Loading…
GraphQLConf 2026 has ended
May 19 - 20 | In-Person Only
GraphQLConf 2026 website

The Sched app allows you to build your schedule but you must also be registered for GraphQLConf 2026 to participate in the sessions.

Please note: This schedule is automatically displayed in Pacific Daylight Time (UTC-7). To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
arrow_back View All Dates
Wednesday, May 20
 

10:15am PDT

Lightning Talk: GraphQLShield: CWE-Aware Defense in Depth for GraphQL APIs in Go - Ravi Sastry Kadali, Open Source Contributor
Wednesday May 20, 2026 10:15am - 10:25am PDT
Grand Ballroom II - IV
GraphQL APIs face a unique threat landscape: deeply nested queries cause resource exhaustion, introspection exposes entire schemas, and mutation variables carry injection payloads past traditional WAFs. Yet most Go-based GraphQL servers ship with zero security middleware between HTTP and resolver execution.

I introduce GraphQLShield, an open-source Go middleware bringing defense-in-depth to GraphQL APIs through three layers: (1) Static schema analysis detecting cyclic types, missing depth limits, and sensitive field exposure before deployment; (2) Runtime CWE-aware input sanitization catching SQL injection, XSS, command injection, path traversal, and NoSQL injection in GraphQL variables — bridging go-safeinput’s MITRE CWE Top 25 coverage to GraphQL; and (3) Resolver code auditing inspired by gosec and cryptoguard-go flagging insecure crypto, hardcoded secrets, and missing auth checks.

A quick demo shows GraphQLShield intercepting 7 attack vectors against a gqlgen API, from SQL injection in mutation variables to depth-based DoS, while legitimate requests pass cleanly. Attendees leave with a zero-dependency Go library covering 14 CWE vulnerability classes across static and runtime analysis.

Speakers
avatar for Ravi Sastry Kadali

Ravi Sastry Kadali

Go Ecosystem Contributor & Security Engineer, Open Source Contributor
Ravi Sastry Kadali is a security and systems engineer with over 20 years of experience building production infrastructure across defense, enterprise, and hyperscale consumer platforms — with Go as his tool of choice. He is a contributor to the Go project itself (golang/go), with... Read More →
graphqlshield RaviSastryKadali GraphQLConf 2026 pdf
Wednesday May 20, 2026 10:15am - 10:25am PDT
Grand Ballroom II - IV
  Security

10:15am PDT

When GraphQL Gets Expensive: Performance & Cost Patterns in Production Serverless Architectures - Harpreet Siddhu, AWS Community Builder & Shravanth Gowda Venkatesh, Independent Researcher
Wednesday May 20, 2026 10:15am - 10:40am PDT
Grand Ballroom I
GraphQL simplifies client development through flexible, expressive data queries. However, in serverless production environments, that flexibility can quietly increase latency and infrastructure cost.

In AWS-based architectures using Lambda, DynamoDB, Aurora Serverless, and distributed services, resolver design and query structure directly impact execution time, cold starts, and overall spend. Unlike REST, GraphQL shifts cost dynamics to query complexity and resolver fan-out, and often in ways teams don’t anticipate until production traffic scales.

This session examines common performance and cost anti-patterns in serverless GraphQL systems, including N+1 resolver cascades, unbounded query depth, over-fetching, and inefficient resolver fan-out. We’ll explore how these patterns affect Lambda duration, concurrency, and downstream data stores.

Attendees will learn practical mitigation strategies such as batching with DataLoader, caching and persisted queries, query complexity limits, schema guardrails, and observability techniques to detect bottlenecks early.
Speakers
avatar for Harpreet Siddhu

Harpreet Siddhu

Lead Software Engineer, AWS Community Builder
Harpreet Siddhu is a Lead Software Engineer and AWS Certified Solution Architect, Developer, and CloudOps engineer, AWS community Builder, and AWS road to re:Invent hackathon Champion and with over a decade of experience designing and modernizing cloud-native systems. He specializes... Read More →
avatar for Shravanth Venkatesh

