Drupal page development traditionally involves multiple hand-offs between designers, developers, and content teams, often extending implementation timelines. A session proposed for Drupal Camp Delhi 2026 by Naveen Prakash Duraisamy examines how AI-assisted design tools can shorten this process. The presentation focuses on combining Lovable AI with Drupal Canvas and Single Directory Components to transform natural language prompts into deployable Drupal components while maintaining governance and code ownership within Drupal projects.

Drupal Commerce vs Shopify and WooCommerce: why Drupal’s flexibility, open source code and extensibility make it ideal for complex ecommerce.

The Drupal Coffee Exchange will take place during DrupalCon Chicago 2026, continuing a community tradition that began at DrupalCon Seattle in 2019 and has since appeared at Drupal camps and conferences worldwide. The informal Birds of a Feather session invites attendees to bring a bag of whole-bean coffee from a local roaster and exchange it with someone from another region. Over time, the gathering has become known as a relaxed space where Drupal contributors share stories and build connections beyond code.

Authors: Will Huggins, Jeremy Chinquist

Drupal AI 1.3.0 is now available, delivering the largest feature update since the module's initial release. This version focuses on three areas that organisations told us matter most:

• Keeping AI safe and accountable
• Making AI useful for content teams
• Giving technical teams the visibility they need to operate AI in production with confidence

And because Drupal AI is open source, you stay in control of your models, your data, and your infrastructure.

AI Guardrails: stay in control of every AI interaction

Trust is the foundation of responsible AI adoption. Drupal AI 1.3.0 introduces AI Guardrails, configurable checks that run before or after any AI request.

Teams can define rules to control how AI interacts with their content and data. For example, they can block sensitive data from leaving their organisation, filter harmful responses, or enforce compliance policies. All of this can be configured without writing code.

Guardrails work across all AI operations in Drupal. This gives security and compliance teams a single place to oversee how AI is used across the site.

In practice, this means AI governance becomes part of the platform itself, rather than something teams must manage separately.

One-click AI for editors, right where they work

AI should meet editors in their workflow, not force them into a separate tool.

Drupal AI 1.3.0 introduces Field Widget Actions, one-click AI workflows attached directly to content fields.

Editors can now:

• Generate images from text descriptions and attach them as media
• Create structured FAQs from existing content
• Extract addresses from images using AI and Google Places
• Plot data from a CSV into a chart field
• Generate audio summaries with text-to-speech
• Auto-fill metadata such as telephone numbers and office hours from unstructured text
• Evaluate whether the content is ready for publication and update its moderation state

 

Each action is backed by a customisable workflow allowing site builders to tailor AI behaviour to their organisation’s needs and editorial standards without writing code.

A smarter, more flexible chatbot

Editors often need quick assistance while working on content. The built-in Drupal AI chatbot has been expanded to support this directly within the editing experience.

Open the chatbot via slide-in or full-screen mode, allowing the editor to choose the interface that best fits their workflow.

The chatbot receives page context, meaning it understands the content currently being viewed or edited.
Editors can ask questions such as:

• Make this title more engaging
• Summarise this article for social media

Because the chatbot receives the current page context, its responses relate directly to the content on the screen.
Custom loading messages replace generic spinners, allowing site builders to provide clearer feedback while AI requests are processed.

Better tools for developers and site builders

As organisations begin building AI-powered features in Drupal, developers need tools that simplify configuration and reduce boilerplate.

Drupal AI 1.3.0 includes a set of reusable form elements designed specifically for AI workflows.
These components provide consistent interfaces for working with AI providers, prompts, and structured outputs.

The new elements include:

• Markdown editor with WYSIWYG, diff view, and Word paste compatibility
• Mentions autocomplete, allowing users to type @ or { to insert prompt variables
• Provider Selector, a unified interface for selecting AI providers
• JSON Schema editor with validation for structured output configuration
• Chat History viewer that mirrors the conversational interface of modern AI playgrounds

Configuration files have also been improved. Prompts are stored in a human-readable format rather than single-line strings, making code reviews easier and reducing merge conflicts when teams collaborate on AI workflows.

New AI operation types: rerank, summarize, detect

Drupal AI’s provider-agnostic architecture continues to expand with three additional operation types.

Rerank reorders search results or document lists based on relevance to a query. This is particularly useful in retrieval-augmented generation workflows.

Summarize uses lightweight summarization models instead of full language models, reducing cost and processing time.

Object Detection identifies objects in images using traditional machine learning models. The AI Validations module already uses this to verify image content automatically.

