NDC Sydney 2026

The pace of tech is relentless. AI is everywhere. And developers, especially juniors are overwhelmed, confused, and afraid to ask for help. Seniors are expected to pick up the slack, but there is no slack. Burnout is real. Layoffs are brutal. And hope feels scarce. But what if AI wasn’t the threat? What if it was the lifeline? In this talk, I'll share a raw and honest take on how GitHub Copilot can be used right. I’ll show how Ask Mode empowers learners to ask the “million questions” they’re afraid to ask and get answers that build confidence, not dependence. And how Agent Mode helps senior devs accelerate delivery, refactor legacy code, and surface security flaws without losing control of their architecture. This isn’t a hype session. It’s a call to action: to use AI as a tool for growth, not replacement. To build better software, support each other, and stop burning out. Whether you’re early in career or leading the charge, this talk will challenge your assumptions and leave you with practical ways to thrive in the age of AI.

Australia’s backyard fauna are nature’s ultimate chaos engineers. In this fast‑paced, demo heavy session, we’ll channel our inner Wile E. Coyote—optimistic, iterative, occasionally singed—and show how combining AI, IoT, and a bit of ACME‑grade creativity can turn your backyard, deck and shed into a humane, real‑time defence system.

Distributed systems can be overwhelming - but with .NET Aspire, building them feels refreshingly simple. In this session, we’ll explore a multi-service, message-driven application and see how Aspire streamlines orchestration, configuration, and diagnostics across your system. Along the way, I’ll show how easily you can plug in messaging, persistence, and observability without the usual wiring and complexity. Once it's running locally, we’ll set up CI/CD and deploy the whole thing to the cloud - with minimal effort. Whether you're modernizing an existing solution or starting from scratch, you’ll walk away with practical ideas and a new appreciation for Aspire’s end-to-end developer experience.

I was taught that mining and sustainability couldn’t coexist—that mining was a dirty word. As a Digital Product Manager for a steel mining supplier, I’ve seen firsthand the drive to transform this legacy industry, undertake digital transformation and the push for sustainable solutions and Net zero. How do you improve safety and asset maintenance, with a person in a Pit, when we are designing digital products from the office? The first step in building truly effective digital products is focusing on the people who rely on them daily. I've been to the literal coal face, it's dusty, hot, sweaty, flies buzzing, with big dirty gloves on. Not to mention offline and over exposed! Innovation fails when we ignore the end users. Applying Human Centric Design principles reduces costly failures, boosts adoption, and drives tangible impact. Add in AI, machine learning, automation and predictive analytics, and now we are shaping the next frontier and making a Digital Twin. Human-Centered Design (HCD) is key—iterating and testing in real mining environments ensures our technology meets real-world needs. By integrating user feedback and iterating the design, we create safer, smarter, and widely adopted industrial solutions. Over the years, our team has developed IoT devices, sensors, apps, websites, AI Visionware, and digital platforms to monitor Bradken’s steel products across mining operations for 100+ mining companies in 20+ countries.

Enterprise AI success is no longer about choosing the right model or writing better prompts—it’s about building the right ecosystem. In this session, we explore the Azure AI ecosystem from a delivery and architecture perspective, showing how real-world AI solutions emerge from the combination of data platforms, semantic foundations, agent orchestration, pro-code and low-code experiences, and securely exposed tools and APIs. Drawing on Microsoft’s latest Ignite announcements—Fabric IQ, Foundry IQ, and Work IQ—we’ll unpack how Microsoft is converging on a unified intelligence layer that finally makes AI agents useful at enterprise scale. You’ll see how these capabilities map to practical architectures, where teams typically go wrong on the path to AI ROI, and which patterns consistently succeed. The focus is on delivering measurable value today—search, summarisation, decision support—while deliberately preparing for the next wave of agent-driven systems. This talk is aimed at developers and architects who want to move beyond demos and build AI platforms that scale, govern, and deliver real outcomes.

MCP servers connect AI agents to enterprise systems, but most examples aren't specific about what they have access to - they just assume you know. This works until your assistant decides to reorganize your file system or email your entire customer database. Turns out giving AI agents broad permissions is like giving a toddler car keys. This session guides authorization for AI workflows beyond RBAC (Role-Based Access Control). We'll implement dynamic permission scoping, context-aware authorization, and most importantly, human approval gates for dangerous operations. You'll learn to build agentic workflows that are useful enough to deploy but constrained enough to trust with production data.

Imagine a world where your AI agent doesn’t just respond, but actively plans, reasons, and takes action across multiple systems like a true digital copilot. That’s the power of the Microsoft Agent Framework, the latest innovation from Microsoft that unifies the best of Semantic Kernel and AutoGen into a single, enterprise grade platform. In this session, we’ll build a Flight Tracker from scratch, powered by the Agent Framework. Along the way, you'll learn how you can orchestrate agents that can fetch live flight data, manage context, and respond in natural language as well as use tools, connectors, and memory to make your agent reliable and context-aware. We will also explore human-in-the-loop approvals as well as learn to integrate with famous protocols like A2A and MCP so your agent doesn’t just act but acts responsibly. By the end, you’ll see how the Microsoft Agent Framework makes it easier than ever to go from idea to prototype to production-grade AI agent, with enterprise reliability built in. It’s going to be demo-packed, developer-focused session where you’ll discover how to harness the Agent Framework to bring your own AI agents to life whether that’s a Flight Tracker or the next big AI-first app.

