Open Source in Finance Forum Toronto 2026

Cloud adoption across financial services continues to accelerate, but inconsistent security controls, fragmented regulatory expectations, and cloud-vendor lock-in are major obstacles to secure, compliant, multi-cloud operations. FINOS Common Cloud Controls (CCC) is an open standard developed collaboratively with financial institutions, cloud providers, and vendors that defines a unified taxonomy, threat model, and machine-verifiable control catalog for cloud services.
Deep dive into the components of CCC, plus an understanding of the implementations of validators and conformant implementations. These will be demoed during Maxime and Eddie's talk at OSFF Toronto, but it will be a deeper dive into how to use the software and contribute improvements.

As financial services increasingly embrace open-source collaboration, RBC shares how this commitment positions us as a technology leader driving innovation across the industry. This keynote explores how strategic investment in open-source partnerships enables faster development, enhanced security, and the collaborative solutions that shape the future of finance.

The AI powering financial services today traces a direct line from open science labs at the University of Toronto and Waterloo — and the open source ecosystem that carried those ideas to the world. This talk frames that lineage as both a point of pride and a call to action for the finance industry. You are here, in this city, at this moment in the history of technology and business — and that is not a coincidence. The challenge now is to honor that legacy by working together as a community to ensure AI is rolled out responsibly, transparently, and for the long-term benefit of the institutions and people who depend on it.

As banks and financial institutions move AI from the testing phase into everyday use, a practical challenge emerges: it is difficult to rely on AI systems when you can't see exactly how they work. In a highly regulated industry, sending sensitive financial data through closed, third-party AI models raise real privacy, security, and compliance concerns.

In this keynote, we will explore why Sovereign AI is a practical approach for the financial sector. We will discuss how the open-source ecosystem provides the clear visibility and security needed to meet strict enterprise-wide risk management rules for AI systems, including OSFI guidelines. Finally, we will share how Red Hat helps organizations build trusted AI in financial services. By using flexible, open platforms, financial institutions can run AI workloads anywhere, ensuring they keep their data, infrastructure, and future innovation fully under their own control.

Locking down AI is likely to cost financial institutions more than what it would protect. Core AI techniques behave like infrastructure, while the competitive advantages lie at the edges, on data and domain expertise. Drawing on Vector Institute's co-development models - with more than 250,000 hours contributed by our Industry partners - transparency and community show a fast path to trustworthy, production-grade AI.

The Innovate.DTCC Hackathon brought the financial ecosystem together to design AI solutions that move beyond proofs-of-concept toward a scalable, open-source reality. Participants delivered a wide variety of innovative work, demonstrating how shared investment accelerates progress on complex, system-wide challenges. Mia Gougisha will highlight the winning projects that exemplify this collaborative power and the value of onboarding these solutions into the FINOS ecosystem, ensuring that the strongest ideas don’t stop at the finish line but continue on a clear path to industry-ready deployment. Join us to learn more about these projects and how you can get involved.

Large Language Models (LLMs) offer powerful reasoning and automation capabilities, but their probabilistic nature conflicts with the determinism, explainability and auditability required in financial services. This session presents a practical architectural pattern for agentic AI: LLMs as bounded cognitive components orchestrated by BPM-based workflow engines, such as Fluxnova.

Rather than deploying autonomous agents as opaque black boxes, this approach embeds LLMs within explicit and versioned business process models. BPM orchestration governs control flow, approvals, escalation paths, exception handling, and audit checkpoints, while LLMs are invoked for well-scoped tasks such as document extraction, classification, summarization and recommendation generation. The result is agentic behavior that is powerful yet constrained, flexible and governed.

Every outcome can be traced through a BPM execution graph, showing inputs, policies applied, LLM interactions, and human-in-the-loop decisions. We illustrate this pattern in the context of a financial use case to demonstrate how institutions can safely scale agentic AI while meeting regulatory, risk, and audit expectations.

In regulated enterprises, thousands of physical servers sit idle overnight, capacity paid for but unused. We built a spot scheduler that reclaims this donated infrastructure, turning idle bare-metal into ephemeral Kubernetes clusters using Cluster API and k0smotron. Each cluster runs Kata Containers and Confidential Containers (CoCo) for workload isolation and attestation, essential when running on hardware you don't permanently own.

Ephemeral clusters create an ephemeral DNS problem. As spot clusters spin up and down nightly, services must be discoverable without manual intervention. Bindy — an open-source, Rust-based Kubernetes operator for BIND9, closes the loop, automatically managing DNS records as clusters materialize and dissolve.