All operation types work with compatible providers, allowing organisations to change models without rewriting integration code.

Production-grade AI observability

Running AI in production requires visibility into how systems behave. Drupal AI’s observability module exports spans, traces, and metrics through OpenTelemetry, the industry standard for application monitoring.

Teams are able to connect this data to platforms such as Datadog, Grafana, Sentry, or any OpenTelemetry-compatible system.

This allows engineering teams to monitor AI agent decisions, track usage and cost, and audit AI interactions across their sites.

Combined with the exclude-tags feature for logging, organisations also gain fine-grained control over what information is recorded and what remains private.

A maturing platform: consolidation and clear direction

Drupal AI 1.3.0 also simplifies parts of the platform.

AI Translate gives way to TMGMT (Translation Management Tool), aligning AI-assisted translation with Drupal’s standard translation workflow.

Field Widget Actions now provide a flexible framework for AI-assisted editorial tasks. AI Content Suggestions remains available as a contrib module for teams that want to continue building on that approach.

AI Validations will use the Object Detection operation type going forward, while still allowing different validation modules to build on the same abstraction.

These changes simplify the core architecture while leaving room for contrib modules and alternative implementations.

Closing the Loop

AI in a CMS brings practical challenges around governance, editorial workflows, and production visibility.

Drupal AI 1.3.0 shows that these problems can be handled directly within Drupal.

AI can be governed, integrated into everyday publishing workflows, and monitored in production as part of the platform.

Get started

• Documentation and guides: https://www.drupal.org/project/ai
• Download Drupal AI 1.3.0
• Join the conversation: #ai on Drupal Slack

Drupal AI remains open source and provider-agnostic, allowing organisations to integrate AI capabilities while maintaining control over their infrastructure, data, and model choices.

Full release notes

This post highlights the major additions. For the complete list of changes, bug fixes, and improvements in 1.3.0, see the full release notes on drupal.org.

Read more articles about Drupal AI.
 

Display Builder for Drupal: shaping the editing experience with Config ProfilesPart 2 of the Display Builder Beta video series by UI SuiteIn the first episode of the Display Builder Beta video series, Pierre introduced us to the fundamentals of the module, by demonstrating how to create and work with page layouts. In this second instalment, he is diving into one of Display Builder's most powerful features: Config Profiles.What are Config Profiles?Last time, when we created a Page Layout with  Display Builder, we were prompted to pick a profile. Out of the box, only the “Default” profile has been available.Config Profiles are configuration entities — meaning they are fully editable, exportable, and deployable like any other Drupal config. 

A decade after the European Commission began consolidating hundreds of its websites on Drupal, the conversation around open source adoption has shifted from technology choice to institutional practice. In a session titled “Using Drupal Doesn’t Make You Open Source,” architect consultant Adam Nagy will reflect on how one of the world’s largest Drupal platforms moved from using open source software to contributing back to it. Scheduled at DrupalCon Chicago 2026, the talk examines the governance structures, organisational culture, and shared tooling that enabled collaboration across public-sector teams and turned internal development into reusable community contributions.

Take Away

Tag1 has joined the Drupal AI Initiative as a Certified Gold Partner and Maker. We’re starting by extending Workspaces, Drupal's enterprise content governance layer, so that AI agents operate under the same staging, review, and rollback framework as human editors. It’s the necessary foundation for everything that comes next.

I'm proud to share that Tag1 has joined the Drupal AI Initiative as a Certified Gold Partner and Maker, committing dedicated engineering time to help shape how AI works inside Drupal. We've been building Drupal since day one, and we're excited to be part of its most consequential evolution in years. We plan to contribute across multiple areas of the initiative, but we’re starting by bringing governance to AI-driven changes because that's the necessary foundation for all of it.

The Governance Gap

AI tools that generate content and alter site layout and configuration are getting more capable by the day. But capability without governance is a problem, especially for organizations with compliance requirements, editorial review processes, and production sites that can't afford surprises.

You wouldn't give a new team member free rein to change your website on their first day. It doesn't matter how talented they are. The same logic applies to AI agents: they need a sandbox to work in and a human to review before anything goes live. Letting agents make changes to your website without review, approval, or an audit trail isn't bold; it's reckless.

Tag1 contributed the solution to this problem to Drupal core. Workspaces already gives teams the ability to stage content and configuration changes in isolation, review them, and publish when ready. It's the enterprise content governance layer of Drupal. Extending that same model to AI agents is the obvious move.

