Parth Goswami
Parth Goswami is an open source enthusiast and mostly works with containers and networking. He loves contributing to open source by hosting meetups and interacting with the community.
Sessions
The industry is rapidly moving from single LLM applications toward systems composed of multiple agents, tools, memory layers, and workflows. But most discussions around AI agents focus heavily on frameworks and demos, while avoiding the larger systems question:
What does agent infrastructure actually look like?
This talk takes a cloud native and systems-oriented view of AI agents. We’ll explore how ideas from distributed systems, containers, orchestration, and platform engineering are beginning to shape the next generation of AI tooling.
Topics include:
- Why AI agents resemble distributed systems more than chatbots
- The emerging role of protocols like MCP
- Declarative workflows versus imperative orchestration
- Reproducibility and portability challenges in AI systems
- Why infrastructure concepts like OCI artifacts and YAML workflows are reappearing in AI tooling
Using Docker cagent as a concrete example rather than the centerpiece, we’ll examine how modern agent runtimes are evolving toward infrastructure-style abstractions.
Every container you deploy carries debt you didn't write. The average base image ships with 200-400 packages your application never calls, each one a potential CVE, each one expanding the blast radius of a breach. Teams run Trivy or Grype, get a wall of 400 alerts, patch the criticals, suppress the rest, and ship. The scan-patch-suppress cycle creates an illusion of security hygiene while the actual attack surface stays enormous.
The good news: the ecosystem is finally pushing back. Google's distroless project has been around for years, Chainguard built a business on minimal images, and Docker Hardened Images went fully open source under Apache 2.0 in late 2025, putting 1,000+ minimal, SBOM-signed images one pull away from every developer. Yet most teams still default to node:latest.
This talk dissects why container supply chain debt accumulates and what a different default looks like. Through live audits comparing standard, slim, distroless, and hardened base images for the same application, we'll examine size, CVE counts, and actual runtime dependencies. You'll leave with practical patterns: multi-stage builds done right, automated base image rebuild pipelines, and policy-as-code for image provenance, so minimal becomes the default without slowing teams down.