 This talk covers the spot scheduler architecture, why CoCo and Kata are essential for multi-tenant spot workloads, and how bindy provides DNS lifecycle automation for ephemeral infrastructure.

The gap between AI research and production deployment in financial services is not primarily a technical problem - it is a structural one. Drawing on Vector Institute's co-development experience across 500+ use cases and more than 200 organizations, this session explores how a collaborative approach can compress that gap, under what conditions transparency becomes a competitive asset, and where risks lie, from cybersecurity exposure to the governance challenges that open models surface rather than create.

The cybersecurity community has long theorized about a "vulnerability apocalypse" — a moment when the sheer volume of discoverable security flaws outpaces humanity's ability to respond. That moment has arrived. First articulated by Gadi Evron, Heather Atkins, and Bruce Schneier, the V apocalypse hypothesis has been validated in rapid succession: from January's OpenSSL findings demonstrating AI's power to uncover vulnerabilities, to Anthropic's disclosure of 500 previously unknown flaws, to the recent Mythos revelations. AI doesn't just assist in finding vulnerabilities — it has fundamentally transformed the threat landscape.
The race is no longer about discovery. It's about remediation. Attackers are learning to weaponize the same AI models that defenders use to find weaknesses, and the window to act is narrowing. This talk explores the urgent challenge of enabling defenders to remediate vulnerabilities at scale — before that window closes.
Drawing on the design principles behind Aisle and the "zero is everything" framework, this session will argue that eliminating the existing vulnerability backlog, keeping pace with new AI-driven discoveries, and closing off emerging vulnerability sources must become the baseline standard for any security operation. It will also make the case that this effort must extend beyond application security into network and data security, in anticipation of the regulatory frameworks now taking shape in direct response to AI's growing role in cyber offense.
The message is simple: to survive what AI makes possible, defenders must embrace what AI makes possible.


In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies. 

Over the past year, there has been a lot of churn & activity in the FINOS GitProxy project - a git-aware reverse proxy for enforcing security controls & custom push protection for source code repositories. In that time, we've hit architectural speed bumps, dealt with security vulnerabilities in naive or unspecified assumptions, and have strived to deliver more features on a regular release cadence. That doesn't come without its challenges.
 
Git Proxy is a flagship FINOS project and an enabler for many FINOS members. Importantly, securing outbound source code - and doing so without sacrificing the benefits of open source participation - solves a real and complex problem for our industry. As a result, the project has to evolve & adapt quickly.
 
In this talk, I'll walk through a roughly year-long journey from struggling in the muck in early prototyping, API dead ends, and difficulty in "connecting the dots" between many complex domains into a totally new way of working that has allowed me to rapidly iterate and push the project forward.
 
Using new agentic-based development techniques and tools such as GitHub Copilot & Claude Code, I've been able to deliver a feature-complete, top-to-bottom rewrite and fresh, new architecture of the core system while still continuing to leverage "classic" software engineering - expressive & well-thought-out abstractions, battle-tested frameworks & libraries, and a corpus of human ingenuity & wisdom. These tools, only when combined with this bedrock of expertise, allowed me to move well past prototyping into a production-ready revamp - and proved that the most powerful thing you can give an AI is a well-designed API to call.

Banking is the business of trust.  As financial institutions race to deploy AI, trust remains the foundation that enables lasting success. This session explores why Responsible AI should be seen as a strategic imperative that protects enterprise value and competitive positioning. Drawing on real-world examples of embedding RBC's Responsible AI principles into business operations, we'll examine how RBC translates foundational principles into tangible mechanisms that enable innovation without compromising reputation or stakeholder trust in an increasingly uncertain landscape.
 


In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies. 

Many assume AI-generated experiences only belong in chat windows. This talk challenges that assumption. Drawing on financial services workflows, we explore a critical design question: when AI surfaces an interactive application, where should it land? In a chat thread? In the user's workspace? Or back in the original application?

The Model Context Protocol (MCP) has rapidly become the universal connector between AI models and enterprise tools and data. MCP-Apps extends this by allowing tools to return interactive HTML interfaces directly in conversations. Google's A2UI introduces a declarative protocol for agents to dynamically generate UIs on the fly. FDC3, FINOS's interoperability standard, defines what apps exist, what they can do, and what context they handle.

