Open Source in Finance Forum London 2026

This talk presents a data-driven analysis of AI-ML threat catalogues (i.e. OWASP AI Exchange, OWASP ML Top 10, PLOT4AI, OWASP LLM, OWASP Agentic AI, and CSA Maestro) demonstrating that roughly two-thirds of so-called "AI-specific" threats are extensions of traditional data security vulnerabilities. It argues that organisations should prioritise data governance and data supply chain security (i.e. provenance, lineage, integrity, access control) as the foundation of AI-ML security, rather than treating model-centric defences as the starting point.

Open source is under assault. And not just from Slopsquatting: agentic adversaries engage in expansive supply chain attacks, target burnt-out maintainers, and exploit the open source ecosystem at autonomous, headless scale. And all under the banner of vibe-enabled developers reading fewer lines of code than before.

The open source contract is clear: free, zero-liability software that we can patch and assure; a community based on transparency; and transferable skills instead of proprietary lock-in. And so we ask, is open source software still safe to use? And how do we avoid getting hit by a supply chain attack?

In this talk, we:
- threat model the GenAI OSS supply chain and highlight key attack vectors
- implement policies and automation under the FINOS AI Readiness Framework to secure the open source supply chain
- dissect recent and historical open source supply chain attacks, examining emerging trends that are here to stay
- enumerate governance approaches for GenAI and vibe-ready developers in FSI
- provide a practical framework for evaluating and securing open source dependencies, despite generative hallucinations

Vector search is rapidly emerging as the next evolution of search, driven by Retrieval-Augmented Generation (RAG) workflows. However, securing these systems requires fine-grained access control beyond the capabilities of traditional methods like RBAC or PBAC. This talk explores how Relationship-Based Access Control (ReBAC), inspired by Google Zanzibar, provides a scalable and flexible solution for managing authorization in RAG and vector search.

We’ll cover how ReBAC handles complex access scenarios, such as hierarchical relationships, and enables pre- and post-filtering strategies to securely retrieve embeddings. Using live demos with tools like SpiceDB, LangChain, and pgVector, you’ll see how to integrate ReBAC into your RAG pipelines. Whether you’re building RAG workflows or exploring vector search, this session offers practical insights to secure and optimize your applications.

Managing SWE agents at scale is painful: teams copy-paste markdown files (prompts, instructions, skills) across repos, leading to chaos, inconsistencies, and zero reusability.

Enter Agent Package Manager (APM) — the open-source tool from Microsoft that brings real package management to AI agent primitives.
Declare dependencies in a simple apm.yml file → apm install resolves direct + transitive deps → agents auto-configure for GitHub Copilot, Cursor, Claude, Codex, Gemini and more.

In this session, discover how to treat agent primitives (Instructions, Skills, Prompts, Agents, MCP Servers) as shareable, versioned packages — unlocking enterprise-grade collaboration, consistency, and an internal agent library that actually scales.

Building trustworthy, efficient, and specialized, sovereign AI systems is vital in finance, where transparency and accountability are essential. This session presents an open framework for developing agentic AI built entirely on open models, datasets, and modular microservices. It shows how open ecosystems can drive innovation while staying compliant, auditable, and cost‑efficient. Participants will explore a unified, community‑driven AI platform integrating training, deployment, and orchestration tools. Real‑world cases highlight how composable components enable collaboration and reproducibility, empowering institutions to tailor AI to regulatory needs. The talk introduces open models and curated datasets that form a transparent foundation for next‑generation financial intelligence, enabling efficient, accurate, and auditable agents. Topics include an open, modular agentic architecture deployable on any AI factory, showing several examples like fraud detection, conversational AI, and financial deep research.

Large Language Models (LLMs) offer powerful reasoning and automation capabilities, but their probabilistic nature conflicts with the determinism, explainability and auditability required in financial services. This session presents a practical architectural pattern for agentic AI: LLMs as bounded cognitive components orchestrated by BPM-based workflow engines, such as Fluxnova.
Rather than deploying autonomous agents as opaque black boxes, this approach embeds LLMs within explicit and versioned business process models. BPM orchestration governs control flow, approvals, escalation paths, exception handling, and audit checkpoints, while LLMs are invoked for well-scoped tasks such as document extraction, classification, summarization and recommendation generation. The result is agentic behavior that is powerful yet constrained, flexible and governed.
Every outcome can be traced through a BPM execution graph, showing inputs, policies applied, LLM interactions, and human-in-the-loop decisions. We illustrate this pattern in the context of a financial use case to demonstrate how institutions can safely scale agentic AI while meeting regulatory, risk, and audit expectations.

As financial institutions accelerate their adoption of Open Source AI for fraud detection, risk management, automation & customer service, they face an increasingly complex landscape shaped by rapid growth in AI-related IP. In 2024, the global AI market reached $621B & nearly 89% of AI-adopting enterprises now rely on Open Source AI. At the same time, roughly 18% of all USPTO patent applications involve AI technologies which is an early indication of escalating patent assertion risks as firms seek returns on their AI investments. This session examines how patent standards & community-driven patent non-aggression frameworks are essential tools for managing requirements & risks throughout the AI lifecycle. By establishing predictable IP norms, these standards reduce legal uncertainty & strengthen Open Source patent protection. OIN will outline how being proactive & integrating patent-risk strategies help financial institutions position themselves better, innovate faster, and scale Open Source AI with greater confidence and resilience.

Financial institutions maintain vast codebases where critical domain logic is embedded in implementation details and scattered across services. Documentation drifts and tests verify the code as written rather than as intended. AI tools generate new code quickly, but understanding whether existing systems behave correctly, remains slow and expensive.

This session shows how specifications can be captured from existing codebases, creating a formal reference for what a system does that is independent of how it does it. We've applied this to significant projects and surfaced latent defects encoded in both implementation and test suites, where code and tests reinforced the same wrong behaviour. Henry will demonstrate the open source tooling and workflows involved, and show how specifications make codebases more fluid: once behaviour is captured, AI agents can refactor, re-platform or modernise the implementation with a verification gate, turning legacy code into a foundation for new development.

Attendees will gain practical techniques for distilling specifications from existing code and applying them to quality assurance, legacy modernisation and resilient open source contributions.

Financial institutions are investing heavily in open-source platforms, AI integration, and digital transformation. Yet many initiatives stall, face internal resistance, or fail to scale.
The problem is not technical architecture. It is human architecture.
In highly regulated environments, open-source adoption requires alignment between developers, cybersecurity teams, risk officers, compliance leaders, and executive stakeholders. Without shared clarity, accountability, and culture readiness, even the most advanced innovation strategies collapse under internal friction.
This session explores the leadership and cultural barriers that undermine open-source financial initiatives and provides a structured framework for strengthening human infrastructure. Through The Human Balance Sheet™, organizations can audit leadership alignment, reduce silos, improve risk-informed decision-making, and create cultures that sustain innovation.
Participants will leave with actionable strategies to support open-source adoption through better governance, clearer communication, and stronger cross-functional trust.

As AI systems and processes diffuse into our organizations at breakneck speed, our data infrastructure must evolve quickly to service new audit requirements at scales never seen before.

In this talk we will examine the challenges of capturing and integrating context across workflow systems and brownfield applications to deliver accurate and reliable AI governance.

For example, Fluxnova is an archetypal 'upstream' workflow application that organizations must be able to audit independently of the execution layer. We will look at how to integrate AI into such an architecture whilst being able to prove effectiveness, reliability and counterfactual analysis without a proliferation of data audit silos.

Sharing our journey from entering a Hackathon to discovering, FINOS, CALM and the gaps within typical SDLCs and what happened next.