Shravanth Venkatesh

AWS Solutions Architect, Independent Researcher
Shravanth is a AWS Certified Solutions Architect and Principal Software Engineer with 8+ years designing and scaling production systems on AWS. Leading teams shipping serverless healthcare platforms across AWS, he saw firsthand how GraphQL's flexibility quietly reshapes cost and performance... Read More →
graphql conf pdf
Wednesday May 20, 2026 10:15am - 10:40am PDT
Grand Ballroom I
  Performance
  • Audience Level Beginner
  • Presentation Slides Attached Yes

10:15am PDT

Screens on Shuffle: How Netflix Scales Server‑Driven, Ever‑Changing Pages - Sreekanth Ramakrishnan, Netflix
Wednesday May 20, 2026 10:15am - 10:40am PDT
Boardroom
How do you power a product where every page layout, module, and slice of content can change daily—across hundreds of millions of devices—without shipping a new client every time? In this talk, we’ll dive into how Netflix evolved its GraphQL APIs from traditional “data fetching” into a server‑driven UI platform, enabling rapid product innovation and page updates without requiring app releases across a massive device ecosystem. We’ll walk through the architecture that lets servers describe dynamic page structure and behavior, how those contracts scale across many product surfaces and experiments, and the performance and reliability lessons we learned operating this at Netflix scale. When we built this system, we found almost no public examples of similar patterns, so this session is intentionally practical: we’ll share concrete schema patterns, client rendering strategies, and tips you can apply to your own feeds, homepages, and highly dynamic experiences—whether you’re working at Netflix scale or just starting to stretch GraphQL beyond CRUD.
Speakers
avatar for Sreekanth Ramakrishnan

Sreekanth Ramakrishnan

Senior Software Engineer, Netflix
Sreekanth Ramakrishnan is a Senior Software Engineer on the Member API team at Netflix, where he works on systems that power dynamic, real-time experiences in Netflix pages across devices worldwide. He focuses on GraphQL, distributed systems, and server-driven UI architecture. Prior... Read More →
Screens on Shuffle pdf
Wednesday May 20, 2026 10:15am - 10:40am PDT
Boardroom
  Schema Design + Evolution + Governance
  • Audience Level Any
  • Presentation Slides Attached Yes

10:30am PDT

Lightning Talk: The @deprecated Journey: Five Stops From Schema Hint To Gateway Power - Nasser Abouelazm, Bloomberg
Wednesday May 20, 2026 10:30am - 10:40am PDT
Grand Ballroom II - IV
@deprecated is usually treated as a client-facing hint. However, in federated GraphQL, it can evolve into a set of patterns that shape governance, runtime behavior, observability, and even gateway planning. In this lightning talk, I’ll take @deprecated on a five-stop journey across the federation lifecycle — 1) schema hint, 2) schema shaping, 3) runtime feedback, 4) client-aware telemetry, and 5) gateway power. I’ll close with a brief developer experience bonus — how structured deprecation metadata can feed code-gen/IDE tooling to suggest non-deprecated alternatives while queries are being written. The goal of the talk is to share a practical mental model and guardrails for keeping large federated graphs evolvable, observable, and safe.
Speakers
avatar for Nasser Abouelazm

Nasser Abouelazm

Senior Software Engineer, Bloomberg
A middle school teacher turned web developer, Nasser Abouelazm has always embraced the art of building epic and engaging experiences that delight, educate, and enchant a broad audience of users. As a senior full-stack engineer working to support Bloomberg Media, he is focused on developing... Read More →
Nasser the deprecated journey GraphQLConf26 pdf
Wednesday May 20, 2026 10:30am - 10:40am PDT
Grand Ballroom II - IV
  Schema Design + Evolution + Governance

10:50am PDT

GraphQL Meets LLMs & Agents: Building Production AI at Starbucks Scale - Sharon Gorla, Starbucks
Wednesday May 20, 2026 10:50am - 11:15am PDT
Boardroom
GraphQL isn't just an API technology—it's the perfect foundation for AI agents and LLM-powered applications. At Starbucks, we built GraphQL platforms at massive scale (180M+ queries/day, 10,000 stores, 31M+ app users) before GenAI became mainstream. Now, as we explore AI integration, we're discovering that GraphQL provides fundamental advantages for AI that are impossible with REST.