When I started out in development, unit testing was all the rage. We broke functionality into smaller and smaller classes, building mocks as we went. There was a hidden menace here - one refactoring change would break a slew of tests, and I became disillusioned. This is when I discovered integration tests - a far more effective safety net for ensuring our system works as expected. But building effective integration tests is much more challenging than isolated unit tests. In this session, I'll break down the common tools used in integration tests for .NET, including the testing package for Microsoft and other extensions such as FastEndpoints. I'll also cover dealing with shared state and infrastructure like databases using TestContainers, and external uncontrollable dependencies. Finally, I'll share patterns for building effective and maintainable integration tests for a variety of application types, from web apps, to APIs, to messaging endpoints.

I am sure most of you have heard of passkeys by now. But how do they actually work? What's wrong with normal passwords? What is the difference? Do they improve user experience? What problems do they solve? We decided to implement passkeys for Have I Been Pwned, gathered metrics and a lot of other data just so we could tell you about it! I'll show you what we did, what technology we used and if it has made things better or worse, so you can do it too!

In this talk, I’ll show how to turn a simple WhatsApp message into an AI-powered creative experience. Using Twilio, WhatsApp, and OpenAI’s image generation APIs, we’ll build a workflow where users can send images via WhatsApp; think selfies, pet pics, and photos from the conference, and receive a cartoon, sketch, or fun version of your photo to share on your socials, group chats, and company message boards. In this talk we'll cover: - Why should we consider creating fun and engaging experiences via messaging - How OpenAI's API works - How to set up Twilio’s WhatsApp sandbox to send and receive incoming media - How to process and transform images with OpenAI’s latest APIs - Utilising existing libraries to transform images - Sending images through WhatsApp - Best practices for handling image input, latency, and user experience - Other cool things you can build once you have images This demo is practical, fun, and showcases how teams can blend communication APIs with AI to create delightful, interactive messaging experiences.

In this session, I’ll demonstrate how to build reliable, production-ready AI backends using Azure OpenAI Service—moving beyond chat interfaces to implement AI-driven business logic that performs intelligent micro-operations inside your applications. We’ll explore patterns for generating machine-readable, structured outputs (JSON, key/value payloads, classifications, and entity records) with strong control, validation, and reliability. Using a real example, I’ll show how AI can identify existing entities to prevent duplicate creation and maintain data integrity across a system. Attendees will learn practical techniques, prompt patterns, token management, and architectural approaches for turning Azure OpenAI into a predictable and safe backend service that can allow you to plug in Intelligence into any part of your system.

AI coding assistants are rapidly reshaping how developers write, debug, and ship software. Tools like Cursor and Claude Code can supercharge productivity — but only if you know how to use them effectively. In this session, we’ll cut through the hype and focus on practical, developer-tested strategies for getting the most out of AI in your workflow. You’ll learn how to master prompting and context engineering, make the most of long context windows, streamline debugging and testing, and integrate AI into your daily development practices without sacrificing code quality or security. We’ll also explore how emerging standards like Model Context Protocol (MCP) unlock new workflows by connecting your AI assistant directly to tools such as GitHub, Slack, Playwright or Figma — turning it from a code generator into a true development teammate. Whether you’re new to AI-assisted coding or already experimenting with it daily, you’ll leave this talk with concrete ideas and techniques you can apply immediately to level up your development process.

Despite how important and prolific software and programming have become over the last 50 years the general public still have a very loose understanding of what software actually is. This hasn't been lost of the people that build the software, who often slowly try and capture themselves in the work that they do. In this talk we'll take a look at some examples through history of seeing the humans behind the code they write as they imprint themselves on their work and we'll consider if it's possible to deliberately make art by manipulating the form and design of software itself. A talk for everyone wanting to be seen in the work, or understand their own creative urge.

Do you get your SLAs, HAs and DRs confused with your RPOs and RTOs? The cloud vendor will take care of recovery right? How does SaaS change the planning? What risks do I need to cater for, and which do I ignore? This session is designed for anyone building enterprise grade systems or being in the position of having to work with stakeholders on requirements, options and costs. With some lightning storms, a bit of math and lots of take home tools and discussion starters, this session is designed to make you feel more confident when designing your next 99.999% uptime system.

