn't have tio think about memory management and memory leaks when you were done with C? Think again!
Join me starting the dive by looking at how golang allocates and deallocates memory, and the workings of the garbage collector. Learn how the stack and heap works. And why does my substring allocate so much memory?
We'll dip our toes into some pitfalls we all are guilty of, and some that are real edge cases. We're looking at quite a lot of code examples, and coding patterns. What can cause your application, website or k8s operator to consume increasingly amounts of memory? And how to avoid it without crashing out in a OOM (Out of memory) error?
And can I actually answer all of my own questions? Maybe more? Will you even know without joining in?
Goodbye Microservices, Hello Self-Contained Systems
Simon Martinelli · Programming Architect, Martinelli
Microservices are a popular approach to building modern software, offering scalability and flexibility. But many teams face challenges such as increased complexity, difficult debugging, and managing too many small services.
In this talk, I'll introduce an alternative: Self-Contained Systems (SCS). Unlike microservices, SCS allows each part of your application to operate independently with its UI, logic, and database, simplifying both development and deployment.
You'll learn why SCS can be a better fit for many projects, how it reduces the complexity of distributed systems, and when it makes sense to use this approach over microservices. Based on my current customer project, I'll show you how to build self-contained systems with pure Java.
If you're ready to rethink your architecture and say goodbye to microservice headaches, this talk will show you the way!
GPU is not Monolithic : Packing LLMs with MIGs on Kubernetes
Hajed Khlifi · AI/HPC Architect, Quantori
Most of the LLM workloads now are deployed on Kubernetes clusters with GPU nodes and let's be honest this is the most expensive resource in the cluster. Currently, using GPUs in passthrough mode locks a single model to an entire GPU, leading to severe underutilization (~30%). In this talk I will explain how to manage GPU resources in an efficient way and attendees will understand how GPU cards are configured in a Kubernetes cluster, what is the difference between the three main Nvidia GPU installation modes: Passthrough, vGPU and MIG and how everything works behind the scene. I will demonstrate how Multi instance GPUs are the best solution for packing LLMs on Kubernetes and how it should be used in an advanced case scenario like packing multiple LLMs in the same cluster sharing the same GPUs without causing the noisy neighbor problem.
What happens when you have terabytes of 8K video, a team of marine biologists, and zero bars of internet? You build a "far-edge" data center in the middle of a research vessel.
In this session, we recount the high-stakes engineering of a deep-sea hackathon aboard the OceanXplorer. We’ll strip away the gloss and dive into the architecture required to run VLLMs (Large Language Models) and Streamlit app locally in a metal hull surrounded by salt water.
We will explore:
The Offline Stack: Running local inference on massive video files when the nearest cloud region is 3,000 miles and a satellite link away.
The Transition to Scale: How we moved from local "survival mode" to the cloud, utilizing Claude and Cortex AI to enable automation of biodiversity tagging that previously took human scientists weeks.
The "Contextual" Search: Using AI agents to bridge the gap between raw sensor data (salinity, depth) and unstructured media, creating a conversational interface for the ocean floor.
See It In Action: A live demo of asking questions in natural language and getting answers from expedition data.
Hacking MSSQL on Cloud. All of them. How I became sysadmin on Azure, AWS, GCP and Alibaba.
Fabiano Amorim · Principal Consultant, Pythian
It started as a simple security research project on a local SQL Server instance. A single vulnerability led me down a rabbit hole — from compromising Azure SQL Database to successfully escalating privileges on GCP CloudSQL for SQL Server, Amazon RDS, and Alibaba ApsaraDB.
In this session, I’ll walk you through the techniques I used to escalate from a limited user to sysadmin on managed SQL Server platforms offered by the four biggest cloud providers. I’ll also demonstrate post-exploitation techniques, including how I retrieved plaintext [sa] passwords from internal logs and accessed highly sensitive internal metadata.
More importantly, I’ll share lessons on how these vulnerabilities were possible in the first place — and what you, as a developer, DBA, or security professional, can do to secure your applications against similar attack vectors.
Finally, I’ll share how each cloud provider responded to the vulnerabilities I disclosed, the remediation timelines, and the broader lessons this experience teaches us about cloud security.
Hands-on AMQP with LavinMQ: Decoupling Services with Message Queues
Erica Weistrand · Developer Lead, CloudAMQP
Most services still talk to each other over HTTP, blocking on each call and tightly coupling availability, deployment, and scaling. Message queueing offers a different model: services publish events, brokers route them, and consumers process at their own pace.
In this hands-on workshop, you'll learn AMQP, one of the most widely deployed messaging protocols, by building real publishers and consumers against LavinMQ, an open-source message broker. We'll start with the fundamentals (connections, channels, queues) and work our way through the AMQP exchange types: direct, fanout, topic, and headers. Along the way, we'll cover routing patterns, message TTLs, queue arguments, and policies.
Hiring Technical Leaders: Promote from Within or Go External?
Barbara Wilk · Global Head of TA and People Analytics, Appfire
Alternative title - Hiring Technical Leaders: Build or Buy?
When it comes to (technical) people leaders, should we nurture and promote from within the organization or hire from the outside?
What is the not-so-hidden cost of both of those approaches (fresh ideas, different approaches to people and technical leadership, leadership maturity vs organization maturity); technical leadership - building credibility within a team; leading at different sizes and different maturity of organization - the role of a leader in a start-up vs scale-up vs large organization.
How building with AI can double the throughput of your engineering team
Brian Scanlan · Senior Principal Engineer, Intercom
In 2025, Intercom took on an ambitious goal to double the throughput of their engineering team by going beyond building fancy demos, and instead taking advantage of AI tooling to get real features and large existing SaaS codebase into the hands of paying customers. While this transformation is still a work in progress, Intercom's pace of innovation has always been a competitive strength. In this talk Brian will share his lessons and learnings when building with AI agents – what has and hasn't worked when faced with scaling towards 2x productivity.
How does a Java agent work? Building a Java agent from scratch.
Marco Sussitz · Senior Software Developer, Dynatrace
Java agents let you modify application behavior at runtime without changing source code. In this hands‑on workshop, you’ll build a small Java agent from scratch using the Instrumentation API and Byte Buddy. We’ll cover premain vs. attach, class transformers, method interception, and safe argument/return value capture. You’ll see how compiled classes look in bytecode (via javap) and how to reason about performance and classloader/module quirks in modern JDKs. By the end, you’ll have a working agent that times and logs specific methods in a sample app, plus a mental model to understand how tools like OpenTelemetry auto‑instrumentation plug into your services.
Many developers have used a Java agent before, be it in your mocking frameworks, to find a memory leak, or maybe you have some sort of tracing on your backend via OpenTelemetry. But what is a Java Agent, and how does it function?
Would you like to know how to manipulate run-time code and achieve things that are impossible otherwise?
In my day-to-day job, I mainly work with Java agents, and in this workshop, I will show you what an agent can do, how they work, and how you can write one yourself.
You’ll build a small Java agent from scratch using the Instrumentation API and Byte Buddy. We’ll cover how to attach your agent, the class transformers, method interception, and argument and return value capture.
In the end, you will know how tools like OTEL work and have a better understanding of observability.
How I built my own intelligent Robot Arm from Scratch
Iulia Feroli · Content Creator, Back to Engineering
Are you tired of the same old AI, LLM, buzzword sessions and wondering if there is still anything new and cool out there we can do with AI? Do you crave an exciting, slightly ridiculous project that's just a lot of fun - while also learning about a whole new field with lots of promise? Don't miss this session!
Physical AI is about bringing together all the amazing breakthroughs (yes, like large language models) into the fields of robotics and embedded systems. We can make autonomous robots and systems that can generate their own movement instructions and evolve, without having to painstakingly define all the complex code or even tiny physics-engine implementations to get going.
But first - we need to build actual robots! As someone coming from the data science field - this may sound like a bit of a leap.
However, with a "I'm sure it can't be that hard" attitude, a bunch of electronics components, and an uncontainable enthusiasm - I set out to do just that.
I will share the story of building my own Robot Arm from 0 to an incrementally more complex prototype, and how I started giving it some "AI superpowers", and what's next in this exciting field!
How to Attract & Retain in a fast moving environment
Kent Frederiksen · Vice President Reward, The LEGO Group
In this session we will dive into some of the global demographical changes and how it could impact ability to attract & retain talent.
The session will then explore how the LEGO Group is navigating these changes and what other companies could be focusing on to mitigate.
How to mess up JWT's - a practitioner's guide
Wekoslav Stefanovski · Head Of Development, Sourcico
JSON Web Tokens are everywhere - you are using a bunch of them right now. It's such a common technology, yet, it's very easy to get them wrong. In this session, we get to the nitty gritty of JWT's - what they are, how they work, and how to make sure that we haven't made an app that just waits to be hacked.
How to Pitch Innovation to Your CEO
Linda Stauffenberg · Strategic Advisor, Changemaker Coach & Co-Founder, Experience One AG, Markus Stauffenberg · Co-Founder, Experience One
Many innovations never make it to implementation. Storytelling skills and the right pitch can change that. Successful changemakers know this. As soon as they take responsibility for an innovation or transformation, creating a pitch is one of the first tasks they tackle. CEOs no longer just expect good execution of strategy. They are looking for convincing pitches with powerful stories and well-founded arguments. Whether it's for technology, CX, organizational or culture initiatives, successful pitches are based on the same principles and building blocks used by top changemakers in corporations, startups and politics alike. This universal framework for “How to Pitch Innovation like a Changemaker” can be learned in this workshop. As a proven approach, it has enabled numerous future makers to master communicative challenges.
Through real-life examples, Linda and Markus will give insights into tech storytelling, and compelling pitches to CEOs.
How to read code (properly)
Anja Kunkel · Principal Software Engineer, Enpal
Why are we always complaining about old code? Why are we rarely happy when digging into old stuff, especially old code by other people?
It is very tempting to believe that you can easily do it better than that. And that you can improve the situation by rewriting code. By making stuff simpler. In the first park of this talk, I will dive into why we believe this. Expect some insights into psychology and into how our brains work :)
Second part: Why we are wrong, most of the times. Again, this will be about psychology and biases, about code reading and about the IT as a business.
In-depth .NET Azure Functions: Isolated mode, performance and durable AI agents
Stas Lebedenko · Cloud Architect, Eficode
Azure functions are fun and still evolving fast, so this talk will bring you an in-depth review of the latest updates, including the performance of functions in Isolated mode, along with native integration with Microsft Agent Framework.
Key-topics
- Isolated mode performance analysis with different compute configs and load testing results of .NET functions
- Isolated process nuances and challenges at scale
- .NET and platform optimizations for .NET Functions and AoT compilation
- Durable functions as orchestration backbone for Microsoft Agent Framework
Join this talk to learn about the nitty-gritty details of building advanced Azure Functions apps, see a lot of code, and encounter possible issues.
Instant KAI Sandboxes with vCluster: Multi-Tenant, Multi-Scheduler GPU Sharing
Piotr Zaniewski · Head of Engineering Enablement, vCluster Labs
Kubernetes offers many ways to share GPUs, but a single, cluster-wide scheduler often forces trade-offs between utilization, stability, and team autonomy. This talk shows how vCluster makes the NVIDIA Kubernetes AI Scheduler (KAI) run as an opt-in service for each tenant—so platform teams can raise GPU density while keeping operations predictable.
What We’ll Cover
Problem statement – why mixed workloads leave GPUs under-used and complicate on-call.
vCluster fundamentals – lightweight control planes that isolate scheduling logic, not hardware.
KAI at a glance – fractional GPU allocation, gang queues, topology awareness.
Live demonstration – two vClusters on one host
Key Takeaways
A reproducible pattern for running different schedulers side-by-side.
Practical steps to increase GPU utilisation without adding more clusters.
An isolation model that lets teams experiment safely.
Is AIOps the Future of IT Operations? Real Use Cases from the Trenches
Carlos Sanchez · Principal Scientist, Adobe
AIOps isn't just a buzzword; it's a fundamental shift in how we manage the complex systems that power modern digital businesses. It provides the intelligence and automation required to manage the dynamic and complex systems that underpin modern digital businesses.
This session will showcase concrete use cases and lessons learned at Adobe. We will cover some of them, including:
* Using AIOps to drive continuous improvement and innovation
* Harnessing the power of LLMs to diagnose issues and reduce human effort
* Building AI agents to automate tasks ie. during on-call to reduce MTTR
Attendees will leave with a clear understanding of how AIOps can help their organizations achieve their transformation and automation goals based on real use cases.
It's Not Vibe Coding If You Know What You're Doing
Jeff Blankenburg · Principal Developer Advocate, Dynatrace
We've all heard stories about how people are using AI to create entire software projects, and in every case, I had nothing but skepticism and doubt.
Until I tried it.
Let me show you how I build collectyourcards.com, from the ground up, in less than two weeks, without writing a single line of code. We will talk about effective prompting, toolsets, and the do's and don'ts of coding with AI.
JSX to Live Activity: The Story of Voltra
Szymon Chmal · React Native Expert, Callstack
What if you could ship native iOS Live Activities and Dynamic Island experiences without writing a single line of Swift? This talk tells the story of Voltra, a library born from a viral tweet and a collaboration between Saul Sharma and Callstack to bridge the gap between React and native iOS extensions. We'll go behind the scenes of building a custom React renderer from scratch to translate JSX into SwiftUI primitives, bypassing the traditional "Swift wall." You will learn how we tackled the extreme technical constraints of the platform: from the tiny 4KB data limit to server-side driven UI that doesn't require a pre-shipped implementation. Join us for a deep dive into Voltra's architecture and learn how you can start shipping React to a brand-new platform today.
Keeping Your AI Software Supply Chains Sovereign in the Age of Commercial Open Source
Franz Kiraly · Director, German Center for Open Source AI
With the AI revolution at full speed, and increasingly fragmented geopolitics, organizations face a growing pressure to maintain control of their AI software supply chain.
This talk explores what “sovereignty” means in the context of modern AI usage - where dependencies are mostly open source, can span hundreds if not thousands of upstream projects or services, frequently governed by US based, venture-backed companies, often covertly, and with and end game to lock in and then exploit their unsuspecting customers.
Risk patterns will be discussed, including prototypical examples, illustrated by recent case studies: hyperscaler takeovers of open source such as of RedHat Linux (now an IBM subsidiary); radical license shifts, such as for MinIO, the S3 library; service license risks such as the “auto-accept” terms and conditions of Anaconda Inc services; and common pitfalls arising from multiple applicable licenses when using large language model packages.
We will also discuss common misconceptions – and concomitant pitfalls – In the AI space: for instance, to consider only the “model” supply chain - pipeline data-weights-inference – and not the supply chain of software packages or services; or, looking only at licenses of a supply chain element and not its governance or ownership – the key risk factor for a change of license, or of usage conditions.
The presentation will be complemented by advice for decoding (and countering) common lobbyist or vendor speak, which is often intentionally pushing misconceptions and common confusions to decision makers.
Attendees will leave with new insights about, and an actionable framework for, evaluating trustworthiness and sovereignty of their AI software supply chains, to ensure their software remains secure, auditable, under their control, and/or Europe based.
Leading with Reliability: Applying SRE Principles to Build Stronger Engineering Organizations
Service Reliability Engineering (SRE) has long been the discipline responsible for keeping complex systems healthy, resilient, and predictable under pressure. But the real power of SRE lies not just in the tools, dashboards, or operational frameworks—it lies in its philosophy: focusing on what matters most, measuring the right things, and making intentional trade-offs.
As engineering leaders, we can apply these principles far beyond production environments. This talk explores how core SRE concepts can become high-leverage leadership tools for shaping team culture, guiding prioritization, and driving meaningful business outcomes.
