Rohit Bhardwaj

Rohit Bhardwaj
   

Director of Architecture, Expert in cloud-native solutions

Rohit Bhardwaj is a Director of Architecture working at Salesforce. Rohit has extensive experience architecting multi-tenant cloud-native solutions in Resilient Microservices Service-Oriented architectures using AWS Stack. In addition, Rohit has a proven ability in designing solutions and executing and delivering transformational programs that reduce costs and increase efficiencies.

As a trusted advisor, leader, and collaborator, Rohit applies problem resolution, analytical, and operational skills to all initiatives and develops strategic requirements and solution analysis through all stages of the project life cycle and product readiness to execution.
Rohit excels in designing scalable cloud microservice architectures using Spring Boot and Netflix OSS technologies using AWS and Google clouds. As a Security Ninja, Rohit looks for ways to resolve application security vulnerabilities using ethical hacking and threat modeling. Rohit is excited about architecting cloud technologies using Dockers, REDIS, NGINX, RightScale, RabbitMQ, Apigee, Azul Zing, Actuate BIRT reporting, Chef, Splunk, Rest-Assured, SoapUI, Dynatrace, and EnterpriseDB. In addition, Rohit has developed lambda architecture solutions using Apache Spark, Cassandra, and Camel for real-time analytics and integration projects.

Rohit has done MBA from Babson College in Corporate Entrepreneurship, Masters in Computer Science from Boston University and Harvard University. Rohit is a regular speaker at No Fluff Just Stuff, UberConf, RichWeb, GIDS, and other international conferences.

Rohit loves to connect on http://www.productivecloudinnovation.com.
http://linkedin.com/in/rohit-bhardwaj-cloud or using Twitter at rbhardwaj1.

Presentations

AI-Era System Design & Architecture Mastery Katas

A full-day hands-on architecture kata workshop for designing scalable, resilient, secure, and AI-ready systems

9:00 AM MDT

Classic system design teaches you how to scale requests. AI-era architecture teaches you how to scale reasoning, retrieval, tokens, tools, trust, and cost.

In the AI era, the best architects do not just draw boxes. They design authority, evidence, fallback, observability, and cost controls into every system.

Modern system design has entered a new era. It’s no longer enough to optimize for uptime and latency — today’s systems must also be AI-ready, token-efficient, trustworthy, and resilient. Whether building global-scale apps, powering recommendation engines, or integrating GenAI agents, architects need new skills and playbooks to design for scale, speed, and reliability.

This full-day workshop blends classic distributed systems knowledge with AI-native thinking. Through case studies, frameworks, and hands-on design sessions, you’ll learn to design systems that balance performance, cost, resilience, and truthfulness — and walk away with reusable templates you can apply to interviews and real-world architectures.

Learning Outcomes

By the end of this workshop, participants will be able to:

  1. Apply a 7-step AI-era system design framework to both interviews and real-world architecture reviews.
  2. Design systems that scale across requests, users, regions, tokens, retrieval calls, model latency, and inference cost.
  3. Architect production-grade RAG 2.0 pipelines using chunking, embeddings, hybrid search, reranking, GraphRAG, semantic caching, and freshness controls.
  4. Design agentic architectures with bounded tools, permission scopes, human escalation, audit trails, and safe degradation.
  5. Build multi-provider resilience strategies using model routing, fallback models, circuit breakers, budget caps, and graceful degradation ladders.
  6. Apply AI security patterns for prompt injection, indirect prompt injection, data exfiltration, unsafe tool use, and authorization bypass.
  7. Define AI observability and SLOs for hallucination rate, grounding quality, retrieval precision, drift, latency, token cost, and escalation rate.
  8. Practice architecture katas for e-commerce, ride-sharing, search, fraud detection, social feed, video streaming, and AI assistants.
  9. Defend trade-offs under interview pressure using clear diagrams, capacity estimates, failure-mode reasoning, and cost-aware decisions.
  10. Leave with reusable templates for AI System Design Canvas, RAG Checklist, Agent Safety Checklist, Token Capacity Planner, AI SLO Dashboard, and Chaos Runbook.

AI Inference at Scale: Reliability, Observability, Cost & Sustainability

The ROCS-Loop Framework for RAG, agentic, and LLM inference pipelines.

8:30 AM MDT

AI inference is no longer a simple model call—it is a multi-hop DAG of planners, retrievers, vector searches, large models, tools, and agent loops. With this complexity comes new failure modes: tail-latency blowups, silent retry storms, vector store cold partitions, GPU queue saturation, exponential cost curves, and unmeasured carbon impact.

