Shall we play a Game? LLM Security in Practice

Spec Driven Dev - From Single Player to Multiplayer to Ecosystem

Specs help a human developer drive an agent's behavior. They let you define development practices, inject missing knowledge and capture long term product definitions. This works great for a single developer, but how does it work for a team? How do you collaborate on product specs and the code they generate? How do you produce and distribute corporate knowledge? Going further, what does collaboration across an ecosystem look like? In this talk, Guy will explore the present and future of Spec Driven Development, exploring how the forming practices expand and scale to have teams, organizations and the entire ecosystem build together.

Managing fleets of coding agents with OpenHands

We'll use OpenHands--an MIT-licensed agent orchestration platform--to drive a fleet of coding agents on a large real-world task. OpenHands can be used as a CLI or on the web, and agents can run on your workstation or in the cloud. We'll learn how to get more work done in parallel by leveraging cloud-based, asynchronous agents instead of running directly on our own workstations. We'll use OpenHands to monitor agents and drive them forward to build a large codebase from scratch.

AX⚡️DX: High voltage dev workflows

Developer Experience (DX) has always been about clarity, speed, and keeping engineers productive. Developers these days are increasingly delegating to AI agents who write, test, and deploy on their behalf. For some, they delegate very little; for others they delegate a lot. That’s where applying skills in Agent Experience (AX) becomes critical. If you want strong DX going forward, you can’t ignore AX. The experience you design for agents directly shapes the effectiveness of the developers they support. This talk will explore how to shift from the practices that made DX successful in the past to the new requirements of agent-driven workflows. We’ll cover: Who you’re really serving when building tools in an era of AI delegation. Why prioritizing AX ensures your DX remains resilient and future-proof. How to measure and improve your repo/system AX with practical techniques like context tools, shared systems for teams, and measuring AX efficacy. The takeaway: to keep DX strong, you have to focus on AX. It’s not a question of supporting AI or agents in general, it’s a question of supporting the developers that use them.

Building Memory-Augmented Agents with MemoRizz

This workshop will introduce participants to the practice of memory engineering and put the concepts into action. Using the MemoRizz library, attendees will learn how to design and build memory-augmented agents that go beyond simple prompt-and-response to become reliable, believable, and capable systems. Key aspects we’ll cover include: * Hands-on introduction to memory engineering: how to move from theory to implementation. * Practical use of memory types: applying short-term, long-term, and shared memory in an agent. * Deep research use case: building an agent that can manage complex information retrieval and synthesis across multiple interactions. * Reliability, believability, and capability in practice: showcasing what these qualities look like when agents are backed by memory. * Evaluation overview: introducing methods and frameworks for measuring agent memory performance, including how to test for precision, recall, and retention over time. By the end of the workshop, participants will have both conceptual clarity and hands-on experience in building and evaluating memory-augmented agents.

Emerging Patterns for Coding with Generative AI

If coding with AI sometimes feels brilliant and sometimes frustrating, you're not alone. This workshop walks you through a map of the patterns that make it more powerful and predictable, from first experiments to advanced techniques. We'll explore the inherent limitations of Generative AI alongside the new possibilities it creates - examining not just what happens, but why it happens. Understanding these underlying dynamics equips you to adapt and combine patterns in powerful ways and come up with your own solutions. Real-world examples will show some of these combinations in action. You'll leave with techniques that aren't tied to any single LLM or coding agent - practical approaches you can apply immediately, as well as the mental models that keep you effective in this rapidly changing landscape.

Backlog.md hands-on: Markdown tasks power the 3-way review from spec to PR

Backlog.md was built 99% by AI agents, with humans setting vision and reviewing work. In this workshop you learn why specs as markdown in your repo are a game-changer and you practice the simple loop I use. I demo the 3-way review process and the steps that took Backlog.md past 3k GitHub stars. First half: why Backlog.md works out of the box for agents, the CLI and web UI, and my 3-way review process that lets me ship with confidence. Second half: you install and init Backlog.md in a new or existing repo, then use your preferred agent to create and implement tasks end to end. The 3-way review (what you’ll practice) 1) Spec review: do the why and the what match with your expectations? 2) Plan review: agent reads the code, makes a plan. Does it make sense? 3) Code review: check code, run the app or tests, verify acceptance, close the loop. Requirements: 1) A concrete idea that fits in 1 hour (new project or a small feature) 2) Laptop with Git and Node.js, or pair with someone who has it 3) An agent with a subscription or ~$10 credits. Good options: Claude Code, Codex CLI, Gemini CLI, Cursor (use what you know). If unsure, check compatibility at https://agents.md/#compatibility