We begin with service criticality, expanding the traditional technical lens to view the entire end-to-end customer journey. Instead of assessing components in isolation, we’ll explore how to map dependencies across teams and systems to surface the true bottlenecks and organizational weak points that impact users.
We’ll look at Service-Level Indicators (SLIs) and reinterpret them at the business level. What does “reliability” mean when framed through customer expectations rather than CPU metrics? We will see how engineering leaders define measurable signals that reflect whether the product is delivering on its intended value.
Next, we’ll dig into Service-Level Objectives (SLOs)—not as uptime percentages, but as promises to customers. We'll discuss how leaders can craft SLOs that articulate what “good enough” looks like for the business, and how these objectives guide healthier conversations around trade-offs, investment, and risk.
Finally, we’ll explore error budgets as a strategic leadership mechanism. Error budgets offer a structured way to balance innovation and stability, negotiate between delivery teams and product, and make aligned decisions about when to push forward and when to fix foundational issues.
Lessons learned after 6.7T events through PostgreSQL queues
Many organizations reach for specialized streaming systems like Apache Kafka for high-throughput event processing. But is it always the best choice? What if you choose PostgreSQL instead. This talk chronicles six years of battle-tested lessons learned while scaling PostgreSQL from a simple queue to a system processing 100,000 events per second, and delivering total 6.7T events. Learn about the specific configuration values, query patterns, and architectural decisions that enabled PostgreSQL to compete with and often outperform dedicated messaging systems, while providing the operational simplicity and transactional guarantees that only PostgreSQL can offer.
Let’s Talk Quality!
Lilia Gargouri · Board Member and Head of QA, German Testing Board
Quality in software development is a team effort—and it starts with how we communicate and understand each other. This talk highlights why effective collaboration depends on mastering several different “languages” within a project: the language of the business domain, the technical language of tools and frameworks, the shared terminology of quality, requirements, and architecture, and the interpersonal skills that enable clear thinking and clear communication.
We will examine why teams can only assure and test the quality they have explicitly defined, and why focusing solely on functional tests overlooks the broader quality characteristics described in ISO 25010. The talk also provides practical guidance for common developer questions such as How do we scale testing? and When is testing good enough?
By strengthening our shared vocabulary and deepening our collective understanding, every team member—developers, DevOps, team leads, and project managers—can contribute meaningfully to the quality of the final product.
Linux (Pseudo)Filesystems: The Hidden Backbone of Cloud Native
Daniel Drack · Senior DevOps Engineer, FullStackS
Ever wondered what’s really going on under the hood of your containers or nodes?
Linux (pseudo)filesystems like procfs (/proc), sysfs (/sys), cgroupfs etc. quietly power the entire cloud-native world.
In this talk, we’ll explore what these filesystems actually do.. how overlayfs enables container layers,
how tmpfs keeps things fast, and why securityfs and efivarfs matter.
I'll give a brief intro in filesystems overall, then provide some deep dive info for selected pseudo-FS, their purpose and show how they make modern cloud systems tick.
Marketing x Product: How We Stopped Gaslighting Each Other and Built AI Products That Actually Work
Ariel Shulman · Chief Product Officer, Bright Data, Yanay Sela · Chief Marketing Officer, Bright Data
This is not another kumbaya keynote. This is a raw, hilarious, high-speed collision between the two teams that are either building the future of AI - or quietly sabotaging each other with Slack messages and passive-aggressive Notion comments.
Join Yanay (CMO) and Ariel (CPO) from Bright Data - the company quietly powering half the AI internet with the largest web data infrastructure on the planet - for an unfiltered, tag-team keynote about what *really* happens when product and marketing are forced to co-parent AI products at scale.
What makes this talk different (and way more fun):
- Two execs on stage, roasting each other in real-time as they unpack what it takes to ship AI + data products that actually scale, make money, and do not burn your engineering team to the ground.
- Live reenactments of our biggest launch fails (including “The Feature That Marketing Launched Before It Existed” and “The Dashboard That Needed a Decoder Ring”).
- The secret playbook we built out of desperation, including rituals, documents, and inside jokes that now hold our GTM motion together like duct tape.
- Audience interactive bits: real-time polls, “who messed up here” scenarios, and “which team said this?” call-outs.
- Actual actionable takeaways: from alignment frameworks that do not suck, to how we de-risk GTM for technical AI products, to how we turn product telemetry into marketing gold (and vice versa).
Who it is for:
PMs and engineers who are done pretending this relationship is easy - and want to steal hard-earned lessons from a team that already fought the war and lived to meme about it.
Tone:
Imagine if HBO made a series about B2B product launches. It is fast, funny, painful, and very real. Also, we promise to swear *only when necessary* and keep all graphs meme-friendly.
Mastering Software Architecture
David Tielke · Consultant, Coach and Trainer, www.David-Tielke.de
In this full-day masterclass, expert David Tielke will guide you through the foundations, tools, and real-world strategies for designing, implementing, and maintaining modern, scalable software architectures.
MCP is all you need to make an AI-agent consume your RESTful API
Nikos Delis · Founder and CEO, Aristevin
Turn any existing REST API into an AI-native backend—no frontend required. This hands-on session demonstrates how to transform a traditional API into one that works seamlessly with AI agents like GitHub Copilot using Model Context Protocol (MCP).
Starting with a completely AI-unaware REST API, we'll walk through each step of the integration process. You'll see how MCP bridges the gap between your existing backend services and LLM-powered agents, enabling direct AI-to-API communication without building traditional user interfaces.
MFA? Game over! Watch your protection collapse – live
Christoph Menzel · Head of Security Excellence, Inovex
In a digital world where passwords and multi-factor authentication are considered impenetrable defenses, reality looks quite different. Every month, millions of attacks bypass these very security mechanisms. Yet, many still believe that MFA guarantees complete security.
In this talk, I will demonstrate live how effortlessly passwords can be stolen and MFA mechanisms bypassed. And the best part? It’s free, can be set up and executed in just a few minutes, and becomes even easier with the use of AI. I will show that the biggest weakness is often not the technology itself, but the trust we place in it.
However, there are solutions. When technological advancements and human vigilance work together effectively, the attack surface for hackers shrinks significantly.
Microfrontends: Lessons Learned from Growing a Design System and Shared Libraries Across 20+ teams
Erasmo Hernandez · Senior Web UI Developer and Tech Lead, Globant
Scaling a microfrontends architecture across 20+ teams is challenging not just technically, but organizationally. In this talk, I’ll share the practical lessons learned from leading the growth of a large Design System and multiple shared libraries in a highly distributed environment. We’ll explore how to keep teams autonomous while maintaining consistency, how to evolve UI components and SDKs without breaking dozens of codebases, and which governance models actually work when hundreds of developers are contributing in parallel.
You’ll see real strategies for handling semantic versioning, coordinated releases, backward compatibility, and cross-team collaboration, as well as the pitfalls we encountered and the solutions that helped us move faster. Whether your organization is adopting microfrontends or already feeling the pain of scaling shared infrastructure, this session will give you actionable guidance to avoid bottlenecks, reduce friction, and build a healthier ecosystem. This is a talk built from real experience, real failures, and real wins designed to help you scale with confidence.
Modern Angular Architectures: SignalStore, Signal Forms, and Agentic UI
Manfred Steyer · Google Developer Expert, ANGULARarchitects.io
This interactive workshop updates your Angular skills for 2026. We build a modern, reactive architecture based on Signals and Resources, and use the new NgRx Signal Store for lean, consistent state management.
After that, we integrate the brand-new Signal Forms and develop an AI assistant that guides users through the application in a context-aware way — generating answers and dynamically providing relevant UI components.
The goal is a clear, future-proof architecture that combines Angular’s latest features in a practical and meaningful way.
MultiCloudJ - An open source cloud agnostic java SDK for multicloud development
Sandeep Pal · Principal Member of Technical Staff, Salesforce
As organizations adopt multi-cloud strategies, developers are often forced to navigate a fragmented ecosystem of vendor-specific SDKs, APIs, slowing down innovation and increasing operational complexity. This session introduces MultiCloudJ, an open-source Java SDK that unifies development across AWS, Google Cloud, Alibaba and other cloud providers through a portable, driver-based architecture.
Salesforce have a huge success with widespread adoption of MultiCloudJ as it spans it's infrastructure across AWS, GCP and Alibaba and now it's available as open-source it for the community benefit.
Dzone article for MultiCloudJ: https://dzone.com/articles/multicloudj-cloud-agnostic-applications-java
Multiple Apps, Millions of Users: Scaling React Native in Production
Milica Aleksic · Senior Software Engineer, Novium
What happens when a React Native app becomes multiple apps serving millions of users? You learn a lot, sometimes the hard way.
It started with a single mobile app. Today, multiple high-traffic products serve millions of users across Europe, all built with React Native. This talk shares the real lessons from that evolution: the architectural decisions that paid off, the performance challenges along the way, and the upgrade nightmares that had to be survived.
Expect to hear what worked, what didn't, and what should have been done differently.
My Lawyer Merged My PR: Automating OSS Compliance at Scale
Uwe Korn · CTO, QuantCo
Everyone agrees that OSS license compliance is critical, yet nobody enjoys the process. It usually involves spreadsheets, long email chains, and "shipping anxiety." We decided to treat (legal) license compliance not as a distinct administrative phase, but as a standard CI/CD failure state.
In this talk, I will demonstrate how we built a fully automated license defence line. We utilised package manager metadata to build a centralised "allow-list" enforced by CI checks across all repositories.
But the real innovation is the exception handling:
- **Get Blocked:** When a developer introduces a new license, the build fails with a direct link to our central license repository.
- **Review:** The developer opens a PR to add the new license to the allow list.
- **And Approved!** Our lawyer, whom we onboarded to GitHub, reviews the legal implications and merges the PR.
- **Instant Enablement:** The check turns green, and the code ships.
I will share the technical setup, how we cleaned up our metadata, and how integrating Legal into the Pull Request workflow eliminated "showstopper" risks and gave our engineers instant feedback. Additionally, I will also share how we handle the exceptional cases where we cannot add something to a global list.
MySQL Protocol Features You Should Be Aware Of
Daniël van Eeden · Technical Support Engineer, PingCAP
This talk goes over some less used protocol features like Connection Attributes, Query Attributes, Session Tracking and zstd compression.
These features can help you to create better integrations and applications.
Connection Attributes are somewhat more known, but many people don't know that applications can (and should) add their own information.
And where Connection Attributes are connection based, Query attributes are query based. These are useful today, but they also have the potential to help with future improvements.
And Session Tracking can really help in cases where you write to a primary and then read from a replica. This can give you the GTID from the commit so you can wait for that when reading from the replica. This could replace cases where you would now directly read from the primary to get the read-after-write behavior that you need.
And compression has been in the protocol for a long time, but this was always based on zlib. Now zstandard has entered the picture.
Native Speed, Java Comfort: Calling Rust from the JVM with Project Panama
The JVM is one of the most impressive pieces of software engineering, making Java incredibly fast for most workloads. But sometimes, "fast" isn't enough. For domains like scientific computing, AI, or processing massive volumes of text, we need to call highly-optimized native libraries written in C++ or Rust to gain a critical performance edge or access functionality not available on the JVM. For decades, this meant using the Java Native Interface (JNI)—a powerful but notoriously complex and unsafe bridge to the native world.
Enter Project Panama. With the Foreign Function & Memory (FFM) API, Java finally has a safe, supported, and elegant way to call native code, eliminating the need for brittle glue code and manual memory management. This talk puts it to the test with a classic Java challenge: the regular expression engine.
Join me for a practical, hands-on session where we will replace Java's capable but often-outperformed regex engine with Rust's highly optimized regex crate. We will walk through two implementations side-by-side: the "old way" with JNI and the "new way" with Project Panama. You will see firsthand how Panama simplifies interfacing with native code and improves safety. We'll cap it off with live benchmarks to compare the performance of both approaches against standard Java regex, helping you understand not just how to call native code, but also when it's truly worth the effort.
Never say refactoring is impossible
Andreas Kleinbichler · Engineering Manager, Admiral Technologies
In this talk I want to show possibilities for refactoring a CRUD based distributed system into an event driven architecture. I selected two scenarios that are refactored within interactive live coding sessions. First an implementation of distributed consensus, typically realized by a SAGA pattern with direct calls between the services, is transformed into an event based choreography approach. A CRUD service build on top of a relational database is evolved to an event store solution. The demonstrated development method consists of TDD and trunk based development, so that during each change the system remains fully operational and a new version is deployed with zero downtime. AI support in IDE will be used for efficient working with the technology stack C#, Java, Angular, PostgreSQL and Docker. This will be demonstrated by a locally hosted system with simulated traffic where the changes are deployed immediately.
One Color to Rule Them All: Relative CSS Colors in Practice
Mert Akca · Software Engineer, SAP
Choosing separate colors for text, borders, hover states, active states, and backgrounds is one of the most repetitive—and unnecessary—parts of frontend work. Every new component means another round of “What should the hover color be?” or “Can design give us a darker shade?” Modern CSS gives us a better way.
In this talk, we’ll explore how relative CSS colors let you generate an entire color system from a single base value. Using color-mix(), OKLCH, and custom properties, you can derive hover, active, border, and subtle background colors automatically.
I'll walk through a live‑coding demo where we build a fully interactive button using just one color token, then generate all its states directly in CSS. You’ll see how this approach improves consistency, simplifies theming, and dramatically speeds up collaboration between design and engineering.
You’ll leave with practical patterns you can drop into your design system today—and a new way of thinking about color on the web.
One year of the CO2-challenge – insights and lessons learned
Aydin Mir Mohammadi · Software Architect and CTO, bluehands
The CO2 Challenge was launched in Karlsruhe over a year ago under the umbrella of the CyberForum. IT and software companies from the region have committed to reducing their software's emissions by 40%. A lighthouse project.
Rather than being a competition, the whole thing is a challenge, with mentoring and support provided through the network. The idea is that companies will be empowered to develop and operate climate-friendly, resource-conserving software with the support of volunteer mentors. All measures and their effects are documented, resulting in a substantial repository of best practices.
Participants include large, well-known companies such as TeamViewer, Seeburger, Telemaxx and EnBW, as well as smaller product companies such as ScriptRunner and Raumobil, and service providers such as Andrena, bluehands and Navigate. Currently, more than 20 companies are participating, with new ones joining all the time.
In this talk, Aydin (initiator and co-organiser) will present the various measures being taken by individual companies and the options available for different business areas, such as products, services and infrastructure.
The session will review the campaign so far: what challenges are companies facing? What specific problems arise in practice, and how can they be solved? Who are the drivers and who are the sceptics? How can you get started, and how do you maintain momentum?
Open Source Software Licenses - A short Guide for Software Developers
Björn Stahl · Software Architect, Bechtle / AVS
Open-source software has long been an integral part of everyday development. Unfortunately, the issue of complying with licensing terms is often dismissed too quickly or not addressed at all, as it is ‘just free software/library from the internet.’ This attitude can quickly become fatal for a company if a non-compliant usage is being detected and the company is being sued. However, dealing with licensing compliance is usually less complex than one might think. In this session, there will be a brief introduction to the topic of open source, the different types of licenses, and why developers should occasionally engage with this topic. Finally, we will have a look at some typical pitfalls in the daily work of a software developer.
Out-of-Order Streaming — The Future of Web Development
Julian Burr · Senior Developer, Sonar
As the pendulum of web development swings back towards the server, streaming has become increasingly popular. Specifically, out-of-order streaming through features like Suspense, one of the magical powers behind React Server Components.