In this talk, we unveil ROCS-Loop, a practical architecture designed to close the four critical loops of enterprise AI:
•Reliability (Predictable latency, controlled queues, resilient routing)
•Observability (Full DAG tracing, prompt spans, vector metrics, GPU queue depth)
•Cost-Awareness (Token budgets, model tiering, cost attribution, spot/preemptible strategies)
•Sustainability (SCI metrics, carbon-aware routing, efficient hardware, eliminating unnecessary work)

KEY TAKEAWAYS
•Understand the four forces behind AI outages (latency, visibility, cost, carbon).
•Learn the ROCS-Loop framework for enterprise-grade AI reliability.
•Apply 19 practical patterns to reduce P99, prevent retry storms, and control GPU spend.
•Gain a clear view of vector store + agent observability and GPU queue metrics.
•Learn how ROCS-Loop maps to GCP, Azure, Databricks, FinOps & SCI.
•Leave with a 30-day action plan to stabilize your AI workloads.

AGENDA
1.The Quiet Outage: Why AI inference fails
2.X-Ray of the inference pipeline (RAG, agents, vector, GPUs)
3.Introducing the ROCS-Loop framework
4.19 patterns for Reliability, Observability, FinOps & GreenOps
5.Cross-cloud mapping (GCP, Azure, Databricks)
6.Hands-on: Diagnose an outage with ROCS
7.Your 30-day ROCS stabilization plan
8.Closing: Becoming a ROCS AI Architect

Claude Code Architecture: From Vibe Coding to Governed Engineering Systems

How architects can use Claude Code to accelerate delivery without losing control of design, quality, security, and maintainability

10:30 AM MDT

Claude Code is not just a coding assistant. Used casually, it can create fast prototypes. Used architecturally, it can become a powerful engineering accelerator for discovery, refactoring, test generation, documentation, architecture reviews, and modernization.

This talk teaches architects, tech leads, and senior developers how to use Claude Code as part of a governed software delivery system. We will explore how to structure repositories, write effective CLAUDE.md guidance, create architecture guardrails, generate tests, review AI-produced code, and use Claude Code without turning your codebase into an ungoverned “vibe coding” experiment.

The core message is simple: Claude Code should not replace architecture judgment. It should amplify it.

Anthropic’s own Claude documentation emphasizes prompting clarity, examples, structured guidance, and agentic workflows, which makes architecture-level instructions especially important when using Claude in engineering systems.

Learning Outcomes

Participants will learn how to:

  1. Use Claude Code as an architecture assistant, not just a code generator.
  2. Create a strong CLAUDE.md file for repo-specific engineering guidance.
  3. Apply architecture guardrails for SOLID, API design, testing, security, and maintainability.
  4. Use Claude Code for refactoring, modernization, test generation, and documentation.
  5. Review AI-generated code using architecture quality gates.
  6. Avoid common risks: over-generation, hidden coupling, insecure code, weak tests, and design drift.

Agenda

  1. Why Claude Code Changes Software Architecture
    From pair programmer to repo-aware engineering agent.
  2. Claude Code Is Not Your Architect
    What Claude can automate, and what humans must still decide.
  3. The Architecture Control File: CLAUDE.md
    Repo context, coding standards, architecture rules, test expectations, and anti-patterns.
  4. Architecture Katas with Claude Code
    Refactor a service, add tests, improve API boundaries, document architecture decisions.
  5. Quality Gates for AI-Generated Code
    SOLID, security, performance, observability, testability, and maintainability checks.
  6. Modernization and Refactoring Workflows
    Using Claude Code for legacy analysis, decomposition, migration planning, and safe incremental change.
  7. Security, Governance, and Team Adoption
    Permissions, secrets, prompt injection, review workflows, and responsible usage.
  8. Final Playbook
    How to introduce Claude Code into an engineering team without losing architecture discipline.

Your API Is Not Ready for AI (Yet): A Lifecycle Readiness Guide

How to audit, prioritize, and modernize APIs so LLMs agents can use them safely

1:00 PM MDT

PIs built for humans often fail when consumed by AI agents.
They rely on documentation instead of contracts, return unpredictable structures, and break silently when upgraded. Large Language Models (LLMs) and autonomous agents need something different: machine-discoverable, deterministic, idempotent, and lifecycle-managed APIs.
This session introduces a five-phase API readiness framework—from discovery to deprecation—so you can systematically evolve your APIs for safe, predictable AI consumption.
You’ll learn how to assess current APIs, prioritize the ones that matter, and apply modern readiness practices: function/tool calling, schema validation, idempotency, version sunset headers, and agent-aware monitoring.