Testing and Securing AI generated code with Cursor

Building with AI is exciting, but ensuring your apps are tested, secure, and efficient is where the real value comes in. In this hands-on session, we’ll dive into how Cursor supercharges the developer workflow for vibe-coded applications, making your process faster, safer, and smarter. What you’ll learn: ☑ A quick intro to Cursor & AI-powered development ☑ How to test AI-built applications with confidence ☑ Adding security guardrails to protect your codebase ☑ Creating custom modes to accelerate your workflows ☑ Building custom commands for repeatable tasks ☑ We will also cover new cursor features, hot off the Cursor roadmap by the time of the conference You’ll walk away with practical skills you can immediately apply to your own AI-powered dev workflows.

Building Next Gen Agents with MCP

Step into the world of Model Context Protocol (MCP) and learn how to build an interactive AI powered agent powered by a fully functional Chess MCP server. We will work through coding up an MCP server, adding graphical elements with MCP-UI, and play a game of chess against an AI opponent. By the end of this workshop, you'll have created a Chess MCP server that: - Accepts chess moves in algebraic notation - Maintains game state across sessions - Displays the board in ASCII and graphical format - Allows AI agents (and users) to play interactive chess games - Provides an interactive chessboard UI with drag-and-drop moves Prerequisites: Node.js 20+ installed Basic TypeScript knowledge Text editor or IDE Terminal/command line access Nanobot installed brew install nanobot-ai/tap/nanobot or download from https://github.com/nanobot-ai/nanobot/releases

Supercharge Your Coding Agents

AI agents are moving from copilots to true coding collaborators, but most developers are still flying by feel. Tools like Claude Code, Codex, Cursor, and Gemini CLI are powerful, yet few teams know how to harness them fully. Prompts alone aren’t enough; effective agentic coding requires structure, context, and shared understanding. In this 2-hour hands-on workshop, we’ll go beyond prompting tricks and explore how collaboratively and effectively use coding agents. You’ll learn how to use specs as context, and provide agent guidance to shape behavior and output, teaching them not only what to build, but how to build it, aligned with you organisation's needs. We’ll cover techniques for: Using specs and structured guidance to steer agents toward better library use, open source and private alike Integrating team and org policies, coding styles, and conventions directly into agent workflows Managing multi-agent setups and tool integrations for larger, iterative projects Through hands on examples, you’ll see how to spercharge your coding agents, turning them into reliable teammates, who understand your stack, your rules, and your goals. If you’ve ever wondered whether your AI agent could be doing more — this session shows you how to make that happen.

Hands-On: Building Agents with Spring AI, MCP, Java, and Amazon Bedrock

In this hands-on workshop you will learn how to build & deploy production-ready AI Agents. You will use Spring AI, MCP, Java, and Amazon Bedrock and learn how to deal with production concerns like observability and security. We will start with basic prompting then expand with chat memory, RAG, and integration through MCP. In the end we will have a multi-agent system where agents interact with other agents to accomplish high-level tasks.

AI-Powered Application Modernization using Claude-Flow

We'll go on a journey using Claude-Flow, managing a team of Claude-Code agents underneath to do a 12-factor assessment of an open source codebase to assess its ability to be cloud-native. That is, the ability of the application to use cloud features such as dynamic scaling and high-availability. We'll then plan changes needed to resolve cloud-native issues found by the analysis. Expect a discussion about cloud-native issues found in the cloud-native assessment, as well as migration plan tactics. Attendees will leave with: - Knowledge of how to use Claude-Flow/Code to assess legacy code bases - Knowledge of how to use agentic engineering practices to plan significant changes to legacy code bases If you want to participate, you are welcome. You're also welcome to watch. If you participate, the requirements are: - Claude Code Account/Anthropic API Key so that you can use Claude Code - GitHub account capable of running GitHub Codespaces

Event kick off

Spec Driven Dev - From Single Player to Multiplayer to Ecosystem

Specs help a human developer drive an agent's behavior. They let you define development practices, inject missing knowledge and capture long term product definitions. This works great for a single developer, but how does it work for a team? How do you collaborate on product specs and the code they generate? How do you produce and distribute corporate knowledge? Going further, what does collaboration across an ecosystem look like? In this talk, Guy will explore the present and future of Spec Driven Development, exploring how the forming practices expand and scale to have teams, organizations and the entire ecosystem build together.