What Tag1 is Building

We’re starting by extending Workspaces within the AI Initiative so that AI agents operate under the same governance framework that human editors do. The goal is that agents propose changes in isolated branches, humans review/approve, and every action is auditable and reversible. It's how we think AI should be applied everywhere: practical, tested, and built in the open.

We're starting with the underlying architecture, defining the interface contracts that ensure AI tools and other subsystems work correctly within Workspaces. This is the kind of unglamorous infrastructure work that makes everything else possible. If the contracts are right, any AI tool that follows them gets governed staging, review, and rollback for free. If they're wrong, nothing downstream works reliably.

The Tag1 team has been contributing to Drupal's architecture for over two decades. This work is a continuation of that commitment, getting the foundations right so the rest of the ecosystem can build with confidence.

Governance for Every Drupal Site

AI governance built into Drupal core means every site benefits. An agency building on Drupal CMS gets the same governance primitives as a Fortune 500 running a custom installation. The framework is designed to be agent-agnostic, so it works regardless of which AI tools an organization chooses to deploy. The governance layer doesn't care whether the change came from a chatbot or a custom automation. It cares that the change was reviewed and approved before it hit production.

Drupal has always been good at balancing rapid change with shared standards. The current wave of AI adoption is the latest version of that challenge, and open source collaboration is still the best way to get it right. Adding governance by extending Workspaces is just the start, and we’ll have more to share as the work progresses.

Let's Talk

If you're thinking about content governance in Drupal, or working through how to keep AI agents safe and auditable on your sites, we'd love to hear from you. We test everything in our own engineering and operations before we bring it to clients - that's our AI Applied philosophy - and the best solutions come from real conversations about real problems.

A forthcoming session at DrupalCamp NJ 2026 will offer the first public look at the 3.x rewrite of the accessibility module Editoria11y. Accessibility developer John Jameson explains how the project has evolved through collaboration with the Sa11y project, merging test suites and introducing new backend and frontend capabilities. The session will examine the technical changes behind the rewrite, the development of community-supported add-ons, and the broader roadmap for expanding the accessibility toolkit into a more comprehensive open-source governance suite.

Senior application architect Peter Wolanin will present a session on Drupal’s plugin system at DrupalCamp NJ 2026, explaining how the plugin API enables reusable and extensible functionality in Drupal projects. The talk will introduce how plugins are structured across Drupal core and configuration, along with examples showing how developers can identify and create them in their own code. Wolanin also shared what attendees can expect from the session and why understanding the plugin system remains an important skill for Drupal developers.

What is coder.ddev.com?

coder.ddev.com is a free, experimental cloud DDEV service. You log in with GitHub, create a workspace, and get a full DDEV environment in the cloud — no local Docker, no local installation needed.

:::warning[Experimental Service] This is an experimental service with no guarantees of data retention, uptime, or long-term availability. The future of its maintenance and sustainability is uncertain. Do not store irreplaceable work here without pushing it to Git. Treat it as a convenience, not a platform to depend on. :::

Want a quick overview? Watch the 6-minute intro video starting from the very beginning:

Table of Contents How It Works

coder.ddev.com runs on Coder, an open-source platform for remote development environments. Each workspace is an isolated container (using the Sysbox runtime for secure Docker-in-Docker) with DDEV, Docker, and VS Code pre-installed.

Your files persist on a remote volume across workspace restarts. When you delete a workspace, the data is gone — so push your work to Git before deleting. But until you delete the workspace, or it's garbage-collected (not yet implemented), your work persists..

The source code for the templates and Docker image is at github.com/ddev/coder-ddev. Other projects can use this and deploy their own fully-DDEV-capable Coder instances.

Getting Started 1. Log In with GitHub

Go to coder.ddev.com and click Login with GitHub. No separate account needed. coder.ddev.com receives read-only access to your email addresses, public profile, and GitHub organization membership — no code access, no write access.

2. Create a Workspace

From the dashboard, click Create Workspace and choose a template:

• drupal-core — automated Drupal core development environment
• user-defined-web — general-purpose DDEV for any project
• freeform — DDEV with Traefik routing integration for stable URLs

Give your workspace a name and click Create Workspace. Most workspaces start in under a minute. The drupal-core template (with seed cache) is ready in about 30 seconds.

3. Access Your Workspace

Once running, you have several options to use your workspace:

• Web Browser: From coder.ddev.com, use the many options, including web-based terminal, VS Code for Web, and VS Code Desktop.
• SSH with coder CLI: Install the Coder CLI, then coder login https://coder.ddev.com and coder ssh <workspace-name>.