Problems Solved

  • LLMs fail due to polymorphic or unpredictable API responses
  • Agents retry or loop because APIs aren’t idempotent
  • Ambiguous error messages block autonomous remediation
  • Silent breaking changes halt long-lived agent integrations
  • Lack of lifecycle management creates risk and rework

What “AI-Readiness” Means

  • Machine-Discoverable: APIs described in OpenAPI 3.1 + JSON Schema; self-describing operations and data types.
  • Deterministic: Same input → same output shape; no hidden conditional payloads.
  • Idempotent: Safe retries using Idempotency-Key or request signature patterns.
  • Guardrailed: Strict schema validation, quota enforcement, and prompt-injection defense.
  • Lifecycle Managed: Semantic versioning, Deprecation/Sunset headers, contract testing, and migration guides.

Common Failure Modes Today

  • Polymorphic responses that confuse function-calling agents.
  • Ambiguous errors without remediation guidance.
  • Non-idempotent endpoints causing duplicate orders or charges.
  • Hidden side effects undocumented or triggered by retries.
  • Breaking changes without warning → agents silently fail.

Agenda
Introduction: The Shift from Human → Machine Consumption
Why LLMs and agents fundamentally change API design expectations.
Examples of human-centric patterns that break agent workflows.
Pattern 1: Assessment & Readiness Scorecard
How to audit existing APIs for AI-readiness.
Scoring dimensions: discoverability, determinism, idempotency, guardrails, lifecycle maturity.
Sample scorecard matrix and benchmark scoring.
Pattern 2: Prioritization Strategy
How to choose where to start:

  • High traffic + high risk first (payments, claims, healthcare, orders)
  • Partner/customer-facing before internal
  • Regulated domains (HIPAA, PCI, SOX) before unregulated
  • Consolidate schema, security, and idempotency changes together
    Pattern 3: Five-Phase Readiness Roadmap
  • Discovery: Audit specs, tag agent traffic, document gaps.
  • Redesign: Harden schemas, fix errors, add idempotency keys and prompt-injection defenses.
  • Versioning: Adopt SemVer, support multiple versions, and emit Deprecation/Sunset headers.
  • Monitoring: Track agent vs human usage, retries, anomalies, cost attribution.
  • Deprecation: Communicate timelines, throttle old versions, enable fallback modes.
    Pattern 4: Security & Guardrails
Inject prompt-defense filters at the edge.
Schema validation and rate-limiting.
Automated regression testing against contract schemas to ensure safety.
    Pattern 5: Case Studies
  • Stripe Idempotency: Eliminating duplicate charges with the Idempotency-Key pattern.
  • Deprecation Done Right: APIs that use Sunset headers for graceful agent migration.
  • Agent Tool Example: Mapping operationId=ReserveInventory directly to an LLM tool schema.
    Wrap-Up & Discussion
Recap of framework and quick wins.
Using the Readiness Scorecard and KPI checklist to measure progress from human-centric APIs → agent-ready APIs.
Discussion on embedding readiness audits in CI/CD governance.

Key Framework References

  • OpenAPI 3.1 + JSON Schema: Machine-readable API contracts
  • FinOps + AI Cost Governance: Tagging and metering agent usage
  • OWASP LLM Top 10: Prompt-injection and misuse defenses
  • API Lifecycle Standards: RFC 8594 (Deprecation), RFC 9457 (Sunset Header)
  • ISO/IEC 38507: Governance implications for AI-integrated systems

Takeaways

  • API Readiness Scorecard to evaluate current maturity
  • 5-phase modernization roadmap: Discovery → Redesign → Versioning → Monitoring → Deprecation
  • Checklist + KPIs to align API modernization with AI readiness
  • Case patterns demonstrating resilient, agent-safe API evolution

Claude Certified Architect Readiness for Developers

Claude Code, MCP, Agent SDK, APIs, and Production AI Architecture

3:00 PM MDT

Certification-readiness talk with architecture scenarios, exam-domain mapping, practical examples, and production-design guidance.
Claude is no longer just a chatbot for writing answers. It is becoming part of how developers design, build, review, and automate software. Claude Code can help developers work across repositories, Claude Code GitHub Actions can respond to issues and pull requests, MCP can connect Claude to external tools and systems, and the Claude Agent SDK enables developers to build custom agentic workflows. This creates a new skill requirement for architects: knowing how to design Claude-powered systems that are safe, measurable, governable, and production-ready.
This talk provides a practical readiness roadmap for developers and architects preparing for Claude architecture work and Claude certification-style expectations. We will cover Claude platform fundamentals, Claude Code workflows, MCP/tool governance, Agent SDK patterns, API design, RAG, evals, observability, security, and enterprise deployment concerns. Participants will also work through certification-style scenarios that test architectural judgment, not memorization.