AI as an Amplifier: State of AI-assisted Software Development

AI adoption in software development is nearly universal, but the results are anything but. While the industry has moved beyond simple code completion, the promised productivity gains often get lost in downstream chaos. So, what separates the high-performers from the rest? Drawing on insights from the 2025 DORA State of AI-assisted Software Development report—a study of nearly 5,000 technology professionals—this session will reveal a critical truth: AI's primary role is that of an amplifier. It magnifies the strengths of high-performing organizations and the dysfunctions of struggling ones. In this talk, we will go beyond the hype and dive deep into the data to uncover: * Why a ""legacy bottleneck"" can completely negate AI performance gains, and how loosely coupled architectures are essential for success. * How Value Stream Management (VSM) acts as a force multiplier for AI, ensuring that localized productivity gains translate into measurable improvements in team and product performance. * The crucial role of high-quality internal platforms, and why 94% of organizations have adopted platform engineering as the foundation for AI success. * The surprising human factors at play, including why 30% of developers report little to no trust in AI-generated code, and what the data says about AI's real impact on burnout and developer satisfaction. You will leave this session with a clear, data-backed framework for understanding and improving your team's AI adoption strategy. Instead of focusing on just the tools, you'll learn how to identify and address the systemic issues that are holding you back, and how to create an environment where AI can truly amplify your team's success.

AI Hates Legacy Code

AI coding agents feel like magic... right up until they collide with production code. For teams maintaining legacy systems, these agents often hallucinate APIs, run off on tangents, and shatter trust faster than an unreviewed hotfix at 5pm. Ignoring the past won't save us, because new code becomes old! We can do better, and we will. In this session we'll go over emerging strategies for improving the accuracy of coding agents on real codebases, benchmarks such as SWE-bench that evaluate our progress, and their limitations. Expect to walk away with actionable techniques and a renewed respect for code that came before us and the challenges ahead. Key Takeaways Why LLMs have more trouble with existing code What we can do about it How we measure progress

These Aren't the Tools You're Looking For: MCP Security Awakens

Everyone adopts MCP Servers. Everyone deploys MCPs. Everyone secures their MCP Servers. Oh, they don’t? Who would’ve thought! Well this talk isn’t about adding authentication to your MCP Server, it’s about inviting you to the deep-end observatory of threats and risks in the MCP ecosystem. MCP Servers introduce new threat vectors and security risks from insecure MCP Servers code, to malicious MCPs harboring tool poisoning attacks and all the way to indirect prompt injection that compromise MCP IDEs and Cursor and AI apps like Claude Desktop. In this highly technical session I'll demonstrate active exploitation techniques against MCP deployments: how a single malicious tool description can exfiltrate credentials, and how insecure MCP Servers are exploited by attackers to run arbitrary code. You’ll walk away with a clear understanding of the various moving parts in the MCP security threat landscape so you can better assess your risks and security strategies as well as gain key insights and security best practices for building secure MCP servers that you can apply when adopting and building MCP servers.

Managing fleets of coding agents with OpenHands

We'll use OpenHands--an MIT-licensed agent orchestration platform--to drive a fleet of coding agents on a large real-world task. OpenHands can be used as a CLI or on the web, and agents can run on your workstation or in the cloud. We'll learn how to get more work done in parallel by leveraging cloud-based, asynchronous agents instead of running directly on our own workstations. We'll use OpenHands to monitor agents and drive them forward to build a large codebase from scratch.