This talk explores the AI systems we're building on our existing GraphQL infrastructure:

In-store AI assistant (planned for Order Engine GraphQL BFF)
Mobile/web AI platform (exploring on Apollo Supergraph)
On-call automation using Model Context Protocol (MCP) servers
You'll learn how GraphQL reduces AI token costs by 75x, enables zero-configuration AI tool discovery, provides built-in guardrails through type systems, and why federation is the perfect architecture for enterprise AI agents. Real demos, proven patterns, lessons from building GraphQL at scale.
Speakers
avatar for Sharon Gorla

Sharon Gorla

Engineer Lead, Starbucks
I’m an engineering leader with 16+ years of experience driving digital transformation, modernizing systems, and building high-performing teams. At Starbucks, I'm lead engineer for Next‑Gen POS modernization, earned a U.S. patent, and founded the GraphQL Community of Practice... Read More →
GraphQL Meets LLMs Final pdf
Wednesday May 20, 2026 10:50am - 11:15am PDT
Boardroom
  AI and LLMs
  • Audience Level Any
  • Presentation Slides Attached Yes

10:50am PDT

Modern Apollo Client React - Brennen Davis, Lease End
Wednesday May 20, 2026 10:50am - 11:15am PDT
Grand Ballroom I
Use Apollo Client v4 in React with Tanstack Router.

We’ll be using GraphQL code generation from your schema, preloading data at the router level, optmistic updates, and using Apollo’s cache to eliminate unnecessary refetching and rerenders. You’ll see how smart cache usage and colocating queries lets components read data directly where they need it which will reduce prop drilling. The goal is to show how “modern” Apollo Client patterns fit naturally into today’s React architecture to create apps that feel both simpler to reason about and noticeably more performant.
Speakers
avatar for Brennen Davis

Brennen Davis

Principal Software Engineer, Lease End
Husband to a beautiful wife and a dad to 2 boys. Video games and programming
apollo client v4 brennen davis pptx
Wednesday May 20, 2026 10:50am - 11:15am PDT
Grand Ballroom I
  Clients

11:25am PDT

Coordinated Access Control with @policy - Huang Minghe, Booking.com
Wednesday May 20, 2026 11:25am - 11:50am PDT
Grand Ballroom II - IV
At a company like Booking.com, every sensitive field in the GraphQL schema has more than one team with a legitimate claim on it — Security, Identity, Legal, Privacy, Data Governance, the Traffic Gateway, the Federation Platform, and the hundreds of domain teams that own the data itself. When that many stakeholders need to agree on what "authorized" means for a single field, you don't have a security problem; you have a coordination problem. And solving it as security only makes it worse.This talk shares how we turned that coordination problem into a contract using a single federation directive — @policy. Domain teams author rules for the data they own. Privacy and Identity contribute cross-cutting concerns. Other domains compose by reference instead of re-authoring. The router is the only place enforcement happens. One audit trail. No cross-team meetings.

What you'll learn:
  • Why multi-stakeholder access control is a coordination problem, not a security one
  • How @policy becomes the coordination contract between domain teams, cross-cutting authorities, and the federation platform
  •  The single-enforcement-point + bounded-authorship + free-reuse architecture — and how it lets new teams adopt without coordination overhead
Speakers
avatar for Huang Minghe

Huang Minghe

Senior Software Engineer, Booking.com
Minghe is a Senior Engineer at Booking.com with over 15 years of industry experience spanning DevOps, web, and mobile development. Recently, he has been maintaining the GraphQL federation platform at Booking.com, focusing on efficiently managing large scale schemas and federating... Read More →
Coordinated Access Control with @policy — Minghe Huang · Field Notes pdf
Wednesday May 20, 2026 11:25am - 11:50am PDT
Grand Ballroom II - IV
  Security

12:00pm PDT

Stop Reviewing Schemas: How Intuit Made Developers Faster by Automating Governance - Oleks Bidiuk, Intuit
Wednesday May 20, 2026 12:00pm - 12:25pm PDT
Grand Ballroom I
Abstract: Schema governance shouldn’t grind development to a halt or burn out graph stewardship teams. As Intuit’s Supergraph ecosystem grew, our reliance on manual schema reviews created bottlenecks that slowed onboarding and frustrated developers. We knew we needed a better approach — so we built a hybrid governance model that puts Schema Co-Pilot directly into the developer workflow and transformed our "API Jedis" from gatekeepers into enablers.

In this talk, you’ll learn how we built real-time IDE linting, AI-powered schema analysis, and semantic “collision” detection to surface issues before code is even committed. With these tools in place, onboarding timelines shrank from weeks to days, and contributors now ship to the graph with speed and confidence.