Template Overview drupal-core

The drupal-core template sets up a complete Drupal core contribution environment automatically using joachim-n/drupal-core-development-project. Drupal core is cloned, Composer dependencies are installed, and a demo site is installed — all in about 30 seconds when a seed cache is available.

Choose your Drupal version when creating the workspace:

• main (12.x / HEAD) — latest development (default)
• 11.x — current stable branch
• 10.x — previous stable branch

The template automatically selects the correct PHP version and DDEV project type for the chosen branch.

Log in to the site with admin / admin.

This takes less than 4 minutes, try it out:

freeform

The freeform template adds Traefik routing integration so your DDEV project and services like Mailpit get stable subdomain URLs (no port numbers). After creating a workspace, run ddev coder-setup once in your project directory, then ddev start. Routing updates automatically on every start.

The Drupal Issue Picker

One of the most useful features for Drupal contributors is the Drupal Issue Picker at start.coder.ddev.com/drupal-issue.

Paste any drupal.org issue URL (for example, https://www.drupal.org/project/drupal/issues/3568144) and the picker launches a drupal-core workspace with:

• The correct Drupal version (10.x, 11.x, or main) detected from the issue
• The issue fork branch already checked out
• Composer dependencies resolved

This replaces the workflow that DrupalPod (Gitpod-based) provided for contribution days. You can hand someone an issue URL, they paste it into the picker, and within 30 seconds they have a working environment with the issue branch ready.

Demonstrating this from start to finish in about 6 minutes:

Development Tools VS Code Web

"VS Code Web" runs in the browser and supports most extensions. You can install extensions from the marketplace, configure settings, and use the integrated terminal — all without installing anything locally.

VS Code Desktop

Clicking on "VS Code Desktop" opens up your local installation of VS Code and then automatically uses the Remote-SSH extension to connect to your Coder workspace. It's nice, I used it a lot in preparing this blog and even in some recent work on Coder.ddev.com itself. All VS Code features work.

Xdebug

Xdebug works in Coder workspaces the same way as local DDEV with the DDEV VS Code Extension.

Coder CLI

The Coder CLI provides SSH access, port forwarding, file transfer, and workspace management. It's a completely different way of interacting with your workspace. Install with brew install coder or other options.

# Login coder login https://coder.ddev.com # List workspaces coder list # SSH into workspace coder ssh my-workspace # Forward a port locally coder port-forward my-workspace --tcp 8080:80 # Stop workspace (preserves data) coder stop my-workspace Accessing Your Project

Because DDEV runs inside a cloud container, the usual *.ddev.site URLs don't work. Instead, access your project via the DDEV Web app link in the Coder dashboard, or use port forwarding, and ddev start, ddev launch and ddev describe also give URL information.

The freeform template handles this automatically with Traefik routing — you get stable subdomain URLs like https://<workspace>--<workspace>--<owner>.coder.ddev.com/.

Stopping and Deleting Workspaces

Stop: Stops the container and frees compute resources. All files in /home/coder are preserved. Use this when you are done for the day.

Delete: Permanently removes the workspace and all data. Always push your code to Git before deleting.

This can also be done from the command-line on your local machine (after coder login https://coder.ddev.com):

coder list coder stop my-workspace # Stop (data preserved) coder delete my-workspace # Delete (data lost permanently) FAQ

• How do I pull/push to GitHub/GitLab/Drupalcode? (or use SSH)?

Use the coder publickey command to get the publickey associated with your coder.ddev.com projects (it's the same for all projects). You can then add that to GitHub/GitLab/Drupalcode/Remote SSH to allow you to access those resources.

• How do I set this up myself for my own initiative?

The full details are in the repository at github.com/ddev/coder-ddev.

• Where is this running?

This is running on a 64GB Hetzner bare-metal Ubuntu 24.04 machine in Helsinki, Finland. It has lots of disk and costs about $50/month.

Thanks to Coder.com

The world of open source is amazing. Coder.com is a shockingly mature project, and so many of these things worked just great out of the box.

What's Next

The templates and image are open source at github.com/ddev/coder-ddev. Contributions, bug reports, and feature requests are welcome.

Getting Help

• Documentation: github.com/ddev/coder-ddev/docs
• DDEV Discord: Discord — #support-and-discussion channel
• Issues: github.com/ddev/coder-ddev/issues
• DDEV Docs: docs.ddev.com
• Coder.com: coder.com or github.com/coder/coder

Yesterday I wrote about how Open Source infrastructure across many ecosystems is fragile and underfunded.