State of Open-Source AI Coding Models

As a machine learning engineer at Hugging Face, I'm at the front front of what's happening in open-source AI. There are a lot of advancements in open models for coding, such as Qwen3-Coder, GLM-4.5 which is compatible with Claude Code, Hugging Face Inference Providers VSCode integration and more. This talk aims to provide an overview of the landscape of openly available models for coding, explain the different model types and training objectives, how they stack up against closed models and the tooling around it (fine-tuning and inference).

Virtual Tool Calling and the Future of Portable AI Toolchains

"AI coding tools face a fundamental challenge, there's no standard for tool calling across providers and models. Claude uses one schema, OpenAI another, and many models don't support native tool calling at all. This forces developers to maintain provider-specific integrations or limit themselves to a single vendor. Virtual tool calling solves this by translating tool definitions into structured system messages that any model can understand—effectively simulating native tool support through prompt engineering. Instead of relying on provider-specific function calling APIs, we define tools in the system message and parse model responses for tool invocations. This means a single codebase can work seamlessly across Claude, GPT-5, local models, and everything in between. Beyond the technical solution, this represents a broader shift in AI developer tools. VS Code locked features behind Copilot, creating a closed ecosystem. We're now seeing the industry move away from these walled gardens and I am excited to show how we can leverage these concepts beyond the IDE. This session covers both the implementation of virtual tool calling and why building in the open matters for the future of AI-native development."

Agents on (Guard)Rails: Deterministic Safety for Database Operations

As AI agents move from writing boilerplate code to performing complex, data-aware tasks, a critical question emerges: How do we prevent a creative but unsupervised AI agent from causing chaos in our databases, where every operation must be precise and predictable? Unchecked, agents pose a dual threat: accidental data corruption through malicious or incorrect Data Manipulation Language (DML) and catastrophic schema changes via unintended Data Definition Language (DDL). This session provides a practical playbook for putting agents on guardrails. We'll move beyond theory and demonstrate two powerful open-source tools that bring deterministic safety to agent-driven database operations. First, we will show how the MCP Toolbox for Databases can be used as a DML guardrail, preventing agents from executing unsafe queries by providing them with pre-approved, parameterized ""tools"" for data access. Second, we will explore how Atlas can manage and verify DDL changes, ensuring that any agent-proposed schema modifications adhere to company policy and migration best practices. This is a hands-on guide to building robust, production-ready agents that you can actually trust with your data.

Building with MCP: How Protocol Primitives Shape Developer Experience

Model Context Protocol (MCP) has unleashed a wave of innovation in the AI world by bridging large language models (LLMs) with the systems we rely on every day. You may have already used an MCP server to connect your coding agent to library docs, databases, or issue trackers. But what’s happening under the hood? In this talk, we’ll dig into the guts of MCP servers and explore the key protocol primitives that make everything click. From tool calls, sampling, prompts, elicitations, and resources, to the subtle design choices that can make or break your developer experience. For example, how a well-implemented MCP server might pause before deleting your database, asking for confirmation instead of firing off a destructive action.

Code Security Reinvented: Navigating the era of AI

Artificial intelligence (AI) already serves as a copilot in our daily lives, acting as a digital assistant and delivering personalized experiences. Despite progress in many areas, AI has historically fallen short of improving software development practices. This changed with the introduction of AI pair programmers, which distill the collective technical know-how of the world’s developers, and their widespread adoption has been quite telling. While the process of building software has become easier and faster, the question remains: What about more secure? In this session, we’ll demonstrate six practical ways developers can use AI to tap into the world’s security knowledge, showcased through 14 demos in GitHub Copilot. The audience will gain a deep understanding of AI capabilities for security, the pros and cons of security MCP servers, how to make informed decisions for supply chains, and other key practices along with insights drawn from our own lessons as developers striving to ship secure code. Finally, we’ll share a playground repository where attendees can safely experiment with everything demoed.

Evolving specs in Kiro to deliver incremental features faster, safer.

Learn about how the Kiro team evolved the spec-based dev workflow and artifact structure into a feature which they wanted to use every day. Do you treat specs as point-in-time snapshots of technical decisions, or do you treat them as an ever-syncing reflection of your source code? We've found that by distinguishing technical summaries and designs from requirements, we are better able to iterate on decisions made previously in a safe, reliable manner. The team at Kiro went through 7 fundamentally different spec implementations and interfaces internally, and feel we've only just scratched the surface on an experience worth pursuing.

