Devoxx France 2026: AI everywhere, but with nuance

Article · 16 min read
#AI Agents #Generative AI #LLM #DevOps #Conference
🇫🇷 This article is also available in Français

3 days in Paris, and almost no doubt about the subject that swallowed the event. 70 exhibitors, 280 presentations, 330 speakers, nearly 4,600 visitors per day. The rooms were full, the hallways were louder than usual, and the same phrase kept coming back at the Palais des Congrès: artificial intelligence. Not as a slogan pasted onto the event. As the fixed point around everything else.

The theme was right there in plain sight: Happy IA. Not subtle, but impossible to miss. In practice, though, it came through mostly in the conference’s visual and sonic packaging rather than in the talks themselves. On screens, across booth designs, and in the overall atmosphere, AI was framed as cheerful and familiar: friendly robots drawn with recognizably human attitudes, awkward, shy, gentle, almost warm. The whole aesthetic pushed in that direction, soft and reassuring, with no obvious sense of threat. What made this edition interesting was the gap between that staging and the actual substance. Behind the mascots and upbeat mood, the talks were mostly about guardrails, security, energy, and very concrete limits.

Day 1 — Philosophy before technology

Day 1 keynote — AI through the lens of research: 20 years of perspective

The first keynote opened with Laurence Devillers, professor of artificial intelligence at Sorbonne-Université and CNRS researcher at LISN, and the tone was clear within minutes. No flashy future-of-everything routine. No demo built to wake up the room. She started with Pascal instead: “Act with reason in the face of uncertainty.” Good place to start.

Her framing was simple and useful: AI is neither angel nor demon. It is a powerful tool, but still a tool. It feels nothing, understands nothing, and it is not neutral. A vision model sees pixels, not a face. That point sounds obvious until you remember how often the industry talks about “intelligence” as if the argument were already settled. It isn’t.

This was not a techno-optimist plea. It was a reminder to get serious. Yes, AI can help diagnose better, anticipate better, and assist with decisions. But only if we stop pretending it has properties it does not have. In an industry that talks about “intelligence” all day long, hearing someone put the machine back in its actual box was refreshing.

She ended with a line that landed harder than the usual conference closer: you are AI ambassadors. Developers do not get to build these systems and then pretend the public narrative is somebody else’s problem. What we ship matters. How we explain it matters too.

The second half featured Laurent Fressinet, international chess grandmaster and member of the French national team. He has lost to AI, of course. Not because machines discovered some mystical truth of chess, but because chess is a closed and perfectly formalized environment. In that setting, consistency and raw compute eventually crush human variation.

The interesting part was everything after that. AI has changed preparation, strategy, even the aesthetics of the game. Top players use it to explore lines they would never have checked on their own, test counter-intuitive moves, and revisit long-held instincts. AI did not kill chess. It changed what high-level chess work looks like.

By the end, one question was hanging over the room: if even chess, that cold and formal game, gets reshaped by human-machine collaboration, what happens everywhere else? The rest of day 1 answered that in much more practical ways.

Deezer — 70,000 AI-generated songs rejected every day

With Deezer, the scale changed immediately. And honestly, this was my favorite talk of the day. Not because there was some deep technical stack to unpack. There really was not. What stayed with me was something else: seeing an AI tool put music creation within reach of people who do not have a studio, formal training, or real production skills. 70,000 AI-generated tracks are rejected every day on the platform. The bottleneck is no longer the model itself. It is everything that comes after: rights management, licensing, ownership, moderation. Tools like Suno make the production of a polished song almost absurdly easy. One prompt, two clicks, and you already have something that sounds finished enough to publish. Platforms inherit that mess at industrial scale.

The most unsettling part comes once you actually listen. It is now getting close to impossible, at a human level, to tell an AI-generated track from a human-made one. The clearest examples were concrete ones: tracks like the afro version of “Papaoutai” or releases attributed to Sienna Rose are fully AI-generated. Most people never noticed. Worse for the industry, they loved them, shared them, and turned them into hits.