Let's build our very own simplified version to explore how it works, what problems we are trying to solve, and what this future of web development looks like.
Outclassing Frontier LLMs at Extracting Information
Etienne Bernard · CEO and Co-founder, NuMind
Accurately extracting information from documents has been a decades-old dream. Important workflows — from automated back-office processing to enterprise RAG — depend on it.
LLMs promise to fulfill this dream but currently fall short: they hallucinate information, struggle with long documents, and break down on complex layouts.
The solution: LLMs specialized in information extraction.
In this talk, I will present:
- **NuExtract** — the first LLM specialized in extracting structured information (JSON output)
- **NuMarkdown** — the first reasoning OCR LLM (RAG-ready Markdown output).
**These low-hallucination [open-source] models outclass frontier LLMs like GPT-5 and Gemini 2.5 while being orders of magnitude smaller**, enabling private usage.
I will demonstrate the abilities of these LLMs, show how to use them at scale, and discuss what’s coming next in information extraction.
Pair Programming with Generative Agents: Refactoring Legacy Android at Speed
Ahmed Tikiwa · Senior Software Engineer, Disney
We've all heard the promise of AI affecting how we code, but what does it look like in the trenches of a real-world refactor? In this talk, I walk through the transformation of "Upnext," an established Android codebase, achieved through deep collaboration with an advanced AI agent ("Antigravity").
We didn't just generate boilerplate. We tackled complex architectural shifts: migrating to Type-Safe Navigation 3, implementing Adaptive layouts with ListDetailPaneScaffold, and modernizing a broken CI/CD pipeline. I will demonstrate how agentic AI can act as a true pair programmer—debugging obscure Hilt/KSP conflicts, writing robust Fastlane scripts, and essentially "un-breaking" the build. Come see the future of workflow, where the developer directs the symphony and the AI handles the heavy lifting of modernization.
Passkeys: Truly Phishing-Resistant? Implementation and Pitfalls
Martina Kraus · Application Security Engineer, Kraus IT Consulting
Passkeys have established themselves as the standard for passwordless authentication, promising to eliminate phishing once and for all. But how secure are they really – and what do developers need to consider during implementation to keep that promise? This talk goes beyond the basics and demonstrates through live coding how to integrate Passkeys with Keycloak. We'll uncover common pitfalls and explain which configurations are critical to ensure true phishing resistance. Practical examples and concrete code demos will help you integrate Passkeys securely and user-friendly into your own applications.
Photonic Computing: Programming a New Class of AI Accelerators (incl. Live Coding)
Leon Varga · Senior Software Developer, Q.ANT, Utz Bacher · Vice President Software, Q.ANT
Photonic computing is an emerging compute paradigm benefitting AI workloads that are increasingly constrained by the physical limits of classical digital hardware. By performing basic mathematical operations natively with light, photonic accelerators offer new approaches to efficiency and scalability for AI and high-performance computing.
This deep dive session provides a practical introduction to photonic computing from a developer’s perspective. We start by explaining the core principles behind photonic computation and how they differ from classical digital computing. The session then focuses on the architecture of Q.ANT’s photonic co-processor and its integration in standard x86 systems.
Beyond theory, the talk explores how developers program such hardware. We will walk through the Q.ANT software stack, explain how workloads are mapped to photonic accelerators and demonstrate a concrete programming example in a live coding session.
The goal of this talk is to give developers an understanding of photonic computing, show what is already possible today and outline how they can start experimenting with this technology themselves.
Playing Pong on a shoulder press machine
Daniel Meilak · Senior Software Engineer, EGYM
What happens when you give a group of engineers a motor-controlled, high-tech strength machine and 24 hours of "Hack Day" freedom? You get a 300kg game of Pong.
In this session, we take you behind the scenes of EGYM’s ecosystem to show how we connect serious sports science and arcade nostalgia. We’ll walk you through the hardware and software stack of our Smart Strength machines, proving that with the right firmware and a bit of C++, any gym floor can become a playground.
What We’ll Cover:
- The anatomy of an EGYM Strength machine: a short introduction of our hardware, what makes a machine "smart" and how it differs from normal gym equipment
- Building the Frontend: using C++ and Qt to build a functional game UI
- The hardware part: we’ll explain how we utilize firmware-controlled motors to map lever positions to paddle movement, and how we use variable torque to create a customised feel
- Networking the gyms: a look at how our machines communicate with each other and our core backend to enable real-time, head-to-head multiplayer
- How to deploy: from a "buggy" demo to a polished release. showing our CI/CD pipeline, demonstrating how we push updates to machines in the field and swap GUIs on the fly (live coding/demo effect there)
- Beyond the hackdays: our journey to production, using Pong as an example, including the vital roles of testing, sports science validation, and fleet monitoring
A live (or simulated - if we cannot get an EGYM machine on the floor) head-to-head Pong battle. We’ll demonstrate real-time updates of a machine by "patching" the game mid-talk to show how agile development works when the receiving end of a build is a heavy-duty fitness machine.
Playing with types: An experimental structural type system for Kotlin
Merlin Pahic · Staff Software Engineer, EIDU
Kotlin's powerful static type system is based on nominal typing – let's explore how we might implement structural typing by leveraging Kotlin and the Gradle build system.
When comparing type systems in different languages, one of the fundamental distinctions is between nominal and structural typing.
- In nominal typing, types are considered equal when they have the same (qualified) name – Kotlin's type system is based on nominal typing.
- In structural typing, types are considered equal when they have the same structure – TypeScript is a prominent example of structural typing.
It is worth noting that some statically typed languages, like Elm, support both.
Structural typing provides some extra flexibility, as types can be deemed compatible without explicitly implementing a common interface. That way, types of the same shape defined in different, unrelated codebases can be compatible without introducing a dependency. Also, functionality that depends on the shape of a type may accept any type matching that shape, facilitating code reuse.
In this talk, we'll explore an implementation of structural typing in Kotlin – as an experiment, based on existing language features.
We'll start by considering the differences between nominal and structural typing, their pros and cons and some use cases. Then we'll look at some type theory, specifically algebraic data types (ADTs) and how they are implemented through nominal/structural typing respectively. We'll also look at how this relates to Kotlin's `typealias` feature and the implications for type safety. Finally, I will take you through an implementation of structural typing, leveraging features of the Kotlin programming language and the Gradle build system.
POC Prison: Why agentic systems never escape the lab and how to fix that in 90 days
Luise Freese · Architect, m365princess
Most organizations experimenting with agentic AI aren’t blocked by models, frameworks, or orchestration. They’re blocked by something far more basic: the everyday realities of how enterprises actually work.
Agents look brilliant in controlled demos, but the moment you try to plug them into real systems (legacy data, governance, identity, compliance, and unclear ownership) they collapse into the same pile of abandoned POCs as everything else.
My talk cuts through the hype and gets straight to the uncomfortable truth:
- why agentic systems end up as flashy prototypes instead of production tools,
- how Excel-based “data estates” quietly choke autonomy before it even starts,
- why most so-called “AI use cases” are still rule-based automation wearing an AI sticker, and
- how to build the minimal delivery backbone needed for any intelligent agent to run safely in a real enterprise.
This isn’t yet another vision talk, but the reality check most teams never get: the engineering and organizational work required to move agents from the lab into the world where the constraints are real and the stakes are even higher.
Care about getting agentic systems running rather than demoing? This session gives you the hard truths and the practical steps to finally make that possible.
Post-Quantum Cryptography: Preparing for Q-Day
Tim Schade · Software Architect, GFT Technologies
Quantum computers pose a real threat to many cryptographic systems today. Algorithms such as RSA and ECC may eventually be broken within a short amount of time — a scenario often referred to as “Q-Day.”
However, there is no need for panic. With post-quantum cryptography (PQC), standardized and quantum-resistant algorithms are already emerging. In particular, algorithms like CRYSTALS-Kyber, which are part of the latest NIST standards, are increasingly being adopted in browsers, servers, and modern protocols such as TLS and QUIC.
In this talk, I provide an accessible introduction to the foundations of quantum mechanics relevant to cryptography and explain why quantum computers threaten classical cryptographic algorithms. We take a deeper look at what Q-Day actually means in practice and how organizations can start preparing today.
Beyond the fundamentals, the talk offers a deeper technical insight into lattice-based cryptography, including the mathematical principles behind CRYSTALS-Kyber and other modern post-quantum algorithms. Using hands-on examples with OpenSSL, NGINX, and hybrid TLS configurations, I demonstrate how existing web applications can be gradually adapted for the post-quantum era.
Practical tips for keeping your C# code base clean
Dennis Doomen · Principal Consultant, Aviva Solutions
As soon as a codebase grows to a certain point, almost every team struggles to keep that codebase under control. Coding conventions are no longer followed, code reviews become superficial, refactoring doesn't happen as often as it should, and developers lose sight of the original architecture. Fortunately our toolbox contains quite some tools to help you with this, and next to that there are plenty of practices and learnings to help structure your code in more functional manner.
As my day job is to help development teams get their existing architecture, code bases, deployment pipelines and quality to a higher level, I've accumulated tons of practical tips and tricks to gradually improve all of the above. So join my talk and hear all my secrets first-hand.
Production AI Is a Systems Problem: How ML Breaks at Scale and How to Prevent It
Anaëlle Sikich · ML / AI Engineer, Microsoft Gaming
Machine learning systems rarely fail because of bad models. They fail because they are treated as isolated components instead of what they really are: distributed systems.
In this talk, we’ll look at production AI through a systems engineering lens. We’ll explore the failure modes that only appear once ML systems are deployed at scale—partial outages, data inconsistencies, version skew, silent performance regressions, and feedback loops that break assumptions over time.
Drawing on real-world production patterns (presented in a generalized and anonymized way), I’ll show how applying classic distributed systems principles—such as graceful degradation, backpressure, observability, and clear contracts—can dramatically improve the reliability and maintainability of AI systems.
This session focuses less on model architecture and more on how ML systems interact with data pipelines, APIs, infrastructure, and downstream services. Attendees will leave with a practical mental model for designing, operating, and scaling AI systems that survive real-world conditions, not just demos.
Programming with Contracts in C++26
Peter Bindels · Staff Software Engineer, TomTom
C++26 adds contracts, a construct known from Design-by-Contract. In this session we will take a practical look at what they are, how to use them, what they can do now, and what lies in its near and far future.
Prompt Engineering Your Career: AI Agents for Tech Interview Prep
Preparing for technical interviews has become increasingly complex: fast-changing tech stacks, competitive job markets, and limited time to prepare.
In this talk, I’ll show how AI agents can act as a personalized career coach, helping developers prepare strategically for interviews and increase their chances of landing a dream job. We’ll walk through a step-by-step, agent-driven process:
1. Engineer the right query – defining the target role, required skills, and interview expectations
2. Analyze the job market – identifying in-demand skills and aligning preparation with current hiring trends
3. Set a realistic timeline – creating a structured preparation plan based on experience and goals
4. Curate learning resources – using AI agents to gather, prioritize, and adapt resources for coding, system design, and behavioral interviews
Quantum Computing - How Does It Work, How Will it Affect Us and When?
John Fletcher · Staff Engineer, codecentric AG, Lorenzo Petricone · Fullstack Developer, codecentric AG
Quantum Computing is rapidly moving from theoretical possibility to reality, and is likely to soon majorly affect software development and society. Ignoring it is no longer a sensible option.
In this talk, we’ll explain the basics of quantum mechanics, and how its core principles - superposition, entanglement, and quantum gates - are leveraged by quantum computers. We’ll see which complex problems (like simulation, optimization, and potentially disrupting cybersecurity) they are uniquely suited to solve, because they aren't a magic bullet for every task.
How are big tech players and startups investing in the space? What real-world applications already exist, when will it hit the mainstream, and does China really do quantum encryption in space? Lastly, how can we prepare for a quantum-enabled future?
An overview of the latest technological developments in Quantum Computing and with it the new possibilities for introducing quantum computing in the industrial automation field. This session outlines the key technological developments of the last year that bring forth the real possibilities of using quantum computing in industrial production processes. Furthermore it highlights the key areas where quantum computing may be successfully used in this field and what are the key technical aspects to be taken into consideration. Finally, it showcases a currently pursued practical use-case of developing quantum optimization algorithms for industrial chemical production using the Qrisp - powered by Eclipse high-level programming language.
Rate-limiting using eBPF: How to protect your SaaS customers from themselves
Jan Mensch · Software Developer, ClickHouse
Do you offer a SaaS product? Is your entire infrastructure protected behind a couple of reverse proxies, which got overloaded because one customer decided to "stress test your service" by opening tens of thousands of connections per second? Then this talk is for you!
This presentation covers rate limiting at ClickHouse Cloud, makers of the open source database of the same name. We'll discuss how to cut off connections at L3 using eBPF before they overwhelm your proxies, and how to monitor rate limiting in production. You'll learn how we guess which customer is the (accidental) bad actor even though our rate limiting never parses the TLS SNI header that would tell us which customer instance is being hit.
Rebase -AI
Scott Chacon · CEO and Founder, GitButler
As AI powered generative coding is becoming more popular with tools like Copilot agent, Claude Code and Cursor, there are increasingly interesting challenges to manage the code created in your Git repositories. This talk will show a few approaches to teaching these agents how to commit with good commit messages (why rather than what), amending, squashing and rebasing strategies and challenges, forge management and more.
We will look at several of the git-related MCP servers available, show how I've developed tooling to help with my process and explore what can be done in both Git and MCP to improve the process even more.
Refactoring in the Age of AI
Dominik Srednicki · Principal Architect, SAP
AI coding assistants write impressive code. They also destroy carefully balanced codebases the moment you ask them to refactor.
Ask Copilot to extract a method. Watch it miss three call sites. Ask Claude to rename a class. Watch it break imports across 12 files. Ask Cline to simplify a conditional. Watch your tests fail in ways you didn't know were possible.
The problem isn't that AI is stupid. It's that refactoring requires something AI assistants don't have: state, sequences, and safety nets.
Martin Fowler wrote the refactoring playbook 25 years ago. It assumed humans would execute it. What happens when machines try?
This talk explores the collision between classical refactoring wisdom and modern AI capabilities. We'll dissect why AI assistants fail at refactoring, demonstrate patterns that actually work, and show how to build workflow layers that make AI-assisted refactoring safe and predictable.
Repository as Network: Visualizing Collaboration in git
Dmitry Yanter · Director Technology, Data and Innovation, Deutsche Bank
Your repo holds more than code—it evidences collaboration.
Repositories can reveal patterns of ownership, and shared responsibility. Using data-driven methods, we’ll explore visualizations of developer networks, highlighting where collaboration thrives and breaks down. After this session, you will be introduced to artifact-based method of quantifing collaboration, identifying issue and strategies to address them.
Rest API Antipatterns
Wekoslav Stefanovski · Head Of Development, Sourcico
Every API is a story of two developers, one who creates and one who consumes the API. There are API's that are very easy and intuitive for both of them. This talk is not about those API's.
This is a talk about those other API's - where best intentions result with unusable and maintainable messes. We will take a look from both sides to analyze and hopefully avoid those pitfalls that await us.
REST In Peace: Why LLMs Can't CRUD
Speakers TBA
The emergence of LLM-powered agents represents a fundamental shift in how software systems interact. Traditional REST APIs, designed for human-driven applications, create friction when AI agents attempt to orchestrate complex workflows across traditional downstream system. This sesssion explores the architectural evolution from resource-based to intent-based APIs, examining why current API paradigms fail at agent orchestration and what we must build instead.