Who should attend: Platform engineers, API architects, and engineering leaders responsible for GraphQL governance and developer experience.

Key takeaway: Governance isn’t about gatekeeping — it’s about building smart tools that help your teams move faster with confidence.
Speakers
avatar for Oleks Bidiuk

Oleks Bidiuk

Senior Software Engineer, Intuit
Senior Software Engineer at Intuit with 10+ years of evolution from JavaScript roots to complex systems. Outside the IDE, I bridge the gap between digital and tactile as a craftsman. I’m currently restoring the last "analog" Porsche 911—a hands-on project spanning everything from... Read More →
GraphQLConf 2026 Intuit Stop Reviewing Schemas (Oleks Bidiuk) pptx
Wednesday May 20, 2026 12:00pm - 12:25pm PDT
Grand Ballroom I
  Schema Design + Evolution + Governance
  • Audience Level Advanced
  • Presentation Slides Attached Yes

12:00pm PDT

The Biggest Change To GraphQL Codegen in 10 Years - Eddy Nguyen, The Guild & SEEK & Igor Kusakov, Yelp
Wednesday May 20, 2026 12:00pm - 12:25pm PDT
Boardroom
GraphQL Codegen has been the go-to tool for generating types for GraphQL clients for over a decade. But as use cases grew, so did the friction: excessive generated code, complex setups, and growing confusion among users on how to use the output.

In this talk, we'll explore a new client-focused Codegen setup that rethinks those trade-offs. You'll see how we drastically reduce generated output, ensure correct and predictable types, and provide a smooth migration path from existing tools without sacrificing flexibility or safety.

We'll also dive into the story behind the change: a collaboration between Eddy (The Guild) and Igor (Yelp), sparked by a single question and shaped by open discussion across time zones. It’s a look at how community feedback, real-world constraints, and trust can drive the biggest evolution in Codegen’s history.
Speakers
avatar for Eddy Nguyen

Eddy Nguyen

Software Developer, The Guild
Eddy is a Lead Engineer at SEEK, where he builds GraphQL-driven applications by day. By night, he moonlights at The Guild as a GraphQL Code Generator maintainer—with the unrelenting support of his two cats.
avatar for Igor Kusakov

Igor Kusakov

Senior Developer, Yelp
Seasoned full-stack sorcerer with 20+ years crafting scalable web empires, from Montreal's tech trenches to global gigs at spots like Yelp and beyond.
biggest change codegen graphqlconf 2026 pdf
Wednesday May 20, 2026 12:00pm - 12:25pm PDT
Boardroom
  Tooling + DX + Testing + Documentation
  • Audience Level Beginner
  • Presentation Slides Attached Yes

1:55pm PDT

Observability for a Multi-Tenant GraphQL Gateway at Scale - Vickey Yeh, Airbnb
Wednesday May 20, 2026 1:55pm - 2:20pm PDT
Grand Ballroom I
Viaduct, Airbnb's unified data access layer, hosts over 1.5M lines of application code from 500+ tenants, with 200+ changes merged daily—all operating as a single service. At this scale, enabling teams to independently monitor and troubleshoot their code is essential.
This talk describes how we approach observability with multitenancy at the core:
- Establishing clear ownership of modules and attributing metrics, spans, and errors to those owners
- Providing alerts and dashboards at multiple levels: system, operation, tenant, and field
- Enabling schema-driven alerting, where tenants declaratively specify monitoring requirements directly in the schema and the platform implements them automatically
- Using execution traces to visualize query execution and core-tenant interactions, tackling challenges like:
- Representing batched dataloader calls (where N field requests become 1 RPC)
- Instrumenting downstream service clients across all data-fetching code
- Managing observability costs via selective sampling and cardinality-aware metrics

Our goal: empower tenants to manage their portion of Viaduct as a standalone service—without bottlenecking on the platform team.
Speakers
avatar for Vickey Yeh

Vickey Yeh

Senior Software Engineer, Airbnb
I work on Viaduct, Airbnb's GraphQL-based data-oriented service mesh.
observability multi tenant graphql at scale pdf
Wednesday May 20, 2026 1:55pm - 2:20pm PDT
Grand Ballroom I
  Observability + Telemetry + Tracing
  • Audience Level Any
  • Presentation Slides Attached Yes