At that point the question is no longer whether the output sounds good. It is not even really about perceived quality anymore. It is about legal boundaries, the value we still attach to artistic creation, and a line the music industry still has not decided how to draw. If a convincing song can come out of a prompt in seconds, what exactly are we valuing now? The final result? The labor behind it? The intention? A singular voice? Probably the least technical talk of the day. Maybe also one of the most unsettling.

Docker — Sandboxes for AI Agents

The day then closed on almost the opposite kind of talk. Docker introduced Docker Sandboxes (sbx), a way to run AI agents inside isolated microVMs. Each sandbox gets its own Docker daemon, filesystem, and network stack. Isolation is the point, and Docker is taking it seriously.

The capabilities are real: secret management, network policies, traffic inspection, a control plane, plus Docker-in-Docker when you want to go all the way. On paper, it looks like the right environment for agents that should not get anywhere near the host.

Still, one doubt stayed with me after the session. This is yet another layer in a stack that was already pretty good at accumulating layers. Docker Sandboxes feels like a product wrapped around another product, with its own CLI, its own account model, its own logs, all to run an agent in a container that then runs more containers. Technically coherent, sure. For day-to-day AI IDE usage, though, it still feels early.

Where it already makes immediate sense is CI. Spin up an ephemeral sandbox, let the agent do the work, collect the output, tear everything down. Isolated, traceable, reproducible. That part is easy to buy. The rest can wait a bit.

Note

Official documentation: docs.docker.com/ai/sandboxes — Getting started workshop: github.com/dockersamples/sbx-quickstart

Day 2 — Pragmatism and guardrails

Day 2 keynote — AI is built in the field

The second keynote paired Nicolas Grenié, Developer Advocate at Typeform, with Marjory Canonne, founder of Spinalia and former creator of an AI Datalab at the French National Gendarmerie. Very different backgrounds. Very different ways of talking about AI. That contrast worked.

Nicolas Grenié argued for vibe coding without much defensiveness. AI as assistant, not replacement. Describe what you want, iterate fast, test fast, and see if the idea holds. What used to take weeks can now take hours. His enthusiasm was real, but not completely naïve. The healthy subtext was still there: a prototype that appears quickly is not the same thing as a product that survives contact with reality.

In other words, an LLM-generated PoC still needs a human to carry it into the next phase. AI is good at rough drafts, exploration, and fast loops. It does not remove the engineering work that follows. That is where vibe coding becomes useful instead of annoying as a slogan.

Marjory Canonne then made the counterpoint almost perfectly. Her talk was direct, structured, and completely uninterested in conference mythology. There is no magic AI solution. Scaling problems remain scaling problems. Security problems remain security problems. And when organizations fail to support adoption properly, the tool still loses, no matter how good it looks in a demo.

I did have the feeling, at times, that she stopped just short of taking the argument all the way to its conclusion. Maybe that was deliberate. Still, the takeaway felt pretty clear: without support and without preparation, a technology will not be adopted in any durable way, whatever that technology is. Not AI. Not anything else. A tool can look excellent on paper, but if teams are not prepared for it, and if practices do not change with it, the tool stays outside the real work.

Her examples from the Gendarmerie pointed back to exactly that. Systems only stick when they are built with the business teams from the start, especially in environments where failure has a real cost. Not innovation theater. Actual operational integration.

There was no real contradiction between them. Just two moments of the same job: first the burst of momentum, then the grind.

Google — Multi-agent systems: beyond hello world

Google opened with a line I appreciated immediately: “Enough with the AI agent intros, let’s move.” Good. No long warm-up, no definitions for the twentieth time. Straight into architecture.