DevOps Agents That Can't Delete Your Database

You've seen AI coding agents deleting databases and wiping codebases. Current solutions like Claude Code's whitelists/blacklists fail because LLMs are versatile, they can do the same destructive thing in 100 different ways. This demo demonstrates novel deterministic security guardrails that make agents safe to use in production environments. We'll cover secure secret handling, mTLS for MCP, and introduce Warden, a new deterministic security enforcer that creates boundaries agents cannot cross, regardless of the tools they use. Real examples from Stakpak's open-source DevOps agent. Your first look at techniques that makes coding agents production-safe, and a reference implementation in Rust.

Building AI Agents with Spring & MCP

AI is here, but is it working for you? The name of the game is to give these AI models access to our enterprise systems and services and let ‘er rip! But it’s not always easy. We have a friend whose stress level trying to build production-worthy Python AI services was so high that his hairline receded TWELVE INCHES! Or that might have just been natural aging... Either way: he should’ve used Spring AI! Join us, AWS developer advocate James Ward and his trusty sidekick and Spring developer advocate Josh Long, and we’ll look at how to build MCP-enabled, RAG-ready, vibe-free, agentic systems and services in no time at all.

Backlog.md - From zero to success with AI Agents

Heard about Claude Code, Cursor, AGENTS.md, or MCP but still hitting walls? This talk takes you from zero to a simple, efficient way to organize work for AI agents. We move from vibe coding slop to a Spec-Driven AI Development loop using Backlog.md, a CLI that keeps tasks as markdown in your repo with clear context and acceptance criteria. Backlog.md was built 99% by AI agents and has 3k+ GitHub stars, proof that the loop works. I’ll show the flow I used to build Backlog.md, the lessons learned, the DOs and DON’Ts, and how I went from a frustrating 50% task success rate to almost 100% in about a month. We connect instruction load to agent reliability and use that to split work into tasks that land. We’ll look at how Agentic Coding changes Agile in practice: which core values stay, what must change, and the new bottlenecks. You leave with a clear way to plan and parallelize work across agents, with tasks sized to what agents can follow, and why tools like Backlog.md mark the start of a new Agile process. We finish with an open question for the room: how do we keep humans in the loop in the new AI era? P.S. You won’t need any prior agent experience.

How we hacked YC Spring 2025 batch’s AI agents

We hacked 7 of the 16 publicly-accessible YC X25 AI agents. This allowed us to leak user data, execute code remotely, and take over databases. All within 30 minutes each. In this session, we'll walk through the common mistakes these companies made and how you can mitigate these security concerns before your agents put your business at risk. In addition, learn how to mitigate from emergent AI threats continuously. Key Takeaways 1/ Most common AI agent security issues 2/ How to address them right now 3/ what to watch out for

AI-Powered Application Modernization: From Legacy Code to Cloud-Native with Claude-Flow

Application modernization projects often stall under the weight of complexity: Do you refactor, re-platform, or replace with SaaS? AI-assisted development can cut through that complexity, turning weeks of manual analysis into hours. In this session, I’ll share a real-world exercise where my Claude-Flow swarm of coding agents was used extensively to modernize an existing open-source CRM application. We’ll cover three stages of the journey: (1) assessing the application’s fitness for cloud deployment, (2) using AI to analyze the viability of migrating users to existing SaaS alternatives, and (3) planning the modernization effort with a roadmap that accounts for technical debt, risk, and compliance gaps. This is not a theoretical discussion—I’ll show concrete outputs generated by the swarm, how the orchestration handled complex decomposition, and where human judgment was still required. Attendees will walk away with a practical, field-tested framework for applying AI agents to modernization efforts and accelerating the move to cloud-native architectures.

The Intersection of Fitness Function-driven Architecture and Agentic AI

The path to evolutionary architectures lies with architects and developers building and maintaining architectural fitness functions–the mechanics of evolutionary architecture. The most advanced flavor of that is fitness function-driven architecture–building the governance safety net before building the architecture. However, architects struggled in the past with the variety and specificity required to build and maintain this safety net. With the advent of Agentic AI and MCP, architects now have a way of advertising capabilities and allowing agentic AI to glue together the data and facilities architects need for governance. This session highlights how architecture will encapsulate Agentic AI to allow more sophisticated architectural governance, allowing teams to build more powerful systems with confidence.