In the first paper on using LLMs trained on code in 2021, the authors at OpenAI warned "[the LLM] may suggest solutions that superficially appear correct but do not actually perform the task the user intended. This could particularly affect novice programmers, and could have significant safety implications depending on the context". 5 years later we're starting to grapple with some of the implications of that issue. LLM-generated code is being smuggled into large code bases, some successfully and others not. Open-Source maintainers are creating policies forbidding LLM-generated contributions, yet others are delegating their tech-debt and backlogs to LLMs. Are LLMs good software engineers? In this talk I'll be sharing some data and insights on the analysis of millions of lines of LLM-generated code. I'll explore some principles of software engineering, maintainability and quality and explore how they apply to an AI-generated toolset. I'll share some techniques for improving software quality when using LLMs and my opinions on the long-term risks with letting the LLM write the code.

Legacy systems are like ancient temples: full of mystery, danger, and long-forgotten knowledge. One wrong move and the whole thing might collapse. But somewhere deep inside lie years of embedded business logic, customer trust, and operational quirks that no rewrite can replace. In this talk, we'll don the fedora and take up the whip as we explore techniques for exploring legacy codebases without triggering the traps. We'll dig into Source control archaeology, safe refactoring strategies, introducing tests in a hostile environment, and recognizing "cursed" files with high churn or hidden dependencies. Whether you're maintaining a dusty monolith or inheriting a mystery repo, this session will equip you with tools and tactics to escape with the real treasure: Knowledge of how to extract business value and gradually modernize.

Most AI talks show you how to call an API. This one shows you how to build production systems that don't fall over when real users arrive. Over 18 months, we scaled from "ChatGPT prototype" to a production AI platform processing 50 million LLM requests monthly. We learned that LLMs aren't just APIs with fancy responses—they're distributed systems with non-deterministic failure modes, unpredictable costs, and reliability challenges that break traditional architectural patterns. This talk is a technical deep-dive into building AI infrastructure that survives production.

Modern software systems are becoming ever more distributed and complex, requiring efficient and reliable communication mechanisms to maintain consistency and performance. With many moving parts, applying well-established patterns like Outbox, Inbox, and Sagas becomes crucial to achieving the key ‘ilities’ you are looking for. In this session, we will dive into practical use cases, demonstrating how these patterns can be leveraged to tackle some of the challenges in modern software architectures. Through real-world examples, you'll learn how these patterns can enhance the resilience and maintainability of your distributed systems, ensuring they meet the demands of today’s complex environments.

When we build a website these days, there’s a 110% chance that it’s got some form of JavaScript on it. Whether it’s a full framework, for animations, to trigger a popup or as a tracking script, JavaScript is all around us. But what if I told you that you didn’t have to use JavaScript at all? Not even as a build process? Thanks to updates in browser technologies, there’s now a plethora of native browser features that allow building modern, functional websites, sans JavaScript. So together, we’ll build out a *completely* static website, a collection of HTML and CSS files, no tracking, no scripting, no servers, no third-party resources. Let’s build a website the way we used to (but no marquees).

Establishing a platform that serves the needs of your developers is a challenge for teams of all sizes. But with Generative AI tools like GitHub Copilot, surely this is now all easy, and all we need is a few prompts, right? Well, no, not really. Your onboarding processes are probably poorly documented, the tools your developers use on a day-to-day basis vary wildly between teams, and the way your teams deploy to production vary from dated bash scripts to crossed fingers over beers on Friday. Hardly the solid context needed for generative AI to actually be helpful. In this talk, we’ll explore how platform engineering and generative AI can work together to improve developer experience, if you get the foundations right. We’ll look at common organisational and cultural challenges that limit productivity, and how to start addressing them with simple, practical steps. From there, we’ll show how “everything-as-code” patterns and AI-assisted tooling (such as MCP servers, coding copilots etc.) can accelerate platform maturity and reduce friction across teams. Whether you’re a platform engineer, developer, or tech leader, you’ll leave with a clearer view of how to build a platform that AI can actually help with, and how to make your developers happier in the process.

Let’s be honest: AI tools in development are being pushed into our workflows, and not everyone’s thrilled about it. But they’re here—and they’re changing. What started as autocomplete has become chat assistants, CLI tools, and cloud agents, with their evolution being claimed as a shift from a pair programmer to that of a peer in our virtual team. This session takes a practical look at how we can work with these tools effectively, optimise them for real-world use, and critically assess when they’re genuinely contributing... and when they’re just getting in the way.

The browser has become the new enterprise perimeter. From engineers pasting proprietary code into ChatGPT, to stolen SaaS session tokens fueling large-scale breaches, real incidents prove that most data leakage and credential abuse now happens *in the browser*. In this session, we’ll examine how Zero Trust principles can be enforced at the browser layer. Using case studies from recent security incidents, we’ll map real-world compromises to MITRE ATT&CK techniques and show how enterprise browsers and browser isolation platforms are evolving into critical security control points. Attendees will learn how to mitigate SaaS and GenAI risks with in-browser DLP, tenant restrictions, OAuth consent governance, and session telemetry—without locking down productivity. Whether you’re a CISO, security architect, or practitioner, you’ll leave with a clear understanding of why the browser is now your most important Zero Trust battleground.