The core issue came first: agents are non-deterministic. Same input, different output. Replay the exact same setup and you can still get something else. That is not a bug to iron out. It is part of the material. And once you ship systems like that, variability becomes an engineering problem. That is where GOAP (Goal-Oriented Action Planning) earns its keep: you stop letting the agent improvise everything and you force a plan toward a goal. Less freedom, more structure. In production, that trade usually makes sense. (Read more about GOAP)

From there, the talk walked through the building blocks: sequential flows, parallel flows, loops, reflection loops, critic/reviewer pairs. None of these ideas are magical in isolation. Combined well, they start to look like robust patterns instead of toy demos.

Then came the more painful and therefore more useful questions. Which routing pattern fits which situation? How do you coordinate several agents without letting them drift apart? And where do MCP and A2A fit once agents stop being local tricks and start behaving like distributed systems? That was the part that made the talk worth the trip.

Dense session. Not especially beginner-friendly. That felt right.

Snyk — Prompt injection: live demo

Snyk’s talk focused on prompt injection attacks in AI and LLM applications. On paper, that sounded important but familiar. In the room, it was harder to keep a comfortable distance.

The live demos stacked one ugly case after another: bypassed system instructions, data exfiltration through context, agents nudged into actions they were never supposed to take. The overall message was hard to ignore. We are still very far from being able to call most LLM applications secure with a straight face.

Snyk showed the expected countermeasures: JSON Schema for constrained outputs, guardrails on inputs and outputs. Yes, you need those. But after watching the breadth of the attack surface, it was hard to believe that a couple of well-placed safeguards would be enough. The talk did one thing very well: it made the risk feel concrete.

Moody’s — GenAI application security: from demo to production

Where Snyk showed the attack surface, Moody’s focused on defense. Not as a silver bullet. As layered protection.

Defensive architecture, observability, protection against prompt injection and data leakage, automated security testing: the message was straightforward and still worth repeating. A serious GenAI application does not protect itself in one place. It protects itself at the input, the output, the model layer, the orchestration layer, and the monitoring layer.

Through the lens of the OWASP Top 10 for LLMs, tools presented:

  • GuardrailsAI (guardrailsai.com) — open source framework for validating and constraining LLM outputs
  • Nemo Guardrails (NVIDIA) — for conversational workflows
  • Llama (Meta) — as the open source reference model for local testing

You still recognize the usual families of problems from web security (injection, broken auth, excessive agency), but the attack paths do not line up cleanly with the tools teams already know. The OWASP Top 10 for LLMs is a solid baseline. It does not make the work any smaller.

Regional Digital Council — Citizen AI and open protocols

The day ended not with a single talk, but with two short sessions that were more institutional than the rest of the schedule. I expected something polite and forgettable. That is not what we got.

The first one focused on cafeia.org, a simple idea and a good one: give people enough structure to organize AI conversations outside the usual tech bubble, whether that is in a bar, a school, a company, or somewhere else entirely.

The second one focused on agent-to-agent, with a presentation of Google’s protocol, now open source, for agents talking to each other. It connected nicely with the morning session on multi-agent systems and made A2A feel less abstract.

Useful reminder: AI does not only matter in rooms full of developers who already agree on the premises.

Day 3 — Reality checks in

Day 3 keynote — Philosophy, energy, and uncomfortable questions

Day 3 opened with the least comfortable keynote of the event. No product launch energy. No sponsor-friendly optimism. Just two researchers talking about subjects that many conferences would rather keep offstage.

Jean-Gabriel Ganascia, professor emeritus of computer science at Sorbonne Université, opened with the idea of a right to laziness. Presented that way, it could have sounded like an old slogan dressed up for an AI conference. I heard it more as a challenge aimed at us, the developers. Push the idea to its limit and it gets uncomfortable fast: the less we do ourselves, the more room we make for technology to seep into everything; the more capable it gets, the easier it becomes for it to replace us. Permanent vacation sounds great in theory. It sounds different once you ask what is left for humans to do, decide, and pass on.

