Day two of the 19th annual QCon London conference took place on April 8th, 2025, at the Queen Elizabeth II Conference Centre in London, England. Key takeaways included: we will be interacting with more non-human devices that should be intuitive, social, trusted, multimodal and trusted; the use of the principle of least privilege can provide more granular access control; and WebAssembly (WASM) can outperform VMs, containers, MicroVMs, native and hardened containers with isolation, startup time, overhead efficiency and security.
What follows is a summary of the keynote address and highlighted presentations.
Keynote Address: The Form of AI
Savannah Kunovsky, Managing Director of Emerging Technology at IDEO, presented her keynote address entitled, The Form of AI.
Kunovsky started off her presentation with a statement on how a quality design is at the heart of a successful product or service. Business leaders seem to rely on technologists whenever they have questions about evolving technologies. Organizations will sometimes invest millions into a new product or service. However, they may fail to conduct the appropriate research that considers the wants and needs of the customer. In those situations, organizations run the risk of product or service failure.
With the recent hype on the emergence of Generative AI (GenAI), especially with uncertainty in the job market, a recent post on social media made this claim:
The problem with AI is not that it can do the work of employees for them. It’s the fact that the corporation thinks it can do the employees’ work for them.
Then, there is this meme.
Kunovsky maintained that we should all stop and take a collective breath and stated that we are in an awkward stage with GenAI.
Kunovsky then stated:
We are in a defining moment. With new possibilities, we get to rethink how we use technology.
With this in mind, Ideo conducted surveys with the Gen Z generation about GenAI because they are coming into their own with purchasing power and influence on the market. Insights they discovered from Gen Z included principles such as: “deepen my connections, don’t close them down,” and “honor the messiness of being human, don’t pretend we’re perfect.“
In June 2024, Ideo published this blog post on AI assistants and how we will be interacting with more non-human devices. People will want these devices to be intuitive, social, trusted, multimodal and trusted. Their output needs to be reviewed with a critical eye.
In conclusion, Kunovsky stated that GenAI has allowed Ideo to customize their research approach on the fly to maximize learning from each user. She also asked these three questions: “Are technologists the next great designers?“; “Which voices are missing from making decisions about our technology future?“; and “What can you do today, to design the technology future that you want to live in?“
More details from this keynote address may be found in this InfoQ news story.
Highlighted Presentations: Securing AI Assistants: Strategies and Practices for Protecting Data | WASM Components are a FaaS’ Best Friend
Securing AI Assistants: Strategies and Practices for Protecting Data was presented by Andra Lezza, Leader, Open Worldwide Application Security Project (OWASP), London Chapter.
Lezza kicked off her presentation by displaying the OWASP Top Ten vulnerabilities in both the Large Language Model and Web Application categories. New threats in these lists are: system prompt leakage, vector and embedding weakness and misinformation.
Lezza described in detail the security threats to both Independent Copilot, a standalone AI assistant, typically available through a separate app or platform, and Integrated Copilot, directly embedded within a specific application or suite of applications, like Microsoft 365. This included: specific risks; the six different flows of information disclosure and their various controls; supply chain attacks; pivoting; prompt injection and their various controls.
Lezza concluded her presentation with these key takeaways; end-to-end security is critical and best practices still apply; there are architectural tradeoffs when applying security controls; and the use of the principle of least privilege can provide more granular access control.
WASM Components are a FaaS’ Best Friend was presented by Laurent Doguin, Director Developer Relations & Strategy at Couchbase,
Doguin started his presentation by introducing two terms: Function as a Service (FaaS) defined as executing application functions when needed on a serverless runtime; and Serverless, an execution model where code can be run without managing servers and allocating resources as needed. He then emphasized that “FaaS != Serverless.”
Comparing FaaS with On-Premises, Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS) execution models, only SaaS offers all attributes of execution models that include: function, application, runtime, containers, operating system, virtualization, network and hardware.
After providing the advantages and disadvantages of using FaaS and the attributes that comprise a good FaaS platform, Doguin discussed the early choices on technologies that comprise a good FaaS runtime. These include: virtualization, containerization, and native process. Using a video clip from the TV series, Seinfeld, where George Castanza double-dips a chip, Doguin made the correlation that the chip is the container and the dip is the kernel.
Comparing FaaS runtimes, WebAssembly (WASM) outperformed VMs, containers, MicroVMs, native and hardened containers with isolation, startup time, overhead efficiency and security. This led Doguin to ask: “Why are we not using WASM all the time?“
The WASM component model includes: component interfaces described in the WebAssembly Interface Types (WIT); a canonical Application Binary Interface (ABI) which handles string, list, struct, other high-level type conversions; defines linking rules among components; and there is no required manual memory management. The intent is to increase portability across the WASM model and languages.
Doguin introduced and thoroughly described a practical example using wasmCloud, a Cloud Native Computing Foundation project, that can build and manage polyglot WASM applications that can run across clouds, Kubernetes data centers and edge environments. He maintained that “wasmCloud orchestrates deployments of WebAssembly components just as Kubernetes orchestrates containers.“
Douim concluded by encouraging attendees to visit this GitHub Codespaces repository to work with the example application. Developers will need to log in to their personal GitHub accounts to initiate the Codespace.