2:30pm PDT

Sharding a GraphQL Gateway for Blast Radius Reduction - Linquan Zhang & Cetin Sahin, Airbnb
Wednesday May 20, 2026 2:30pm - 2:55pm PDT
Boardroom
At Airbnb, our GraphQL gateway is a multi-tenant serverless platform hosting 500+ tenants and 1.5M+ lines of application code. Like many large GraphQL systems, it operated as a "shared fate" architecture. To mitigate this risk, we embarked on a multi-year journey to implement traffic sharding at different levels of sophistication. We started with shuffle sharding to reduce the blast radius of any single bad operation. We then added targeted sharding to separate online from asynchronous traffic, to rapidly quarantine misbehaving operations, and to improve the signal-to-noise ratio for our automated canary analysis. Most recently, to mitigate the risk posed by tenants that are used by lots of operations (and thus could bring down lots of shards), we have been working on tenant-aware sharding that minimizes the blast radius of such tenants.

We will cover how we architected our sharding solution and how it improved our operational abilities. You will gain a clear understanding of how our implementation tradeoffs have fared over time, key production insights gathered since rollout, and strategies to evolve a GraphQL gateway towards greater isolation without fragmenting the API surface.
Speakers
avatar for Linquan Zhang

Linquan Zhang

Individual Contributor, Airbnb
I work on Viaduct, Airbnb's GraphQL-based system that provides a unified interface for accessing and interacting with any data source at Airbnb.
avatar for Cetin Sahin

Cetin Sahin

Staff Software Engineer, Airbnb
Cetin works on Viaduct, Airbnb’s multi-tenant GraphQL platform that provides a unified interface for accessing and interacting with any data source at Airbnb. His work centers on reliability, performance, and observability at scale.
Sharding a GraphQL Gateway for Blast Radius Reduction pdf
Wednesday May 20, 2026 2:30pm - 2:55pm PDT
Boardroom
  Servers
  • Audience Level Any
  • Presentation Slides Attached Yes

2:30pm PDT

The Easy Way and the Hard Way: Blue-green GraphQL Deployments - Zack Warnimont, Apollo
Wednesday May 20, 2026 2:30pm - 2:55pm PDT
Grand Ballroom II - IV
Blue-green and canary deploys are table stakes for application code, but they’re surprisingly hard to get right for GraphQL. Routers often just “pull latest” schema, rollbacks mean republishing and recomposing, and it’s nearly impossible to answer a basic incident question: “What schema was this request actually hitting?”. After testing in a staging environment and deploying to production, we often find edge cases that broke the assumptions we made in the testing phase.

This talk is an engineering case study. I’ll walk through the design journey that led us to a blue-green deployment model for GraphQL built on immutable schema artifacts and explicit rollbacks. We’ll unpack the constraints (federation, many subgraphs, multiple environments), the dead-ends we hit, and the principles that finally worked.

You’ll leave with a mental model and concrete patterns you can apply to your own GraphQL infrastructure, irrespective of tooling: how to structure blue-green router fleets, how to pin to exact schema versions, how to do instant rollbacks safely, and what to log so you can always reconstruct “what was live where” when production gets weird.
Speakers
avatar for Zack Warnimont

Zack Warnimont

Software Engineer, Apollo
Zack is a Software Engineer currently working at Apollo. He has worked for companies small and large over the last 10 years, with an emphasis on deployment safety and development efficiency.

In his free time, Zack enjoys playing piano and spending time with his family. Ask him anything about music... Read More →
graphqlconf 2026 05 zack warnimont no paging pdf
Wednesday May 20, 2026 2:30pm - 2:55pm PDT
Grand Ballroom II - IV
  Tooling + DX + Testing + Documentation