Drupal is no exception.

Like most Open Source projects, Drupal runs on infrastructure that millions of people depend on but very few people directly pay for.

Drupal's infrastructure costs roughly $3 million per year, including servers, bandwidth, CDNs, software, and staff.

Funding comes from a mix of donated infrastructure from AWS and the OSU Open Source Lab, corporate memberships through our Drupal Certified Partner program, in‑kind contribution from Tag1, and revenue from DrupalCon, donations, and sponsorship on Drupal.org.

Last year, Drupal Association board member Tiffany Farriss and CTO Tim Lehnen analyzed the project's infrastructure costs. Their estimate: infrastructure for Drupal 8+ sites costs about $10 per active website per year.

But the Drupal Association spends only about $7.50 per site per year. About $3 comes from DrupalCon and the Certified Partner program. The remaining $4.50 comes from in-kind support: donated hosting, Tag1's infrastructure partnership, and volunteer contributions. That is all we have to spend.

The missing $2.50 per site shows up as technical debt: certain upgrades get deferred, legacy systems persist longer than they should, and the community sometimes wonders why infrastructure progress feels slow.

Even the $7.50 per site we currently fund is fragile. DrupalCon revenue depends on event attendance. Advertising depends on traffic. Tag1's in-kind contribution depends on one company's continued generosity. Our donated infrastructure from AWS and OSU could disappear at any time. At that point, the funding gap grows, more infrastructure work gets deferred, and things could start breaking.

Before talking about new funding models, it is worth asking whether the Drupal Association could reduce its infrastructure costs. Ten dollars per site per year may sound like a lot. Should we operate all of this infrastructure ourselves, or rely more on hosted platforms like GitHub or GitLab? Are parts of our infrastructure more complex than they need to be?

These are the right questions to ask. I believe we need to work both sides of the ledger: take a hard look at what we spend and build a funding model that depends less on goodwill. In practice, infrastructure decisions rarely optimize for everything at once. They involve tradeoffs between cost, speed, flexibility, and control.

Corporate patronage is worth considering. A single well-resourced sponsor could fund Drupal's infrastructure in a way community fundraising cannot, and if the choice were between a patron and a crisis, a patron wins. It's fast, requires no technical changes, and doesn't touch the social contract with site owners.

But patronage trades one fragility for another. Instead of depending on event attendance or AWS cloud credits, you depend on one company's continued generosity and strategic alignment with the project. If their priorities shift, we're back where we started. A patron funding infrastructure at this scale would also expect meaningful benefits. That usually means greater visibility and some level of control over Drupal.org.

Most infrastructure systems connect usage to funding. Cloud platforms charge for compute. Roads are funded by taxes paid by the people who drive them. Drupal's infrastructure has neither mechanism: millions of sites depend on Drupal.org services, but the cost of operating those services is disconnected from the people who rely on them.

A funding model tied to usage avoids some of the issues with corporate patronage, but comes with its own trade-off. Open Source culture is built on anonymous access. You can download any package, no questions asked, no account required. Any usage-based model has to break that norm. The simplest version would probably require a Drupal.org API key to download packages or receive automatic update notifications.

Requiring an API key is standard practice for any commercial API, but in Open Source it feels different. Requiring site owners to identify themselves to Drupal.org is a cultural shift, even if the key itself is free forever. Any such mechanism requires changes to Drupal Core, which could take years to reach the installed base. If we go down this route, we can't wait for a funding crisis to begin this work. By the time a real crisis arrives, we would still be years away from a solution.

I don't have a specific mechanism to propose yet. But we should start this conversation now, while we have the time and stability to get it right. The alternative is making the same decisions later, under more pressure, with fewer options and less trust to spend.

Thanks to Tiffany Farriss, Tim Lehnen, Gábor Hojtsy and Lauri Timmanee for reviewing my draft.

DrupalCamp NJ 2026 will take place from 12 March 2026 to 14 March 2026 at Princeton University in Princeton, New Jersey, bringing together Drupal developers, site builders, and community members for three days of training, sessions, and collaboration. Among the scheduled presentations is “Governance You Can See: Embedding Content Rules Directly Into Drupal,” a session by Nathan Wallace that explores how governance guidance—often stored in documents and policies—can be embedded directly within Drupal’s publishing experience to help teams maintain content quality, accountability, and editorial clarity.

Rotterdam is calling - DrupalCon Europe 2026 is heading to the Netherlands this September, and the call for session proposals is officially open!

