Open Source Summit Europe 2025

When we talk about cloud security, the first thing that comes to mind is otters. Obviously.

In this talk, we’ll dive into the fascinating analogy between the world of cloud security and wildlife. We’ll explore Falco, eBPF, and others and how they relate to our very own animal ecosystem. This perspective offers a unique and intuitive way to understand cloud security.

Think of chameleons and adaptive security: changing colours to match evolving threats.

We’ll migrate like birds, discovering security’s role in real-world workload transitions across clouds.

We’ll collaborate like bees, protecting the hive with policies, alerts, and shared responsibility.

We’ll defend like armadillos, layer by layer, showing how strong defence is often the best offence.

And we’ll feel our spider-sense tingle — like observability tools catching anomalies across the great web of services.

And, just like otters, we’ll hold hands to stay together in the rushing currents of the cloud.

And who’s heard of chaos monkeys? Clever and unpredictable, just like attackers exploiting misconfigurations and edge cases! We’ll take a look at how that plays out in the wild world of cloud-native security.

In this talk, we will present open-source tools for evaluating and securing AI models which are key in building responsible AI systems. We'll start with an overview of these tools and their use cases, organized through a simple ontology to help classify them.

We'll cover:

- Tools that assess bias and fairness, such as AIF360

- Evaluation tools like Garak, which offers comprehensive security and safety assessments for LLMs; Promptfoo, which supports prompt engineering and testing; and Giskard, which allows the use of custom evaluation datasets

- Guardrail tools for LLM systems, like NeMo Guardrails

- Tools that focus on prompt security and insights, such as LLMGuard and LangKit

- Tools for traditional ML model security, like the Adversarial Robustness Toolbox

The main goal of the talk is to give attendees a clear overview of the wide range of open-source tools available for securing AI models and provide examples and insights about them that can help in making an informed decision on which one to use.

This talk is about software developers' journey into AI Agent creation.


We'll explore the evolving toolkit, from specialized IDEs like Cursor and VS Code (with AI Agents extensions) to frameworks like LangChain and LlamaIndex that simplify complex workflows.


I'll share firsthand experiences comparing local development with models like Ollama, LM Studio and LLM Runner against production deployments using OpenAI and Anthropic APIs. We will explore how to consume MCP Servers to provide tools to our Agents.


We'll address critical decision points: when to use RAG versus fine-tuning, how testing differs from traditional software, and the unique debugging challenges of non-deterministic systems. Finally, we will look at the challenges of deploying AI Agents in production and what we can do as developers to minimise the risk.


Developers will leave with a clear understanding of the technical shifts required when building AI agents, available tools, and practical strategies for overcoming the most common obstacles in this rapidly evolving space.

Linux kernel code (and any C project in general) can greatly benefit from several static code analyzers. Let's dive into open and free (as in free beer as well) tools for static code analysis used in the Linux kernel, because there is more than one tool

The session will describe in detail how to check your Linux kernel code around build time to improve the code quality.

Many techniques will be applicable to other projects, but session focuses on the Linux kernel due to its own build process.

Helping newcomers step into the Linux kernel community is not an easy task, but

with the right mentorship it becomes a transformative journey for both the mentor and the

the mentee.


This talk shares lessons from over a decade of hands-on mentoring experience, helping students

grow from their first patch to becoming meaningful contributors.


This presentation focuses on real world examples from subsystems like IIO, ALSA and device tree

bindings and explains the practical steps to get beginners started. Each steps is important:

from selecting the appropriate tasks and hardware platfroms, to explaining kernel workflows

and mailing list culture.


Attendees will gain practical guidance on building effective mentorship practices, learning

how to support newcomers as they evolve from learners to contributors. Also, this presentation

is valuable for newcomers looking to take their first step into kernel development, offering

a clear view of the journey ahead and how to access mentoring programs like Outreachy Program for Women

or Google Summer of Code.