We introduce three interaction patterns - Pull to Chat, Push to Workspace, and Navigate to Source - mapped against these frameworks: MCP-Apps for interactive UIs from tool calls, FDC3 for discovering and launching apps, and A2UI for dynamically generating interfaces.

Open source frameworks are defining how AI integrates with financial desktops. We hope to expand thinking beyond the chat window.

Cloud adoption across financial services continues to accelerate, but inconsistent security controls, fragmented regulatory expectations, and cloud-vendor lock-in are major obstacles to secure, compliant, multi-cloud operations. FINOS Common Cloud Controls (CCC) is an open standard developed collaboratively with financial institutions, cloud providers, and vendors that defines a unified taxonomy, threat model, and machine-verifiable control catalog for cloud services.

In this session, we will unpack how CCC addresses industry challenges, demonstrate its practical application for risk-aware cloud architecture, and illustrate how open, machine-readable control definitions and tooling can transform cloud compliance from a bespoke burden into a shared, scalable ecosystem. The talk will be valuable for cloud architects, security engineers, and standards-oriented practitioners in finance and beyond.

(1) Intro to Fluxnova
- How does it fit and what business problems can it solve?
- 2-3 Financial Services examples
- What tooling is available?
- Monitoring
- Tasklist
- Admin
- Briefly: Engine & installation/architectural options
(2) Demo w/ AI Governance Framework & guardrails using a common Financial Services use case
- General overview of thought process: https://www.linkedin.com/posts/ryan-johnston-823124_one-thing-became-very-clear-in-last-week-activity-7424543321907302401-RgG4
(3) Performance
- Brief overview of performance with numbers from a demo environment
- We've run tests with the Camunda 7 codebase that have demonstrated performance that is blazingly fast. We're going to run a specific test with the most current version of Fluxnova prior to OSFF Toronto and will share those results.
- High-level numbers from a previous performance test that we ran on the code base with a production-ready architecture at AWS: https://summit58.com/camunda-platform-performance-at-scale/
- General comparison of performance to other architectural approaches & generic alternatives
- We're *not* trying to compare performance to any other platform.

As AI agents take more and more of a leading role in crafting code, it’s suddenly become apparent that the “first user” of engineering productivity tooling will be shifting towards agents rather than individual human developers.

With a human still at the helm of a fleet of agents in producing software, and increasingly less involved in the writing of individual lines of code, maximizing engineering value delivery means making every tool call faster, more token efficient, and more accurate.

We’ll cover a variety of concrete cases where tool call efficiency can be harvested immediately:
* Trigram index based code search
* Lossless Semantic Tree access/manipulation patterns
* Mining data from chat transcripts
* Exposing multi-repository commit/PR activity to agents.  


In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies. 

Enterprise modernization is often hindered when change is risky, inconsistent, or too expensive to repeat across hundreds of repositories. This talk tells a practical story of using the open-source refactoring ecosystem OpenRewrite paired with the Moderne SaaS/CLI platforms and AI agents to move from “one-off upgrades” to deterministic, auditable, large-scale change.
I’ll share a progression: starting with prebuilt community recipes, then moving into writing custom recipes and composing them into repeatable flows.

I’ll highlight three outcomes:
(1) onboarding tooling across multiple languages via consistent automation
(2) upgrading Java and Spring projects while creating space to consolidate dependencies and refactor safely
(3) transforming CI/CD pipelines at scale to run scheduled builds while preserving existing build configuration, rolled out using department-wide build insights captured in an internal data warehouse.

The central message: open-source refactoring can be a developer productivity multiplier, and it can be implemented in an enterprise-safe way, with or without AI, while improving consistency, reducing technical debt, and freeing teams to focus on business value.

Homebrew is the default package manager for macOS and it’s already running on your developers' machines, sanctioned or not. The instinct in financial services is to block it. Blocking it doesn't remove it; it turns it into shadow IT.

Traditional security tooling wasn't built to see Homebrew directly. EDR infers activity from process execution paths. Network monitoring watches for traffic to GitHub and bottle registries. File integrity scanning detects new executables in brew paths. These signals are indirect and incomplete: packages installed but never run are invisible, cached bottles bypass network detection, and installs that don't require sudo slip past privilege monitoring entirely.

In a regulated environment where software supply chain integrity, SBOMs, and audit trails are non-negotiable, this isn't a theoretical risk. Open source doesn't stop being open source just because your security tool didn't log it.

This talk examines why "just ban it" fails in practice, and what a realistic, compliance-aware approach to open source tooling looks like for engineering teams that can't afford shadow IT.