Explore the full agenda for Open Conf 2025—a carefully curated experience of insightful sessions, hands-on workshops, and invaluable networking opportunities.
Grab your badge, gift bag, coffee and breakfast
Let’s get started with a great warmup session
We’re in the middle of another abstraction leap.
Just like compilers, cloud, and containers before it, AI-generated code started with hype, fear, and broken things—and might still end with progress.
But only if we build it right.
LLMs aren’t evil—they’re just monkeys with GPUs.
They’ll generate code with confidence, validate it with tests they wrote themselves (if any), and call it a job well done.
This talk introduces a working model for AI-assisted development that actually holds up under real-world use. It’s built on three ideas:
– The Chasm: the dangerous gap between what we meant and what we asked for.
– The Craft: the human skill to spot when AI gets it “technically right” but still wrong.
– The Chain: the Intent Integrity Chain, a structured flow of prompt → spec → test → code, where each output is validated externally—by humans or deterministic systems, never by the same model that generated it.
This isn’t a thought experiment or a product pitch. It’s a blueprint for building real software with AI, without sacrificing trust or intent.
Trust your knowledge.
Trust your tests.
Never trust a monkey.
As we stand on the brink of the quantum computing revolution, traditional cryptographic systems face unprecedented risks. This session will explore the emerging quantum threat to data security, focusing on how quantum algorithms could compromise current encryption methods.
We will delve into post-quantum cryptography (PQC), examining the race to develop encryption schemes resistant to quantum attacks. Additionally, we’ll address the ongoing efforts in PQC standardization, and the complex challenges involved in transitioning from classical to quantum-resistant systems.
Attendees will gain valuable insights into the future of cybersecurity in a world where quantum computing reshapes the landscape.
FedRAMP is the ticket to entry into the US public sector, unlocking access to $50B+ in annual federal IT spending. But it’s 325+ prescriptive controls can stall engineering velocity if treated like paperwork.
We took a different path. By embedding NIST 800-53 controls into infrastructure-as-code and automating continuous monitoring through CI/CD, we advanced from SOC 2 to FedRAMP efficiently. In this talk, we’ll share how DevOps practices turned compliance into code — accelerating delivery while meeting federal requirements.
How does computer know that `^\w+\d$` should match “java8” but not “jvm15”? There must be some magic that allows a computer to recognise that certain strings match the pattern, right? Yes and we, geeks, love learning how such magic works!
Join me on a highly technical journey through the internals of regex engines. First, we will analyse ancient scripts explaining the theory – finite automata and regular languages. Then we will hack through thickets of various regex flavours to arrive at the cave of regular expression engine where we’ll explore deep recesses of performance corner-cases. To add a bit of an adventure we’ll intentionally fall into a trap of exponentially slow patterns and crash a real app. Finally, we’ll read inscriptions left by the survivors of Stackoverflow and Cloudflare outages, both caused by regular expressions.
It’s a geeky talk and you’ll learn geeky stuff: how a small and neat language of regular expression is implemented and interpreted. But it’s not all in vain: you’ll be able to optimise the performance of regular expressions and prevent your app from being killed by a badly-crafted regex.
Enjoy your Lunch with great Networking
Do you want to take advantage of the full power of serverless architectures for your production workloads? Are you wondering how events can help your applications scale? Have you been trying to tune your applications for higher performance and lower cost?
This session provides architectural best practices, optimizations, and useful shortcuts that experts can use to build secure, high-scale, and high-performance serverless applications.
How do you build a recommender system that goes beyond genres and understands how people feel?
In this talk, we’ll share the journey of building Movie Groovy, a GenAI-powered application that recommends movies based on vibes and emotional preferences. You’ll get a look into how we combined LLMs, Agents in Python, Vector DBs, and custom UX logic to create an easy and emotionally-aware experience.
Along the way, we’ll highlight the technical challenges, design decisions, and surprising insights that came from balancing user trust, AI accuracy, and creative UX. If you are interested in GenAI, recommender systems, human-centered design, or just … movies, this talk will give you actionable ideas and inspiration for your own projects.
We will go through a practical application of AI and machine learning for observability in Netdata, focusing on the utilization of anomaly detection for individual components. We will emphasize on ML’s role as an advisor rather than an alert mechanism, using multiple independent models to identify significant issues when different metrics indicate simultaneous anomalies. This method enhances the detection of unusual patterns, potentially predicting failures and identifying security breaches.
