Open Source in Finance Forum Toronto 2026

With AI gaining more traction in the financial industry, the Royal Bank of Canada has tackled this challenge by building the largest private financial industry GPU farm in Canada. In this session, you will learn RBC's approach to AI Infrastructure, including:
• Why build an on-prem cluster?
• Why Kubernetes and OpenShift?
• How do you size your cluster?
• Lessons Learned

Join to hear how the largest bank in Canada utilized Red Hat OpenShift infrastructure to create an on-prem GPU solution that provides an environment for developers to harness the power of AI.


In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies. 

Large Language Models (LLMs) offer powerful reasoning and automation capabilities, but their probabilistic nature conflicts with the determinism, explainability and auditability required in financial services. This session presents a practical architectural pattern for agentic AI: LLMs as bounded cognitive components orchestrated by BPM-based workflow engines, such as Fluxnova.

Rather than deploying autonomous agents as opaque black boxes, this approach embeds LLMs within explicit and versioned business process models. BPM orchestration governs control flow, approvals, escalation paths, exception handling, and audit checkpoints, while LLMs are invoked for well-scoped tasks such as document extraction, classification, summarization and recommendation generation. The result is agentic behavior that is powerful yet constrained, flexible and governed.

Every outcome can be traced through a BPM execution graph, showing inputs, policies applied, LLM interactions, and human-in-the-loop decisions. We illustrate this pattern in the context of a financial use case to demonstrate how institutions can safely scale agentic AI while meeting regulatory, risk, and audit expectations.

In regulated industries, delivering software quickly and securely is a constant balancing act between enterprise policies and developer experience. Compliance requirements introduce friction, making automation and security more complex. In this presentation, we will introduce the Open SDLC Controls Framework working group and provide a progress update as well as share future plans.
Last year we established a working group to create a standardized framework for software delivery governance that could transform how financial institutions define their SDLCs.
Building on the success of the Common Cloud Controls and the AI Governance Framework, this initiative aims to develop a shared, composable, and technology-agnostic vocabulary for SDLC controls—a common language that the entire industry can adopt and build upon.

In regulated enterprises, thousands of physical servers sit idle overnight, capacity paid for but unused. We built a spot scheduler that reclaims this donated infrastructure, turning idle bare-metal into ephemeral Kubernetes clusters using Cluster API and k0smotron. Each cluster runs Kata Containers and Confidential Containers (CoCo) for workload isolation and attestation, essential when running on hardware you don't permanently own.

Ephemeral clusters create an ephemeral DNS problem. As spot clusters spin up and down nightly, services must be discoverable without manual intervention. Bindy — an open-source, Rust-based Kubernetes operator for BIND9, closes the loop, automatically managing DNS records as clusters materialize and dissolve.

 This talk covers the spot scheduler architecture, why CoCo and Kata are essential for multi-tenant spot workloads, and how bindy provides DNS lifecycle automation for ephemeral infrastructure.

AI-assisted contributors now produce PRs that look senior: fast, polished, complex. But many arrive without the context maintainers need during review. This pattern, the "Synthetic Senior", is reshaping expectations around code review, contributor development, and project sustainability.

For financial institutions investing in open source, this creates a challenge: how do you grow talent through OSS when traditional mentorship doesn't scale? How do you identify contributors worth investing in?

Drawing on examples from Codex, Gemini CLI, curl, and scikit-learn, this talk offers practical strategies for the AI era.

You'll learn:
• The 3 C's framework: Signals for identifying contributors worth mentoring (Comprehension, Context, Continuity)
• Issue-first workflows that improve contribution quality
• Lightweight disclosure policies that give reviewers context without banning AI
• AGENTS.md: Instructing AI tools to follow project norms

This isn't about banning AI. It's about protecting human mentorship and helping organizations get more value from open source.

Open Source Software underpins modern technology, yet it continues to face exposure to patent litigation that can slow innovation and increase risk for companies building on shared code. Patent lawsuits rose by roughly 22% in 2024 compared with 2023, while the cost of defending these cases has escalated into the multimillion-dollar range. These trends highlight the importance of scalable strategies that help organizations mitigate patent risk while continuing to innovate.

