Open Source Summit + Embedded Linux Conference North America 2026

As AI moves from isolated chatbots to autonomous agent ecosystems, the "identity problem" becomes a critical security bottleneck. How does an agent verify the legitimacy of a requestor before executing a sensitive task? Traditional API keys are insufficient for dynamic, decentralized agent interactions.
This session explores a cutting-edge extension to the Linux Foundation A2A protocol that leverages Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) to establish high-assurance trust and bridges the gap between Decentralized Identity standards and AI, creating a secure backbone for the next generation of agent interoperability.
We will dive into the technical design of integrating OpenID for Verifiable Presentations (OID4VP) into agent communication flows. Attendees will learn how this proposed extension moves beyond static credentials to enable granular, verifiable Authentication (AuthN) and Authorization (AuthZ) for autonomous tasks. Beyond the protocol basics, we will analyze different patterns for VC presentation—comparing interactive vs. automated flows—and evaluate diverse wallet options, ranging from cloud-based agent wallets to secure edge implementations.

In this lightning talk, we’ll introduce the new open-source security tools guide from the Continuous Delivery Foundation and show how it delivers practical, workflow-driven guidance for integrating OpenSSF security tooling into real CI/CD pipelines—helping DevOps and platform engineering teams map pipeline activities directly to the Secure Software Development Framework (SSDF) tasks.

Attendees will learn how the guide helps organizations:
• Understand tooling to meet SSDF standards
• Integrate security without slowing delivery
• Move from tool sprawl to repeatable, secure delivery patterns

This session offers a fast, practical overview of how the CDF community is helping teams turn cybersecurity from an abstract requirement into an executable CI/CD strategy.

OpenSSH has built-in support for FIDO security keys since version 8.2 (released in 2020). This means you can protect your SSH private keys using security keys, similar to how this can be done with OpenPGP smart cards and cryptographic tokens that support PKCS#11.

Although such devices all allow you to protect your private keys using cryptographic hardware, the benefits on using FIDO include:

- FIDO is easier to use, especially for beginners
- security keys can be used on the web as well to store passkeys
- no need for vendor-specific software (like PKCS#11 modules)
- security keys are inexpensive
- FIDO features device attestation, which lets you cryptographically prove you are using a specific security key make and model.

In this talk, we will give a short introduction to FIDO security keys, and provide several demos of the use of security keys with OpenSSH, such as signing arbitrary data, authenticating to remote systems, and using key attestation.

The talk consists of a number of demos that participants can follow along on their system. Participants can bring their own security key (any vendor will do). If they do not own a security key one will be provided to them.

Open source projects are under-resourced, yet responsible for maintaining large, security-critical dependency ecosystems. Maintainers are overwhelmed by manual reviews, vulnerability alerts, and patch backlogs—and falling behind is inevitable.
This talk shows how automated security bots can take over the bulk of governance work. Using tools like Dependabot, Renovate, and automated security scanners, projects can automatically detect vulnerabilities, open and validate pull requests, enforce policies, and reduce human effort without sacrificing trust or quality.
We’ll walk through a practical bot stack that allows open source projects to scale from a small maintainer group to dozens of contributors, while cutting patch timelines from weeks to days. Attendees will learn which tools to deploy, how to configure them safely, and how to rely on automation for repetitive security work—so humans can focus on decisions that actually require judgment.

In the context of secure systems, "transparency" is often a loaded term. We will propose a precise definition: the guarantee of discoverability and auditability. Transparency is the difference between a system that merely claims to be secure and a system that provides proof of its security claims.

This session offers a high-level primer on the principles of cryptographic transparency. We will discuss how to design transparent applications and explore the tooling available to create tamper-evident systems. We will examine how this pattern has already been used, from Certificate Transparency providing auditability for web PKI, Binary Transparency securing software delivery, and Key Transparency hardening messaging applications. We will demonstrate how transparency can be applied for emerging frontiers as well, such as AI model provenance and news authenticity.

Finally, we will discuss the ongoing specifications work to standardize transparency primitives and highlight opportunities to participate. Attendees will leave with a clear mental model for transparency by design, ready to build systems where accountability is a default feature, not an afterthought.

As AI systems become deeply embedded in critical infrastructure and enterprise operations, ensuring the security, integrity, and provenance of machine learning models has become a fundamental challenge for the open source ecosystem.

This session will provide an overview of the OpenSSF AI/ML Security Working Group's focus on practical solutions that bring software supply chain security best practices to AI.

1. End-to-End Model Provenance: Detect unintended changes and ensure verifiable audit trails throughout the entire model lifecycle.

2. Model Signing: Provide verifiable claims about model integrity by establishing cryptographic signing patterns.

3. GPU-Based Model Integrity: Address the scalability of authenticating very large ML models by leveraging GPU acceleration in a vendor-agnostic API.

4. Frameworks for Securing AI Agent Communications: A comprehensive security framework to secure AI agent-tool orchestration against emerging threats.

5. Cyber Reasoning System (CRS): AI-for-Security systems to identify and submit patches for software vulnerabilities.

Panelists:
Marcela Melara, Intel
Mihai Maruseac, OpenAI
Jay White, Microsoft

Moderator:
Christopher Robinson, OpenSSF