In this talk I'll present real use cases that I've collated working with enterprises looking to ingest telemetry via the OpenTelemetry collector. Batching, enrichment, filtering, redaction, sampling - it's all here. No AI, no product pitches, just actionable insight. This talk will provide a gentle introduction to the collector itself, then dive into the specific examples. If you are curious about the topic, this video provides an excellent primer for this talk: https://www.youtube.com/watch?v=_CJrFW_yjRo

Unfortunately, when developing WCAG2, the Working Group did not envision the current world where mobile is almost ubiquitous. For example, on a mobile device there is no continual access to a keyboard (unless someone is using it as an add-on to the device – or using a Blackberry Classic). WCAG2 requires that all content be accessible to the keyboard interface, but it does not require that all content be accessible to a mouse or to a touchscreen user, which is essential on a mobile device. WCAG2.1 does include some mobile accessibility requirements but doesn’t go far enough. Gian Wild chaired the Mobile Site Sub-Committee to develop a set of Mobile Site Testing Guidelines that are available under Creative Commons. These guidelines are meant to be used in conjunction with WCAG2 (and WCAG2.1) to ensure that sites are accessible to people with disabilities using mobile and tablet devices. Accessibility is important to all – not everyone using your mobile app, device or wearable will be fully functioning, either because they have a disability, or they are simply engaged elsewhere. Gian talks about the things that are essential to avoid when designing mobile apps, devices and wearables to ensure that everyone can use them. She talks about specific mobile accessibility features: pinch zoom, native screen readers, haptic keyboard, etc., and system accessibility settings: font size, screen rotation, high contrast, etc.

Your existing .NET Web APIs have served you well—but what if they could do more with them in the era of AI? In this session, we’ll explore how to breathe new life into your existing ASP.NET Web API endpoints built with ASP.NET CORE by adding Model Creation Protocol (MCP) capabilities to them. We'll look at how the MCP C# SDK makes it simple to annotate your existing controllers, instantly transforming your REST endpoints into AI-powered services that can empower LLMs and agents. We’ll also compare this approach to a no-code approaches using Azure API Management. Finally we'll look at where both of these approaches fall short and are only a starting point for a good long-term MCP design. You can use then to jump start the process and then follow the path we outline together to evolve your APIs from technical plumbing to intelligent, task-focused tools that solve real problems using AI—all without starting from scratch.

Spec-Driven Development (SDD) is the brave new world in AI coding we all knew was inevitable. More like a revolution than an evolution of software delivery, SDD produces solutions as artifacts of a structured specification. This specification is the contract for code behavior and the single source of truth guiding developers, tools, and AI agents to generate, test, and validate results. It is software engineering through prompt precision.

AI agents are everywhere - but most of them don’t work. They drain engineering time, frustrate end users, and burn budgets without ever proving their worth. The result? Shiny demos that impress in the boardroom but fail in production. This session shows you how to flip that script. I’ll share a practical framework for designing and deploying AI agents that create measurable business impact, agents that align with real workflows, integrate securely, and deliver results people actually care about. You’ll leave with: - A checklist for spotting when an AI agent is worth building (and when it’s not) - Common pitfalls that cause pilots to fail and how to avoid them - Strategies for measuring and communicating value early to win stakeholder trust - Real world lessons from enterprise rollouts that moved from hype to impact If you want to stop wasting resources and start building AI agents that stick, this talk will show you how.

The web is evolving, and so are the APIs that power it. This talk dives into the newest and most underutilized browser APIs, including the File System Access API, Background Fetch API, WebGPU, Web Share API Level 2, and Contacts Picker API. Attendees will learn how these tools can simplify development, enhance user experience, and bring desktop-like capabilities to the web. Through live demos and practical industry examples, developers will leave with actionable insights and inspiration to integrate these APIs into their own projects. This talk is targeted at web developers, technical leads, and product designers eager to explore innovative browser capabilities and stay ahead of the curve.

In the last few years we have seen a rise in the usage of the term Platform Engineering, but what does that actually mean and how does it compare to DevOps? In this talk I will present what these both mean to me as someone who has been a "DevOps" engineer and is now a Platform Engineer. I'll talk about the "Platform Engineering Iceberg" showing how what appears to be a simple term hides a mass of complexity and challenges. And to wrap it up I'll talk about Developer Experience and how that ties into all of this.

As organizations integrate Generative AI into their systems, securing data access for both human users and AI agents has become a critical challenge. Traditional access control approaches fall short when AI systems need contextual, document-level permissions at scale and speed. This talk demonstrates how Fine-Grained Authorization (FGA) provides robust security for Retrieval-Augmented Generation (RAG) and agentic AI systems. Learn how to implement permission models that protect sensitive information while enabling AI to access only authorized data. The talk explores implementations using OpenFGA and LangChain, showcasing how to build security directly into AI retrieval pipelines. The presenters will provide real world case studies to discover how enterprises can prevent data leakage, implement multi-tenant isolation, and maintain audit trails while scaling to billions of access decisions. Open source tools like OpenFGA and integration techniques with vector databases will be featured, along with best practices for real-world deployment. Thus join us to understand how one can maintain security without sacrificing performance or user experience in Agentic / Gen AI applications.