Evaluating an LLM's ability to code

In this talk I want to share the dimensions I like to look at LLM's from, the path I've taken so far at building testing capabilities, and how much more there is to do to continue research in this space. Benchmarks will come out and show that some new model is the best at coding, but that doesn't always align with real world usage. This was frustrating to me, and led me down a path of trying to build a way to evaluate in a way that would mimic real world usage.

RoboCoders: Judgment Day – AI Spec-driven Tools Face Off

Agentic AI Spec-driven tools promise cleaner code, faster development, and fewer late-night debugging sessions. But do they really deliver? In this live showdown, we'll complete identical coding tasks, from initial setup to testing and debugging, all live on stage using the tow leading spec-driven development AI tools - Tessl and Kiro. You, the audience, decide which tool actually boosts quality and productivity and which just creates more noise than useful code. Bring your skepticism, cast your vote, and expect surprises

AI assisted code reviews: Quality and Security at Scale

Discover how AI is transforming code reviews at scale in this session led by Principal Product Manager Sneha Tuli. Drawing from Microsoft’s real-world journey, you’ll learn how integrating an AI-powered code review assistant into existing developer workflows has accelerated feedback, improved code quality, and fostered a culture of continuous learning. This session stands out by sharing not just technical innovations—like multi-agent orchestration, and custom project guidelines—but also practical lessons on building trust, ensuring safety, and driving adoption across thousands of repositories. Attendees will gain actionable insights into deploying AI responsibly, overcoming challenges such as false positives and context limitations, and preparing for the future where human and AI collaboration sets new standards for software quality and security.

From Prompts to AGENTS.md: What Survives Across Thousands of Runs

We stress‑test coding agents claude code and codex at scale and report the patterns that actually survive. Across thousands of runs on a representative golden set of agentic coding issues, we compare orchestration (single vs. parallel vs. lightweight hierarchy), reasoning styles (ReAct, Reflexion, Self‑Refine, Least‑to‑Most), and context practices (refresh, compaction, dedup). The core move is turning ephemeral prompt tweaks into durable, versioned central and per-componet AGENTS.md so improvements persist across repos and projects. We’ll augment this with a GitHub study of AGENTS.md in popular projects (adoption, typical sections, section sizes), then show how we applied the findings to Claude Code and Codex to stabilize outcomes under load. Attendees leave with defaults that improved speed, cost, size, and performance and a template you can adpot immediately. 20‑minute run‑of‑show - 2’ Why results drift and why rules beat one‑off prompts - 4’ Orchestration ladders and reasoning styles (what held up at scale) - 5’ AGENTS.md in practice, central vs. distributed, ordering, decision criteria - 5’ Context engineering that sticks and trace‑driven updates - 4’ “In the wild” snapshot (GitHub stats) and quickstart templates Top‑3 takeaways 1. A reproducible template to convert traces into AGENTS.md rules that survive across runs. 2. When to use parallel runs vs. light hierarchy and how to stage reflection without ballooning tokens. 3. Context defaults that reduce cost and latency without cratering quality.

Context-Aware Development in Kiro

Model Context Protocol (MCP) is transforming how AI agents access and utilize development context. In this live demo, you'll see how Kiro leverages MCP alongside steering files to create context-aware coding agents that understand your development environment. We'll demonstrate: MCP in action: How Kiro's AI agents use MCP to external tools in real-time Steering files: Creating and evolving steering files that guide AI behavior based on your project's specific patterns, conventions, and architectural decisions Context-aware generation: Watch as agents generate code that respects existing patterns This isn't just code completion—it's AI agents that understand your development context and can make intelligent decisions about code generation, refactoring, and feature implementation. You'll leave with practical knowledge of how MCP and steering files can transform your own development workflow with Kiro

From Concept to Prototype: Leveraging Generative AI for Rapid Development in an Enterprise