3:05pm PDT

GraphQL Data Mocking at Scale With LLMs and @generateMock - Michael Rebello, Airbnb
Wednesday May 20, 2026 3:05pm - 3:30pm PDT
Boardroom
Producing valid and realistic mock data for prototyping and testing has been an unsolved challenge for years. Mock data is tedious to write and maintain, but attempts to improve the process such as random value generation and field stubbing fall short as they lack essential domain context to make test data realistic and meaningful.
In this talk, I’ll share how we’ve reimagined GraphQL mocking at Airbnb by combining existing GraphQL infrastructure, rich product and schema context, and LLMs to generate convincing, type-safe mock data simply by adding a directive (@generateMock) to a field or operation:
- How integrating LLMs that are highly contextualized by a schema, documentation, and UX design into existing GraphQL tools drives a leap forward in the speed and quality of mock data creation.
- How a directive-driven approach lets engineers generate production-like, schema-conformant mock data without writing code.
- How integrating generated mock data into the GraphQL client runtime can enable engineers to build and test clients before server implementation.
- How this strategy guarantees that generated mock data is correct, deterministic, and stays in-sync with the server schema.
Speakers
avatar for Michael Rebello

Michael Rebello

Staff Engineer, Airbnb
Michael is a Staff Engineer at Airbnb focusing on GraphQL clients, with >10 years of tech experience. Previously, he spent 6 years at Lyft as Staff Engineer leading mobile networking, building the rider app, and contributing to their engineering blog. He's spoken at conferences globally... Read More →
GraphQL Data Mocking at Scale with LLMs and generateMock pdf
Wednesday May 20, 2026 3:05pm - 3:30pm PDT
Boardroom
  AI and LLMs
  • Audience Level Any
  • Presentation Slides Attached Yes

3:05pm PDT

Building MCP Apps With GraphQL Patterns You Already Know - Jerel Miller, Apollo GraphQL
Wednesday May 20, 2026 3:05pm - 3:30pm PDT
Grand Ballroom I
You know how to build client apps—but where do client developers fit in the new world of ChatGPT and MCP? If you've used GraphQL before, it turns out your knowledge translates directly. This talk demonstrates how to build MCP apps using Apollo's AI apps client and MCP server with patterns you already use:
1. Fragment colocation → Tool design: Structure MCP tools like component data requirements
2. Query optimization → Tool call patterns: Minimize LLM roundtrips with the same performance thinking
3. Type safety → Tool schemas: Apply GraphQL's type discipline to MCP definitions
A live demo builds an MCP app querying a GraphQL API, showing how best practices from GraphQL client development apply to OpenAI and MCP apps.
Speakers
avatar for Jerel Miller

Jerel Miller

Sr. Staff Software Engineer, Apollo GraphQL
Jerel is a Colorado native with a brief stint in Portland Oregon. He loves to code and learn about all sorts of programming patterns. He is an avid Denver Broncos fan and loves to play the bass.
GraphQL Conf 2026 Jerel pdf
Wednesday May 20, 2026 3:05pm - 3:30pm PDT
Grand Ballroom I
  Clients

3:50pm PDT

Brute Force Correctness - James Bellenger, Airbnb
Wednesday May 20, 2026 3:50pm - 4:15pm PDT
Grand Ballroom II - IV
So you’re a maintainer of a GraphQL system. Whether it’s a federation gateway, a complex client library, or a custom executor—how do you know that it’s capital-C Correct?

Your tests are decent, and they seem to pass, but what about the test cases that you didn’t think of? Did you remember to handle @skip directives on fragment spreads? What about when those directives use variables? Or when you spread an abstract type in an abstract scope?

Would you trust your system to serve million-dollar transactions?

This session will cover how probabilistic testing can be applied to complex GraphQL systems to find bugs in places we wouldn’t have thought to look. We’ll discuss how Airbnb leveraged this approach to launch a novel GraphQL engine with 0 spec conformance bugs, and how you can apply these same techniques to build unshakable confidence in your own systems.
Speakers
avatar for James Bellenger

James Bellenger

Engineer, Airbnb
Running and baking enthusiast.
Brute Force Correctness selected stills pdf
Wednesday May 20, 2026 3:50pm - 4:15pm PDT
Grand Ballroom II - IV
  Tooling + DX + Testing + Documentation

3:50pm PDT

Speed Without Sacrifice: How Wayfair Transforms DevEx With AI and MCP - Maheswari Karlapudi & Muskan Sethi, Wayfair
Wednesday May 20, 2026 3:50pm - 4:15pm PDT
Grand Ballroom I
Wayfair is embedding AI and MCP into every stage of the developer workflow to unlock speed without compromising quality. From Schema Copilot (inline reviews) to AI Mocking (intelligent test data generation) to AI-Assisted Schema Documentation (auditing and auto-generating descriptions across 200+ subgraphs), these purpose-built tools streamline workflows, reduce friction, and scale engineering excellence—helping teams ship faster with greater confidence and consistency. Join to learn how AI and MCP cut busywork so Wayfair’s devs can ship faster with confidence.
Speakers
avatar for Maheswari Karlapudi