Azure Data's developer story is getting good. Data API builder provides a drop-in replacement for most middle tiers with secure, feature-rich REST and GraphQL endpoints that expose SQL, Cosmos, Postgres, and MySQL in Azure, on-prem, or any cloud with a rich developer experience, CLI, and breadth of tools. Azure Data's MCP story is also getting good. At the heart of our agentic play is Data API builder's new MCP experience, which provides DML and DQL interop for models in a novel and performant way that keeps security and scale top of mind. Integrated with AI Foundry, Entra, ACA, and SQL, the SQL MCP Server is an important puzzle piece. For three years, Data API builder has given developers the flexibility, telemetry, and topological options they need to snap into the enterprise architectures of our largest customers and the earliest hobbyists. Free, open source, and fully supported, Data API builder is the cornerstone of our Data story arc to enable every developer. But that's easy to say. Come see for yourself what Data API builder can do for classic line-of-business apps interacting with backend data sources, how massive chunks of a code base made redundant by the engine can be eliminated, and how intelligent apps integrating AI agents through LLM models can "just work" against your data sources.

Software used to be predictable. You could trace the logic, reason about behaviour, and prove the results. Better tools have made us faster and allowed us to build more with less effort. But the further we step away from the code, the less control we really have. This is not a new problem, but it's more relevant than ever. Generative AI has dropped the barrier to entry dramatically, and it's never been easier to produce probably-working software with a single prompt. So how do we avoid sleepwalking into brittle, opaque systems that only appear correct? When is "good enough" actually good enough? And when the result always looks right, how do we know when to step in?

In this session, I want to show developers and architects how to build a resilient, cloud-native, active-active distributed microservices platform using Azure Container Apps and Terraform Stacks. We’ll start from a simple front end and progressively assemble a fully authenticated API tier, event-driven communication with Event Grid, and a lightweight GitOps workflow that continuously deploys both infrastructure and services across multiple regions. The goal is to demonstrate clear, repeatable patterns that make serverless microservices easier to build, operate, and scale.

At Octopus Deploy, AI did not start with a big rollout or a strict adoption plan. It began with individual developers trying things out. Sometimes it was curiosity. Sometimes it was to solve a specific pain. Some teams were skeptical. Others had concerns about trust, privacy, or whether the tools were mature enough to use in production. Instead of forcing adoption, we allowed people to experiment and figure out what helped them ship faster or work smarter. That approach gave us room to learn. Teams ran small tests, shared what worked, and slowly built confidence. Over time, AI shifted from something a few people played with to something teams relied on daily. Eventually, we brought that experience into the product itself. We added AI features where they made sense, not as flashy add-ons, but to improve the deployment experience in simple, practical ways. You should attend this session if you are a developer who wants a realistic view of what AI looks like inside a software team. If you have tested tools but struggled to get lasting value or are unsure how to introduce AI to your team without it becoming a distraction, this talk will help. You will hear what worked for us, what did not, and how we kept the focus on practical outcomes. Whether you are curious, cautious, or somewhere in between, you will leave with ideas you can take back to your team and use right away.

Pressure to ship features and gaps in secure coding knowledge are driving developers to lean on generative AI for security patches. But is this actually improving software security, or merely masking knowledge gaps? This presentation is based on a research experiment where we systematically reviewed 400+ AI‑generated patches for real‑world vulnerabilities. We looked to answer two key questions: 1\. Do AI-generated patches actually fix the vulnerabilities? 2\. Do developers learn from AI-generated patches? Our findings show a significant drop in remediation accuracy when developers rely solely on AI suggestions. A large number of participants could not explain how the AI-generated patch addressed the issue. Rather than serving as a mentor, current AI assistance risks over-reliance, leading to a superficial understanding of vulnerabilities and passive consumption. Our findings is inline with other related research that shows a considerable drop in learning when humans rely on auto-suggestion tools. This presentation is filled with real-world examples and data from a secure coding contest. We will discuss the implications of these findings for software security. We will also explore how to use AI tools effectively without sacrificing necessary secure coding skills.

2025 is the year of agents, but what does that mean? Rather than spend time going over the theory, let's walk through the process of building an agent live. You'll see how large language models, functions, and open source tools fit together to bring to life an agent over the course of the talk. We'll build out an agent that starts simple and graduates to a multi-agent model, with different components managing and performing tasks. You'll leave with a good idea of what you need to know to start building your own powerful agents.

