Meet us in London for PlatformCon 2026
Meet us in London and discover how Cloudsmith protects the packages and pipelines your developers and AI agents rely on every day.
Live Workshop
AI agents & platform engineering: Efficiency boost or new source of trouble
Dive into Ollama and Hugging Face to master LLMs inside platform templates. We’ll explore the AI Skill attack surface of agentic tooling and learn how to secure your Internal Developer Platforms (IDPs) against evolving model-based threats.
- Tuesday, 23 June
- 14.30 BST
- Convene Sancroft, St. Paul's, London
Virtual Workshop
Hunting compromised software dependencies inside Kubernetes workloads
Join this live, interactive workshop to learn how to detect and prioritize real threats inside your Kubernetes cluster using CISA's KEV, ExploitDB, and the OpenSSF Malicious Packages API. Walk away knowing how to programmatically unmask malicious dependencies and cut through the noise to stop weaponized vulnerabilities before they cause damage.
- Monday, 22 June
- 12:00 BST
Virtual Workshop
Audit-ready Kubernetes: How to leverage policy-as-code for continuous compliance
In this hands-on Instruqt workshop, learn how to enforce security and compliance at scale in Kubernetes using policy-as-code tools like OPA Gatekeeper, Kyverno, and Calico. Walk away with ready-made code snippets and practical techniques to automate governance, intercept misconfigurations, and keep your clusters continuously audit-ready.
- Thursday, 25 june
- 12:00 BST
Virtual Workshop
The ghost in the machine: Securing AI agent skills
Agent Skills scale Platform Engineering but open new attack surfaces. Learn how to secure your "Golden Paths" by using the OSM API to detect malicious AI skills in your supply chain before they compromise your autonomous workflows.
- Friday, June 26, 2026
- 10:00 BST
Virtual talk
How transitive dependencies turn minor packages into major incidents
Learn how transitive dependencies expand your attack surface and why supply chain attacks spread so quickly through the npm ecosystem. Walk away with practical strategies to reduce dependency risk without slowing your developers down.
Virtual talk
The Challenges of Building an MCP Server
Learn how Cloudsmith tackled the real-world challenges of building an MCP server at scale, from managing hundreds of tool definitions to keeping schemas in sync with an evolving API. Discover how to dynamically generate MCP tools from an OpenAPI spec, turning a maintenance burden into a self-updating, production-ready interface.
Virtual talk
Finding malware in self-service templates
Recent Shai-Hulud attacks show how malware infiltrates IDPs through self-service templates. We’ll trace the evolution of these supply chain threats and demonstrate how to use OpenSSF’s Malicious Packages data to catch risks before they spread.
Virtual talk
The increasing relevance of SBOM in maintaining regulatory compliance
Learn how SBOM standards have evolved from the 2021 US Executive Order to CISA's 2025 updates, and what that means for global compliance. Discover how these frameworks align with the EU Cyber Resilience Act, and leave with a clear roadmap for keeping your software transparent, compliant, and ready for the international market.