Maheswari Karlapudi

Software Engineer, Wayfair
Maheswari is a Software Engineer on the GraphQL Platforms team at Wayfair, providing a stable and resilient gateway for e-commerce data. Her work focuses on platform reliability and performance, while crafting the tooling necessary to accelerate the developer lifecycle across Way... Read More →
avatar for Muskan Kaur Sethi

Muskan Kaur Sethi

Software Engineer, Wayfair
Muskan is a Software Engineer on Wayfair’s GraphQL Platforms team, where she develops reliable and scalable infrastructure to support e-commerce data access. Her work centers on improving platform performance and stability, as well as building developer tools that streamline workflows... Read More →
Accelerating the GraphQL Lifecycle pdf
Wednesday May 20, 2026 3:50pm - 4:15pm PDT
Grand Ballroom I
  Tooling + DX + Testing + Documentation

4:25pm PDT

Lightning Talk: DoS Wars: Revenge of the Fragments - Sachin Shinde, Apollo GraphQL
Wednesday May 20, 2026 4:25pm - 4:35pm PDT
Grand Ballroom II - IV
Fragments—an indispensable tool for modularizing data requirements alongside client code, but also a denial-of-service attack vector for servers. Security guides will tell you to mitigate by validating queries and performing cost analysis, usually via field costs and list sizes. However, this focus on field execution can distract from how fragments affect the rest of the server stack. In this lightning talk, we explore the attack patterns and mitigation strategies for the fragment-based vulnerabilities at the core of CVE-2025-31496, CVE-2025-32030, CVE-2025-32033, and CVE-2025-32034.
Speakers
avatar for Sachin Shinde

Sachin Shinde

Staff Software Engineer, Apollo GraphQL
Working on all things federation and orchestration at Apollo, previously worked on the Apollo Studio schema and metrics pipelines.
DoS Wars Revenge of the Fragments pdf
Wednesday May 20, 2026 4:25pm - 4:35pm PDT
Grand Ballroom II - IV
  Security
  • Audience Level Any
  • Presentation Slides Attached Yes
 
  • Filter By Date
    May 19 - 21, 2026
  • Filter By Venue
    Fremont, CA, USA
    All
    Boardroom
    Foyer
    Foyer + Bistro 880
    Grand Ballroom I
    Grand Ballroom II - IV
    Meta FRE 117, Fremont
  • Filter By Type
    AI and LLMs
    All Hands Meeting
    Breaks + Networking + Special Events
    Clients
    Federation + Distributed Systems
    Keynote Sessions
    Observability + Telemetry + Tracing
    Performance
    Production Insights - Huge Scale
    Production Insights - Regular Scale
    Registration + Badge Pick-up
    Schema Design + Evolution + Governance
    Security
    Servers
    Solutions Showcase
    Tooling + DX + Testing + Documentation
    WG Day
  • Audience Level
    Advanced
    Any
    Beginer
    Beginner
    Intermediate
  • Presentation Slides Attached
    Yes
  • Timezone

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Conference Scheduling Software Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Filtered by Date - 
Clear filter
Tuesday, May 19
Wednesday, May 20
Thursday, May 21
Boardroom
Foyer
Foyer + Bistro 880
Grand Ballroom I
Grand Ballroom II - IV
Meta FRE 117, Fremont
  • AI and LLMs
  • All Hands Meeting
  • Breaks + Networking + Special Events
  • Clients
  • Federation + Distributed Systems
  • Keynote Sessions
  • Observability + Telemetry + Tracing
  • Performance
  • Production Insights - Huge Scale
  • Production Insights - Regular Scale
  • Registration + Badge Pick-up
  • Schema Design + Evolution + Governance
  • Security
  • Servers
  • Solutions Showcase
  • Tooling + DX + Testing + Documentation
  • WG Day
  • Audience Level
  • Advanced
  • Any
  • Beginer
  • Beginner
  • Intermediate
  • Presentation Slides Attached
  • Yes