More info coming

Analytics over traditional row-oriented relational databases does not scale. For read-heavy workloads that require aggregating many rows column-oriented databases deliver massive performance improvements. While row-oriented relational database technology has been remarkably stable since the 1970s, column storage is a relatively new invention with ongoing innovation and improvement through systems like ClickHouse, DuckDB, Vertica, BigQuery, Redshift and SAP HANA. This presentation introduces the design ideas that make column stores so powerful, such as cache-friendly access patterns, vectorized execution and advanced compression schemes. We will demystify the internal machinery of column stores, including columnar storage layout, sophisticated encoding schemes, and column-oriented query execution. You’ll leave this talk with a clear understanding of where column-stores shine, how they differ from relational databases, and why modern analytics platforms are built on these principles. Whether you’re a practitioner curious about database internals or just looking to understand the tech powering today’s big data systems, this presentation will give you an approachable, hands-on introduction to the world of column-oriented databases.

Modern software relies heavily on third-party components like open-source libraries and NuGet packages, which can introduce security risks. If you're not carefully managing these dependencies, you could expose your application to vulnerabilities or even malicious code—just like what happened with Log4J. In this session, we'll cover best practices for securing your .NET projects, including using tools like Trivy and NuGet’s security features to scan and monitor dependencies. We’ll also discuss supply chain observability—how to track vulnerabilities and ensure the integrity of your components. Beyond tools, we'll touch on team policies for approving third-party libraries, setting security gates in CI/CD pipelines, and fostering a security-first mindset in your organization. Live demos will show practical steps you can implement right away to protect your applications.

This session provides a direct comparison of several AI-assisted developer tools including GitHub Copilot, Cursor, Loveable, and others. Each tool will be tested against a consistent set of programming tasks such as writing new code, refactoring, debugging, and test generation. Attendees will see how each tool performs in terms of accuracy, speed, and integration with existing workflows. The session will highlight specific strengths and limitations based on real coding scenarios. It will also cover what happens when multiple tools are used together. This talk is intended for developers who want a practical understanding of how current AI tools support day-to-day programming work and where manual effort is still required.

Searching isn't just about exact matches anymore—users expect search results that understand context and adapt to their input. Enter the world of AI-driven fuzzy search! In this session, we’ll explore how to implement powerful search capabilities in .NET using Microsoft.Extensions.AI, Ollama, ChatGPT, and vectorization techniques. You’ll learn: - How to integrate AI into your .NET applications with Microsoft.Extensions.AI. - How ChatGPT and Ollama enhance contextual understanding. - Why vectorization is key to semantic search and how to implement it. Through live demos and practical examples, you'll leave equipped to build better, more user-friendly search experiences. Whether you're a .NET developer or an AI enthusiast, this session will give you tools to level up your search game.

Ephemeral environments sound like the perfect solution for quickly testing changes. Spin up fresh infrastructure for every feature branch, test in isolation, tear it down when you're done. Clean, efficient, disposable. Simple, right? Well, there's a bit more to it than that. In this talk, I'll explore why many teams love the idea of ephemeral environments but struggle to implement them. We'll cover the fundamentals you need to understand before diving in, from how long these environments should live, to whether they need to mirror production, to where your data comes from, and what you should use these environments for. You'll walk away understanding: - What ephemeral environments are, when they make sense, and what infrastructure maturity you need before attempting this - How your existing infrastructure choices (Kubernetes, Azure Static Web Apps, virtual machines, PaaS, etc.) influence your implementation approach - Real-world tradeoffs between the coordination overhead of static environments versus the cost and complexity of ephemeral ones - Why parameters and variables will be required everywhere, and why they can be frustrating This is an honest look at what works, what doesn't, and how to bridge the gap between wanting ephemeral environments and successfully running them. I'll show a couple of demos of getting started, so whether you're evaluating ephemeral environments for the first time or looking to understand why your initial experiments didn't stick, this talk will help you make informed decisions about your approach.

Some of the best things we build as programmers never ship to customers - they live in our homes, our budgeting processes, our daily tasks, and our random weekend experiments. From automating lights to building interactive budget trackers, personal dashboards, or tools that simply make life a bit smoother (usually!), these projects quietly become the most powerful way to learn new tech. In this talk, we'll explore how personal projects act as a low-pressure playground for levelling up - staying current with frameworks, trying new cloud services, strengthening patterns and architecture skills, and building confidence through hands-on experimentation. I'll share real examples from my own projects, from practical automations to things where I dared to think "I wonder if I could build that?", and will talk about some of the exciting platforms and tools that are out there now that make it ridiculously easy to prototype whatever wild idea pops into your head. Key takeaways of this talk will be inspiration for your next "for fun" build, an understanding of why these projects matter, and a reminder that some of the best learning happens away from your day job.

