~/suraj.shhire me ↗
~/writing/aicloud8 min read · 1,720 words

AWS Summit Mumbai 2026: what I actually took away.

Solo at the summit representing Synergech. Conversations with the Applied AI Head at Anthropic and the Cyber Security Lead at Nykka. A floor full of AI database startups. Two breakout sessions. Here's what stuck.

SS
suraj sanjay · solutions architect
published may 28, 2026

I was the only person from Synergech at AWS Summit Mumbai this year. That's not a complaint — it meant I could move fast, skip the talks that didn't apply, and spend actual time on the floor talking to people. Here's what I came back with.

AWS Summit Mumbai 2026 expo hall — gold and platinum sponsor booths, AWS signage, packed crowd
the expo hall — gold sponsors, platinum sponsors, startup zone. bigger than expected.

01 — the floorThe scale of the thing

Mumbai was big. Bigger than I expected. The venue spanned three levels — the keynote and all six breakout rooms on Level 3 (split across Jasmine and Lotus Ballrooms), Anthropic's dedicated suite on Level 2 alongside Aerospike and Shellkode, and badge pickup in the lower lobby. The floor plan alone was worth a photo.

Suraj at the AWS 2026 sign
representing Synergech, solo
Suraj at the event entrance, Mumbai Gateway of India motif behind
entrance, Mumbai motif backdrop

The exhibition floor was a mix of AWS service booths, consulting partners, and a surprisingly large cluster of AI-native database startups — the kind that have built their entire pitch around microsecond and millisecond latency for AI logs and aggregations. That cluster was the most interesting part of the floor walk.

Most of them are solving a real problem: as inference workloads get chattier, the observability layer becomes a bottleneck. They want to sit between your AI runtime and your data warehouse and eat the hot path. Whether any of them survive to Series B is another question, but the problem is genuinely unsolved at scale today.

Level 3 venue map showing Jasmine and Lotus Ballrooms with breakout rooms
level 3 — expo, keynote, six breakout rooms
Building directory listing all levels including Anthropic suite on Level 2
Anthropic had a dedicated suite on Level 2

02 — anthropicTen minutes with the Applied AI Head

Rishikesh Radhakrishnan, Anthropic's Head of Applied AI, presented at the event. After his session — which was anchored around the Anthropic + Amazon partnership and practical agentic patterns — I got about ten minutes with him.

Session slide: Anthropic and Amazon are better together — Claude models, AWS platform, joint expertise
the slide that framed the session — Claude as the frontier intelligence layer on top of AWS platform

I came in with questions on input caching and KV caching — specifically around cache invalidation behaviour at the token boundary and how the routing layer decides what to evict under memory pressure. These are the questions that come up when you're actually running production inference workloads and the cache hit rate matters for both cost and latency.

His answer was honest: too technical to discuss publicly, and IP-constrained in a way that means nobody at Anthropic will be able to answer those questions externally regardless of context. He said I was on the right track — which is either genuinely encouraging or the most polite way to close a line of questioning. I'm choosing to take it at face value.

The most useful conversations at conferences aren't the ones where you get answers. They're the ones where you find out which questions are worth asking.

03 — securityAgent security and shifting left

The other conversation that genuinely moved my thinking was with Saurav Chakraborty, Cyber Security Lead and Head at Nykka. We got into agent security — specifically, what a shift-left security posture looks like when the "code" running in production is an LLM completing a prompt.

The traditional shift-left story is: catch vulnerabilities in the dev cycle before they reach production. For agents, that model breaks down. The attack surface isn't static code — it's the runtime behaviour of a model responding to user intent. You can't lint your way to a secure agent.

What Saurav was pushing on — and I think he's right — is that agent security requires intent monitoring: logging not just what the user typed, but what the model inferred the user wanted to do, and whether that intent falls within policy. It's a different kind of audit trail from what most security teams are used to building.