The EU’s Cyber Resilience Act (CRA) has entered into force, but the road to full compliance runs through 2027 — and a lot is happening along the way.
This session offers a fast-paced technical update on where we are now: vulnerability reporting rules, open-source guidance, and the first steps toward harmonized standards.
This highly interactive two-part presentation tackles crucial communication gaps in cybersecurity engineering. The first half analyzes the problem, defining two major communication silos:
1. The Business/User Gap:Engineers struggling to communicate value to non-technical stakeholders (Sales, Clients).
2. The Specialization Gap: Engineers from different deep technical fields (e.g., hardware vs. software security) failing to communicate effectively.
This analysis shows how poor communication hinders engineer growth and obscures business value.
The second half is a practical Interactive Workshop featuring three role-playing scenarios to bridge these gaps:
1. Client Simulation: Convincing a customer of a disruptive technical fix without jargon.
2. Sales Simulation: Persuading a sales lead to halt a launch by translating risk into financial loss/reputational damage, and professional challenges.
3. Internal Simulation:Forcing a Hardware Engineer and Software Engineer to collaborate on a complex threat and solution.
The session concludes with the audience co-creating a final list of best practices based on the role-playing insights.
Spatial data is everywhere—from maps and navigation to urban planning and mobility services. MySQL provides robust support for managing and analyzing spatial data through geometry types, spatial indexes, and a comprehensive set of spatial functions.
This talk introduces MySQL’s spatial capabilities and highlights two practical use cases:
1. Transforming Between Spatial Reference Systems: Learn how to convert geometries across coordinate systems using MySQL’s built-in SRS transformation functions. This enables use cases such as the seamless integration and visualization of diverse datasets—e.g., combining GPS traces with city planning data on a unified map despite differing coordinate systems.
2. Analyzing Spatial Trajectories: Discover how to measure similarity between movement paths using trajectory data and spatial distance functions. This can support applications like identifying common travel patterns, detecting anomalies, or optimizing routes based on historical behavior.
Whether you’re a developer, analyst, or GIS professional, this session will help you unlock the full potential of spatial data in MySQL
In this presentation, Digiastar and the company’s CEO, Anastasios Coscoletos, showcase how modern AI voice agent and AI solutions can transform customer experience and internal operational efficiency.
The presentation will explore the implementation architecture, their integration with existing CRM/ERP/eShop systems, as well as application examples.
Additionally, we will discuss the challenges and the coexistence of employees within the new work environment.
AI isn’t magic—but when you understand how to structure your input, it can function like a superpower. In this session, I’ll share how prompting, meta prompting, and even reverse meta prompting have become part of my daily life as a Product Manager working with cross-functional teams. You’ll learn how to create prompts that produce structured, relevant, and context-aware output. We’ll explore meta prompting as a way to refine your thinking before execution, and reverse prompting as a method to debug and stress-test your own inputs.
This isn’t a talk about hype—it’s about how to use AI practically, thoughtfully, and effectively in product work (and beyond). Because while AI can help us move faster, it still can’t align a team or handle trade-offs. That’s still on us.
Key Takeaways:
-What prompting, meta prompting, and reverse meta prompting actually mean (and why they matter)
-How to write AI prompts that produce useful, context-aware results
-How meta prompting can refine your problem framing before asking AI for help
-How reverse meta prompting helps you assess and improve your own thinking
This workshop provides a comprehensive overview of the legal considerations that govern offensive cybersecurity activities, including ethical hacking, penetration testing, red teaming, and vulnerability disclosure. Participants will learn about applicable statutes (such as computer misuse and data protection laws), contractual obligations, regulatory compliance (e.g., GDPR, NIS2), and professional codes of conduct.
Through real-world case studies and judicial precedents, the session highlights risk management, liability mitigation, authorization requirements, and the distinction between lawful security assessments and illicit intrusion. Attendees will leave with practical guidelines to design and execute offensive security engagements while remaining within legal and ethical boundaries.
As artificial Intelligence becomes more sophisticated, deception scales faster than ever. It’s becoming more common everyday that AI tools generate realistic phishing, deepfakes and persuasive language to manipulate trust.
The growing overlap between machine intelligence and human vulnerability is a sign of the times and cybersecurity professionals need to address it sooner rather than later.
Open-source AI is shaping how we build, deploy, and scale systems and applications today, right into production. But with the rapid adoption of upstream AI models, datasets, and orchestration tools comes a critical question: can we trust what we’re using and how it was originally created? According to PwC survey, about 50% of surveyed company leaders in 2025 admitted they don’t trust AI to be embedded in their core operations.