We'll dive deep into the technical challenges LLMs face when navigating CRUD operations, the cognitive overhead of translating high-level intent into dozens of low-level API calls, and the brittleness introduced by rigid resource schemas. You'll learn how intent-based APIs abstract away implementation details, enabling agents to express goals rather than methods. Discover how MCP (Model Context Protocol) servers can host these next-gen APIs, creating standardized agent-to-system and agent-to-agent interfaces.
REST, GraphQL, gRPC, and more: A comparison of modern API styles
Florian Bader · CEO, Lunaris Digital Solutions
The API landscape is diverse: REST, GraphQL, OData, gRPC, WebSockets, server-sent events, and more. This presentation will demonstrate live the advantages and disadvantages of each approach and when each style is appropriate. You will learn whether it makes sense to provide several in parallel and how common logic can be used across different interfaces. Practical examples with ASP.NET Core will show you the concepts in action. By the end, you will know which API strategy suits your project and how you can switch flexibly between the options.
Robots Among us: Advances in AI for Everyday Androids
Robotics is transitioning from factory floors to our everyday lives, particularly through humanoid robots. This session features a live demonstration of our Unitree G1 android, exploring how advances in AI using Robotic Foundational Models, increasing data availability, and advanced hardware are transforming science fiction into reality.
The session begins with an overview of robotics. Next, robot training is examined, demonstrating how integrated hardware and software bridge the gap between simulation and real-world deployment. Finally, Vision-Language-Action (VLA) models are explored for enabling meaningful human-robot interaction and future applications.
Rules, Heuristics, or LLMs? Lessons from Solving the Same Problem Twice
Artur Naumenko · Senior Software Engineer, Softeta
Not every problem needs an LLM. But at the same time some problems are asking for LLMs as the solution. So, when to choose which?
I ran into this while working on a subjective text transformation problem. It’s hard to specify and hard to test. That made it into a brilliant grey zone. When the answer to the regular regular question "can it be done without LLM" is "yes, but...".
To understand the trade-offs, I built two solutions to the same problem. Both of them produce similar result, they just work in a very different way.
One is a "just code and math": rule-based stochastic system using Markov chains, edit-distance mutations and so on. The other is a LoRA fine tuned LLM trained on the examples.
In this talk, I'll share what I learned, so that you could build just one system, instead of two:
Where deterministic models offer better control
Where LLMs produce more natural results
How the results are different
Maintenance cost
As the problems sits in a grey zone and hard to properly measure, I will show a result of blind comparison between rule-based output and LLM output to determine whether LLM solution was necessary or overkill.
This is not a tutorial or an AI demo. You’ll leave with a practical way to understand and decide when the problem is LLM-worthy and when to stick to the good old code and algorithms.
It's a case study on how over-engineering once on purpose can save future effort and resources.
Rust in the Real World: Adoption, Migration, and Tradeoffs
Vitaly Bragilevsky · Head of Rust Ecosystem, JetBrains
An overview of how Rust is adopted in real engineering organizations, covering common adoption paths, migration strategies, and typical challenges teams face. The session examines the benefits Rust brings in production, the tradeoffs involved, and practical criteria for deciding where Rust is an appropriate choice and where it is not.
Rust Is Easy – Things I would have liked to know before I’d started learning Rust
Goetz Markgraf · Senior Consultant, codecentric
Rust isn’t difficult, it's just different.
Stop fearing the language everyone loves. For nearly a decade, Rust has been the most admired language on the Stack Overflow Developer Survey, but many developers still see its learning curve as a brick wall. This talk argues that Rust isn’t difficult—it's just a unique language that replaces runtime complexity with compile-time discipline.
We'll demystify the core concepts that make Rust a powerhouse, eliminating over 70% of security bugs that plague C/C++ projects due to memory mismanagement, and showing you how this shift to "conscious programming" results in smaller, safer, and faster applications.
At the heart of Rust's philosophy is the concept of Ownership and Borrows, a unique form of automatic memory management handled entirely at compile time. Forget the performance drag of garbage collection or the peril of manual allocation; in Rust, data is treated like a physical object that can only have one owner. We’ll walk through the simple, yet profound, rules of moving, transferring, and referencing data. You'll learn how to work with, not against, the Borrow Checker to build high-performance code, paving the way for pain-free concurrent and asynchronous programming.
But safety isn't just about memory—it's about never lying to the programmer. Rust's strict approach to Error Handling forces developers to acknowledge and manage every possible failure, eliminating the "billion-dollar mistake" of null references.
By the end of this session, you will understand why the Rust community proudly claims: “If it compiles, it works.”
Rust on Robots: Hands-on Embedded Rust on STM32
Robert Jeutter · Software Architect, CORPULS
Rust is fast, modern, and great at catching typical embedded mistakes early—exactly what you want on real robots. In this hands-on workshop we’ll start with a short, practical Rust introduction and then move directly into exercises: writing Rust, solving small tasks, and finally flashing and testing code on an STM32.
The focus is not “Rust theory”, but a smooth path from “I can program” to “I can build and run firmware in Rust”. We’ll cover the mental model you need for embedded Rust (ownership in practice, safe APIs, error handling), and how this translates into robust robot code.
You’ll work in pairs or small groups, with guided steps, short challenges, and a working reference project you can take home. Ideal for RoboCup and robotics enthusiasts from education and industry who want to try Rust as a tool for reliable embedded development.
Scaling GraphRAG: Efficient Knowledge Retrieval for AI
Guy Korland · CEO, FalkorDB
This talk focuses on GraphRAG, an advanced Retrieval-Augmented Generation method that represents knowledge as interconnected nodes. We'll get into its architecture, implementation challenges, and performance gains in multi-hop reasoning tasks. Learn how GraphRAG is transforming knowledge management for large language models, improving accuracy and coherence in complex inference scenarios.
The talk is ideal for AI engineers, ML researchers, and developers working on knowledge-intensive NLP tasks, chatbots, question-answering systems, or any application requiring complex reasoning and factual accuracy from LLMs.
Self-service Quality: QA Without QA
Ondřej Gróf · Senior QA Engineer, Canva
As of tomorrow, teams will not need QA engineers.
Sounds crazy? That is precisely what we are building at Canva.
AI changed the game overnight. Development teams were shipping faster than ever, and QA needed to adapt. We flipped the script. Instead of teams waiting for us, we empowered them to completely own quality through our self-service approach.
To achieve this, we built AI tools that support key parts of the QA process: test plans, test generation, a test parties assistant, and more. Teams gained what they needed without the wait, while quality signals and indicators ensure they remain relentless about quality standards.
But what about QAs? They no longer test. We shifted our focus to exploring new frontiers and enabling quality across the organization, thereby significantly increasing the impact of our work given the rapid pace of change.
I will walk you through our transformation journey: the practical tooling approaches we adopted, how we adapted our QA processes to facilitate this change, the key breakthrough moments that made it work, and why this shift is critical now.
Serverless: Hype vs. Reality - Debunking the Most Common Myths
Emiliano Della Casa · Software Architect, Independent
Nowadays Serverless is everywhere, and it's often pitched as a silver bullet: lower costs, no infrastructure to manage, infinite scalability. But how much of that holds up? In this talk, I’ll try to cut through the noise and debunk some of the most common myths around serverless—like the idea of zero operational overhead, unavoidable vendor lock-in, performance limitations, and unpredictable costs. No buzzwords, just real-world experience, concrete pros and cons, and some honest advice on when a serverless architecture makes sense—and when it doesn’t. The goal? To help you navigate this fast-moving space with a practical and down-to-earth perspective
Shall we play a Game? LLM Security in Practice
Joseph Katsioloudes · Senior Developer Advocate, GitHub
Artificial Intelligence (AI) is no longer a futuristic concept. It's embedded in the systems we use daily. At the core of these innovations are Large Language Models (LLMs). These LLMs can unlock new capabilities but can also introduce novel security challenges due to their non-deterministic behavior and autonomous outputs, causing issues like data leakage and unintended model behavior from attacks such as prompt injection.
This workshop equips participants with the skills they need to build secure LLM-based applications through interactive, challenge-based exercises that gamify core security concepts. Prepare to level up your understanding of LLM security in a practical and fun way.
Simple, Clean, Intuitive, and Qrisp: Quantum Linear Algebra for Developers
Quantum computers are slowly getting there. But building algorithms gate-by-gate is the "Assembly language" of quantum that simply doesn't scale for industrial applications. To build real-world software, we need high-level abstractions!
In this session, we explore how Eclipse Qrisp has evolved into a high-performance framework that lets developers move beyond circuit-level noise and focus on algorithmic logic using constructs like QuantumVariables and QuantumFloats.
The star of the show is the new BlockEncoding class in the 0.8 update. Think of it as the "quantum Numpy", or at least Numpy's cousin. We will demonstrate live on stage how to perform complex quantum linear algebra with a clean, pythonic interface:
- From Arrays to block encodings: Construct block encodings directly from standard arrays with ``.from_array(A)``, form operators with ``.from_operator(O)``, or construct your custom block encoding with ``from_lcu(unitaries, coeffs)``. Combine them effortlessly using standard matrix arithmetic (``+``, ``-``, ``*``, ``.kron()``, ...).
- Solving linear systems: We will tackle matrix inversion (solving $Ax = b$) using ``.inv(epsilon, kappa)``. This is a gateway to speedups in machine learning, fluid dynamics, and optimization.
- Hamiltonian simulation & Polynomials: Perform Hamiltonian simulation with ``.sim()`` and arbitrary polynomial transformation/filtering with ``.poly()``.
- Hardware-Ready Workflow: Move from theory to execution. We’ll show how to compile for simulators or hardware using ``.apply()`` or deterministic "Repeat-Until-Success" protocols with ``.apply_rus``.
- Quantum Resource Estimation: Track gate counts, circuit depth, and qubit usage on the fly simply by calling ``.resources``.
Whether you’re a software engineer entering the quantum domain or a researcher streamlining your workflow, this talk provides a practical roadmap for building scalable quantum applications today.
The future of Quantum Linear Algebra is here, and it's Qrisp.
Sociotechnical Architecture Reviews: Understanding Teams, Not Just Artefacts
Eberhard Wolff · Head of Architecture, SWAGLab
At first glance, software architecture appears to be a purely technical artefact. So it should be possible to review it solely as such—or should it? In reality, an architecture is the outcome of a team’s work and a response to stakeholder requirements. It therefore makes much more sense to review architecture as the product of a sociotechnical system.
This perspective shifts the emphasis from technical artefacts to the people behind them, their goals, and their interactions. Experience has shown that this approach provides a more efficient and effective way to understand architectures than many traditional review methods.
Attendees will see how sociotechnical reviews work in practice and leave with practical techniques to improve the effectiveness of their own reviews.
Software Engineering for Muggles
Theresa Heine · Software Engineer, ING
Have you ever tried to explain software engineering to someone who’s never written a line of code? It’s surprisingly hard, because unlike building a house, software projects rarely go according to plan. They end up more like… the Weasley house from Harry Potter.
What starts as a simple, sturdy home becomes an ever-expanding, slightly chaotic structure of extensions, workarounds, last-minute rooms, and “temporary” solutions that somehow end up permanent. Software engineering isn't about a single big construction project, it's an ongoing journey of planning, building, testing, and fixing. Using the Weasley house as a metaphor, I’ll explain why we’re always “renovating” (maintenance), why swapping out doors (libraries) means checking the versions of the hinges and door frames, and how, in software, we can simply “copy the whole house” to test new windows — without anyone catching a cold.
After this session you will never struggle again explaining software engineering concepts to your mum, your non technical friend, or your nephew again. Give it a try!
Solving Architectural Entropy With Runnable Diagrams
Mourjo Sen · Senior Software Engineer, Booking.com
"Software architecture does not age gracefully. Software architecture degrades in direct proportion to the number of changes made to the software"
- Architecture of Open Source Applications, Berkley DB.
This observation is painfully familiar to anyone building domain-driven systems at scale. We often begin with carefully designed microservices and a shared understanding of the domain, but as new requirements arrive, teams optimize for delivery speed and as a result, architectural shortcuts creep in. Over time, the original design intent fades and it becomes increasingly difficult to understand how it all works.
In a typical engineering discussion, complex ideas are explained using diagrams and visual cues. Architectural diagrams are a central component in today's engineers' arsenal because of this universal appeal -- whether it be a new joiner or the veteran, diagrams provide instant clarity that code alone cannot.
Unfortunately, most diagrams fall out of date as the system changes. But what if diagrams were not a documentation of a past version of the system, but were the definition of it?
Instead of merely describing interactions between microservices, Business Process Model and Notation (BPMN) uses a visual language for defining how microservices interact with one another to solve business requirements. The same diagram is understood by humans and executed by machines, creating a powerful synergy between architecture, implementation, and business intent.
By introducing an explicit orchestration layer, BPMN brings proven composition patterns. Instead of bespoke in-house implementations, a unified orchestration layer prevents domain driven services from drifting from their original design intent.
With executable diagrams, we can finally tame the problem of architectural entropy that slowly creeps in, even in well intended design. It makes the system easier to understand and faster to evolve, while bringing different factions of the organization closer.
Spec First Development: Building and Modernizing Apps with Agentic AI
Julia Kordick · Senior Software Global Black Belt, Microsoft & GitHub
Agentic AI is moving fast from hype to hands on reality. But most teams still struggle with the same questions:
- How do I prompt agents effectively?
- How do I control context and tools?
- And how do I use agentic AI in real brownfield and greenfield projects without creating chaos?
In this full day masterclass, we start by grounding participants in what they actually need to know about agentic AI. We cover practical prompting strategies, context engineering, and MCP, with a clear focus on what works in real projects. No buzzwords. No magic thinking.
Bring your own project and your own agentic AI setup. Participants can work on their own ideas or systems, or follow along with provided examples.
I will use examples with GitHub and Azure as this is my personally preferred tech stack, but the learnings and patterns apply everywhere.
From there, we go fully hands on. Using spec kit, participants work through a choose your own adventure style journey. You decide whether you start from a greenfield idea or a brownfield application. Step by step, we turn specifications into working code and cloud ready artifacts using agentic workflows.
This is not a slide heavy workshop. You will write specs, guide agents, debug outcomes, and learn where agentic AI shines and where it clearly does not.
You will leave with concrete patterns and mental models you can apply immediately in your own projects.
No prior experience with agentic AI is required.
Basic software development experience is highly recommended.
Speed up your CI/CD pipelines by caching build & runtime artifacts
Slow CI/CD pipelines delay code from reaching production and frustrate development teams. Beyond testing and compilation, a major bottleneck comes from repeatedly fetching dependencies from remote artifact repositories, a slowdown that also affects developers in their daily work.
This presentation will show how to eliminate these delays by caching build and runtime artifacts such as Docker images, NPM packages, Go modules, and even Git clones and fetches.
Since most artifact repositories deliver dependencies over HTTP, a reverse caching proxy like Varnish can dramatically accelerate artifact delivery at scale.
We’ll break down the actual HTTP requests behind docker pull, git clone, go get, and npm install, and demonstrate how Varnish can be configured to cache these assets effectively, without compromising access control or security.
We’ll also compare the power of an HTTP reverse caching proxy like Varnish to other optimization strategies such as disk caching & shallow fetches.
SSR Migration Under High Load: Real-World Lessons in Building Ultra-Fast Platforms
Edward Smyshliaiev · CTO, GR8 Tech
High traffic turns frontend decisions into scaling decisions. In this session I’ll share a migration playbook we used to modernize a high-load legacy CSR web platform while keeping delivery moving: how to identify the true causes behind slow LCP/TTI, how to fine tune SSR to keep it under 2s and comparison of modern approaches. You’ll get concrete patterns (and anti-patterns) for caching, streaming, performance budgets, and web vitals — plus a decision framework for choosing between tuning your current stack vs adopting a new one.