The goal is simple: do not just learn Claude. Learn how to architect with Claude.
Claude's certification should not be treated as a badge. It should be treated as proof that an architect can design safe, production-ready Claude-powered systems.
Main audience promise
By the end of the talk, participants will understand what they need to study, practice, and demonstrate to become Claude architecture-ready.
They will leave with:

  1. A Claude architecture domain map
  2. A certification-readiness roadmap
  3. A practical Claude Code workflow model
  4. An MCP/tool governance model
  5. Production architecture patterns for Claude-powered systems
  6. Scenario-style questions for self-assessment
  7. A 30-day preparation plan
    Primary focus
    This is not a generic Claude intro. It is a Claude architecture readiness talk.
    It should cover:
  8. Claude platform landscape
  9. Claude Code workflow
  10. Agent SDK
  11. MCP/tool use
  12. Claude API patterns
  13. Claude-powered RAG
  14. agentic workflows
  15. context management
  16. prompt and instruction design
  17. evals
  18. observability
  19. security
  20. data boundaries
  21. cost awareness
  22. deployment and governance
  23. certification-style scenarios

Scaling APIs for Millions of AI-Driven Calls

Resilience, cost control, and observability for bursty, autonomous traffic

5:00 PM MDT

AI agents are becoming a new class of API consumers. Unlike human users, agents can create bursty traffic, retry aggressively, call multiple tools in parallel, and accidentally amplify downstream failures. A single user request can become a large chain of API calls, model calls, vector searches, database lookups, and workflow events.

This talk explains how to design APIs for this new reality.

We will cover agent-aware rate limiting, budget-aware throttling, backpressure, load shedding, idempotency, deduplication, deterministic caching, async workflows, event-driven APIs, tail-latency SLOs, and cost observability.

Participants will learn how to tag and trace agent traffic, control runaway tool calls, prevent retry amplification, design graceful degradation, and build runbooks for cache storms, retry storms, dependency brownouts, and cost spikes.

The core message:

APIs exposed to AI agents must be contract-safe, retry-safe, cost-aware, observable, and degradation-ready.

Classic API scaling assumed relatively predictable traffic.

AI-driven API traffic is different because:

  • One prompt can create many downstream API calls.
  • Agents can retry, loop, and fan out.
  • Tool-calling creates bursty and non-human traffic patterns.
  • Cost grows with requests, retries, context size, model calls, and downstream work.
  • Failures can amplify quickly across gateways, SDKs, queues, databases, and model APIs.

Agenda

  1. Why AI Changes API Scaling
    Human traffic versus agent traffic, tool chains, fan-out, retries, and burst patterns.
  2. New Failure Modes
    Retry storms, cache-miss storms, malformed tool calls, version drift, DB saturation, and cost spikes.
  3. Traffic Control for AI Agents
    Agent-aware rate limits, per-tenant budgets, per-tool quotas, fair queuing, and adaptive backpressure.
  4. Resilience Patterns
    Idempotency keys, deduplication, bounded retries, circuit breakers, bulkheads, timeouts, and load shedding.
  5. Caching for AI Workloads
    Deterministic-result caching, semantic-aware caching, stale-while-revalidate, negative caching, and cache warming.
  6. Async and Event-Driven APIs
    Queue-first design, workflows, webhooks, streaming responses, outbox patterns, and dead-letter handling.
  7. Observability and Cost Governance
    Chain IDs, tool IDs, agent IDs, tail-latency SLOs, per-agent cost attribution, anomaly detection, and loop detection.
  8. Runbooks and Readiness
    Playbooks for retry storms, cache storms, provider brownouts, cost spikes, and safe degradation.

Enterprise Architecture 4.0: The AI-Driven Future Preview

ARCHAI Blueprint for architecting and designing the Intelligent Enterprise with Generative AI, Agents, and Next-Gen Technologies

1:30 PM MDT

AI, agentic workflows, digital twins, edge intelligence, spatial computing, and blockchain trust are converging to reshape how enterprises operate.
This session introduces Enterprise Architecture 4.0—a practical, future-ready approach where architectures become intelligent, adaptive, and continuously learning.

You’ll explore the EA 4.0 Tech Radar, understand the six major waves of disruption, and learn the ARCHAI Blueprint—a structured framework for designing AI-native, agent-ready, and trust-centered systems.
Leave with a clear set of patterns and a 12-month roadmap for preparing your enterprise for the next era of intelligent operations.


