Implementing AI into a government service with 23+ million users is a journey of continuous product discoveries and challenges. In this talk, I will share the real-world experience of how the "Diia" ecosystem is transitioning from a classic Digital State (where users search for the required services themselves) to an Agentic State (where AI proactively fulfills the user's intent). What we will cover: - Product Discovery and Paradigm Shift: The transition from Digital State to Agentic State. Why traditional interfaces have reached their limits and how we validated the need for proactive AI solutions. - AI in Support as the First Big Step: How we automated 90% of requests without a drop in quality (CSAT). Soft AI UX: why people struggle with prompting and how we guide them using hybrid interfaces. - The Upskill Case and Team Transformation: We didn't fire a single operator. How we built internal AI tools for the team, turning yesterday's support agents into AI trainers. - Deep Dive into Diia.AI on the Portal: The launch of the world's first agentic service at the government level. How our RAG architecture works, how we architecturally protect personal data (PII) from entering the LLM, and how we repel jailbreak attempts.

In technology companies, AI is already going beyond the trend and influencing products, engineering, and daily business processes. Along with opportunities come challenges: working with sensitive data, security requirements, and the complexity of integration into existing systems. In such conditions, it is important to understand where AI really creates value and where it just adds noise. During the discussion, participants share their practical experience: how they implement AI in their products, adapt engineering processes, and restructure operations for new tools. This is a conversation about real pain points, opportunities, and solutions that help teams move forward.

A discussion with representatives of high-risk systems about why security architecture should be incorporated at the design and development stage, rather than added after release into production. We will talk about the risks of delayed implementation of controls, common security illusions, and practical approaches to integrating security practices into the work of product teams.

The talk focuses on developing and integrating automation tools to enhance Supply Chain security. It addresses reproducible security practices with tools like Renovate and Wiz, as well as GitLab and JFrog Artifactory, to enforce consistent security scans seamlessly within existing workflows.

Do machines hallucinate insecure code? In the blink of an eye we jumped on the AI bandwagon and pivoted from AI skepticism to AI adoption, but what did we trade off exactly? Writing secure code is tougher than it seems and we humans are getting it wrong time and time again. Even highly popular open-source software projects are repeatedly found vulnerable. So how does ChatGPT or GitHub Copilot live up to standards of secure software? developers have already embraced AI for augmented software development but let's challenge those AI tools you've come to rely on day-to-day and see how capable they are in producing secure software.