Open Source Summit India 2026

Open source projects are rapidly adopting AI agents for code review, issue triage, PR merging, and sprint planning. But most projects bolt agents on without asking: who audits what the agent did? What happens when an agent merges malicious code? Who is liable when an AI recommendation violates a contributor agreement?

Drawing from GitMesh - an LF-incubated project running production AI agents for engineering workflows - this talk covers the three non-negotiable pillars every open source project needs before deploying agents:

• Audit trails: every AI decision logged, attributed, and reversible
• Policy enforcement: agents operating within explicitly defined
contributor permissions and DCO boundaries
• Human-in-the-loop gates: approval workflows that preserve maintainer accountability without killing automation speed

I'll share what broke when we skipped these, how we fixed it, and the open-source tools (OPA, Sigstore, audit logging patterns) any project can adopt today. Attendees leave with a practical compliance checklist for AI-assisted open source governance.

As banks shift from traditional software to LLMs, the threat landscape is evolving from "bugs in code" to "poison in data." Traditional vulnerability management (CVEs) cannot detect a model that has been trained to have a backdoor. This lightning talk explores the critical risk of Data Poisoning and Indirect Prompt Injection in a regulated fintech environment.

We will walk through concrete examples—from "hidden" instructions in customer documents to "Trojan Horse" models downloaded from public repositories—that can lead to unauthorized transfers or massive reputational damage. The session provides a 3-step governance framework for OSPOs to move beyond SCA and toward Model Integrity:

Implementing Data Lineage for fine-tuning sets,

Adopting Adversarial Red-Teaming as a standard release gate, a
Leveraging open-source frameworks like MITRE ATLAS to map AI-specific threats and tools like garak, augustus to detect the vulnerabilities
Learn why the OSPO is the natural home for AI Safety and how to protect your organization's "Intelligence Supply Chain" from being poisoned at the source.

Mumbai means money!

All the money in all the businesses within India seems to move from within the city. The financial pulse of the nation can be felt here. Many BFSI institutions consider Mumbai their home.

That being said, BFSI & open source share a complicated relationship. Join this panel of OSPO heads who tackle open source concerns in their organizations. The panelists span a diverse range of institutions ranging from nationalized, national, and international institutions.

While their love for OSS is clear, as technology adopters, the ability of software teams within these orgs can be tiring on a good day, to trembling. The opportunity to consume open source is available for them, yet the sheer number of hoops they have to jump through can be daunting.

What's it like belonging to a highly regulated industry, and yet keeping up with various innovative technology within the software world? Come to the panel to find out.

This hands-on workshop gives attendees a ground-up understanding of post-quantum cryptography and then puts that knowledge to work immediately. We start with the essentials: why classical public-key cryptography breaks under quantum attack, what NIST's post-quantum standardization process produced (ML-KEM, ML-DSA, SLH-DSA), and how hybrid key exchange lets you transition incrementally without abandoning classical security. Then, a hands-on using the Open Quantum Safe project's oqs-provider plugin for OpenSSL 3, attendees will:
Install and configure oqs-provider against a standard OpenSSL 3 installation
Generate post-quantum and hybrid X.509 certificates using ML-KEM and ML-DSA
Spin up a TLS 1.3 server and connect to it with a PQ-enabled openssl s_client
Inspect negotiated ciphersuites and key exchange algorithms in live TLS handshakes
Benchmark classical vs. hybrid vs. pure PQ handshake performance and understand the tradeoffs
Explore the algorithm catalogue — KEMs, signature schemes, and their NIST standardization status
No prior post-quantum knowledge is assumed. Attendees should be comfortable with Linux CLI and have a basic understanding of TLS.

The rapid growth of AI data centres is placing unprecedented demands on Ethernet, pushing the 53 year old technology beyond its legacy of best effort delivery. While Ethernet has continuously evolved, modern AI workloads introduce unique challenges such as RDMA driven traffic patterns, network congestion, and the need for lossless, ultra-low latency communication. These demands are critical across both scale-up and scale-out AI fabrics, which must support high-throughput training and latency-sensitive distributed inference between tightly coupled GPUs or xPUs.

This session explores how the ecosystem is addressing these challenges, highlighting key advances in open standards including:

The Ultra Ethernet Transport (UET) protocol from the Ultra Ethernet Consortium (UEC), a Linux Foundation project.
The SUE-T protocol associated with the UA Link industry initiative.
The Ethernet for Scale-Up Networking (ESUN) work-stream within the Open Compute Project (OCP).

Open collaboration is reinventing Ethernet as the scalable, interoperable backbone for the next generation of computing.

Most organizations are running IAM infrastructure designed for a different era — built around human users and browser-based logins, then grown through procurement until it became fragmented and misaligned with how modern enterprises actually work.
Three forces are about to stress this model beyond its limits. AI agents need identities and governance just like humans but operate nothing like them. Converged identity platforms are replacing tool sprawl with unified architectures where governance, access management, and privileged access share a common foundation. And verifiable credentials are introducing decentralized trust models where identity claims can be carried and verified across organizational boundaries without a central provider.
This session maps what IAM needs to look like to handle all three, grounded in practical implementation experience rather than analyst predictions. Attendees will leave with a clear picture of where IAM is heading and how to start evolving today's infrastructure without rebuilding from scratch.

6G isn't just faster 5G it's a paradigm shift toward semantic and goal-oriented communications, where networks transmit meaning rather than raw bits. The ITU IMT-2030 framework positions native AI and semantic layers as first-class network citizens. But what does this look like in open source? This talk breaks down the semantic communication stack: the AI encoder/decoder models, the task-oriented transmission protocols, and the Linux-based infrastructure that will run 6G network functions. We'll explore how eBPF provides the programmable observability layer for semantic pipelines , tracing inference latency, enforcing semantic QoS policies, and monitoring model-level telemetry at the kernel boundary. Attendees will walk away with a concrete mental model of the open 6G architecture and where open source communities need to build next.