KEY TAKEAWAYS
•Understand the EA 4.0 shift toward intelligent, agent-driven architecture
•Learn the top technology trends: AI, agents, edge, twins, spatial, blockchain, and machine customers
•See how the ARCHAI Blueprint structures AI-first design and governance
•Get practical patterns for agent safety, digital twins, trust, and ecosystem readiness
•Leave with a concise 12-month roadmap for implementing EA 4.0


AGENDA

– The Speed of Change
Why traditional enterprise architecture cannot support AI-native, agent-driven systems.

– The EA 4.0 Tech Radar
A 3–5 year outlook across:
•Agentic AI
•Edge intelligence
•Digital twins
•Spatial computing
•Trusted automation (blockchain)
•Machine customers

– The Six Waves of Transformation
Short deep dives into each wave with real enterprise use cases.

– The ARCHAI Blueprint
A clear architectural framework for AI-first enterprises:
•Attention & Intent Modeling
•Retrieval & Knowledge Fabric
•Capability & Context Models
•Human + Agent Co-working Patterns
•Action Guardrails & Safety
•Integration & Intelligence Architecture

This gives architects a single, unified design methodology across all emerging technologies.

– The Architect’s Playbook
Practical patterns for:
•Intelligence fabrics
•Agent-safe APIs
•Digital twin integration
•Trust & decentralized identity
•Ecosystem-ready design

– Operationalizing EA 4.0
How architecture teams evolve:
•New EA roles
•Continuous planning
•Agent governance
•EA dashboards
•The 12-month adoption roadmap

Architecting Microservices for Agentic AI Integration

Designing Safe, Reliable, and Scalable Systems for Autonomous LLM Agents

3:15 PM MDT

Autonomous LLM agents don’t just call APIs — they plan, retry, chain, and orchestrate across multiple services.
That fundamentally changes how we architect microservices, define boundaries, and operate distributed systems.
This session delivers a practical architecture playbook for Agentic AI integration — showing how to evolve from simple request/response designs to resilient, event-driven systems.
You’ll learn how to handle retry storms, contain failures with circuit breakers and bulkheads, implement sagas and outbox patterns for correctness, and version APIs safely for long-lived agents.
You’ll leave with reference patterns, guardrails, and operational KPIs to integrate agents confidently—without breaking production systems.

Problems Solved

  • Microservices collapse under agent retries or fan-out behavior
  • Lack of event logs or compensations breaks agent re-planning
  • Failures cascade due to missing bulkheads or circuit breakers
  • Non-deterministic APIs cause unpredictable agent actions
  • Ops teams can’t separate or monitor agent vs human traffic

Why Now

  • Agentic frameworks (Agentforce, LangGraph, CrewAI) are entering production.
  • Traditional microservices assume human or synchronous clients — not autonomous retriers.
  • Reliability, determinism, and observability must now be built into API contracts.
  • Agent traffic adds new stress patterns and compliance visibility requirements.

What Is Agentic AI in Microservices

  • Agents plan, retry, and chain service calls — requiring deterministic, idempotent APIs.
  • Services must be tool-callable (stable operationId, strict input/output schemas).
  • Systems must survive retry storms, fan-out, and long-lived sessions.

Agenda
Opening: The Shift to Agent-Driven Systems
How autonomous agents change microservice assumptions.
Why request/response architectures fail when faced with planning, chaining, and self-healing agents.

Pattern 1: Event-Driven Flows
Use events, queues, and replay-safe designs to decouple agents from synchronous APIs.
Patterns: pub/sub, event sourcing, and replay-idempotency.

Pattern 2: Saga and Outbox Patterns
Manage long workflows with compensations.
Ensure atomicity and reliability between DB and event bus.
Outbox → reliable publish; Saga → rollback on failure.

Pattern 3: Circuit Breakers and Bulkheads
Contain agent-triggered failure storms.
Apply timeout, retry, and fallback policies per domain.
Prevent blast-radius amplification across services.

Pattern 4: Service Boundary Design
Shape services around tasks and domains — not low-level entities.
Example: ReserveInventory, ScheduleAppointment, SubmitClaim.
Responses must return reason codes + next actions for agent clarity.
Avoid polymorphic or shape-shifting payloads.

Pattern 5: Integrating Agent Frameworks
Connect LLM frameworks (Agentforce, LangGraph) safely to services.
Use operationId as the agent tool name; enforce strict schemas.
Supervisor/planner checks between steps.
Asynchronous jobs: job IDs, progress endpoints, webhooks.

Pattern 6: Infrastructure and Operations

  • Observability: Tag agent runs (x-agent-run-id), trace retries, success/failure.
  • Versioning: Use SemVer, deprecation headers, and multi-version gateways.
  • Resilience: Autoscale on retry rate, degrade gracefully, and run failover drills.