Generative AI Developer Assist tools are reshaping enterprise software development by enabling faster iteration, improved code quality, and reduced time to market. Our working hypothesis: these tools can accelerate updates to existing codebases, streamline code reviews, enhance test coverage, and support more efficient delivery cycles. This session presents a real-world case study that puts this hypothesis into practice. Tasked with building an internal risk analysis tool to support open source consumption governance, a single engineer used GitHub Copilot to deliver a fully functional proof-of-concept in just five days—a task that would traditionally require a full agile team much longer. In addition to the case study, the session will cover: Key learnings from the development process Practical guardrails for responsible and secure adoption Current limitations and considerations for enterprise integration Join us to explore how Generative AI can be thoughtfully applied to accelerate enterprise development workflows—turning ideas into prototypes with unprecedented speed.

From Vibe Coding to Spec-Driven Development: Building AI-Native Software In The Enterprise

At Nearform, we see Spec-Driven Development (SDD) as the blueprint for progressive delivery in the AI-native era. By applying a SDD methodology on some real customer projects, we’ve accelerated delivery with leaner teams & tested the limits of this methodology along the way. In this talk, I’ll share why SDD excites us far more than ""vibe coding"" ever did. I'll show: -How we've found it to deliver greater predictability, completeness, and context-aware outputs, with examples of vibe coding shortcomings that SDD has solved for -How codifying the traditional roles of a software team as agentic roles produces more reliable, repeatable results, with examples of how an explicit QA step + context window overcomes many traditional under-completeness reporting challenges -How we leverage multiple human-in-the-loop drivers of agents coordinate on a single project using git -How we make SDD fit into the enterprise development cycle through use of MCP connectivity, giving more transparency into the work of agents We'll also share some of the warts: -The types of projects this new development paradigm proved not yet ready to tackle -Challenges we've seen to adoption across teams & how to nurture a culture where AI native development isn't a threat Attendees will leave with concrete learnings testing the bounds of what's possible with spec driven development on larger enterprise projects.

Tracking AI-generated code with Git

Did an agent write that? Know you can know. Git AI is an open source git extension that tracks every line of AI code that gets added to a repo. You can reset, rebase, reformat, copy/paste, cherry-pick -- Git AI won't lose track. You get accurate AI attribution from your laptop to production. Come by for a live demo and hear stories about how measuring AI and tracking AI code has helped teams large and small ship better code, faster. Takeaways 1. There's an emerging standard for tracking AI code (adopt it!) 2. The new SBOM is knowing which code is AI and tying incidents back to it. 3. Saving prompts will make agents smarter. Start today!

Memory Engineering: Going Beyond Context Engineering

Large Language Models (LLMs) are powerful, but their limitations become clear in multi-turn interactions: they lose track of context, repeat mistakes, and forget what matters. Lately, developers have relied on context engineering—clever prompt design, retrieval pipelines, and compression—to work around these constraints. But context alone is ephemeral. To build agents that are reliable, believable, and capable, we need to move beyond context and into memory engineering. This talk introduces memory engineering as the natural progression of context engineering, exploring how to design systems where data is intentionally transformed into persistent, structured memory that agents can learn from, recall, and adapt with over time. We’ll walk through the data→memory pipeline, types of agent memory (short-term, long-term, shared), and practical strategies like reflection, consolidation, and managed forgetting. Finally, we extend the conversation with a Context Engineering++ perspective—a holistic view of how memory, context, and attention can be engineered together to enable the next generation of agentic systems. Attendees will leave with a clear framework for evolving from prompt engineering to context engineering to memory engineering, and practical guidance on how to architect agents that don’t just respond, but remember, adapt, and grow.

Separation of Agentic Concerns: Why One AI Can't Rule Your Codebase

The dream of a single all-knowing AI running your entire SDLC is both admirable and widespread. But in reality, specialized agents with distinct responsibilities outperform generalist systems. This talk makes the case for using multiple agents across your SDLC: planning, coding, and review agents that enforce code quality without sacrificing long-term velocity. You'll learn how to optimize AI-assisted developer workflows with system prompts, MCPs, subagents, and context while avoiding common side effects that degrade quality. Attendees will leave with practical steps to leverage AI throughout the development lifecycle for delivering safer, smarter, and more reliable software.