Launched in January 2026, OIN 2.0 represents an evolution in how our community approaches patent protection for open source. This model introduces a sustainable, community-driven approach that aligns participants around long-term support for open source innovation while preserving accessibility for smaller organizations.

In this session we will:
• Introduce the OIN 2.0 framework and its role in strengthening open source as it evolves and grows
• Explain its tiered participation model and how it maintains free access for smaller companies
• Highlight outcomes that have helped shield participants from patent threats and support continued innovation
• Explore how leaders can reduce risk and protect innovation through responsible governance, licensing, and patent strategies

The cybersecurity community has long theorized about a "vulnerability apocalypse" — a moment when the sheer volume of discoverable security flaws outpaces humanity's ability to respond. That moment has arrived. First articulated by Gadi Evron, Heather Atkins, and Bruce Schneier, the V apocalypse hypothesis has been validated in rapid succession: from January's OpenSSL findings demonstrating AI's power to uncover vulnerabilities, to Anthropic's disclosure of 500 previously unknown flaws, to the recent Mythos revelations. AI doesn't just assist in finding vulnerabilities — it has fundamentally transformed the threat landscape.
The race is no longer about discovery. It's about remediation. Attackers are learning to weaponize the same AI models that defenders use to find weaknesses, and the window to act is narrowing. This talk explores the urgent challenge of enabling defenders to remediate vulnerabilities at scale — before that window closes.
Drawing on the design principles behind Aisle and the "zero is everything" framework, this session will argue that eliminating the existing vulnerability backlog, keeping pace with new AI-driven discoveries, and closing off emerging vulnerability sources must become the baseline standard for any security operation. It will also make the case that this effort must extend beyond application security into network and data security, in anticipation of the regulatory frameworks now taking shape in direct response to AI's growing role in cyber offense.
The message is simple: to survive what AI makes possible, defenders must embrace what AI makes possible.


In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies. 

The OSPO is the center of competency for an organization’s Open Source operations and structure and can include many manual and time-consuming risk management processes. The complexity of understanding the ownership and accountability of Open Source legal, engineering, and security risks can also sometimes seem daunting. But there are Open Source AI tools that can help reduce the manual effort and toil, as well as enhance current processes of risk ownership, accountability, and remediation.

Over the past year, there has been a lot of churn & activity in the FINOS GitProxy project - a git-aware reverse proxy for enforcing security controls & custom push protection for source code repositories. In that time, we've hit architectural speed bumps, dealt with security vulnerabilities in naive or unspecified assumptions, and have strived to deliver more features on a regular release cadence. That doesn't come without its challenges.
 
Git Proxy is a flagship FINOS project and an enabler for many FINOS members. Importantly, securing outbound source code - and doing so without sacrificing the benefits of open source participation - solves a real and complex problem for our industry. As a result, the project has to evolve & adapt quickly.
 
In this talk, I'll walk through a roughly year-long journey from struggling in the muck in early prototyping, API dead ends, and difficulty in "connecting the dots" between many complex domains into a totally new way of working that has allowed me to rapidly iterate and push the project forward.
 
Using new agentic-based development techniques and tools such as GitHub Copilot & Claude Code, I've been able to deliver a feature-complete, top-to-bottom rewrite and fresh, new architecture of the core system while still continuing to leverage "classic" software engineering - expressive & well-thought-out abstractions, battle-tested frameworks & libraries, and a corpus of human ingenuity & wisdom. These tools, only when combined with this bedrock of expertise, allowed me to move well past prototyping into a production-ready revamp - and proved that the most powerful thing you can give an AI is a well-designed API to call.

Banking is the business of trust.  As financial institutions race to deploy AI, trust remains the foundation that enables lasting success. This session explores why Responsible AI should be seen as a strategic imperative that protects enterprise value and competitive positioning. Drawing on real-world examples of embedding RBC's Responsible AI principles into business operations, we'll examine how RBC translates foundational principles into tangible mechanisms that enable innovation without compromising reputation or stakeholder trust in an increasingly uncertain landscape.
 


