Open Source in Finance Forum London 2026

Open source is under assault. And not just from Slopsquatting: agentic adversaries engage in expansive supply chain attacks, target burnt-out maintainers, and exploit the open source ecosystem at autonomous, headless scale. And all under the banner of vibe-enabled developers reading fewer lines of code than before.

The open source contract is clear: free, zero-liability software that we can patch and assure; a community based on transparency; and transferable skills instead of proprietary lock-in. And so we ask, is open source software still safe to use? And how do we avoid getting hit by a supply chain attack?

In this talk, we:
- threat model the GenAI OSS supply chain and highlight key attack vectors
- implement policies and automation under the FINOS AI Readiness Framework to secure the open source supply chain
- dissect recent and historical open source supply chain attacks, examining emerging trends that are here to stay
- enumerate governance approaches for GenAI and vibe-ready developers in FSI
- provide a practical framework for evaluating and securing open source dependencies, despite generative hallucinations