The Agency, Business & Marketing track is built for business owners, marketing team leaders, agency leaders, project managers, and sales teams who run on Drupal. It's consistently one of DrupalCon's most popular tracks. A platform to share insights, spark conversations, and raise your profile in the community.

Got a story worth telling? Submit your session proposal today!

Share Your Expertise 

We're looking for bold, real-world perspectives across topics that are shaping agency and business success today, including:

• AI-driven innovation in project delivery and management
• Scaling smart: strategies for sustainable business growth
• Building high-performance teams in a hybrid world
• Client relationships that convert and last
• Navigating digital transformation without losing momentum
• Leadership in the modern agency landscape
• Sales, growth marketing, and business development in 2025

Submit your session proposal today! 

Make Your Proposal Impossible to Ignore

The strongest proposals don't just inform. They inspire action. Here's what makes a session stand out:

• Lead with outcomes: what will your audience walk away knowing or doing differently?
• Make it a conversation: interactive sessions create lasting impact. Show us how you'll engage the room
• Keep it real:practical takeaways, lived experience and honest lessons resonate far more than theory.

"The DrupalCon stage is yours to own. Submit your proposal and join us in Rotterdam to shape the future of Drupal. Your expertise could be the spark that inspires the next big idea!".

The Nightmare of Permissions and OAuth Scopes in Drupal

Drupal's role-based access control is one of its strengths. Permissions and roles are well-understood, and the system is mature. But the moment you step outside the standard cookie-based session — say, into OAuth with the authorization code flow — you hit a wall that the core permission model never anticipated.

Super-permissions and their hidden assumptions

Drupal treats administer nodes and bypass node access as super-permissions. If a user has either, NodeAccessControlHandler assumes they can perform any operation on any content type and skips the granular checks entirely. bypass node access is actually more powerful than administer nodes — a quirk of legacy cruft going back to early Drupal versions.

UUIDv5 with config name as input. Storage decorators that intercept every write path. A hashed-table edge case that almost caused data loss. Here is how the module works.

Every year, the global campaign organised by the Union for International Cancer Control invites people affected by cancer to share their personal experiences as part of World Cancer Day. These stories provide an important human perspective on the realities of cancer. They help build solidarity, encourage early diagnosis, and ensure the voices of patients, survivors, families and carers are heard around the world.

However, when a global campaign encourages participation at scale, the practical challenges quickly become clear. Hundreds of deeply personal stories can arrive from many different countries in a short period of time. Each submission needs to be reviewed carefully, handled with sensitivity, and prepared for publication. For a small team responsible for managing the campaign, this can create significant pressure during the peak period around World Cancer Day.

To address this challenge, the World Cancer Day team partnered with 1xINTERNET to explore how artificial intelligence could support their existing editorial workflow within Drupal.

Balancing efficiency and human oversight in AI assisted moderation

Rather than attempting to automate the process entirely, the approach focused on supporting human decision making. AI was introduced to assist moderators by helping them review incoming submissions more efficiently. This allowed the team to process stories more quickly while ensuring that personal experiences remained at the centre of the review process.

The result is a practical example of how AI can be applied responsibly. Technology is used to assist people rather than replace them, helping organisations manage growing volumes of content while maintaining appropriate oversight and care.

In this upcoming webinar we will explore the approach taken by the World Cancer Day team and the lessons it offers for other organisations facing similar challenges.

Register for the webinar

What the webinar will cover

Participants will hear about:

• The role that personal stories play in the global World Cancer Day movement
• The operational challenge of moderating hundreds of submissions from around the world
• How AI supported a human moderation process rather than replacing it
• Practical lessons for organisations considering responsible applications of AI

The session is designed for organisational leaders, communications teams, and others exploring how artificial intelligence can be introduced in a considered and practical way. Using a real global campaign as its foundation, it offers a practical example of how AI can support teams managing large volumes of user generated content.

Event details

Title: Helping people tell their cancer stories using AI: Lessons from World Cancer Day
Date: 16 March 2026
Time: 2:00 PM GMT*
Format: Live webinar

Register now to secure your place.

*If the timing is not convenient, the session will be recorded and shared with everyone who registers so it can be watched afterwards.

Speakers Charles Andrew Revkin

Communications professional working on the World Cancer Day campaign at the Union for International Cancer Control (UICC). Charles leads global storytelling efforts that amplify the voices of people affected by cancer around the world.

Diego Costa

Chief Operating Officer at 1xINTERNET. Diego works with organisations to design and deliver complex digital platforms using open-source technologies including Drupal.