In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies. 

Many assume AI-generated experiences only belong in chat windows. This talk challenges that assumption. Drawing on financial services workflows, we explore a critical design question: when AI surfaces an interactive application, where should it land? In a chat thread? In the user's workspace? Or back in the original application?

The Model Context Protocol (MCP) has rapidly become the universal connector between AI models and enterprise tools and data. MCP-Apps extends this by allowing tools to return interactive HTML interfaces directly in conversations. Google's A2UI introduces a declarative protocol for agents to dynamically generate UIs on the fly. FDC3, FINOS's interoperability standard, defines what apps exist, what they can do, and what context they handle.

We introduce three interaction patterns - Pull to Chat, Push to Workspace, and Navigate to Source - mapped against these frameworks: MCP-Apps for interactive UIs from tool calls, FDC3 for discovering and launching apps, and A2UI for dynamically generating interfaces.

Open source frameworks are defining how AI integrates with financial desktops. We hope to expand thinking beyond the chat window.

Cloud adoption across financial services continues to accelerate, but inconsistent security controls, fragmented regulatory expectations, and cloud-vendor lock-in are major obstacles to secure, compliant, multi-cloud operations. FINOS Common Cloud Controls (CCC) is an open standard developed collaboratively with financial institutions, cloud providers, and vendors that defines a unified taxonomy, threat model, and machine-verifiable control catalog for cloud services.

In this session, we will unpack how CCC addresses industry challenges, demonstrate its practical application for risk-aware cloud architecture, and illustrate how open, machine-readable control definitions and tooling can transform cloud compliance from a bespoke burden into a shared, scalable ecosystem. The talk will be valuable for cloud architects, security engineers, and standards-oriented practitioners in finance and beyond.

As financial AI shifts from passive models to autonomous agents, the industry faces a trust gap. Traditional "black box" validation is insufficient for systems executing complex workflows. This keynote explores the transition from MLOps to AgentOps, defining a standard for auditable Agentic AI where the decision process is as critical as the result.

We will dissect the FinSight Agent, a metacognitive FINOS Labs initiative built on LangGraph and MLflow, to demonstrate "Governance by Design." Aligning with the FINOS AI Evaluation Framework, we operationalize a "glass box" strategy. This moves beyond static benchmarks to implement trajectory tracing, where reasoning steps are audited against financial policies using LLM-as-a-Judge.

Finally, we cover system safety and supply chain security. We demonstrate how proactive Red Teaming detects risks like market manipulation and regulatory evasion. We also explore ensuring model integrity via the Model Openness Framework and Sigstore, proving open collaboration is key to building safe, compliant financial infrastructure.

In regulated industries, delivering software quickly and securely is a constant balancing act. Compliance requirements introduce friction, making automation and security more complex. Traditional DevSecOps approaches struggle to keep up with evolving regulatory demands, leading to fragmented tooling and processes that slow innovation and frustrate developers.

To secure the SDLC without compromising DevEx, this talk focuses on defining and implementing control points across the CI/CD lifecycle where security and compliance can be enforced and release evidence can be collected.

We'll show how these control points can be implemented using GitLab and Flux, providing a real-world example of everything-as-code, policy-driven workflows and compliance reporting that improves developer experience and allows internal and external audits to verify compliance.
- Break down common compliance challenges across the SDLC
- Map key control points to each phase
- Walk through real-world examples of secure CI/CD pipelines in regulated environments
- Share strategies to automate release evidence generation and policy enforcement
- Discuss standard reporting for internal and external audits

In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies. 

It all started in 2022 with a chatbot named ChatGPT. Who knew the impact it would have on the industry just a few years later?

We have been on a roller-coaster ride. In 2022 we pair programmed with GitHub Copilot. In 2023 we talked with our AI, gaining codebase-level assistance through tools like Cursor. In 2024, foundation model capability increased significantly, and alongside proprietary tools we saw a surge of powerful open source models and frameworks, pushing reasoning models towards fully autonomous "AI engineers". Last year, we vibe coded, marvelled at Claude Code, and realised that software engineering will never be the same again.