Wrap-Up: KPIs and Guardrails for Production
Key metrics: retry rate, success ratio, agent throughput, event replay lag.
Lifecycle governance: monitoring, versioning, deprecation, and sunset plans.

Key Framework References

  • Salesforce Agentforce – agentic orchestration and guardrail templates
  • LangGraph / CrewAI – multi-agent planning and coordination patterns
  • Cloud Native Patterns: Saga, Outbox, Circuit Breaker, Bulkhead, Event-Driven Architecture
  • OpenTelemetry + Prometheus: Observability for agent vs human traffic
  • OWASP LLM Top-10: Guardrails for safe function calling and data handling

Takeaways

  • Blueprint for agent-friendly microservices architecture
  • Patterns for event-driven, saga, and outbox consistency
  • Guardrails: circuit breakers, bulkheads, least privilege APIs
  • Framework integration checklist (Agentforce, LangGraph, etc.)
  • Ops playbook for observability, versioning, and resilience
  • KPIs to measure readiness: retry rate, grounding accuracy, and agent success ratio

Securing LLMs: DevSecOps in the Age of AI

Proactive Defense Strategies for AI-Native Apps

5:00 PM MDT

As enterprises rush to embed large language models (LLMs) into apps and platforms, a new AI-specific attack surface has emerged. Prompt injections, model hijacking, vector database poisoning, and jailbreak exploits aren’t covered by traditional DevSecOps playbooks.

This full-day, hands-on workshop gives architects, platform engineers, and security leaders the blueprint to secure AI-powered applications end-to-end. You’ll master the OWASP LLM Top 10, integrate AI-specific controls into CI/CD pipelines, and run live red-team vs blue-team exercises to build real defensive muscle.

Bottom line: if your job involves deploying, securing, or governing AI systems, this workshop shows you how to do it safely—before attackers do it for you.

What You’ll Learn

  • Where LLM vulnerabilities arise—and how attackers exploit them
  • How to apply the OWASP LLM Top 10 to enterprise pipelines
  • Building AI-specific guardrails: input sanitization, output filters, role controls
  • Embedding AI-aware scans and tests into GitHub/GitLab CI/CD workflows
  • Securing RAG systems, vector databases, and multi-agent environments
  • Red-team tactics (prompt injection, vector poisoning) and defensive countermeasures
  • Metrics and frameworks to prove AI security posture to executives and regulators

Who Should Attend

  • Software Architects designing AI-powered systems
  • Platform Engineers & DevSecOps Leads embedding LLMs into pipelines
  • Security Engineers assessing AI attack surfaces
  • CTOs, CISOs & Product Owners accountable for safety, trust, and compliance

Takeaways

  • OWASP LLM Top 10 → Mitigation Playbooks
  • Templates with AI-aware guardrails
  • Risk scoring model for AI attack surfaces
  • Red-/Blue-team lab scripts to rerun in your org
  • Executive briefing deck to align security with compliance & business impact

Agenda

Module 1 – The New AI Attack Surface

  • Anatomy of an LLM-powered app (prompts, RAG, embeddings, agents)
  • Why traditional DevSecOps misses AI-native risks
  • Mapping AI threats to enterprise trust boundaries

Module 2 – OWASP LLM Top 10 Deep Dive

  • Prompt injection & jailbreak exploits
  • Training data leakage & poisoning
  • Excessive agency in autonomous agents
  • Vector database & plugin/toolchain exploits
  • Model theft, shadow prompting, and output handling flaws

Module 3 – DevSecOps Patterns for LLMs

  • Designing input/output filters and schema validation
  • Prompt fuzzing, red teaming, and adversarial testing
  • Embedding AI guardrails into GitHub/GitLab CI/CD workflows
  • AI firewalls, inference governance, and runtime monitoring

Module 4 – Real-World Threat Simulations

  • Live prompt injection on an AI agent
  • Poisoning a vector database to manipulate RAG retrieval
  • Detection strategies for abnormal prompts and outputs
  • Hands-on ethical hacking tools for LLMs

Module 5 – Business Impact & Mitigation Framework

  • Risk scoring and prioritization for AI systems
  • Aligning AI security with KPIs: trust, uptime, compliance, brand protection
  • NIST AI RMF, ISO/IEC 42001, and EU AI Act readiness
  • Delivering an executive-ready AI security scorecard

Agentic, Assistive & Predictive AI Design Patterns

Designing Enterprise-Grade Agents with Integrations & Governance

8:30 AM MDT

Building AI isn’t just about prompting or plugging into an API — it’s about architecture. This workshop translates Salesforce’s Enterprise Agentic Architecture blueprint into practical design patterns for real-world builders.