Model Context Protocol is rapidly becoming the de facto standard for LLMs and systems to communicate. This session explores the fundamentals of the MCP protocol, how to safely implement it into our applications with the .NET SDK and Semantic Kernel, plus key considerations for building a production-ready system – like auth, rate limits, and observability. We'll cover the basics of setting up an MCP server in .NET and exposing executable functionality as Tools, enabling any client to communicate with our application. We'll understand how Semantic Kernel's familiar concepts of Plugins and Functions map over to the world of MCP. Let's walk through integrating .NET's native Identity services to align with MCP’s authentication spec, enforce role-based permissions using Semantic Kernel Filters, and apply rate limiting middleware to keep systems reliable and secure. Finally we will discuss approaches to running intelligent .NET applications in the wild with Azure API Management, open telemetry, and .NET Aspire on Azure Container Apps.

Everyone's talking about AI agents, but few have operated one in production serving a real organization for an extended period. This talk shares hard-won lessons from building and evolving InfraAssistant — a multi-agent system that handles technical support, troubleshooting, knowledge management, and operational tasks for a platform engineering team, and is now growing into a customizable platform for the entire organization. We'll cover: the evolution from simple chatbot to a complex, dynamically evolving multi-agent system with MCP, hundreds of tools, and a diverse action space; which architectural pivots were necessary and why; practical challenges around context management, tool design, and reliability; and how to balance powerful agentic capabilities with security. Beyond the technical, we'll explore the foundational mechanisms enterprises need now to properly leverage generative AI and autonomous agents in the years ahead. Attendees will leave with practical patterns for building multi-agent systems that survive contact with reality, and architectural principles that prevent you from getting left behind as the field rapidly evolves.

Complexity is a property of systems with lots of components that interact in lots of ways. Bugs thrive in complexity. Inert bugs in one component may be activated by seemingly unrelated changes in another. Latent bugs may take years to be observed. Just writing lots of unit tests for this kind of software isn't enough. Bad tests slow you down without catching meaningful bugs. Good tests are hard-working productivity multipliers. In this session we'll explore a variety of testing techniques applied to a commercial database engine over a decade of active development, including model-based testing, fuzzing, and more. Borrowing methodologies from other industries, we'll see how testing complex software requires challenging our ideas of what a test is, and how testing fits into software development.

For a while now, GitHub Actions has been a powerful tool for automating processes directly from your GitHub repository. This session aims to transcend beyond basic tutorials and dive into the sophisticated capabilities of GitHub Actions, offering insights into building, testing, and deploying applications with unparalleled efficiency. Throughout this session, we'll navigate through the intricacies of GitHub Actions, uncovering the potential of this automation powerhouse. You'll gain a deep understanding of advanced concepts and techniques, ensuring you can leverage GitHub Actions to its full extent for your projects. Here's what you'll learn: - Optimizing GitHub Actions Runners: Master the art of selecting and optimizing runners for faster builds and deployments. - Mastering YAML Workflow Syntax: From triggers to conditionals, learn to craft workflows that respond dynamically to the complexities of your project. - Leveraging Advanced Features: Dive into job dependencies, matrix builds, and outputs for sophisticated workflow design. - Securing with Environments and Secrets: Implement best practices for managing sensitive data and configuring secure deployment environments. - Dynamic Deployments: Explore advanced deployment strategies to container registries and Azure, ensuring your application is delivered efficiently to the right platforms. Enhanced with real-world examples, this session will equip you with the skills to implement advanced CI/CD workflows that streamline your development process, improve code quality, and accelerate deployment cycles. Whether you're looking to refine your existing CI/CD practices or expand your GitHub Actions expertise, this talk will provide valuable insights and techniques that are immediately applicable.

Autonomous AI agents are quickly becoming the next frontier in software development, moving beyond copilots to systems that can sense, reason, and act independently. But with this evolution comes a new set of challenges: agents that operate without clear boundaries, make opaque decisions, or act without human oversight can introduce serious risks to safety, fairness, and accountability. In this session, we’ll explore how developers can apply the principles of Responsible AI to build autonomous agents that are not only powerful but also trustworthy. We’ll walk through technical implementation strategies using publicly available Microsoft and Azure tools, including orchestration frameworks, fairness assessment toolkits, and governance patterns that enforce safe behaviour. Through hands-on demos, we’ll showcase practical examples of how to audit agent behaviour, enforce action boundaries, and build systems that align with ethical and regulatory standards. You’ll see how to use tools to embed responsibility into every layer of your agentic architecture. This talk will equip you with practical techniques to build autonomous AI agents responsibly using open-source tools, design patterns, and governance frameworks that ensure safety, transparency, and accountability from day one.

Cross-platform development has never been more capable—or more chaotic. Between native UI frameworks, AI-assisted design, and the rise of Model Context Protocols (MCPs), developers are navigating a rapidly shifting landscape. In this session, we’ll cut through the noise and explore how the Uno Platform, combined with Hot Design and MCP-powered workflows, enables you to deliver elegant, truly cross-platform applications running on Windows, iOS, Android, macOS, Linux, and WebAssembly—all from a single C# codebase. We’ll walk through practical examples of how Hot Design transforms UI workflows using live editing, AI-generated layouts, and instant visual feedback. Then we’ll go deeper into how MCPs allow developers to scaffold whole apps that leverage themes, toolkit, extensions and other features of the Uno Platform. Whether you're building your first Uno app or optimising a production-scale solution, you’ll leave understanding: - How Uno Platform’s UI and runtime architecture enables native performance everywhere - How Hot Design boosts iteration speed with real-time design-to-code workflows - How MCPs enrich developer tooling with AI-driven context, automation, and smart refactoring - Patterns for combining all three to build modern apps faster, cleaner, and smarter If you want to glimpse the future of .NET app development—and start using it today—this session is for you.