Stop Parsing Strings: Treating LLMs Like Type-Safe Microservices
André Behrens · Senior Solution Architect, Atos
In 2026, "vibe coding" is a technical debt trap. Sending prompts into a black box and hoping for valid JSON is no longer an acceptable engineering standard. This session introduces a shift toward Deterministic AI Architecture, treating the LLM not as a chatbot, but as a strongly-typed microservice.
We will demonstrate how to move from "prompt engineering" to "schema engineering" using PydanticAI. We’ll cover the mechanics of structured outputs, constrained decoding, and the "Self-Healing" pattern. Finally, we’ll pull back the curtain on the "Latency Tax" and the "Reasoning Lobotomy" to show when structure helps—and when it actually hinders—your model’s intelligence.
Stop Renaming Teams, Start Product Thinking: A PM's Guide to Platform-as-a-Product
Dominik Schmidle · Group Product Manager, Giant Swarm
Everyone's talking about treating platforms as products. But when your platform team is drowning in tickets, firefighting upgrades, and struggling to prove ROI, "just apply product thinking" sounds like advice from someone who's never run a platform. And let's be honest: slapping a "Product Owner" title on someone and renaming your ops team won't magically fix anything.
So what does actually work? I've spent 5 years as a Platform Product Manager figuring that out. One example: transforming an internal monitoring platform from "universally avoided" to revenue-generating in 1.5 years—now serving 150+ Kubernetes clusters. The shift isn't magic. It starts with asking better questions about who your users really are, what value looks like, and how to prioritize when everything feels urgent.
In this talk, I'll share a framework that helped me make that shift—moving from thinking about technical components to understanding your actual platform users. You'll learn how to visualize what your platform really is and derive value metrics that prove impact beyond "uptime" and "tickets closed."
Whether you're a platform engineer curious about product thinking, or a team lead trying to escape the "internal service desk" trap, you'll leave with practical starting points to treat your platform as a product—for real.
Stop using Node.js like in 2020! What changed and what you can do today with Node.js
Alfonso Graziano · AI Tech Lead, Nearform
Remember Node.js in 2020? It worked, but you needed countless dependencies to get anything done. Fast forward to 2026 and Node has completely transformed. It’s faster, more capable, and packed with modern features that make it feel like a brand-new runtime.
Imagine going through every changelog from the past six years and condensing it all into one talk. From the native test runner and permission model to built-in TypeScript support and beyond, we’ll explore everything you can now do out of the box. Stop writing Node.js like it’s 2020 and discover what the modern runtime can truly achieve today.
Strategies for Efficient Log Management in Large-Scale Kubernetes Clusters
Aliaksandr Valialkin · Co-founder, CEO and CTO, VictoriaMetrics
Large Kubernetes clusters can generate significant volumes of logs, especially when housing thousands of running pods. This may demand substantial CPU, RAM, disk IO, and disk space for storing and querying large log volumes. In this talk, we will look into different strategies of storing those logs in ElasticSearch, Grafana Loki and VictoriaLogs and examine how we can save 10x or more on infrastructure costs.
This talk presents real-world examples of efficient log management in large-scale Kubernetes clusters. It includes setup demonstrations, numerical data, and graphical representations from reproducible benchmarks.
Structured Concurrency in Practice: CoroutineScope vs StructuredTaskScope
Filip Egeric · Senior Software Engineer, Clue
Structured concurrency is a familiar concept to Kotlin developers, and CoroutineScope has long been the go-to tool for managing lifecycles and structuring asynchronous code in a safe, predictable way. But now, the Java ecosystem is stepping up: Java’s new StructuredTaskScope API brings structured concurrency concepts natively to the platform, and it’s capturing a lot of attention with its promise of clarity and safety in concurrent programming.
Since Kotlin and Java work very well together, we'll see how we can use this new API from Kotlin and how it's better or worse from the already known CoroutineScope API.
We’ll explore real-world use cases that require structured concurrency, then take a deep dive into both CoroutineScope and StructuredTaskScope. We’ll compare their APIs, features, and design philosophies.
Super scaling for the Super Bowl: How to survive 30 million users hitting your backend in 30 minutes
Irina Branovic · Tech Lead, adjoe
The Super Bowl attracts millions of viewers, and an unprecedented surge in ad traffic. One of adjoe partners secured an advertising slot, requiring us to be prepared for 30M users hitting our backend in less than an hour. We relied on load testing, application optimizations, pre-scaling and increased cloud quotas to withstand extreme loads. Learn how we scaled an ultra-resilient Golang backend to successfully handle traffic spike at one of the biggest events in the world.
Supercharge your JVM performance with Project Leyden
Ana Maria Mihalceanu · Senior Developer Advocate, Oracle
Many modern applications and tools rely on Java. Yet, their startup time and time-to-peak performance remain challenging, especially for microservices and Kubernetes workloads that require fast scaling and responsiveness. Project Leyden, an ambitious OpenJDK initiative, aims to overcome these performance bottlenecks.
In this session, Ana will show how you can take advantage of Leyden’s optimizations using Java 26 to transform the scalability and responsiveness of your application. Empower yourself with practical techniques you can apply today, along with a peek into the ongoing work inside Leyden and what that means for the performance of your Java application.
Swapping a Data Warehouse at Runtime: Zero-Downtime Migration Without Changing a Single Client
Michael O'Toole · Data Staff Engineer, Trade Republic, Max Fischer · Director Engineering, Trade Republic
Trade Republic serves 10 million with €150 billion under management. Our data warehouse handles 4 million queries daily across analytics, product features, and the ML fraud detection that protects our customers. It replicates 220 databases into a 620 TB lakehouse. It cannot go down.
Moving to an open lakehouse architecture — Apache Iceberg & bring-your-own-compute — "schedule a maintenance window" was not an option. Neither was asking hundreds of consumers — BI tools, pipelines, ML models, product services — to rewrite their connections.
The destination: decoupled storage-compute where teams choose the engine that fits their workload. Spark, Athena, DuckDB — all reading from the Iceberg. But the migration path matters as much as the destination.
Our approach: "Engy" build a protocol-compatible proxy that presents the exact wire interface of our existing warehouse. Every client connects the same way it always has. Behind that stable interface, we're free to change everything: swap compute engines, cache, add features — all invisible to consumers.
The key enabler is in-flight SQL transpilation. The proxy rewrites SQL, translates table references between catalogs, and normalises result, all in the request path. This gives us a multi-engine architecture with perfect interop.
Teams onboard without changing a driver, a connection string, or a line of code. We ship new engines and features behind the interface while production traffic is flowing — building the plane as we fly it. The interface becomes a contract that decouples the pace of infrastructure evolution from the pace of consumer adoption.
In this talk I'll walk through how we designed the Engy proxy interface for long-term stability that lets us migrate a 620 TB system query-by-query without downtime.
True to Trade Republic's engineering philosophy, the entire stack is built on open-source foundations — no vendor tooling, no proprietary middleware.
Swapping Code, Losing Memory: A JVM Deep Dive
Marco Sussitz · Senior Software Developer, Dynatrace
You’ve probably seen the option to hot swap code while debugging in your IDE, but have you ever wondered how it actually works under the hood? And more importantly, what could go wrong?
While stress testing an application that made heavy use of class reloading, I discovered a surprising issue: we were leaking memory and not just heap memory. This kicked off a deep dive into the internals of the JVM to understand what really happens when a class is reloaded.
In this talk, I’ll explain how I investigated the problem, what I learned about class representation in the JVM, and how code hot swapping really works in OpenJDK. You’ll leave with practical insights into debugging class reloading issues and a better understanding of what’s happening behind the scenes when your code changes on the fly.
Swift, Server-side, Serverless
Speakers TBA
Full-stack developers lose precious time switching between languages, tools, and deployment models. What if you could use Swift—the language you already love for iOS and macOS—to build your backend APIs and cloud processing without ever touching a server?
This demo-heavy talk reveals how to deploy Swift applications on AWS Lambda, unlocking true full-stack Swift development with serverless superpowers. You'll witness Swift code running in the cloud within the first five minutes, then dive deep into building REST APIs, handling cloud events, and processing data—all in
Swift. You'll see real code solving real problems, with minimal slides and maximum hands-on demonstration.
Whether you're a Swift developer curious about backend development, a full-stack developer seeking language consistency, or simply interested in pushing Swift beyond its traditional boundaries, you'll leave with practical knowledge to start building serverless Swift applications immediately. No virtual machines, no containers, no infrastructure headaches—just Swift code that scales automatically and charges only for actual usage.
This is Swift unleashed from device constraints, running where the cloud meets creativity.
Synthetic Insiders: The New AI Risk to Your Org
George Proorocu · IT OPS Manager Cybersecurity and Fraud, ING Bank
What happens when the attacker isn’t malware, but a “colleague”? AI is enabling scammers to deploy synthetic identities that can pass interviews with stolen identities, integrate into teams, and access internal systems at scale. In this talk, we unpack how deepfakes, LLM agents, and automation are reshaping the threat landscape, using real cases, underground techniques, and a live demo to show why trust has become the most exploited layer in modern IT architectures.
Teaching agents to pay: what devs need to know
Benjamin Smith · Senior Staff Developer Advocate, Stripe
With a global daily user base in the hundreds of millions, AI agents are rapidly becoming a primary interface for how people discover, evaluate, and purchase products. Enabling those products to be listed and paid for directly through agents opens an entirely new—and enormous—commerce channel. The Agent Commerce Protocol (ACP) and Shared Payment Tokens provide a secure framework for agent-driven commerce within Stripe’s ecosystem—without exposing payment data or sacrificing user control.
This session walks developers through the complete implementation: setting up Stripe integration, creating permission-based payment tokens, interacting with ACP endpoints, and designing trustworthy user experiences. You'll learn how to enable your agents to transact safely and predictably, handling everything from checkout flows to error scenarios and webhook events.
Teaching an LLM to review code… like a Senior Engineer!
Kesha Mykhailov · Principal Engineer, Intercom
There’s no doubt LLMs can generate plausible, working code – but can we trust them to review it? Being a helpful assistant is deeply ingrained in an LLM’s nature, but when it comes to code reviews, this works against us. What could have been a simple Pull Request approval turns into a lavish, flattering, one-page-long description of how great the code is, how extensive the test coverage is, and how brilliant the architectural choices are. No one has the time to read those reviews, and ultimately engineers stop paying attention. And even if the LLM does surface a real issue, chances are it’s going to be lost in the noise of dozens of good-to-haves and minor, irrelevant nitpicks. This is a story of how we built an LLM code review bot that behaves as a senior engineer – surfacing important, actionable violations of human-curated guidance and maximising signal-to-noise ratio.
Teaching Kubernetes Security in your Cluster
Thomas Fricke · Cloud Security Architect
The workshop shows how to teach hands on Kubernetes trainings lessons in your own cluster environment with Jupyter notebooks
Starting with the basics we extend the examples with easy scans for vulnerable configurations and network problems.
Testing AI Agents: Automated Evaluation for Chatbots & RAG Systems
Sebastian Messingfeld · Staff Engineer, Eurowings Digital
AI Agents, chatbots, and RAG systems are easy to prototype — but difficult to test reliably. Small changes to prompts, models, retrieval sources, or system instructions can silently change behavior, and classic assertions (string matching, snapshots) often fail to capture what actually matters: correctness, relevance, grounded answers, and consistent multi-turn dialogue.
In this talk, we’ll start with the common testing problems in real projects: “it worked yesterday”, hidden regressions, evaluation noise, and the challenge of aligning developers and stakeholders on what “good” means.
Then we’ll explore practical testing possibilities with evaluation frameworks like DeepEval: how to validate responses beyond keyword matching, how to structure test cases for both chatbots and retrieval-based assistants, how to define pragmatic quality gates, and how to run these checks continuously in suggests, then?
As a side topic, we’ll show how BDD/Gherkin can wrap these evaluations into human-readable scenarios (Given–When–Then), making expectations reviewable by non-developers while keeping the actual validation powered by automated evaluation metrics.
You’ll leave with a reusable blueprint for introducing automated AI evaluation into your development workflow — from local runs to CI pipelines with actionable reports.
The 2026 Talent Pivot: Essential Trends for an Evolving Workforce
The world of work is shifting faster than most organisations can adapt. Rising costs, demographic change, AI disruption and evolving employee expectations are reshaping talent strategy.
In this session, we explore why traditional, location-bound hiring models no longer work - and how leading companies are moving toward borderless, skills-first workforce strategies to stay competitive in 2026 and beyond.
The 8th Layer: Building the Open AI Stack Before It Builds You
Raffi Krikorian · CTO, Mozilla
We’ve spent decades perfecting the software stack — from LAMP to cloud-native to platform engineering. But AI is reshaping that stack in real time.
The real risk isn’t just technical debt. It’s strategic dependency.
In this lightning talk, Raffi Krikorian explores “the 8th layer” of the AI stack — the layer beyond infrastructure, models, and APIs — where incentives, governance, and control determine who actually benefits from AI.
What would a true “LAMP Stack for AI” look like? One that is open, composable, inspectable, and community-governed. One where developers aren’t just API consumers but builders of durable systems.
We’ll break down the emerging Open AI stack — from data to models to orchestration — and why openness at each layer matters for security, sovereignty, and long-term innovation.
If you’re building with AI, you’re already choosing a stack.
The question is: are you building it — or renting it?
The art and science behind evaluating AI Agents at scale
Alfonso Graziano · AI Tech Lead, Nearform
Evaluating AI Agent is a mix of science and art. Working with subject matter experts is more important than ever. New methods and best practices are emerging to evaluate these systems at scale.
In this talk we will discuss a case study of a production agent used across an entire company. We will discuss live evals, how to build a golden dataset, how to collaborate with SMEs, what worked and what didn't over a 6 months project.
We will share some of the best practices we found are working well in production contexts after investing hundreds of hours analyzing evals, building reports and iterating.
This talk is not about just the theory, we will use a real case study and we will share all the info you need to really iterate fast and build evals that matter for your use case!
The Dark Corners of Kotlin Multiplatform
Andrea Della Porta · Mobile Manager, Capgemini
Kotlin Multiplatform is powerful, flexible, and full of promise—but it’s not all smooth sailing. Behind the glossy headlines and official documentation lie subtle bugs, platform quirks, and surprising limitations that can trip up even experienced developers.
In this talk, we’ll take an honest look at the dark corners of Kotlin Multiplatform based on real-world usage. You’ll see concrete examples of things that break, don’t work as expected, or require strange workarounds—especially when working with Swift/Objective-C interop, background threading, dependency injection, or dealing with the iOS toolchain.
You’ll learn:
- What breaks and why in real apps using KMP
- Debugging tips and stack trace decoding (especially on iOS)
- Build issues, performance bottlenecks, and memory management caveats
- Workarounds that are ugly, but necessary—for now
This is not a “KMP is bad” talk. It’s a “here’s what to expect when you go beyond the tutorial” talk—ideal for anyone already using Kotlin Multiplatform or seriously considering it for production.
The day the chatbot asked for sudo
Alex Olivier · Co-founder and CPO, Cerbos
Early enterprise AI systems were mostly read-only. Chat over documents, search, and summarization. The blast radius was small. As soon as agents can take actions, issue refunds, change limits, modify data, or trigger workflows, the risk profile changes completely.
At that point, prompts and guardrails are no longer enough. You are no longer evaluating whether an answer sounds reasonable. You are responsible for justifying why an action was allowed, under audit, during an incident, or in front of a regulator.