You’ll explore how Predictive, Assistive, and Agentic patterns map to Salesforce’s Agentforce maturity model, combining orchestration, context, and trust into cohesive systems. Through hands-on modules, participants design a Smart Checkout Helper using Agentforce, Data Cloud, MCP, and RAG—complete with observability, governance, and ROI mapping.

Key Takeaways

  • Agentic Architecture Foundations: Understand multi-agent design principles — decomposition, decoupling, modularity, and resilience.

  • Pattern Literacy- Apply patterns: Orchestrator, Domain SME, Interrogator, Prioritizer, Data Steward, and Listener.

  • Predictive–Assistive–Agentic Continuum: Align AI maturity with business intent — from prediction and guidance to autonomous execution.

  • RAG Grounding & Context Fabric: Integrate trusted enterprise data via Data Cloud and MCP for fact-based reasoning.

  • Multi-Agent Orchestration: Implement Orchestrator + Worker topologies using A2A protocol, Pub/Sub, Blackboard, and Capability Router.

Governance & Trust: Embed privacy, bias mitigation, observability, and audit trails — design for CIO confidence.

Business Alignment: Use the Jobs-to-Be-Done and Agentic Map templates to connect AI outcomes with ROI.

Agenda
Module 1 – Enterprise Agentic Foundations

    • Why multi-agent architecture > monolithic AI.
    • Core principles: decomposition, decoupling, specialization, modularity.
    • Explore: Agentforce subsystems, Atlas Reasoning Engine, MCP, and A2A protocol.
    • Build: “Hello Agentforce” → Orchestrator + Worker Agent handshake.

Module 2 – The Big 3 Patterns: Predictive, Assistive, Agentic

    • Understand foresight → guidance → autonomy.
    • Map Salesforce maturity levels (1–4) to each pattern.
    • Build: Cart abandonment handled via Predictive, Assistive, and Agentic variants.

Module 3 – Predictive AI → Foresight in Systems

    • Forecast churn, fraud, demand with Data Cloud + Einstein GPT.
    • Pattern Fusion: Prioritizer + Generator + Predictive flow.
    • Build: Predictive scoring embedded in checkout journey.

Module 4 – Assistive AI → Guiding Humans

    • UX patterns: nudges, cards, contextual insights.
    • Listener/Feed Pattern for real-time context surfacing.
    • Build: Service Agent + Promotion Recommender (Next Best Action).

Module 5 – Agentic AI → Autonomy in Action

    • Orchestrator Pattern as Agentic Front Door.
    • Domain SME Pattern for Inventory or Orders.
    • Interrogator for context assembly and reasoning.
    • Build: Refund Agent with human-in-loop fallback and A2A coordination.

Module 6 – Agentic Map & Jobs-to-Be-Done Framework

    • Learn the Agentic Map Template (User, Agent, Context, Source layers).
    • Use JTBD to align patterns with business goals.
    • Exercise: Map Acquire → Convert → Fulfill → Support journeys to AI patterns.

Module 7 – RAG & Context Fabric

    • Why hallucinations occur and how RAG fixes them.
    • Combine vector DB + retriever + Agentforce knowledge actions.
    • Build: Checkout FAQ bot (returns, policies, catalog) with citations.

Module 8 – Multi-Agent Orchestration with MCP

    • Orchestrator/Supervisor → Worker → Capability Router flow.
    • Pub/Sub for events, Blackboard for shared memory.
    • Build: Checkout Agent → Inventory Agent → Pricing Agent → Orchestrator.

Module 9 – Governance & Guardrails

    • Identity & Access, Privacy, Bias Checks, Observability.
    • Patterns: Data Steward + Zen Data Gardener for trusted data ops.
    • Build: Add governance and logging to prototype via MCP telemetry.

Module 10 – From Prototype to Production

    • End-to-end demo of Smart Checkout Helper.
    • Agentic Pattern Matrix + Governance Checklist + ROI Storytelling.
    • Next steps for scaling Agentforce in your enterprise.

What You’ll Leave With

    • Working Smart Checkout Helper (Agentforce + MCP + RAG).
    • Decision Framework: Predictive vs Assistive vs Agentic.
    • Governance Checklist for trust & auditability.
    • Multi-Agent Playbook (Orchestrator, Supervisor, Capability Router).
    • Agentic Map Toolkit linking JTBD → AI → ROI.

