Open Source Summit North America 2025

Open machine learning (ML) models and datasets are rapidly becoming central to building AI applications. While this trend accelerates innovation and democratizes AI, it exposes applications to security risks like data poisoning and supply chain attacks. Threats like malicious backdoors hidden in pre-trained ML models hosted on major hubs like Hugging Face emphasize the wide reach compromises can have. So, how do we build trust in the ML lifecycle? 
This talk presents Atlas, a framework that combines open specifications for data and software supply chain provenance like Coalition for Content Provenance and Authenticity (C2PA) and Supply-chain Levels for Software Artifacts (SLSA) with the integrity features of transparency logs and trusted hardware to run attestable ML pipelines. First, we motivate the need to safeguard all layers of the ML lifecycle. We describe and demonstrate how Atlas’s three core mechanisms enable verification: (1) cryptographic artifact authentication, (2) hardware-based attestation of ML systems, and (3) provenance tracking across ML pipelines. Our Atlas demo integrates several open-source tools to build an end-to-end ML lifecycle transparency system.

The Overton window, a concept originating in politics, refers to the range of policies that are considered acceptable to a broad and diverse audience. In this session, we will share our experiences and recommendations on how to successfully adapt to shifting "Overton Windows", as they pertain to mainstreaming our platform to support a wide range of customer requirements while minimizing non-recurring engineering expenses. At Lockheed Martin, we have developed a modular open system that incorporates Secure Supply Chain and Cloud Native standards, enabling us to rapidly deliver capabilities to customers in highly regulated and diverse environments, while navigating the complexities of evolving requirements and priorities.

The ability to quickly observe and respond to security threats on remote machines is critically important for business and infrastructure, yet gaps still exist when applying cryptographic attestation solutions in real-world scenarios. Accessible policy generation, clear ways to understand attestation results, and methods for handling system updates need to be available to make remote attestation feasible. Adapting attestation best practices and tools to environments like edge and IoT, with vast scale requirements and limited network connectivity, can pose challenges as well.

Using the speakers’ experience working on open source projects Keylime (remote attestation) and flightctl (edge management), the session will walk through design considerations and challenges in bringing these tools together to monitor remote fleets of edge, IoT, and cloud-based systems at key points in the devices’ lifecycles. Further, the session will discuss remaining open problems as well as some potential solutions working toward the goal of usable, clear, and accurate attestation of remote systems.

At Intuit we have ~320 Kubernetes clusters running with ~8000 services and ~40 addons in a cluster which generate ~2 billion active time series metrics, 10 million Trace spans/sec and ~ 1.2PB of log data ingested (peak) in a single day. This talk focuses on Intuit’s journey from standalone, siloed, proprietary solutions for logs, metrics and traces to a unified observability solution. This is made possible with a data management architecture that enables seamless navigation and correlation between different observability pillars, usage of AI/ML techniques to quickly detect and isolate problems, UX that brings all the elements of data discovery with an interactive experience and high level features like golden signals, RUM (real user monitoring) and FCI (failed customer interactions). All of this leading to significantly lower MTTD and MTTI. We also discuss the challenges, choices, trade offs, benefits and lessons learned during this journey.