This session introduces a practical way to secure agentic systems by drawing a hard boundary between probabilistic reasoning and deterministic execution. Instead of trusting the model to behave, every proposed action is treated as a structured intent, evaluated against explicit policy, and enforced at runtime close to the protected system.
We will walk through a reference architecture for “shift down” security, where authorization decisions live below the AI layer. The focus is on preserving developer velocity and system performance while making agent behavior reviewable, explainable, and safe to operate in production.
Attendees will leave with a clear framework for integrating AI agents into real systems without turning them into ungovernable sources of risk.
The Decisions Developers Make Without Noticing – And How to Make Them Better
Stan Bühne · Managing Director, IREB
Developers make critical decisions long before they write code — often without consciously noticing them. Decisions about scope, assumptions, constraints, quality expectations, and system boundaries shape architecture, testability, and long-term maintainability. When these decisions are unclear or implicit, even well-written code and modern tooling cannot prevent rework and costly late surprises. With AI tools increasingly supporting development, these effects are amplified rather than reduced.
This hands-on workshop looks at software development from code backwards. Instead of focusing on implementation details, it explores the upstream decisions that influence technical outcomes and developer experience. Participants examine recurring patterns from large software projects to understand how requirements, architectural intent, and value assumptions directly affect development — even when developers are not formally responsible for them.
Through guided exercises, discussion, and reflection, participants will learn to identify hidden decisions, challenge weak inputs, and make intent, constraints, and priorities explicit. The workshop focuses on what developers can realistically influence in cross-functional environments to improve decision quality, system design, and collaboration — without adding heavy processes or bureaucracy.
The Developer Workstation Blind Spot: Why Your Security Stack Can't See What Matters Most
Marcus Wermuth · VP of R&D, Safety Cybersecurity
Your security team has visibility into cloud infrastructure, endpoints, and network traffic. But what about your developers' laptops, where the code actually gets written?
In this talk, I'll break down the emerging blind spot that most security programs miss: the developer workstation.
With 60k+ VS Code extensions, 13k+ MCP servers, and AI coding tools that can access file systems and credentials, the attack surface on developer machines has exploded. Meanwhile, 35% of engineers use AI tools via personal accounts, and extension malware detections increased 4x year-over-year.
I'll cover:
- How AI-driven development created new attack vectors (prompt injection → tool invocation → IDE exploitation)
- Real examples of malicious extensions and MCP server vulnerabilities
- Why EDR and SCA aren't enough, and what's missing
- Practical approaches to gaining visibility without slowing developers down
This isn't about blocking tools or slowing adoption. It's about seeing what's actually running so you can make informed decisions.
Attendees hopefully will leave with a clear understanding of the problem and actionable steps to assess their own exposure.
The Future of Knowledge Retention: AI-Driven HR Transformation
Speakers TBA
We show how AI and intelligent automation can be used as a digital mentor and efficiency driver to significantly relieve HR burdens while systematically preserving experiential knowledge within the company for the next generation.
HR work is currently at a historic turning point. More than 50 percent of HR time is spent on administrative tasks, while a massive loss of knowledge looms by 2035 as a large share of operational specialists retire.
The Human API: Designing Organizations for Judgment, Not Just Execution
Manjuri Sinha · VP HR, Miro
Core idea:
If AI handles execution, humans become the decision layer. HR’s & Leadership's role is to design for good judgment at scale.
Human superpowers highlighted:
Ethical discernment
Decision quality
Systems thinking
Trust-building
The Internet is Dead, Long Live the Internet: Building Community in the Time of Bots
Colleen Lake · Developer Advocate, GitLab
On the internet in 2026 it's hard not to feel like all communities have been replaced with chatbots. Timelines full of AI-generated slop, comment sections that are pure spam, Discord servers with nothing but a welcome bot and tumbleweeds. The old community playbook of scale and automation isn't just ineffective anymore, it's actively working against anyone trying to build something real.
But the death of the low-effort internet is actually good news for people willing to show up. High-trust communities aren't built by bots. They're built by humans who respond personally, remember repeat contributors, share weird side projects, and stick around even when there's no conversion funnel attached.
This talk digs into dead internet theory and what it means for community teams, then gets practical: how to run forums that aren't ghost towns, how to show up consistently across spaces (even ones unrelated to your product), and where AI tools can help without killing the trust you're trying to build. Examples from building developer communities and hackathon organizations over the past decade.
Communities can still be built, as long as you're willing to be human in public.
The LLM Evolution: From Sequence Imitation to Verifiable Reasoning
Kamen Petroff · Software Developer, ATOS
For the last decade, the recipe for Artificial Intelligence was simple: more data, bigger models. By feeding neural networks the entire internet, we taught them to imitate human language with startling accuracy. But as we exhaust the world's high-quality text data, a new question arises: How do we scale intelligence when there is nothing left to imitate?
In this talk, we will trace the evolution of Language Modeling—from the early days of Word2Vec and the Transformer to the current paradigm shift led by reasoning models like OpenAI o1 and DeepSeek R1. We will debunk the "Data Wall" myth and explore how the industry is pivoting from System 1 (Imitation) to System 2 (Reasoning).
Drawing parallels to the "AlphaGo Zero" moment, we will demonstrate why the future of software development belongs to Verifiable Reasoning. We will show how shifting compute from training to inference allows models to "think" before they speak, and why Verifier’s Law allows coding agents to continue improving without the need for more human data.
This session is for any developer who wants to understand why the "AI Winter" is cancelled and how their role will evolve from writing syntax to architecting the feedback loops that guide AI reasoning.
The Migration Cookbook
Robert Lehmann · Staff Engineer, Google
Enterprise migrations are hard: The new platform is usually not quite ready yet, nobody fully knows what the old tool did, management wants everything to be done by yesterday, and your users don’t want their favorite toys taken away.
That’s why there is an entire scientific field devoted to “change management.” In this talk, we will explore how its lessons apply to the real world:
- Why are migrations so painful, and what are some common patterns?
- What are some of the proven techniques to avoid (or at least: limit) tears during migrations?
- Which technical approaches can power our wonderful migration plans?
- What are some of the policies and governance models to streamline these processes?
- How to not lose the fun while doing all of this?
Robert draws on a decade of shepherding tens of thousands of internal users from a fragmented tool landscape, through multiple sunsets and deprecations, to a unified monitoring platform at Google SRE.
The New Shiny Syndrome: How to Avoid Tech Hype Traps
Josip Stuhli · CTO, SofaScore
Microservices! Kubernetes! Serverless! NoSQL! The tech industry loves its buzzwords, but blindly following trends can lead to unnecessary complexity and wasted effort. In this talk, Josip will dissect the biggest tech hype cycles of the past decade and discuss practical frameworks for evaluating when (and when not) to adopt new tools.
The OpenTelemetry mistakes I keep seeing (and how to stop making them)
OpenTelemetry is becoming the standard for application telemetry, but bad telemetry is a natural part of the learning curve. Most teams start by turning on auto-instrumentation and figuring out what works as they go. That is fine. The problem is when the same mistakes persist: personally identifiable information leaking into traces, spans wrapping every function, happy paths instrumented in detail while errors get a single log line, and teams reaching for traces when a simple counter would do.
As a long-time OpenTelemetry maintainer and contributor, I have reviewed countless implementations where these four anti-patterns stuck around long after they should have been fixed. This talk walks through each one with real code examples, showing what goes wrong and why. Each pattern includes a before-and-after fix you can apply to your own codebase.
You will walk away knowing how to spot these mistakes sooner, choose the right signal type for each use case, and build telemetry that actually helps you debug problems.
The Private AI Platform: Why Agentic Apps Need a Private Application Platform
Oren Penso · Global field CTO Tanzu division, Broadcom
As AI moves from chat demos to “do-things” software, the platform requirements change: identity, policy, network controls, data governance, audit, and safe tool execution become mandatory. This session explains why a private application platform on private cloud is the most reliable foundation for enterprise AI—especially for agentic workflows and development assistants that touch sensitive systems. We’ll map the core platform capabilities (runtime, workload identity, secrets, supply chain, service brokering, observability, guardrails) to real AI components: model endpoints, vector stores, tool APIs, MCP servers, and skills routing. You’ll leave with a reference architecture and a pragmatic checklist to evaluate whether your current platform can safely run “full-blown” AI experiences.
The R in RAG: Why retrieval is often the weakest link (and how to fix it)
Tomek Porożyński · Staff ML Engineer, deepsense.ai
RAG is one of the most popular ways to build LLM-powered applications - combining document retrieval with text generation. In demos and carefully prepared tests, these systems work great. In production, they often disappoint. Why? Because your documents are full of domain-specific terminology, internal jargon, and acronyms that off-the-shelf embedding models simply don't understand. If retrieval returns the wrong documents, even the best LLM can't save you.
In this session, I'll show how to fine-tune an embedding model for your specific domain. We'll walk through preparing training data, running the training process, and evaluating results. You don't need thousands of examples or expensive infrastructure - in the case I'll present, 50+ training samples were enough to dramatically improve retrieval quality.
You'll leave with a practical understanding of when and how to fine-tune embedding models, and what pitfalls to watch out for along the way.
Edge AI is almost there: on smart glasses, robots, phones, kiosks… The last push it needs is semantic search over local data that still works when connectivity is weak, and when latency and privacy are non-negotiable.
On-device vector search unlocks “memory” and real-time assistance across devices: from “help me find my keys” on smart glasses, to robot task context, to anomaly logging in vertical farming, to offline support and personalization on phones and kiosks.
In this talk, I’ll show how we made that possible with Qdrant Edge: an embedded vector search engine built for the constraints of edge devices.
I’ll walk through the architecture and core engineering tradeoffs (storage layout, incremental updates, index lifecycle), and tie it together with a demo (smart glasses are mentioned here for a reason!).
The Signal Layer: What to Build When Anything Can Be Built
Lena Hall · Senior Director Developer Relations, Akamai
AI has made implementation faster, cheaper, and more widely available. That changes the real bottleneck in software.
Every team can generate code and spin up agents. The advantage moves to a different layer: knowing what is worth building, who it is for, how people will discover it, and how the product should behave once they do.
This keynote introduces the system of public signal, user intent, agent experience, distribution loops, and product judgment that helps builders decide what deserves to exist before they commit time, infrastructure, and trust to building it.
We will look at how AI changes the software lifecycle from “can we build it?” to “should this exist? When anything can be built, the most valuable builders are the ones who can read signal early and shape the right experience.
The Software Engineer 2030: From Coder To AI Orchestrator?
Patrick Schnell · Managing Director, schnell.digital
In this full-day masterclass, Patrick Schnell guides you through the transformation from routine coder to AI-savvy software architect. Learn the critical human skills machines can’t replicate, from systems thinking and specification design to ethical decision-making and multi-agent orchestration.
The Sound of Privacy – What Your Spotify Data Reveals About You
Dennis Schulz · Senior Consultant, TNG Technology Consulting, Thomas Hugle · Senior Consultant, TNG Technology Consulting
It's just a music app – but how much can one actually learn about a person when granted access to their Spotify data? In this talk, we present what we learned about our colleagues through their Spotify user data.
By leveraging the GDPR, we looked into various questions: How often do people lose or damage their phones? Where did they travel? And how regular are their sleep patterns? Alongside detailed insights into Spotify data, we provide a brief overview of the legal framework and examine how strictly other companies comply with the GDPR. While everyone in theory understands that data can hold immense power, this talk presents concrete examples – particularly given that we're dealing with what seems like just a music app.
The Sound of Your Secrets: Teaching Your Model to Spy, So You Can Learn to Defend
David vonThenen · Senior AI/ML Engineer, NetApp
Every keyboard has a sound signature. Every click and clack carries information. With deep learning and a decent microphone, that information can be weaponized. In this session, we'll explore how modern AI models can identify what you're typing just from the sound of your keyboard. Using a dataset of recorded keystrokes and an open source sound classification pipeline, we'll walk through building a model that can recover text with startling accuracy. You'll see firsthand how a few lines of Python and a trained network can turn your laptop into an acoustic fingerprint.
But this talk isn't about enabling surveillance... it's about understanding it to fight back. We'll unpack why uniform keyboard layouts and consistent typing styles make these attacks so effective, then explore real countermeasures: signal masking, password entropy, and environmental noise defenses. You'll leave with a practical understanding of how these attacks work, how to reproduce them for research or awareness, and how to harden your systems (and yourself) against them.
The two trees of React
Carl Assmann · Product Engineer, German Airforce
React encourages thinking about your UI as a tree. But there are two different trees that matter for understanding re-renders, and confusing them leads to performance problems and wasted effort. This session introduces a mental model that helps you understand the performance impact of composition and busts the React Context performance myth.
The Velocity Tax: The Hidden Cost of Unintentional Feature Alignment
Tushar Gupta · Engineering Lead, Schwarz IT
In the race to scale, many organizations adopted micro-services as a "silver bullet" for speed. But by 2026, a hidden levy has emerged: The Velocity Tax. This tax is paid every time a "simple" change in one service triggers a cascade of meetings, synchronized pull requests, and multi-team deployment war rooms. When our architectures force unintentional feature alignment, the very independence we sought becomes our biggest bottleneck.
This session pulls back the curtain on how micro-services—intended to decouple teams—often inadvertently foster tighter, more fragile coupling. We will explore the "Taxation Triggers" that turn agile development streams into a synchronized crawl, specifically focusing on how minor data schema changes can paralyze an entire release train.
What We Will Cover:
The Anatomy of a Bottleneck: A forensic deep-dive into a live architectural "deadlock" from our own environment. We’ll map how a single data field update evolved into a costly, cross-departmental coordination event.
Calculating the Tax: How to identify the invisible signs of "Feature Alignment," from exploding "sync-up" calendars to brittle CI/CD pipelines that can’t ship in isolation.
The 2026 Repeal Strategy: Concrete blueprints to reclaim your autonomy, including:
Consumer-Driven Contract Testing: Moving the cost of failure from Production to the IDE.
Defensive API Design: Implementing "Expansion and Contraction" patterns to allow services to evolve out-of-sync safely.
Strategic Consolidation: Knowing when the most profitable move is to merge services back into a "Modular Monolith" to eliminate the network tax.
Theia AI Live Demo: Air Gapped AI for Developer Tools and IDEs
Thomas Froment · Program Manager Development Tools, Eclipse Foundation
AI is rapidly becoming a default capability in developer tools, but many teams still face the same constraints: vendor lock in, limited transparency, and the inability to run AI in restricted environments.
In this session, you will see a live demo of Eclipse Theia and Theia AI, an open source platform and framework to build AI-enabled developer tools: IDEs, domain specific environments, code-centric workbenches, and cloud or desktop applications embedding editing, navigation, and automation workflows. Unlike closed solutions, Theia AI is designed to be extensible and provider-independent. You can integrate chat, completions, and agent-like workflows while keeping full control over how models are connected and what data is shared.
The demo runs in a fully air gapped setup using local LLMs only, demonstrating AI-assisted coding and navigation without sending prompts or source code to external services. We will also show how Open VSX, the Eclipse Foundation’s open source extension registry, enables distribution and reuse of extensions, turning Theia from a framework into a practical foundation for products and internal tooling.
You will leave with a clear architectural understanding of how to embed AI capabilities into developer tools that can fit both open innovation and enterprise constraints.
Resources:
https://theia-ide.org/theia-ai/
https://open-vsx.org/
There Is No Such Thing as a Fair DBaaS Benchmark
Daniel Seybold · Co-Founder, benchANT
If you’ve ever tried to benchmark a managed database, you know the frustration: same vCPU, same RAM, same PostgreSQL version — and completely different results.