  • Monitor prompt intent at the system level, not just prompt content
  • Treat tool calls as privileged operations — every invocation should be auditable
  • Shift left by embedding security evaluation into the agent design phase, not post-deployment
  • Define and enforce intent boundaries before writing a single agent prompt

This maps directly to work we're doing at Synergech. The InfraGenie agents have tool access — provisioning, config changes, state reads. That access is privilege. We haven't been treating it that way consistently. This conversation changed that.

04 — sessionsThe two breakout sessions

I attended two breakout sessions. Both were worth the time.

Agentic AI on AWS

The first walked through the full agentic stack — from how agents work at the model level, through multi-agent architectures, to the design components that make or break production deployments. The Plan → Act → Reflect loop was presented as the foundational agent pattern, which is accurate for most of the agent systems I've seen in the wild.

Slide: How do agents work — Plan, Act, Reflect cycle
plan → act → reflect
Slide: Multi-agent Systems — Main Agent (Team Lead) delegates to teammates via Shared Task List
multi-agent: team lead + shared task list
Slide: Agent Design — Mission, Inputs, Reasoning, Actions, Human Review, Memory & Learning, Guardrails, Metrics for Success
the full agent design component map

The multi-agent architecture slide was a good reminder of what the real engineering challenge is: not building one good agent, but building a coordination layer where a team lead agent can spawn, assign, and track teammates against a shared task list without the whole thing turning into a coherence problem.

The "Work in Loops" pattern for building agents — write tests, write code, compile, validate, repeat until green — also came up. It's obvious in retrospect but most teams I've seen skip the test-first step entirely.

Slide: Work in Loops: Building Agent — write test suite, write code, build, run tests, fix errors, repeat
the agent build loop — the step most teams skip is writing the test suite first

Security for AI at scale

The second session was anchored around Nykaa's security posture — 52M+ customers, 150M+ monthly visits, 350+ services, 2.25 billion API interactions per day. The scale makes the problem concrete in a way that abstract threat models don't.

Slide: Security for Nykaa's Scale — 52M+ customers, 150M+ monthly visits, 7000+ brands, 200M+ app installs
nykaa's numbers: 2.25 bn API calls/day, 5000+ user identities
Slide: The Mountain is High — $100M to train a foundation model, everything changes overnight
"the mountain is high" — the cost and velocity argument for why AI security is different

The core argument from that session: the next evolutionary phase of security isn't just more tooling, it's a fundamentally different operating model. The Security Operations and Control Mapping framework they presented — preventive controls → protective controls → detection → enrichment → action — is the kind of layered model that holds up when you actually stress-test it against AI-specific threat vectors.

Slide: Security Operations and Control Mapping — funnel from preventive controls through detection to action
security operations control mapping — the model that held up when applied to agent threat vectors

05 — from the floorVideo from the day

Four clips from around the venue — the expo floor, sessions in progress, and the general scale of the thing.

06 — closeWould I go again?

Yes. Without hesitation.

The format works better when you're solo. You make decisions faster, you end up in conversations you wouldn't have prioritised with a colleague in tow, and you're more likely to approach someone you don't know. The floor time was more valuable than most of the structured sessions — which is usually how it goes.

The things I'm bringing back: a clearer mental model for what questions about caching internals to drive our own experiments, a concrete framework for agent security that I'm applying to InfraGenie, and a watchlist of two AI database startups whose architectures are worth following.

Next AWS Summit: I'd push to bring at least one more person from Synergech. Not because I needed backup this time, but because this kind of event is most useful when the team density goes from one to two.

Suraj at the innovation zone


questions? email me or find me on linkedin.

SS

suraj sanjay

Solutions Architect & AI Product Owner at Synergech. Writes about cloud, DevOps, and the unglamorous parts of leading engineering teams. Currently in Chennai.

say hi →

three more, while you're here.

jul 30, 2025 · ai

Sketching InfraGenie on a napkin

Where InfraGenie started — and what reality changed about the original design.

nov 21, 2025 · security

A boring DevSecOps pipeline beats an exciting one. Always.

The shift-left security argument, applied to the pipelines that actually run in production.

jan 02, 2026 · ai

Why we picked LangChain (and where we'd pick differently next time)

Honest retrospective on the AI framework choice that shaped InfraGenie's architecture.