Matthew Saunders

AI Ambassador at amazee.io and long-time member of the Drupal community. Matthew works on initiatives that help organisations adopt AI in ways that respect privacy, transparency, and human decision-making.

More webinars and events

This is part of a series of webinars and global events organised by Drupal AI. For full details visit our events calendar.

Can one open-source CRM manage all your donors and donations in one place? If you’re working for a nonprofit, you must read this blog to find out how CiviCRM can manage contacts and fundraising efficiently for you.

A fresh breeze of innovation is set to sweep through Chicago this spring. As March 23–26 draws near, the Windy City is gearing up to host DrupalCon 2026, the world’s largest Drupal gathering.

Written by guest blogger María Fernanda Silva

Something is shifting in how organizations think about AI. The early excitement around what it could do is giving way to a harder, more important question: how do you build AI that actually holds up — at scale, under pressure, and over time?

On 14 May 2026, New York City becomes the place where that question gets answered. The Drupal AI Summit brings together enterprise leaders, digital decision-makers, and senior practitioners from across the US and Europe — not to explore AI in theory, but to share what responsible, durable AI looks like in practice.

The decisions that define what AI becomes

Thirteen focused sessions. Real case studies. The Summit is built around the strategic and organizational questions that determine whether AI delivers real value or stays stuck in pilot mode: governance, investment, long-term architecture, and what it actually takes to scale. If you are responsible for those decisions, this is where you belong.

Open source and the architecture of trust

Most AI implementations fail quietly — locked into black boxes, disconnected from the workflows where real work happens, impossible to adjust without starting over.

There is a different path. When AI is embedded directly into content, data, and workflow systems (where enterprise work actually happens), teams maintain transparency, organisations retain control, and the architecture evolves alongside the business without the cost of replatforming. This is not a niche concern. It speaks to every enterprise leader navigating AI in environments where trust, regulation, and scale are not optional considerations — they are the entire challenge.

The Summit explores what this looks like in practice, with sessions grounded in the architectural and organizational choices that make responsible AI adoption real, not just possible.

What to expect on 14 May

From 9:00 am to 5:45 pm at 360 Madison Avenue in the heart of Midtown Manhattan, you will have access to thirteen sessions built entirely around case studies from peers who are applying AI in production environments. No theoretical frameworks. No technical deep-dives. Just honest, grounded conversations about what works, what doesn't, and what it takes to build AI your organization can trust for the long term.

Practitioners and leaders are flying in from across the US and Europe to share first-hand experience and to learn from each other. Your pass also grants access to the wider apidays New York event running across both days, connecting you with communities exploring APIs, AI agents, cybersecurity, and modern digital infrastructure — all under the same roof.

Explore the Summit

Early Bird tickets available until 13 April

Secure your place at the Drupal AI Summit NYC for $150 USD before 13 April 2026. After that, tickets are $200 USD.

The Paris edition sold out. If you're planning to join us in New York, early is the right call.

The foundations for enterprise-grade AI already exist. Come and see how they're being built — openly, responsibly, and together.

Secure your Early Bird ticket today!

Photos by Paul Johnson

File attachments:  54974791880_b1bdd50c90_k.jpg 54974505341_252617ffea_k.jpg

Open Source software is free to download. But the infrastructure that makes it usable is not.

When developers install or update dependencies through npm, Composer, pip, or Cargo, those tools rely on package registries that host and distribute millions of software packages. When maintainers collaborate, they depend on hosted services: Git repositories, CI pipelines, and other tools to build, test, and release software.

Most of this infrastructure is invisible to end users, and almost no one thinks about what it costs to run.

But it is not free. Someone has to operate the servers, pay for bandwidth, respond to support questions, patch security issues, and keep everything reliable.

Much of the modern software ecosystem depends on these services working reliably. And yet the organizations operating them are almost always scrambling to fund them.

A patchwork of fragile arrangements

Every large Open Source project has found some way to keep its infrastructure running. Usually that means a mix of donated services, sponsorships, fundraising, cross-subsidy, or patronage from a single company.

The table below highlights the primary funding mechanisms various Open Source projects depend on, even though most projects combine several.

Donated infrastructure Multi-company sponsorship Community funding Single-company patronage PyPI ☑ ☐ ☐ ☐ Packagist ☐ ☐ ☐ ☑ npm ☐ ☐ ☐ ☑ WordPress ☐ ☐ ☐ ☑ RubyGems ☐ ☑ ☑ ☐ Drupal ☑ ☑ ☑ ☐

The mix differs across ecosystems, and some rely on several mechanisms at once. But one thing stands out: none of these approaches tie funding directly to how much the infrastructure is used.