Designing a “fair” DBaaS benchmark today is not just about query workloads and metrics. It’s about understanding hidden IO limits, burst credits, storage backends, noisy neighbors, throttling behavior, and pricing tiers that influence performance in ways your dashboard doesn’t show.
In this talk, we break down what “fair” actually means in practice. Should you compare systems at equal cost, equal resources, or equal performance targets? Each approach answers a different engineering question — and can lead to opposite conclusions.
Using real-world examples from benchANT benchmarking projects, we’ll show where common benchmarking assumptions fail, how cloud abstractions distort performance expectations, and why reproducibility alone doesn’t guarantee comparability.
You’ll leave with practical guidance on how to design benchmarks that reflect production reality — so you can evaluate DBaaS platforms based on engineering truth, not marketing claims.
Tour de Force: LLM Inference Optimization from Simple to Sophisticated
Christin Pohl · Global Black Belt Solution Engineer AI Infrastructure, Microsoft
Azure OpenAI and similar managed APIs are the right default for serving language models. But they don't cover every case. Maybe you need to deploy in a region where your model isn't available yet, you want to run a Qwen or Mistral variant that no provider hosts, or you've fine-tuned a model and there's simply no API to call. At that point, you're self-hosting on GPUs.
Making your GPUs go brrr is complex. Efficient LLM inference requires navigating a maze of optimization techniques each with different trade-offs. This session provides a practical journey through inference optimizations, clearly categorized by implementation effort.
We'll explore techniques across three levels:
- Model choices (start here): Model selection, quantization, smart routing
- Library-level improvements (using PyTorch-based frameworks like vLLM, SGLang, TensorRT-LLM): Continuous batching, KV-cache management
- Custom implementations: Speculative decoding with custom draft heads, disaggregated inference, fine-tuning smaller models
The session covers practical trade-offs and key metrics: time to first token, inter-token latency, and cost per token.
Whether deploying your first model or optimizing at scale, this talk delivers actionable insights into which techniques to prioritize for deeper investigation.
Trust at scale
Mike Fynes · Head of Engineering, Wolt / Doordash
As engineers we talk a lot about scale. How do I scale this service? What is our scaling runway? Do we hire more people??
The last question is critical yet is often assumed to be the easiest path to scale. This could not be more wrong. In this session you will see, based on my experiences at Wolt and Doordash, the key elements to success in a hyper-scaling organisation. Understanding how to do this has become even more critical in recent years as remote work has become the norm following the pandemic.
Join me as we explore the nature of trust, diving into what trust is, and why you should care about it. We will then figure out how you can help your teams succeed as they grow into successful trusting teams!
Trust Issues: Because Zero-Trust Isn’t Optional Anymore
Jan Peer Stöcklmair · Senior Software Engineer, Sentry
“Just ship it” doesn’t cut it anymore, everything in our stack is connected, exposed, and talking to things it probably shouldn’t. Modern applications don’t just benefit from Zero-Trust principles; they depend on them. And yet… our frontends trust too much, our backends trust too much, and our infrastructure trusts everything by default. With attacks like React2Shell emerging from seemingly harmless origins, we need to be prepared to minimize the impact of inevitable vulnerabilities.
In this talk, I break down Zero-Trust in a practical, full stack way - from the browser all the way down to the infrastructure.
The talk starts at the Frontend, where simple changes like strong CSPs, proper handling of CSRF tokens, secure cookies, and escaping strategies can prevent entire classes of attacks before they ever reach your server. Then we move into the Backend, exploring security patterns that make your services resilient even when assumptions fail, because they will. This includes approaches like mounting secrets via files instead of environment variables, enforcing permission-based API access, and more.
Finally, we zoom out to the Infrastructure layer, where Zero-Trust becomes real: mTLS for identity, distroless and unprivileged containers to shrink the attack surface, network cuts and segmentation to isolate blast zones, and other future-proof operational patterns that keep your system secure even when (not if) something goes sideways.
By the end of the talk, the audience walks away with a practical, full-stack security playbook everyone can apply immediately: from browser headers to Docker containers. Just the tools you need to build systems that don’t rely on trust, assumptions, or wishful thinking.
Zero-Trust isn’t optional anymore. But with the right patterns, it also doesn’t have to be painful.
Truth, Lies, and Probabilities: Testing AI Hallucinations
Last year, while preparing a talk, I was looking for a research paper I had read in the past but couldn’t find anymore so I decided to ask AI for help. Instead of the right paper, it generated an impressive list of academic citations. They looked convincing, but when I checked, most of them didn’t exist. Although I knew already about hallucinations, the mathematician in me immediately wanted to understand why this happens so systematically, not just occasionally, leading me into an intensive investigation and research to deeply understand how these models operate.
AI models like LLMs don’t “think” like humans, they generate outputs based on probabilities, producing the most statistically likely sequence of words. This means they can sound confident while being completely wrong. These moments, known as hallucinations, are inherent to how generative AI works and if left undetected, they can result in false information being delivered with absolute confidence. Unlike traditional software, where a defect is a deviation from expected results, hallucinations are an expected outcome of the model’s design. And that makes me think: How do we as testers detect, measure, and manage risks that are basically built into the system itself?
In this session, we’ll explore hallucinations from an intuitive, mathematical perspective, without difficult or heavy formulas, so anyone can understand why they occur. Then, we’ll explore practical methods for evaluating AI outputs, since conventional testing approaches don´t apply here. You’ll understand how to test AI hallucinations, calculate the confidence and risk of AI outputs, and explain findings effectively. We’ll explore practical takeaways like testing on ground-truth data, using adversarial prompts, and verifying outputs through cross-validation with external sources. Although mathematically it's not possible to avoid hallucinations completely, these methods allow you to estimate the rate of occurrence and reduce their impact.
Turning Engineering-Led to Product-Led Growth: Lessons from Scaling Pipedrive to 100,000+ Customers
Agur Jõgi · CTO, Pipedrive
In today’s hyper-competitive SaaS landscape, sustainable growth is no longer driven by features or technology alone. While strong engineering foundations are essential, it’s product-led growth – grounded in customer value, data, and learning – that ultimately drives adoption, retention, and expansion.
This session draws from Pipedrive’s transformation journey. Agur Jõgi, CTO of Pipedrive, shares behind-the-scenes lessons from scaling the company from a startup CRM into a global platform used by over 100,000 companies worldwide. While Pipedrive was initially product-led thanks to its founders’ deep sales expertise, the company later entered an engineering-led phase to build a strong technological foundation following its acquisition by Vista. Today, Pipedrive is transitioning into a new phase of product-led growth—powered by a mature platform, customer-oriented product development, and advanced AI capabilities.
Agur will explore:
– How product and engineering teams can move from output-driven development to outcome-driven growth by using data-driven experimentation, real-time product analytics, and workflow automation.
– How Pipedrive organizes decision-making through mission-based team structures and prioritization frameworks, and how the company combines internally built AI features with OpenAI to streamline sales workflows and support users’ daily tasks.
Attendees will gain actionable insights into how cross-functional collaboration between product, engineering, and marketing enables measurable improvements, drives adoption of key features, and supports continuous product evolution based on real-world customer behavior with concrete examples drawn directly from Pipedrive’s journey.
Two Architects, One Mission: Rethinking How Systems Talk
Integration projects fail. Not because the technology doesn't work—it almost always does. They fail because communication patterns are picked based on habit rather than need. "What did we use last time? REST? Great, let's do that again." Or worse: "What's everyone talking about right now? MCP? Let's use that everywhere." These reflexes and other influences lead to the same issue: systems that may technically function but fundamentally misunderstand the business requirements. This leads to operational problems, incorrect outcomes, scaling issues, high costs, and migration efforts.
We've spent years helping organizations untangle these messes across industries. The pattern is always the same: a mismatch between what the business needs from an interaction and what the technical implementation delivers. A synchronous call that would benefit from eventual consistency for resilience. An event stream where a simple request-response would suffice. Fire-and-forget where guaranteed delivery matters.
In this session, we'll share what usually goes wrong when teams default to familiar patterns without examining requirements. We'll take you on a tour through the landscape of communication styles—synchronous and asynchronous, commands and events, orchestration and choreography—not as abstract theory but as tools with specific trade-offs. Most importantly, we'll give you a practical framework to diagnose what your current integration scenario actually demands.
You'll leave with a decision model that starts with business intent rather than technology preference. Because the goal isn't to use Kafka everywhere—or REST everywhere—but to choose the pattern that makes your systems genuinely talk the way your business needs them to.
Type Systems You Might Not Know (But Will Love)
Veit Heller · Technologist at Large
Most devs, when confronted with types, only have to worry about "static vs dynamic". In this talk, we will demystify all those languages you’ve heard about for their weird type systems (Haskell, anyone?) as well as talk about type systems you might never have heard of, and discover why they’re awesome, useful, and solve real bugs! We’ll start with Rust’s affine ownership and Agda’s dependent types before touring a few out-there ideas.
We’ll build a solid mental model for modern production type systems as well as build a foundation for you to dive deeper into more obscure type system research if you so desire. We’ll build tiny runnable models, explore implementations, and you’ll leave with frameworks, resources, and a roadmap to go deeper, without needing a PhD.
Understanding Kubernetes in a visual way
Aurélie Vache · Developer Advocate, OVHcloud
Kubernetes has become the de-facto standard to deploy and operate containerized applications. But understanding Kubernetes can be difficult or time-consuming.
Several years ago I asked myself how I imagined the concepts of Kubernetes: a pod, a deployment, a service, a secret, a configmap, a cronjob… and then I created a new way of explaining Cloud technologies.
In the first part of the talk, I will tell you a story, I will tell you my story. How, during more than two years, I worked every evening/nights/week-end to explain Kubernetes in sketchnotes, in blog posts, videos and finally published everything (and more) in an illustrated book of more than 270 pages (with all the concepts included Debugging / Troubleshooting and Tips) and why I continue to do it.
And in the second part, I will explain Kubernetes concepts to you ... in a visual way :-).
Using LLM Agents to Automate Operational Tasks in Kubernetes
Shramish Kafle · Senior Solutions Architect, KFW Bank
Kubernetes platforms generate a continuous stream of operational tasks: log triage, event correlation, configuration drift detection, rollout validation, and failure remediation. These activities consume significant SRE and platform engineering time and require deep domain knowledge. This session shows how LLM driven agents can automate a substantial part of this workload by combining GitOps, policy evaluation, and cluster telemetry with language model reasoning.
The talk presents a practical, production aligned architecture for integrating LLM agents directly into the Kubernetes control loop. It explains how agents interpret cluster states, evaluate anomalies, propose corrective actions, and submit changes into GitOps pipelines with auditability and guardrails. Real examples include misconfiguration detection, explaining failing rollouts, guiding developers with contextual feedback, and performing controlled rollback or fix generation.
A live demo walks through a real failure scenario to illustrate how an agent analyzes signals, identifies the root cause, and produces a precise remediation plan. Emphasis is placed on reliability, validation stages, failure handling, observability hooks, and the boundaries of what should and should not be automated. Attendees leave with a repeatable blueprint for safely applying LLM automation to reduce toil while maintaining predictability and full change transparency.
Vertical Slice Architecture: Micro Frontends Across Mobile, Backend & ML
Speakers TBA
Micro frontends are often discussed in the context of web applications. But what if we extend the idea beyond UI - into mobile, backend services, and machine learning?
In this talk, I’ll present a vertical slice architecture where each feature team owns everything required to deliver business value:
- Android UI
- Kotlin Multiplatform shared domain logic
- Kotlin backend service
- Python-based ML model
- API contracts
Instead of organizing codebases by technical layers, we organize by business features. This reduces coordination overhead, increases deployment independence, and aligns teams with product outcomes.
What do we need to deliver high quality products?
Erhardt Wunderlich · Member, German Testing Board
Quality assurance is an issue for every development step and for each individual team member.
The tasks of checking are performed more effectively and efficiently if they are carried out by competent people and in structured processes.
Important questions to ask yourself are for example:
- What are the tasks involved in checking and how can they be effectively bundled?
- What are the levers and methods in the development process to support these tasks efficiently?
The aim of this workshop is to develop (based on your experience) a scheme for tasks and responsibilities as well as necessary and useful competencies, on the basis of which we are able to deliver the required quality.
What If We've Been Scaling Stream Processing Wrong All Along?
Hartmut Armbruster · Software Architect, DataFlow Academy
Your Kafka Streams application just rebalanced. Again. Your Flink checkpoint is timing out. Again.
Here's an uncomfortable truth: most stream processing applications don't operate at Uber scale. They handle thousands of events per second—complex joins, stateful aggregations, valid use cases—but nowhere near the volumes that justify the operational complexity we've accepted as normal.
Yet we pay the full distributed systems tax anyway. Repartition topics doubling network I/O. Repeated serialization burning CPU cycles. Standby replicas sitting idle. State migration or restoration during deployments. And the human cost: specialized expertise that takes years to develop, expert teams that are expensive to build and painful to lose.
We've normalized extraordinary inefficiency in the name of horizontal scalability that many applications will never need.
But rethinking stream processing in 2026 doesn't mean "just use Postgres."
In this talk, I'll share an early-stage exploration of a different approach. A framework that preserves the Kafka Streams DSL, borrows Flink's approach to exactly-once semantics, leverages Project Loom for high concurrency—and challenges a fundamental assumption that both frameworks share.
This isn't a production-ready announcement. It's an invitation to question conventional wisdom and explore what stream processing could look like when we stop distributing by default.
What is Local-first Web Development?
Alexander Opalic · Developer, Otto Payments
Users expect apps that work everywhere, even without internet. In this session you learn how to build local first applications with Vue 3 and Dexie.js that store data on the device, work offline by default, and sync when connectivity returns. You walk through the architecture decisions that make local first possible, implement reactive IndexedDB queries, and handle the tricky parts like conflict resolution and data migrations. By the end you have a mental model for building apps that put users in control of their data and never show a loading spinner again.
What’s New in Web? 2026 Edition
Christian Liebel · Software Developer, Thinktecture
Christian is a member of the World Wide Web’s architecture board, the Technical Architecture Group (TAG) of W3C. As such, he has insights into what’s going on in the web platform. In his session, you'll gain insights into the latest discussions among standards bodies, browser vendors, and web developers. And you have the opportunity to report your wishes back to the Web’s architecture board. Don't miss this opportunity to stay updated on the forefront of web technologies.
When human meets canary.
Sonja Nesic · Staff Engineer, bol
Automated canary deployments are the true power-tool in your CI/CD toolbox but with great power comes great responsibility!
We truly believed that we had the ultimate sales pitch for our engineering community when we started promoting our latest and greatest addition to our CI/CD tool box - automated canary deployments! “You can spend more time on innovation and let this shiny tool bring it to your customers in a safe and reliable way. No more postponing deployments because you’re busy or it’s a risky change. No need to be staring at dashboards or scratching your head if a rollback is needed - the tool takes care of everything for you and in doing so saves you 3h per week.” Sounds like THE dream right?
Turns out not. Even after a lot of promotion and showcasing the tool in action, the adoption was far from what we hoped for.
I’ll share why the perfect sales pitch can still prove useless when human nature and organisational culture kicks in, what we did to turn this around and how our organisation slowly but surely started its shift to a canary-first mindset.
When Humans Stop Writing Code: Rethinking Languages, Compilers, and Responsibility
Simon Auer · CEO, marqably
Writing code is no longer the bottleneck in software development. Today, we can describe what we want in natural language and (mostly) receive entire applications in a few minutes. But while tools and demos move fast, a deeper topic largely stays behind: what happens to programming languages, compilers, and responsibility when humans stop writing the code themselves?