Agentic, Assistive & Predictive AI Design Patterns

Designing Enterprise-Grade Agents with Integrations & Governance

10:30 AM MDT

Building AI isn’t just about prompting or plugging into an API — it’s about architecture. This workshop translates Salesforce’s Enterprise Agentic Architecture blueprint into practical design patterns for real-world builders.

You’ll explore how Predictive, Assistive, and Agentic patterns map to Salesforce’s Agentforce maturity model, combining orchestration, context, and trust into cohesive systems. Through hands-on modules, participants design a Smart Checkout Helper using Agentforce, Data Cloud, MCP, and RAG—complete with observability, governance, and ROI mapping.

Key Takeaways

  • Agentic Architecture Foundations: Understand multi-agent design principles — decomposition, decoupling, modularity, and resilience.

  • Pattern Literacy- Apply patterns: Orchestrator, Domain SME, Interrogator, Prioritizer, Data Steward, and Listener.

  • Predictive–Assistive–Agentic Continuum: Align AI maturity with business intent — from prediction and guidance to autonomous execution.

  • RAG Grounding & Context Fabric: Integrate trusted enterprise data via Data Cloud and MCP for fact-based reasoning.

  • Multi-Agent Orchestration: Implement Orchestrator + Worker topologies using A2A protocol, Pub/Sub, Blackboard, and Capability Router.

Governance & Trust: Embed privacy, bias mitigation, observability, and audit trails — design for CIO confidence.

Business Alignment: Use the Jobs-to-Be-Done and Agentic Map templates to connect AI outcomes with ROI.

Agenda
Module 1 – Enterprise Agentic Foundations

    • Why multi-agent architecture > monolithic AI.
    • Core principles: decomposition, decoupling, specialization, modularity.
    • Explore: Agentforce subsystems, Atlas Reasoning Engine, MCP, and A2A protocol.
    • Build: “Hello Agentforce” → Orchestrator + Worker Agent handshake.

Module 2 – The Big 3 Patterns: Predictive, Assistive, Agentic

    • Understand foresight → guidance → autonomy.
    • Map Salesforce maturity levels (1–4) to each pattern.
    • Build: Cart abandonment handled via Predictive, Assistive, and Agentic variants.

Module 3 – Predictive AI → Foresight in Systems

    • Forecast churn, fraud, demand with Data Cloud + Einstein GPT.
    • Pattern Fusion: Prioritizer + Generator + Predictive flow.
    • Build: Predictive scoring embedded in checkout journey.

Module 4 – Assistive AI → Guiding Humans

    • UX patterns: nudges, cards, contextual insights.
    • Listener/Feed Pattern for real-time context surfacing.
    • Build: Service Agent + Promotion Recommender (Next Best Action).

Module 5 – Agentic AI → Autonomy in Action

    • Orchestrator Pattern as Agentic Front Door.
    • Domain SME Pattern for Inventory or Orders.
    • Interrogator for context assembly and reasoning.
    • Build: Refund Agent with human-in-loop fallback and A2A coordination.

Module 6 – Agentic Map & Jobs-to-Be-Done Framework

    • Learn the Agentic Map Template (User, Agent, Context, Source layers).
    • Use JTBD to align patterns with business goals.
    • Exercise: Map Acquire → Convert → Fulfill → Support journeys to AI patterns.

Module 7 – RAG & Context Fabric

    • Why hallucinations occur and how RAG fixes them.
    • Combine vector DB + retriever + Agentforce knowledge actions.
    • Build: Checkout FAQ bot (returns, policies, catalog) with citations.

Module 8 – Multi-Agent Orchestration with MCP

    • Orchestrator/Supervisor → Worker → Capability Router flow.
    • Pub/Sub for events, Blackboard for shared memory.
    • Build: Checkout Agent → Inventory Agent → Pricing Agent → Orchestrator.

Module 9 – Governance & Guardrails

    • Identity & Access, Privacy, Bias Checks, Observability.
    • Patterns: Data Steward + Zen Data Gardener for trusted data ops.
    • Build: Add governance and logging to prototype via MCP telemetry.

Module 10 – From Prototype to Production

    • End-to-end demo of Smart Checkout Helper.
    • Agentic Pattern Matrix + Governance Checklist + ROI Storytelling.
    • Next steps for scaling Agentforce in your enterprise.

What You’ll Leave With

    • Working Smart Checkout Helper (Agentforce + MCP + RAG).
    • Decision Framework: Predictive vs Assistive vs Agentic.
    • Governance Checklist for trust & auditability.
    • Multi-Agent Playbook (Orchestrator, Supervisor, Capability Router).
    • Agentic Map Toolkit linking JTBD → AI → ROI.