From there he moved through a set of futures that can sound either liberating or disturbing depending on your mood: lighter lives through automation, the possible end of some diseases, maybe even forms of persistence beyond the biological body. Say it out loud and the room shifts a little. That was where the keynote started to bite. A society with less work is not automatically a happier one. When some of the most ordinary problems of our time are already back pain, mental exhaustion, and depression, you can feel that the issue is not just about working less. Handing more over to machines does not solve the question of meaning. At best, it moves it. At worst, it deepens it.

The ending did not try to comfort anyone. If engineers stay out of that conversation, other actors will shape it for them, and not necessarily in the public interest. The layoffs already happening at Oracle and Meta make the point more clearly than any abstract theory could.

Loup Cellard, CNRS postdoctoral researcher at the Observatory on the Environmental Impact of AI, followed on more concrete ground: energy.

The topic mattered. The presentation itself, though, felt confused to me. He raised good questions — about sovereignty, energy trade-offs, and the role of foreign capital — without really carrying them through to answers. Even the comparison he announced between Bordeaux and Marseille stayed mostly at the level of announcement. You could see where he was trying to go. The problem was that the audience had to do too much of the final reasoning on its own.

In 2025, the AI Action Summit attracted large amounts of foreign capital into compute infrastructure. The French energy regulator identified sixty “turnkey” sites to simplify datacenter power supply. That sounds bureaucratic until you look at the implications. Electricity pre-reservations are becoming large enough to compete with other critical sectors, including industry and healthcare.

The questions he raised were the right ones. Are those foreign investments really compatible with the sovereignty story being told around AI? And how does France avoid becoming a “servant territory”, useful for hosting infrastructure but with too little say over the consequences? But that was also the frustration: by raising those questions without really resolving them, the message started to blur. Is the current datacenter push a good direction? A bad one? An awkward compromise? Why? Compared with what successful examples or failed ones? That was the point where I wanted the talk to go further.

It also needs to be said plainly: this keynote did not try to cover the full environmental footprint of AI, including hardware manufacturing, water, mining, or end-of-life costs. The focus was narrower: electricity, territorial planning, and industrial trade-offs. Fine. But the ambiguity did not come only from that deliberately narrow scope. It also came from the fact that several questions stayed open all the way through, without real answers.

Attention

The message wasn’t “stop using AI” — it was “understand the real cost.” A calculation few teams make when deciding to call an LLM for every user request.

AWS + Google — AI Embedded in the Browser

The conference closed with an announcement that answered, at least in part, the concerns raised earlier that morning. AWS and Google jointly presented local LLMs running directly inside Chrome and Edge. On Chrome’s side, that now maps to the Built-in AI stack, with local execution and no network round trip.

The upside is obvious: lower latency, better privacy. For tasks like page summarization, writing assistance, or local extraction, an embedded model is often more than enough. It is not a full answer to the energy questions from the keynote. It is at least a credible partial answer.

On the protocols side, two announcements that promise to reshape how agents interact with the web:

  • MCP Google Dev Tools — MCP (Model Context Protocol) integration into Google’s development tools via Chrome DevTools MCP
  • WebMCP — an MCP variant designed for agents embedded in websites, enabling an agent to understand and interact with a page’s context. See the Chrome overview and the W3C spec work

Takeaways

After three days, one thing felt clear: AI is slowly leaving the demo stage and entering engineering. The most useful talks were not the ones promising magic. They were the ones about reliability, security, cost, organization, and trade-offs.

There is still no recipe. On security, teams are stacking guardrails, JSON Schema, and best practices without knowing yet what will actually hold. On multi-agent systems, everyone is inventing discipline on the fly. On vibe coding, people are still trying to find the point where speed stops helping and starts creating debt.

The real credit Devoxx 2026 deserves is not that it showed what AI can do. It reminded the room what AI demands in return.

If an AI conference sends you home thinking more about power grids, layoffs, and industrial trade-offs than demos, it probably did its job.

Contributor

David Micheneau
Agentic AI Engineer
GitHub LinkedIn
← Back to articles