Agentic applications are inherently complex to build, you have so many systems that need to be connected together, from databases to APIs to cloud platforms. Microsoft's new Agent Framework can reduce part of this complexity by abstracting away the underlying AI platform, allowing you to move between local and cloud with easy, but there's still a lot of additional overhead for all the other parts of the application to manage. Enter Aspire, a platform for simplifying the development and deployment of distributed applications, be the monoliths or microservices. So, let's bring all of this together and see how we can get to the simplicity of cloning a repo and hitting run to have a fully functioning development environment for agentic development that seamlessly rolls into production deployments.

CSS has never been more powerful, intuitive, or exciting! With groundbreaking features such as scroll-linked animations, advanced text wrapping and nesting, intelligent selectors like :has() and :not(), and the adaptive magic of container queries — the way we build the web is evolving like never before. In this fast-paced and high-energy talk, Lemon will introduce you to the latest and greatest features of modern CSS, and give you tips for using them to transform your projects—whether you’re giving an old site a fresh coat of paint or leveling up your current workflow. Get ready to expand your CSS toolkit and create beautiful, performant designs with confidence. This is the CSS you didn’t know you’ve been waiting for.

We love adding features, but what about taking them away? Deprecating and deleting code is one of the most neglected parts of the software lifecycle, often postponed until it becomes painful, risky, or politically tricky. In this talk, we’ll explore how feature toggles, typically used to launch features, can be just as powerful for retiring them. We’ll cover real-world examples and lessons learned from within Octopus and discuss tooling tips to help you clean up your codebase without fear. If your product roadmap is filled with more "we should remove that someday" than you're comfortable admitting, this talk is for you.

Scaling a database sounds like a great idea, but have you considered the number of ways it can fail? Add some nodes, throw in replication, and suddenly you're explaining to stakeholders why two customers saw two different truths at the same time. Turns out distributed systems have opinions about physics - but data modeling can help. This session covers the fundamentals (replication, consistency, partitions) and the tradeoffs nobody mentioned when they said "just scale horizontally." We'll look at real failure modes and practical patterns for building systems that handle chaos without dragging your app down with them.

Tired of Jira suggestions that actually make sense? Ever wish your project assistant had less emotional intelligence and more sarcasm? In this talk, we’ll build an AI-powered Rovo agent that lives in your Jira instance and gives gloriously bad advice. Whether it’s renaming every ticket to “ASAP Fix Me” or suggesting you "pivot to blockchain," this is your chance to explore Atlassian’s AI ecosystem by doing the absolute wrong thing—on purpose. Behind the chaos is a serious dive into building custom Rovo agents using Forge, Atlassian’s serverless app platform. You’ll learn how to tap into structured context, design agent behaviors, call external APIs, and create an experience that’s technically robust but deeply unhelpful. Come for the bad ideas, stay for the genuinely useful lessons in AI-powered automation inside Jira.

In this session I am showing you how I combined the hottest AI-topics to create an assistant for my grandma, in an attempt to help her with some of the difficulties that many older people face. Upon an edge device, I designed, implemented and deployed a solution that acts as a communication bridge between the elderly and the outer world, including care takers, nurses, doctors etc. To achieve that, it uses local resources as well as Azure resources for multiple heavier tasks. I will go through all the challenges I faced, stretching from hardware and software to people skills and the fear of the unknown.

Over the years, the concept has had many different names. From “observables” in KnockoutJS, to “refs” in VueJS, before Solid made “signals” popular. We’ve seen the carcinization of frontend frameworks in the pursuit of more seamless and fine-grained reactivity in our applications. But what actually are Signals? Why do we keep coming back to them? And why is their potential adoption as a language standard such a big deal?

Building secure applications requires more than just adding encryption. Through live demos and real-world examples, we'll explore how to properly implement security features like end-to-end encryption, perfect forward secrecy, and secure device migration. You'll see how to protect both data and metadata, at rest and in transit, and learn about the common pitfalls that can compromise seemingly secure systems. Using a chat application as our example, we'll walk through the evolution from basic encryption to a robust security system. We'll examine how real-world applications handle key management, protect against traffic analysis, and manage secure device enrollment. You'll learn the architectural patterns that make applications truly secure at scale. Whether you're building a messenger, a document store, or any application that needs to protect user data, you'll leave with practical knowledge of how to implement encryption correctly and make informed security decisions in your own projects.