2026 is going to be the year of agentic coding. The year AI eats software. So what now?

In this talk, I will take a look at the reality on the ground. The gap between these incredible tools and the challenges faced in brownfield projects with messy data, poor tests, and slow SDLCs.

We will explore how to make the most of today’s tools, when to pair program with AI, when to delegate to an agent, and how to create an effective "agentic loop".

Finally, we will take a step back and ask what this all means for us in the long term.

As AI agents take more and more of a leading role in crafting code, it’s suddenly become apparent that the “first user” of engineering productivity tooling will be shifting towards agents rather than individual human developers.

With a human still at the helm of a fleet of agents in producing software, and increasingly less involved in the writing of individual lines of code, maximizing engineering value delivery means making every tool call faster, more token efficient, and more accurate.

We’ll cover a variety of concrete cases where tool call efficiency can be harvested immediately:
* Trigram index based code search
* Lossless Semantic Tree access/manipulation patterns
* Mining data from chat transcripts
* Exposing multi-repository commit/PR activity to agents.  


In order to facilitate networking and business relationships at the event, you may choose to visit a third party's booth or access sponsored content. You are never required to visit third party booths or to access sponsored content. When visiting a booth or participating in sponsored activities, the third party will receive some of your registration data. This data includes your first name, last name, title, company, address, email, standard demographics questions (i.e. job function, industry), consenting to receipt and use of such data by the third-party recipients, which will be subject to their own privacy policies. 

Enterprise modernization is often hindered when change is risky, inconsistent, or too expensive to repeat across hundreds of repositories. This talk tells a practical story of using the open-source refactoring ecosystem OpenRewrite paired with the Moderne SaaS/CLI platforms and AI agents to move from “one-off upgrades” to deterministic, auditable, large-scale change.
I’ll share a progression: starting with prebuilt community recipes, then moving into writing custom recipes and composing them into repeatable flows.

I’ll highlight three outcomes:
(1) onboarding tooling across multiple languages via consistent automation
(2) upgrading Java and Spring projects while creating space to consolidate dependencies and refactor safely
(3) transforming CI/CD pipelines at scale to run scheduled builds while preserving existing build configuration, rolled out using department-wide build insights captured in an internal data warehouse.

The central message: open-source refactoring can be a developer productivity multiplier, and it can be implemented in an enterprise-safe way, with or without AI, while improving consistency, reducing technical debt, and freeing teams to focus on business value.

Homebrew is the default package manager for macOS and it’s already running on your developers' machines, sanctioned or not. The instinct in financial services is to block it. Blocking it doesn't remove it; it turns it into shadow IT.

Traditional security tooling wasn't built to see Homebrew directly. EDR infers activity from process execution paths. Network monitoring watches for traffic to GitHub and bottle registries. File integrity scanning detects new executables in brew paths. These signals are indirect and incomplete: packages installed but never run are invisible, cached bottles bypass network detection, and installs that don't require sudo slip past privilege monitoring entirely.

In a regulated environment where software supply chain integrity, SBOMs, and audit trails are non-negotiable, this isn't a theoretical risk. Open source doesn't stop being open source just because your security tool didn't log it.

This talk examines why "just ban it" fails in practice, and what a realistic, compliance-aware approach to open source tooling looks like for engineering teams that can't afford shadow IT.

Financial institutions are navigating an unprecedented convergence of regulatory frameworks that demand both operational resilience and algorithmic transparency. The European Union's Digital Operational Resilience Act (DORA), EU AI Act, ISO AI Management Framework and the Securities and Exchange Commission's cybersecurity disclosure rules—while distinct in origin they are increasingly intersecting in practice, creating compliance complexity that traditional siloed approaches cannot adequately address.

This session examines how open source frameworks and tooling like SPDX Knowledge Graphs are emerging as essential infrastructure for this new regulatory reality. We will demonstrate by using use case studies at Canadian banking institutions the need for financial institutions to move from passive compliance documentation to active supply chain intelligence. This includes practical approaches for legacy mainframe integration and vendor management strategies, which balance AI Act transparency requirements with protection of proprietary trading algorithms.