We have all been promised, that everything will be done autonomously when AGI is here, but what about until then ... the next 3-5 years? Is your current stack/your current favorite programming language ready for real work relief professional environments?
If software is increasingly generated from intent rather than authored line-by-line, then many assumptions baked into our current languages begin to crack. Syntax stops being the primary interface. Compilers are no longer just translators. Code reviews no longer guarantee understanding. And "the AI wrote it" becomes an unacceptable answer to questions of security, correctness, and long-term maintainability.
We will explore how language design must evolve beyond syntax toward intent, constraints, and guarantees — and why this shift matters not just to developers, but especially to CTOs and tech leaders responsible for systems they may no longer fully read or write themselves. We’ll examine what responsibility means in a world of generated code, how engineering judgment changes when implementation becomes fluid, and why senior engineers become more critical—not less—in AI-native teams.
Finally, we’ll look at which existing language ideas already point in the right direction, which ones quietly break under vibe-driven development, and what a future “vibe-aware” programming language would need to get right to be trustworthy in production.
This session is an invitation to stop treating vibe coding as a novelty — and start treating it as a forcing function to rethink the core of software engineering itself.
Why (Senior) Engineers Struggle to Build AI Agents
Philipp Schmid · Senior Engineer Dev Rel, Google DeepMind
The better the engineer, the harder they fight the model. This session explores 5 ways our strongest engineering instincts—strict types, deterministic control flow, fail-fast exceptions—actively sabotage us when building AI agents. Through concrete before/after code patterns, you'll learn the mental model shifts required to go from fighting the model to shipping with it.
Why Distributed Teams Lose Momentum – Even When Everyone Means Well
Franziska Höhne · Project Manager, ALDI SOUTH
Distributed teams rarely lose momentum because of missing skills, bad tools, or lack of motivation. More often, momentum fades even when everyone is committed, competent, and genuinely trying to do the right thing.
Based on nearly two decades of professional experience working with international and distributed teams, this session examines why collaboration slows down in real-world engineering and change environments. Drawing on concrete examples from large transformation initiatives and everyday leadership situations, the talk looks at how communication patterns shape alignment, responsibility, and follow-through in virtual settings.
The focus is deliberately analytical and practical. Instead of introducing new frameworks or tools, the session explores recurring dynamics that repeatedly appear in distributed teams: unspoken assumptions, unclear signals, and language that creates activity without direction. Special attention is given to situations where decisions must be made under uncertainty and leadership happens without formal authority.
By connecting observed patterns from real projects with a clear analytical lens, the session offers a grounded perspective on why distributed teams lose momentum and what typically goes wrong long before execution begins.
Why optimizing for system comprehension is key to implementing AI for software development
Peter Caron · CEO, 3T Software Labs
How do you know if your company is optimising AI for the right things? For most companies, the biggest challenge with AI isn’t implementing AI tools or figuring out how to replace people, cut costs, or improve efficiency. It’s understanding how AI can be used to augment practices, speed up repetitive processes, and complement creative energy. Instead of competing with AI and asking how AI can complement your technical teams, many companies are asking how individual developers can complement AI.
In software development, typing code is rarely the bottleneck, so AI solves a problem that, by itself, does not necessarily speed up development. Most developers, however, use it as a coding tool. As Kent Beck has clearly stated, the frontier of augmented development is maximising human learning, not code production. We can apply this lesson across many AI projects. AI only works when people understand it and know how to use it effectively.
I will use the AI rollout at our company as a case study and a source of lessons learned.
Workshop. Adopting GitOps for microservices delivery via Argo CD
Stas Lebedenko · Cloud Architect, Eficode
This workshop is dedicated to GitOps principles adoption with Argo CD for deploying your microservices to Kubernetes. You will learn how to set up, configure, and control the desired state of your application and streamline delivery to Kubernetes.
Key topics
- Adopting GitOps principles for your delivery
- Setup of Argo CD and observability
- Implementation patterns App-of-Apps, Application Set and ordered deployment
- Issues resolution, obstacles and reconciliation options
- Selective sync and advanced deployment scenarios with multiple clusters and environments
Join this short workshop to learn about GitOps and how it can help you with Kubernetes delivery on any cloud. You will get detailed workshop steps with code via the GitHub repository, so you can repeat any part of it at a relaxed pace afterward.
You don't need to write the code. You need to become a verification architect and prove it's correct
Guillaume Moigneu · Field CTO, Upsun
You spent years mastering clean code, proper abstractions, and meaningful tests. Now coding agents do in 5 minutes what used to take you an afternoon. Terrifying? Only if you think your value is in writing code.
This talk reconsiders what "10x developer" means in the agent era. Not someone who writes 10x more code, but someone who defines, verifies, and ships 10x more scope. The secret: being risk-averse is now a speed multiplier, not a bottleneck.
I'll present a new SDLC concept based on verification pillars. A hands-on framework for safely delegating to coding agents at scale. Each pillar (from testing to security to standards) expands how much you can hand off without increasing risk. Combined with spec-driven development, where tests and type definitions replace prompts as your primary output, you'll see how one architect plus a great verification infrastructure can now match the output of a small team without adding unknowns and issues to enterprise projects.
Walk away with a self-assessment checklist, a concrete workflow for your first spec-driven feature, and a new way of thinking: from "I write the code" to "I define what correct looks like."
You shall (not) pass!? An Introduction to Testing authenftication
Ramona Schwering · Developer Advocate, Auth0
Like a door to a house or a shallow bridge from one cliff to the other: Some parts of your application are crucial and any damage or untrustworthy guide in those areas can have catastrophic consequences. One such area is the Login Page. However, when we discuss the Login Page, we're not just referring to the typical form with a username and password. There are other important features, such as Social Login, Passwordless options, and more, to consider. It's important to secure all these features by testing them. But the complexity of these features can often hinder the writing of tests for all use cases.
I invite you to join me in exploring authentication testing strategies. Whether you're an experienced QA professional, a curious frontend developer, or someone passionate about testing, this is the perfect session to equip you with the skills and knowledge needed to elevate your login page testing story.
You Will Migrate Eventually: a developer approach to technology adoption
Wouter Ligtenberg · Director of Engineering, ING
Trying out new technologies is exciting, but keeping up with the fast moving tech landscape is never easy. At ING, we adopt new tools and frameworks to stay ahead, but every adoption comes with challenges. A proof of concept can quickly turn into a headache if you don’t think about scaling, migration, and decommissioning from the start.
Technology adoption is rarely straightforward. We are expected to experiment, deliver working solutions, and keep things maintainable all at once. To manage this, we built a Tech Adoption Model inspired by Organizational Physics of Lex Sisney, which treats adoption as a process instead of a single decision.
The model encourages teams to think in phases. Exploration is done safely, incubation focuses on real use, and scaling only happens once a technology is ready. We also make developers consider early on how to migrate away or decommission a tool before it reaches its end of life.
Another important part is balancing the future with the present. The model helps teams adopt new tech without breaking what’s already working, making sure current projects stay flexible for what’s coming next.
In this talk, I’ll share how thinking in adoption phases can reduce hype-driven decisions, make scaling easier, and turn migration and decommissioning into part of the design process instead of an afterthought.
Your Competitors Know Your Skills Better Than You Do
Speakers TBA
Most companies track roles and headcount, while competitors target specific skills. This session shows how skill-based talent intelligence reveals capability risk before attrition happens, explains how competitors identify critical skill clusters, and introduces practical ways to turn external market signals into early warnings for workforce strategy.
Your Distributed System Just Got a Brain. Now What?
Marcin Makowski · CEO, BeOne
Distributed systems were designed around predictable behavior.
Retries assume idempotency. State transitions assume determinism. Consistency models assume repeatable outcomes.
Then we added AI.
Now:
- the same input may produce different outputs
- retries may change decisions
- context mutates state unpredictably
- model upgrades alter behavior silently
- deterministic workflows depend on probabilistic components
Your distributed system just got a brain.
And distributed systems don’t tolerate ambiguity.
In this session, we explore what really changes when AI becomes part of a distributed architecture.
We’ll cover:
- how probabilistic inference breaks retry semantics
- why idempotency assumptions fail with LLMs
- separating state from inference
- deterministic checkpoints in AI workflows
- replayable execution paths
- handling model version drift
- designing hybrid architectures where AI proposes - but systems enforce
AI doesn’t just add intelligence. It changes the fundamental assumptions of your system design.
If you treat AI as just another microservice, your architecture will eventually collapse.
Your Docs Are Now AI Infrastructure (Treat Them Like It)
Emil Sorensen · CEO and Co-founder, kapa.ai
Your documentation has three audiences now. Customers reading the docs site. Support agents drafting replies. And AI tools, Cursor, Claude Code, Codex, answering questions about your product on behalf of developers who never visit your site at all.
That last one changes everything. The same docs that used to be a static reference are now the grounding layer for every AI feature your developers touch, including ones you didn't build. If your docs are messy, outdated, or missing the answers users actually need, every agent querying them inherits the problem and your product takes the hit.
In this lightning talk, we'll show how kapa.ai operates as the knowledge engine behind production AI deployments at companies like Sentry, Netlify, Monday.com, and n8n, processing millions of developer questions per month. We'll walk through real analytics revealing the "dark matter" of documentation like which topics generate the most uncertainty, which pages quietly underperform, and how unanswered questions cluster into a prioritized backlog for content and product teams.
The takeaway: stop guessing what to document. Let your users, and the agents querying on their behalf, tell you. With concrete benchmarks: 20-40% support ticket deflection, hundreds of developer-days saved per year, and a path to treating docs as the grounded foundation every AI feature in your product needs.
Your Enterprise RAG Has No Legal Basis
David Klemme · Co-Founder and CTO, Komplyzen, Tilman Mürle · Managing Director and Co-Founder, Komplyzen
Your RAG system works beautifully. Under GDPR, it has no legal basis to exist.
Clean architecture. Proper embeddings. Maybe even agentic tool calling. You followed best practices. But when the auditor asks "what's the legal basis for this processing?" there's no answer. General-purpose "ask anything" chatbots have no defined purpose. Without a defined purpose, no legal basis can exist under GDPR. The architecture itself is the violation.
In this talk, I'll live-code a "best practices" enterprise knowledge bot, then ask the questions nobody asks: Where is purpose limitation enforced? Where is legal basis documented? I'll show why anonymization doesn't save you. 97% accuracy isn't "anonymous" under GDPR. It's still PII.
Then I'll show you the fix: a purpose-scoped bot architecture where legal basis is a first-class configuration item. Each bot gets a defined purpose, scoped data access, configured tools, and documented legal basis. The architecture enforces the boundaries. The retrieval layer can only access documents within that bot's scope. Non-compliance becomes architecturally impossible.
The good news? You didn't waste your investment. This is a 50k governance layer, not a rewrite.
Takeaways:
- Why your RAG has no legal basis and how to fix it
- The purpose-scoped bot pattern: document, enforce, and audit compliance by design
- A brownfield rescue roadmap for existing systems
Your Kubernetes Node Is Not a Server: Rethinking the OS Layer
Natanael Copa · Software Engineer, Mirantis
Kubernetes already treats nodes as disposable, but most platform stacks still run them as long-lived servers. This mismatch creates unnecessary complexity in upgrades, security, and operations, especially for edge, bare-metal, and high-churn environments.
In this talk, I’ll present an alternative model: treating Kubernetes worker nodes as firmware, not operating systems. Using k0s, Linux Unified Kernel Images (UKI), and an initramfs-only OS, we build immutable workers that boot entirely from RAM, fetch configuration from metadata (cloud-init style), and optionally persist state using a single mounted /var directory.
Your People Are The Future Of Your Brand
Ash Jones · Founder, Great Influence
Trust in brand is declining, with 71% of people saying they trust them less than they did a year ago. In fact, while 90% of executives believe consumers trust their companies, only 30% of consumers actually do.
So, who do people trust? People.
It has never been more evident that your people are the future of your brand. This session explores how brands can leverage the rise of personal branding to promote the people working within them to drive brand and business growth.
Zero to Binary: Building a Production-Ready AI Agent in Go
Rabieh Fashwall · Technical Lead, Galeria
Python is excellent for experimentation, but when it’s time to ship AI agents to production, you need the performance, concurrency, and type safety of Go.
In this hands-on workshop, we will abandon the Python notebooks and build a robust, autonomous AI Agent from scratch using Go. We won’t just be making API calls; we will architect a system capable of reasoning, planning, and executing tools safely.
What we will build:
We will build a CLI-based DevOps Agent. By the end of the session, you will have a compiled binary that you can ask to perform tasks (e.g., "Check the disk usage, and if it's over 80%, compress the log folder").
The Workshop Flow:
The Foundation: creating a clean interface to LLMs (OpenAI/Anthropic) decoupling the provider from the logic.
The Brain: implementing the ReAct (Reason + Act) loop using a custom Go state machine.
The Tools: using Go interfaces and struct tags to create strongly-typed tools that the Agent can invoke.
Safety & Concurrency: adding context for timeouts and Goroutines for parallel processing.
No magic frameworks. Just standard library Go and solid engineering principles.
".Net is too slow" was not an option
Tomasz Woznica · IT expert, mBank, Wojtek Kurzawiński · IT Senior Engineer, mBank
There were two simple scenarios among dozen others that had to meet strict SLAs when we start migration mBank core banking system (Altamira) from mainframe to distributed platform.
Processing input files, computation and persist results in database.
Start driving cursor on sql, computation and produce output files.
The story is about creating event-driven runtime in C# that is capable to accelerate this kind of jobs completely transparent for original COBOL source code making replatforming possible. We are able to spawn from 2 to N concurrent subtasks that from system point of view are single task. Goal for replatforming was to run core banking system on distributed platform using one line of code – COBOL.
Parallelism for files :
splitting to small chunks – couple strategies were implemented - all based annotations for build compound key that defines ranges for subtasks
merging results
where persist file on disk takes too long we have “magic”
virtual split
virtual merge
Parallelism for sql cursors :
splitting – provide information about identification of subtasks to sql without changing sql commands generated by application.
Evaluating ranges based on compound keys
merging – how to deal with “empty” ranges
Performance to achieve was very challenging and combine multiple topics that was covered. We must stand side by side with mainframe – aka performance beast. Moving mainframe all operation from memory access to distributed world where network latency, IO operations and so on are not negligible pushed us for find not obvious solutions.
These two topics are just tip of an iceberg in approach for legacy system migration.
mBank system processing day by day couple of thousands jobs where most of steps using acceleration path. This approach allow finishing End of Day processing in SLA window to start another usual day for our customers.
We would like to share and inspire developers with our findings in mBank success journey for replatforming.
"Looks Good to Me": A Practical Guide to Handling AI-Generated Code
Speakers TBA
AI coding assistants like GitHub Copilot, ChatGPT, and Cursor are reshaping how we build software—and open source is no exception. These tools can now generate code, submit pull requests, and even review and merge them automatically. But what’s the cost?
Open source maintainers are increasingly overwhelmed by “almost correct” AI-generated PRs that introduce subtle bugs, security vulnerabilities, or fail to follow contributor guidelines. Meanwhile, the rise of AI-generated Bug Bounty reports (AI slops) risks overwhelming maintainers and undermining the spirit of responsible disclosure potentially pushing projects to abandon bug bounty programs.
In this talk, we’ll explore a security-first and practical framework for using AI in software development and contribution workflows. I will cover guidelines from the well-respected communities like Linux Kernel, OpenSSF and OWASP and real-world (non-fictional) practices from the industry leaders. We will cover how to craft AI prompts with security and compliance in mind; governance templates for managing AI-generated contributions; Strategies for handling AI-generated vulnerability reports without shutting down your bug bounty program.
