Open Source Summit North America 2025

Generative AI (GenAI) is ushering in a new era of human innovation, but building your own GenAI application can feel overwhelming. Which Large Language Model (LLM) should you choose? Should you incorporate Retrieval-Augmented Generation (RAG)? How can you ensure your application runs securely and efficiently on Kubernetes, with robust observability and debugging? And how do you manage API calls and control costs for external LLMs?

This demo-driven session will guide you step by step through building, running, securing, and managing traffic for a GenAI application from scratch. Starting with a native setup, we’ll then transition to Kubernetes, simplifying the entire process. You’ll learn how to enhance your application with domain-specific knowledge using RAG and leverage cloud-native tools like Kubernetes, Prometheus, Kiali, Istio, and the Kubernetes Gateway API to run your application securely and effectively.

As organizations rapidly adopt Large Language Models (LLMs) in production environments, understanding their unique security vulnerabilities becomes crucial. This session provides a deep dive into OWASP's Top 10 LLM risks, examining real-world examples and practical mitigation strategies.

In the original Matrix movie, Neo learned Kung Fu through an upload. Imagine if your ML could learn the same way. That's what a pickle file does for ML - "I KNOW KUNG FU" or whatever was in the file that was supposed to be "learned" by your ML model.

What if there was a plot twist where Agent Smith tampered with the Kung Fu module so that it included a fun "bonus" lesson that "taught" Neo to call Agent Smith every time he was trying to find an exit?

That's what's happening in Pickle Files, and that's the setup for ML and AI.

This talk will explain the threat, provide some examples, and discuss emerging detection capabilities. When it's over, you will know kung fu.

Okay, besties, real talk. Your code's dependencies? They're giving… chaotic energy. Like, are you even SBOMing? 💅
We've all seen the drama. log4j? xz utils? Straight-up trauma. But like, where do you land on the security spectrum? Are you accidentally downloading typosquatted packages because you're living your best, most chaotic life? Or are you a security queen, catching backdoors before they even exist? ✨
This talk is basically a giant vibe check for your security habits. We're gonna do a quick, brutal quiz – think 'are you the drama?' but for your code – and find out which iconic supply chain meltdown matches your energy.
We'll spill the tea on real-world attacks, from the 'oops, that’s a backdoor’ to the 'someone’s running Doom on Minecraft servers again' level. And we’ll give some practical advice on how to have good security posture. Stretch, queen!
If your security is giving 'main character energy' (and not in a good way), you need to be here. Let's level up our security game, avoid becoming the next trending security disaster, and maybe even get some clout for actually knowing when lockfiles actually help. 😉

TL;DR: Quiz, memes, securi-tea. 🫖 Don't be a vulnerability.

MoonRay is DreamWorks Animation's open-source production rendering engine, used to create memorable imagery from movies such as How to Train Your Dragon: The Hidden World, Puss in Boots: The Last Wish, The Wild Robot, the upcoming Bad Guys 2 and future titles.

We’ll talk about MoonRay’s origins as an experiment and its foundation for rendering-as-a-service in animated and non-animated content, stylized and photoreal, to its current use as the core production renderer for the feature film studio pipeline at DreamWorks Animation.

After diving into MoonRay’s use at the studio, we’ll present our path to open-sourcing MoonRay, the goals and challenges to launch that, the experiences gained since launch, what it means for DreamWorks, and where we see the potential for the open source community to embrace it and its future in animation, vfx, simulation, visualization, and more.