PyPI, the Python Package Index, illustrates the sponsorship model. It handles billions of downloads a day on infrastructure donated by Fastly, AWS, and Google Cloud. The Python Software Foundation described this arrangement's fragility in a post last October: if a single sponsor decides not to renew, it would cost them tens of thousands of dollars a month to replace the lost infrastructure.

Packagist, the main PHP package repository, follows a different approach. It is run by a private company that also sells a commercial product called Private Packagist. Revenue from the paid product subsidizes the free public registry. It's one of the more sustainable models out there, though it means a public good depends on one company's continued success.

npm tried to operate as an independent company, ran into serious financial trouble, and was eventually acquired by GitHub in 2020. The end result is that critical JavaScript infrastructure is now owned by Microsoft.

WordPress.org runs on a different version of the same dynamic: corporate patronage. Automattic, by far the ecosystem's largest commercial beneficiary, subsidizes most of the infrastructure. It works, but it also means that whoever funds the infrastructure controls it.

The FAIR project, a federated package manager backed by the Linux Foundation, was designed to give the WordPress ecosystem an independent alternative. The software works but its organizers recently stepped back after failing to secure long-term funding commitments.

RubyGems took the community fundraising route, launching a program last year asking businesses for $2,500 to $5,000 annually, with about 110 supporters needed to cover the registry's operations.

Drupal, the Open Source CMS I help lead, depends on the Drupal Association to run much of the infrastructure behind the project: Composer endpoints, GitLab repositories, CI pipelines, automatic update notifications, and more. Running all of this costs roughly $3 million a year. Funding comes from a mix of donated infrastructure, community funding, DrupalCon revenue, and sponsorship.

When the economics break, the consequences become visible. In February 2026, GNOME began redirecting Git traffic from its own GitLab to GitHub mirrors to reduce bandwidth costs. As a result, GitHub and its owner Microsoft now absorb some of GNOME's bandwidth cost.

Taken together, these examples point to the same underlying problem. Most Open Source infrastructure does not have a real business model. It survives through donations, corporate sponsorship, and community fundraising, rather than revenue tied to the value it delivers.

From steward to service provider

One direction that makes sense to me is a simple value exchange: keep core infrastructure free for individuals and small projects, while organizations using it at scale help pay for what they consume. Not as a donation, but as payment for the infrastructure their software depends on.

Some people will instinctively resist the idea of charging for the infrastructure behind an Open Source project. That reaction may feel familiar to anyone who remembers the early debates about paid contributors. At the time, many feared corporate money would drive volunteers away. In practice, the opposite happened. Projects grew, contributor bases expanded, and paid engineers became some of their most active contributors.

That does not mean every new funding idea is a good one. But instinctive discomfort alone is not a reason to reject it.

In Open Source, what looks like fairness often is not. Free for everyone sounds equitable, but the cost does not disappear. It is absorbed by those who can least afford it, while the organizations that benefit most often pay the least. When a Fortune 500 company consumes Open Source infrastructure for free, that is not a neutral outcome. It is a subsidy flowing in the wrong direction.

If the problem is that costs are disconnected from usage, the obvious place to start is linking them. Exactly how that would work in practice is a separate design question, and the answer will likely differ from one Open Source project to another. One possible approach is usage-based fees, tiered by download volume or API consumption. Questions about measurement, thresholds, and enforcement would need careful community discussion.

Governance is downstream of funding

If infrastructure funding models need to change, the obvious question is who decides. In Open Source, questions like this ultimately belong to the community.

But communities do not decide these things in a vacuum. In practice, governance tends to follow funding.

Discussions about Open Source infrastructure often focus on governance: who should control it and who gets to make the decisions. In reality, those questions are often settled by something simpler: who pays for it.

FAIR is a recent example. The project didn't fail because federation was the wrong idea. It failed because nobody built a business case compelling enough to fund it as an alternative.

When one organization pays for the infrastructure, it ultimately controls it. When a broader set of stakeholders funds it, governance broadens with it.

That is why Open Source infrastructure needs more than better fundraising. It needs a business model that connects the cost of operating shared infrastructure to the organizations that rely on it most.

Infrastructure that entire ecosystems depend on cannot rely indefinitely on goodwill alone. It deserves a business model.

Solving the funding problem is a prerequisite to solving the governance problem.

Thanks to Tiffany Farriss, Tim Lehnen, Gábor Hojtsy and Lauri Timmanee for reviewing my draft.