Unlocking agent beast mode with Tessl

AI coding agents are evolving from copilots to true collaborators. In this session, we’ll show how to unlock their full potential using real examples from tools like Claude Code. You’ll see how structured context, specs, and guidance can transform agents into reliable teammates that understand your stack, libraries, and coding style. Through live demos, we’ll explore how to align agents with your workflow, organization, and intent, helping you code faster, smarter, and with more control.

AX⚡️DX: High voltage dev workflows

Developer Experience (DX) has always been about clarity, speed, and keeping engineers productive. Developers these days are increasingly delegating to AI agents who write, test, and deploy on their behalf. For some, they delegate very little; for others they delegate a lot. That’s where applying skills in Agent Experience (AX) becomes critical. If you want strong DX going forward, you can’t ignore AX. The experience you design for agents directly shapes the effectiveness of the developers they support. This talk will explore how to shift from the practices that made DX successful in the past to the new requirements of agent-driven workflows. We’ll cover: Who you’re really serving when building tools in an era of AI delegation. Why prioritizing AX ensures your DX remains resilient and future-proof. How to measure and improve your repo/system AX with practical techniques like context tools, shared systems for teams, and measuring AX efficacy. The takeaway: to keep DX strong, you have to focus on AX. It’s not a question of supporting AI or agents in general, it’s a question of supporting the developers that use them.

Beyond Tests: What to Verify in AI-Generated Code

Agent-based coding introduces new quality risks to teams that rely primarily on traditional testing approaches. Because agents default to ""best guesses"" when provided insufficient or underspecific context, these gaps—if left unchecked—can result in production issues related to performance, stability, or unexpected edge cases. However, when teams provide clear invariants and non-functional requirements coupled with review cycles that ensure they're met, agents can produce significantly higher quality code, reducing downstream maintenance costs. This talk presents an invariant-driven framework for deciding what to verify and where those checks belong in your pipeline. We'll introduce a simple invariant taxonomy that delivers immediate benefits through verification. The taxonomy is based on scope (universal across any repo, system/architecture-specific, or feature-level) and type of check (data contract, business logic, or performance/SLA), coupled with the target remediation (advisory only, block merge, or rewrite). We'll conclude with a before-and-after demo leveraging Tessl's Specification Registry that demonstrates the benefits of incorporating invariants into your agentic coding workflows. Attendees will leave with a practical checklist they can apply immediately.

Agent Omelets & Other Forbidden Techniques

Slice 'em. Dice 'em. Put 'em in an omelet. Wait, we weren't talking about tomatoes? Well, you can also do a lot of strange things to agents to stretch your token budget, juice agent performance, and get your agents to run longer and more independently. In this talk, we'll learn how to: Tee up agents with agents … agentically! Fork, roll back … even ""shadow clone"" your agents! Have agents edit their own memory … and have them forget they did it! Hot swap frontier model providers … in mid-conversation! Make an agent out of your own interactions with agents … using an agent! Put your agents in a little organization and force them to use Slack … BECAUSE AGENTS! Plus other forbidden techniques! :scroll::test_tube: In this talk, Patrick will show examples of getting real work done with the above techniques. We'll hear Patrick's hot takes about agent special-casing (not subagents, just agents) and how you should keep the smarts in the model, not in the heuristics. We'll internalize the deep truth that agents are just, like, stateless context, man, and how knowing that can take your agentic workflows to the next level. We might even cook some agents into an omelet! 🍅✨

Code as Commodity: how to thrive with the Medium of Generative AI

As the cost of producing code approaches zero, previously uneconomic ideas become not only possible but necessary to stand out in a sea of slop. Engineering will remain a vital craft, yet developers must confront the commoditization of what was once their specialty. The savviest will shift from production to articulation and orchestration—combining taste, judgment, and the ability to amplify signal as the noise deafens. Chris Messina—the product strategist who invented the hashtag, built early developer platforms at Google and Uber, and now coaches AI-native founders on go-to-market and launch strategy—explores how generative models are transforming software from exclusive craft to popular medium. As software becomes disposable, we must rethink what industry we’re in. The future developer looks less like a Big Tech tech bro and more like a chef, record producer, or architect: shaping experiences where taste, culture, and iteration amplify value.