Unlike focusing on securing AI systems themselves, in this talk we’ll explore often overlooked topic – how data provenance, model transparency, and AI-specific supply chain security are becoming essential for building trustworthy AI systems.
I’ll cover the importance of data provenance and how they reduce risks like data poisoning, bias, and adversarial manipulation; the rise of the AI Software Bill of Materials (AI SBOM) to document model components and inference behavior; open-source tools that bring it all to life: Sigstore, KitOps, Model and Data Cards.
I will also share updates from our work in top AI standardization organizations like OASIS, OpenSSF, and LF AI & Data to define and support AI provenance standards, automation, and trusted AI guidelines.
A behind-the-scenes look at the large-scale refactoring of TalentLMS, a learning management platform with deep roots and tight constraints.
This talk covers how we tackled deeply embedded technical debt while keeping the system live and teams shipping. It walks through the architectural shifts we made, from monolith to modulith, and the cultural shifts that made those changes possible.
Alongside code, we had to refactor trust, habits, and communication. Equal parts technical and human, this is a story about moving forward without breaking what still works.
Back to professional life after parental leave. What mattered before and what matters after. So how you still fit and how can you now be enough in these two words, family one and professional?
Maybe there are no good answers but sure there is a discussion we should be having. Especially if we want to keep diverse talents in the workforce.
Get some coffee, talk to friends before Day 2 kicks-off!!
Model Context Protocol (MCP) is an open standard that enables seamless integration between LLM based applications and agents with external systems, thus allowing us to dynamically enhance the model/agent that acts as a client, with capabilities provided by connected MCP servers.
The Quarkus project created one of the first MCP implementations in Java. Quarkus provides an ideal runtime for coding intelligent applications and agents that use the MCP protocol to call out to external MCP servers, or conversely, let you implement powerful MCP servers that can be invoked by any compliant LLM based application written in any programming language.
Whether you want to connect to your favorite database, integrate with your company’s systems, or build something completely new, everything is possible! Quarkus will handle all the MCP plumbing and through its hundreds of extensions will help you implement any simple or complex enterprise integration scenario that can enhance your intelligent workflows.
Come to this talk to learn how MCP works and how to use it effectively with Quarkus.
This talk explores how AI and natural voice interaction can transform the way players engage with gaming technology. By integrating speech recognition, intent analysis, and real-time system actions, Intralot’s new AI-powered assistant enables players to interact naturally – simply by talking.
The session showcases the architecture, challenges, and results of this innovation, demonstrating how AI can make gaming experiences smarter, faster, and more personal.
This session dives into the exciting world of Agentic AI and demonstrates how to build sophisticated, intelligent applications using Quarkus, LangChain4j, and the Oracle Database 23ai @ Azure.
It provides a comprehensive overview that empowers developers to harness the full potential of Agentic AI within the Quarkus ecosystem.
We will delve into the powerful synergy between Quarkus-Agentic AI and LangChain4j and demonstrate how to leverage these tools to build intelligent, context-aware agents.
We will cover the core concepts, architecture, and practical applications, illustrating the steps to develop robust and scalable Agents-driven applications.
Exploring the dual role of AI agents in modern cybersecurity within a panel debate.
As AI agents become increasingly embedded in our digital ecosystems—both as local assistants and cloud-orchestrated services—concerns about security are escalating. In recent years, we’ve witnessed a surge in the capabilities of malicious actors who now leverage advanced AI tools to automate and scale attacks. At the same time, everyday users and organizations are placing growing trust in AI-powered tools, often without fully understanding the risks.
This panel will explore the dual-edged nature of AI agents: how they empower both defenders and attackers, and how blind trust in automation can introduce new vulnerabilities. We’ll discuss real-world scenarios, emerging threats, and the evolving role of security professionals in an era where agents act autonomously, make decisions, and sometimes even collaborate with other agents.
Are we prepared for a future where agents are not just tools—but actors in the security landscape?
In the digital era, wars are no longer fought only on land, sea, or air — but in cyberspace. Cyber warfare has become a powerful tool for disruption, capable of crippling infrastructure, spreading misinformation, and undermining trust without physical violence.
This panel explores how cyber warfare is reshaping global security: the tactics behind major attacks, the role of AI and automation, and the growing overlap between state operations and criminal networks. Experts will discuss real incidents, emerging threats, and practical ways to strengthen digital resilience in a world where every system can become a target.
